Things you must know about identity theft

Author: Andy Mitchel | Filed under: Identity Theft | No Comments »

Identity theft occurs when someone assumes someone else’s identity by illegally using his or her confidential information, such as social-security, bank-account, or credit-card number. Identity thieves benefit financially by removing funds from their victims’ bank accounts, taking out mortgages or other loan obligations in their victims’ names, and obtaining credit cards in their victims’ names and using them to run up large debts. If identity thieves cover their tracks by having bills and other mail sent to addresses they control, the victim will not be aware of the theft until considerable damage has occurred. Usually, victims can eventually prove that they are not responsible for the debts or missing funds, but they may spend significant time and money restoring their credit ratings and reestablishing their financial reputations.

No one is immune from identity theft. One case involved a three-week-old infant, and the dead are frequent targets of identity-theft plots. Nor are the victims exclusively individuals. Entire companies have been victimized by identity thieves. Those who study the problem cite many factors for the rapid rise of the crime: the growth of the Internet; the emergence of digital finance; the commonplace nature of consumer credit and the weak regulations governing the credit industry; and inadequate communication between local, national, and international law-enforcement agencies.

The jargon listed below, used by both criminals and law-enforcement authorities, helps explain how identity thieves go about their business.

Dumpster diving

Searching garbage cans, trash bins, and city dumps to find scraps of confidential information such as canceled checks, credit-card statements, bank documents, tax returns, discarded applications for preapproved credit cards, or any records that contain social-security numbers, names, addresses, telephone numbers, and other data that can be used to assume an identity.

Phishing (pronounced “fishing”)

Pretending to be a legitimate company and sending e-mails requesting the recipient to respond or to submit information on a Web page. Phishers make their e-mails and Web sites look authentic by including familiar logos and Internet links that appear to be the legitimate ones of the company they are using as bait. Literally millions of phishing e-mails are sent out each month, and many unsuspecting recipients respond, resulting in huge monetary losses.

Spoofing

Making an e-mail message look as if someone else has sent it. E-mail spoofers often claim to be computer-system administrators requesting the unsuspecting victims to change their user ID (identification) and password to a specific value, or pretending to be an organization’s management requesting a copy of password files or other sensitive information.

Hacking

Breaking into computer systems by using known computer-program flaws or by finding poorly controlled systems. Hackers attack computers all over the world; in 1998 a Russian hacker broke into Citibank’s computer in the United States and stole $12 million dollars from customer accounts.

Social engineering

Tricking employees of a company into disclosing confidential information. Common social-engineering tricks include pretending to be an employee who has forgotten a password, or to be from network security and needing a password to test the system, or assuming the role of a buyer or a salesperson to obtain the confidential information.

Key logging

Using hidden computer software to record computer activity, such as a user’s keystrokes, e-mails sent and received, and Web sites visited. Whereas parents may employ such software to check on their children’s computer usage and businesses use it to monitor employee activity, identity thieves utilize the software to garner confidential information and have it sent to them by e-mail.

Impersonation

Using someone else’s user ID and password to access a system. By doing so the thief is able to enjoy the same privileges as the person being impersonated.

Password cracking

Penetrating a computer-system’s defenses, stealing the password file, and using the passwords to access system programs, files, and data.

Packet sniffing

Using programs that capture data from information packets as they travel over the Internet or company networks. Captured data is sifted to find confidential information.

Eavesdropping

Listening to private communications or transmissions of data on unprotected communications lines. The most common way to intercept signals is by wiretapping.

Authorities suggest a number of ways to prevent identity theft and to minimize its consequences should it occur. Computer users are advised to be skeptical of all requests for information—legitimate companies do not typically ask for sensitive personal information via e-mail. Before entering personal or financial information on any site, users are told to check that it is a “secure” site by looking for the padlock symbol on the bottom of most Web browsers. Users are also advised to make sure that their passwords contain a combination of letters and numbers so that they cannot be easily guessed, and are not the same for every account. In addition, people should carefully check their monthly bank and credit-card statements for suspicious items and they should regularly review accounts online between statements. Confidential documents should be shredded to prevent dumpster diving. Firewalls and computer virus–protection software should be used to make a computer secure. Security patches released by vendors to correct software flaws should be installed as soon as they are available. Online retailers should be checked before making a purchase. Consumers should not give any retailers permission to store their confidential information, as the databases maintained by retailers may be vulnerable to theft.