Identity Theft and Spyware- The New Threat
Guard Your Cards
One easy way to protect yourself against identity theft is to limit
the amount of confidential information you carry in your wallet
or purse. You should not carry around bank account numbers; personal
identification numbers (PINs), passwords, passports, birth certificates,
and most importantly, Social Security cards. Leave them at home,
preferably in a safe until they are needed.
Add a Password
Ask your financial institutions to add extra security protection
to your financial accounts including your credit card, bank and
phone accounts. Most will allow you to use an additional code or
password (a number or word) when accessing your account. Do not
use your mother's maiden name, Social Security Number, or date or
birth, as these are easily obtained by identity thieves. See password
safety below.
Password Safety
Avoid using easily available information like your mother's maiden
name, your birth date, the last four digits of your SSN or your
phone number, or a series of consecutive numbers or keyboard strokes.
If you use online banking or financial services never select a password
that matches your username. This is the most common mistake- and
the most easy to exploit.
Avoid using words that are in the dictionary. Hackers simply run
a “dictionary-attack” where they rapidly scan through
common words and attempt to brute force an account. Avoid adding
a digit in front or at the end of a word or reversing a word (irish
->hsiri) are not good password choices. Crackers routinely try
these combinations. Nor should you use the same password over and
over. If a hacker should break one password, the rest of your information
or files will be safe. If you have used the same password over and
over- they will have no problem accessing more accounts. Never give
your password to anyone and be sure to change passwords frequently.
If your store passwords locally on your machine be sure the software
uses some type of strong
encryption.
Watch For Spoofing Attacks
"Spoofing" frauds attempt to make surfers believe that
they are receiving e-mail from a trusted source, or that they are
securely connected to a trusted web site, when that is not the case.
Spoofing is generally used as a means to convince individuals to
give out personal or financial information by deception.
In "E-mail spoofing" the header of an e-mail appears to
have originated from someone or somewhere other than the actual
source. Spammers and criminals often use spoofing in an attempt
to get recipients to open and possibly even respond to their mails.
"Page Spoofing" involves altering the return address in
a web page so that it goes to the hacker’s site rather than
the legitimate site. This is accomplished by adding the hacker's
address before the actual address in any e-mail, or page that has
a request going back to the original site, often with a form that
looks identical to the legitimate site.
A page spoof might look something like this: http://www.paypal.com@spiesrealdomain.com/index.html
the domain will always resolve to the address AFTER the @ sign.
If you were to surf to this web address and submit any information
via a form it would go to the spy and not to PayPal. Try to get
into the habit of visually inspecting addresses in your browser
address location bar.
If you receive an e-mail requesting that you "click here to
update" your account information, and then are redirected to
a site that looks exactly like your ISP, or a site like EBay or
PayPal, be on the alert. This is type of spoofing attack is increasingly
more common and becoming more sophisticated. Don’t click on
the links in the e-mail. The safest way to investigate your account
is to type in the domain name you want to reach directly into the
browser address location bar and hit enter.
Identity Theft- Page Guide
Page 1 - Page 2 - Page
3 - Page 4 - Page 5
|