Virtual World Identity Theft
What kind of identity theft happens in the virtual world?
Identity theft in the virtual world is essentially any information that you communicate over the internet, including your name, your address, credit card information, user names and passwords. In some way, some how, that information is compromised. Either it's hacked in transmission, or the identity thief is on the receiving end of that information.
How can identity thieves get into my computer?
What is a "breach"?
A data breach is essentially when information is hacked. Whether from the inside, an employee hacked it, download it, exploited it or from the outside. A hacker, black hat hacker generally got into through the firewall or through the network, through a wireless connection and was able to access information and then download it, extract it from the databases to use it for various purposes.
How can I protect my computer from identity thieves?
When it comes to protecting your PC or Mac, you have to get involved in real basic computer security. For example, your operating system. If you're operating in a Windows 95 or 98 or even Windows 2000 environment, Microsoft no longer even supports those updates. So, you have to upgrade to at least a Windows XP or even a Vista. Once you're in XP, you have to upgrade to Service Pack 2, because there was Service Pack 1A and then Service Pack 2, and there are even components of Service Pack 3. So, make sure that your operating system is updated as much as possible. In addition to making sure that your operating system is updated, it is absolutely essential that you have virus protection software. Major corporations that offer updates to virus protection that allow you to automatically download and update your virus definitions are essential. Have your virus definitions set so that either when you boot up, before you shut down, or in the middle of the night, those virus definitions download, update, and install, so that you're protected from the latest virus outbreaks that occur over the Internet. To protect yourself from spyware, it's important that you run spyware removal programs. There are a number of free and low-fee programs available over the Internet you can download and install that keep your PC free from spyware. Spyware are software programs, usually malicious programs, installed on your computer that allow a hacker to record your keystrokes; what you type in: addresses for websites, usernames, and passwords. It allows a hacker to remotely access and log all your different keystrokes, thereby gaining access to all your accounts. Spyware removal software eliminates that problem.
How do hackers use viruses to steal my identity?
There are over 50,000 different viruses performing numerous different functions. Viruses, back in the day, were designed by hackers to essentially crash your PCS, to cause problems, to delete your data, to wreak havoc. Between 2004 and 2005, these hackers that with the exact same technology that they had been using to crash PCs, they could now use that same technology to access information. So, they've really changed their motivation. These new viruses are designed to allow the hacker remote access to your PCs, to compromise your data, to access your banking accounts, access your credit card information, and essentially commit financial identity theft. Hackers have simply changed their motivation. They want your PC to run well. They want you to go to websites, to bank online, to buy stuff over the Internet. They want to access your banking information, they want to access your credit card information.
How can I protect my computer network from identity thieves?
If you're set up in a home network, you have to first understand the risks revolving around file sharing, especially concerning identity theft. Anybody who taps into your network, even if they're plugged in, can access your files if you have set up file sharing. So there are inherent risks along with that. When you set up file sharing, essentially you're opening up certain ports on your PC to allow others to access your data. If you are going to have file sharing set up, make sure that it's people in your network that you know, like, and trust, and you aren't going to compromise your data. In addition to that, when it comes to firewalls make sure that you have redundant firewalls. Your router comes with a firewall and your operating system comes with a firewall but I would also install an additional firewall. Microsoft's firewall only protects you from the outside in, and it does not monitor data as it goes out to the internet. Whereas many other third-party firewalls will monitor what's being sent out to the internet, making that much more secure.
Does my wireless network make me especially vulnerable to identity thieves?
Most people don't realize just how insecure wireless actually is. There is very little security, if any at all, when it comes to a wireless connection. The primary purpose of a wireless is for convenience's sake, and that's it. Communicating any financial data over a wireless connection generally can put people at risk. Consider this: when you receive this wireless router most people just simply plug it in and they connect wirelessly over the Internet. From there, if you have not encrypted that wireless connection, if it's not password protected, anybody who's within three to five hundred feet of your home or office can tap into your wireless connection and essentially rob bandwidth. Those same people can actually install programs on your PC wirelessly, allowing them remote access to your information.
How can I protect myself from identity theft online?
When you're surfing internet, make sure that when you're using websites where you're required to usernames and passwords, or any account-type information, that it is a secured webpage, meaning that in the address bar, where it says "http//www.", it should say "https", meaning it is a secured page. Also, look for that lock in the bottom or upper right-hand corner, making sure that it is a locked and secured webpage.
What makes a good password?
The best passwords are passwords that incorporate uppercase, lowercase, alpha and numeric. Having any consecutive numbers, names of your kids, names of your dog, easy to break passwords are never a good idea. Anybody who ever puts their passwords on a little yellow sticky note next to the monitor, that's not a good idea either. Again, the best thing is uppercase, lowercase, alphanumeric, and mix it up. Change your passwords semi-annually, meaning every six months you really should think about changing your passwords.
Am I vulnerable to identity theft if I use online banking services?
Most people believe that online banking services are scary, that they are afraid to use it because they think they're going to get breached. Actually, paper and people are the path of these resistances for identity thieves. So what comes in the mail and goes out in the mail, like paper checks are a problem. Online banking is much more secure than traditional banking. The problem is not the banks, because the banks have spent millions of dollars to secure their information in transit. It's the consumer, if they have not updated the virus definitions, updated their operating system, have spyware removal programs, encrypted their wireless connection, its the consumer that's lacks in their security that serve path of these resistance to the banks server. As long as you as a consumer are secure, online banking is a great way to go.
How safe are electronic payment systems compared to checks?
The problem with paper checks is that first off, they can easily be stolen out of the mail. When you put them out in the mail, anybody could take them out or your mailbox in transit and they can wash them, meaning they can change the payee to themselves and they can actually cash those checks under your name. Whereas if it's an electronic funds transfer, all this information is transferred electronically. People never really touch those checks, they never access that information. So it's that much more secure because people aren't involved.
Am I vulnerable to identity theft if I send personal information via e-mail?
Generally, it's OK to send personal information via the e-mail. However, if someone wants to access that data, generally they can. Consider your Internet Service Provider where you're sending that information through. Those people at that ISP actually have access to that data and can get that information. So you're only as secure as your Internet Service Provider. Anybody at that IPS can access that data, so you really have to trust that information is going to be safe and secure in transit. Generally it's not, but we really rely on it, so we kind of have to.
What is "phishing" and how is it used by identity thieves?
Phishing spelt with a "ph" is when black hat hackers, identity thieves, will send millions and millions of emails at a time that look like they're coming from a major bank, your bank maybe, looks like they're coming from PayPal or America Online, or even eBay. And the idea is that they're trying to extract data from you. They're asking you to update your account, to plug in your user name, to plug in your password, to plug in all of your account information. Their goal is to be able to access your accounts, so they'll use a variety of different ruses to con you into giving up that information.
How can I tell if an email is real or "phish"?
Robert Siciliano: Often it is very difficult, if not impossible, for most consumers to determine if an email is real or if it's a phish. I will tell you right now that there isn't a legitimate corporation out there right now that will send you off an email asking you to update your account, asking you for your username and password to plug in right in that email. Additionally, you're not going to have any major corporations sending you links to their website to plug in usernames and passwords, because they know that phishing has essentially ruined email communications.
What is "spoofing" and how is it used by identity thieves?
Spoofing is when hackers will send you off a phishing type email and in that email it'll have links that will send you off to a spoofed type website. The hackers have actually copied the code off the website, they've literally re-created that website and uploaded it to an additional server that might have a web address that looks like it might be similar to that corporation's website address. All the links on that spoofed website all work but where you plug in the user name and password, that information in the code of the website has actually been changed and allows the hacker the ability to receive that data once you've hit send and receive.
What are the most common e-mail scams and how are they used by identity thieves?
There are a number of different common e-mail scams. For example, there's what we call the Nigerian 419 e-mail scam. The common 419 e-mail scam is where someone will contact you saying they are calling from some other country; that they have a certain amount of cash that they need to transfer from one bank account to another bank account, and they are enlisting your help to transfer that money from Account A to Account B. Generally, they are trying to get you to offer your own banking details; to send money to them; they'll maybe even want to meet with you to help them exchange millions of dollars. They are trying to get money out of your banking account via a common e-mail scam. They're preying upon your good nature to get that money from Point A to Point B. Whenever you get those scam e-mails, I always suggest "Just hit delete".
What types of information are identity thieves looking for online?
Anyone who's sending you a lottery type email or a 419 email or even a phishing email, their goal is to extract money from your account. And they'll ask for usernames, passwords, social security numbers, account numbers, bank ATM numbers, anything they can get, debit card information, so that they can open up additional accounts under your name or directly extract money out of your account by actually transferring it to their account.
What should I do if I realize I gave personal information to an Internet scammer?
The moment that you realize that you've given your personal information out to a scammer, you have to figure out which account that information could have been compromised, and immediately shut that account down. Otherwise, if it's basic information like name, address and social security number, if you haven't already done it, go out and get a credit freeze and get credit monitoring immediately.
