Identity Theft Defense Strategies
By Vistage member Stan Stahl, Ph.D., President, Citadel Information Group with Paul Diamond, Web Editor, Vistage International
Cybercriminals want your Social Security number so they can apply for credit in your name. They want your bank account numbers and credit card numbers so they can take your money and use your credit while stiffing you with the bill. Cybercriminals want to install their own rogue programs and control your computer with the hope of stealing anything you store or type, like passwords to your company’s data-rich HR records and financials. These rogue programs turn your computer into a “zombie” under their control, allowing the criminals to gain money by sending spam, displaying pop-up ads and other activities from your computer. They also sit in parking lots outside your home or office and use special software to “sniff” unencrypted traffic transmitted wirelessly.
Cybercriminals seize control of your computer in three basic ways:
- They hack into your system based on the vulnerabilities of your software or security settings.
- They remotely install malware on your computer via Websites you visit. Cybercriminals not only create web sites designed to infect users, they even install malicious programs on poorly protected legitimate web sites so that users visiting them get infected with the malware. This happened to people who visited the Miami Dolphins’ website just before Super Bowl XLI. It’s also a danger with social network sites like Facebook and MySpace.
- They send you malware in e-mail, instant messaging, over Peer-to-Peer networks or other means
Protect yourself from cyber identity theft
Many people think that as long as their computer is in their possession, no one can access the information on it. This may be true if you never access the Internet and never plan to, which in today’s business world is impractical. Similarly, with the mass adoption of broadband networks, many PCs and laptops now remain on even when they’re not in use, providing plenty of opportunities for cyber thieves.
Keep cybercriminals off your computer
- Set Microsoft Windows and Office to automatically update security patches and service packs. Manually update other programs like Adobe Acrobat and iTunes.
- Create separate accounts for all family members. This is done in the Control Panel. Set the account type to “Limited” unless the account needs to run programs as “Administrator.”
- Install a reputable host intrusion prevention system, such as blink. Basic antivirus/antispyware software is not adequate protection against today’s threats. (One year of blink is free for personal use; available at http://www.eeye.com.)
- Don’t run Peer-to-Peer file-sharing programs, such as Kazaa, Limewire or BitTorrent.
- If you have a wireless network, encrypt it with WAP2 encryption.
- Don’t click on Web site ads offering to scan your computer for free. Instead of scanning your computer, many of these offers actually infect it.
- Never open unusual or unexpected e-mail attachments, not even from people you know. Your friend’s computer may have been taken over by a virus or worm and instructed to send the malicious code to everyone in their address book.
- Never follow links in emails that request your user names, passwords or financial information. Note: a reputable bank or credit union will never e-mail you asking for such information.
Guard your online financial information
- Never send your Social Security Number, bank account numbers or credit card numbers in unencrypted email.
- Only buy online from merchants whose URL begins with https://. You can also look for the small lock symbol at the top of your browser window. HTTPS provides encrypted transmission between the user’s computer and the merchant. While it provides protection from your transaction being intercepted by criminals, it does not provide any assurance that information stored on the merchant’s server will be protected.
Monitor your credit
- Subscribe to a basic credit monitoring service (AAA offers a free basic one for members).
- Review your bank and credit card accounts each month for fraudulent activity.
Protect your information away from home
- Keep your laptop with you at all times. Never leave it in your car.
- Keep Wi-Fi and Bluetooth turned off except when you are using them.
- Consider encrypting the hard drive of your laptop. If you lose the laptop, the information is still safe. (You can get free encryption software at http://www.truecrypt.org/.)
- Don’t use public computers or public Wi-Fi for online banking or shopping. You don’t know how secure they are.
As a general rule, don’t give your information to anyone online, except when establishing accounts with reputable businesses. Once the account is established, never log in to it from an email link, a public computer or public Wi-Fi. Always go to that business’s Web site. When in doubt, don’t give it out.
Protect yourself from physical identity theft
While you might not be able to prevent thieves from stealing your wallet in the real world, simple preparation can dramatically reduce the time, pain, and damage of such a theft.
Credit Cards
- Don’t sign the back of your credit cards, instead write “Photo ID Required.”
- When paying your credit card bills by check, don’t write the complete account number on your check. Write only the last four digits of your account number.
Checks
- When having checks printed, don’t include your Social Security number, home phone number or home address.
- If you must put a phone number and address on your checks, then use your work phone and work address.
Wallet/Purse Theft
Prevent wallet/purse theft by making a photocopy of your license and every card in your wallet. Copy the front and back of each card. Store this copy in a safe place. In the event that you lose your wallet, you will know what you had in it and all of the phone numbers to call should you need to suspend the accounts.
What to do if you are a victim
If your wallet/purse or identity has been stolen:
- File a police report immediately in the jurisdiction where your wallet/purse was stolen, or in your hometown in the case of identity theft. This proves to your creditors that there was a crime and that you were diligent.
- Call the national credit reporting agencies and place a fraud alert on your credit. The alert forces any company attempting to establish credit in your name to contact you by phone first. The national credit reporting agencies are listed below:
Equifax: 800-525-6285
Experian: 888-397-3742
TransUnion: 800-680-7289
- If you suspect that your Social Security number is being used by someone else to obtain credit, loans, telephone accounts, or other goods and services, contact the Federal Trade Commission (FTC) ID Theft line at 1-877-IDTHEFT (1-877-438-4338) or go to http://www.ftc.gov/bcp/edu/microsites/idtheft/.
Vistage member Dr. Stan Stahl is cofounder and President of Citadel Information Group , providing information security management and technology services to business and the not-for-profit community. During Dr. Stahl’s nearly 30-year career he has secured teleconferencing at the White House, databases inside Cheyenne Mountain and the communications network controlling our nuclear weapons arsenal. Dr. Stahl serves as President of the Los Angeles Chapter of the Information Systems Security Association . Contact him at stan@citadel-information.com or 323.428.0441.
Back to Top
800.274.2367