Column
Zubair's Security Zone
Protect Yourself from Identity Theft
It's the fastest-growing crime in the country. Here are just a few ways you can keep yourself safe.
by Zubair Alexander
2/15/2007 -- According to the United State Postal Service, identity theft is America's fastest-growing crime -- and one of its most expensive; last year, it cost the 9.9 million Americans who were victims of identity theft about $5 billion. We've all heard the horror stories.
Most, but not all, cases of identity theft are somehow tied to the victims' computers and networks. Companies that are responsible for safeguarding people's personal data aren't always able to keep the information confidential. There are several reasons for such breaches in security. Sometimes, it's a simple matter of carelessness on the part of organizations, such as banks. Other times, organizations become victims of dictionary attacks, dumpster diving, phishing exploits and online hacking.
In June 2006, the United States government gave federal civilian agencies 45 days to comply with new recommendations for laptop encryption and two-factor authentication. According to this memo (PDF) posted on the White House Web site, sensitive data must be encrypted on all mobile devices. The memo was prompted by a series of government-related security breaches and data thefts:
- The U.S. Internal Revenue Service lost a laptop that contained the fingerprints of 291 employees.
- The identities of 2.2 million active-duty military personnel were compromised at the Department of Veteran Affairs.
- The Social Security numbers and photos of 26,000 employees were stolen from the Department of Agriculture.
- The Department of Energy lost the personal records of 1,500 employees and contractors at the National Nuclear Security Administration.
- The Navy found the personal records of 28,000 personnel and family members on a Web site.
- According to the Department of Health and Human Services, an employee of an insurance company exposed the Medicare records of 17,000 people.
These are only a few examples. Unfortunately, in the private sector, the story is the same.
The bad guys are interested in your name, date of birth, address and phone number, which are all too easy to find. They're also interested in your SSN, driver's license number, credit card numbers, and they'd love to get the security code on the back of your credit card.
There are numerous companies that ask for your SSN when they have absolutely no reason to. On the other hand, banks, loan companies, your employer and the IRS have a legitimate reason to ask you for your SSN. According to the Social Security Administration, giving out your SSN is voluntary. The SSA suggests that if you're asked to provide your SSN number, you should first determine:
- Why your number is needed
- How your number will be used
- What happens if you refuse
- What law requires you to give your number
There are several places where the bad guys can go to find your personal information, though -- thanks to regulations like the Health Insurance Portability and Accountability Act (HIPAA) -- it's harder these days to get personal information right out of the doctor's office. Would-be identity thieves can still get information out of mortgage companies, schools, payment processing companies, employers, real-estate agencies or even retailers. While it may be hard to believe, a bank's dumpster is still an attractive source of information for bad guys; garbage bags left at the curb can be easily stolen. Likewise, purses and wallets are easy to steal and often contain sensitive data such as passwords and SSNs, not to mention credit cards.
In one notorious case, a convicted felon stole someone's identity and racked up over $100,000 in motorcycle and handgun purchases and even obtained a federal home loan. He taunted the victim by claiming that identity theft is not a federal crime, so he can continue to pose as the victim as long as he wanted. He even filed bankruptcy under the victim's name.
In 1998, Congress passed the Identity Theft and Assumption Deterrence Act which made identity theft a federal crime.
What Should You Do?
Here are a few tips on how you can better protect your identity. Obviously, this list is by no means complete, but it should give you some ideas. At the end of this article I've listed several references that contain more details on identity theft issues.
- Do not keep your SSN in your wallet.
- Do not give out your SSN number or your mother's maiden name to companies that don't need it. Ask to speak to a supervisor and fight, argue and challenge the company before giving out your SSN. As I mentioned earlier, there are only certain types of businesses that should be asking you for your SSN, such as your employer, banks, loan companies, the IRS, etc. If they still insist, ask them to send you a written request.
- Don't keep your PIN numbers, passwords or other confidential data in your wallet.
- Don't print your SSN and home telephone number on checks.
- When typing your PIN number at an ATM machine, shield yourself so no one can watch you type the code.
- Even if you think no one is watching, when in public make sure that when you enter your voicemail code on your cell phone that you cover it with your other hand.
- Put a fraud alert on your credit cards.
- Examine your credit report periodically.
- When you receive pre-approved credit cards in the mail, make sure you discard them by shredding the application so no one can activate the credit cards under your name.
- If possible, use a post office box as your mailing address rather than have mail delivered to your house.
- Look at your bills each month and make sure there are no unexpected charges.
- Use a passphrase, rather than a password, for your computer and other confidential data. Check out the article "How Secure is Your Password?" to see how long it can take for someone to crack your Windows password.
- Keep valuables out of sight in your car by locking it in the trunk or glove compartment.
- Only download anti-spam and anti-spyware software from known vendors. Shareware and freeware are ideal means to spread viruses, Trojan horses and other means to steal your identity.
- Use disposable e-mails to sign up for newsletters and to make purchases over the Internet.
If you'e curious to see how safe you are from identity fraud, you can take an online quiz here. Here are some additional resources that you might find useful:
- Better Business Bureau
- Department of Justice
- Federal Trade Commission
- Identity Theft Resource Center
- Social Security Administration
- U.S. Postal Service
Do you have any stories, experiences or ideas for prevention related to identity theft? If so, I would love to hear them. Write me at .
Zubair Alexander, MCSE, MCT, MCSA and Microsoft MVP is the founder of SeattlePro Enterprises, an IT training and consulting business. His experience covers a wide range of spectrum: trainer, consultant, systems administrator, security architect, network engineer, author, technical editor, college instructor and public speaker. Zubair holds more than 25 technical certifications and Bachelor of Science degrees in Aeronautics & Astronautics Engineering, Mathematics and Computer Information Systems. His Web site, www.techgalaxy.net, is dedicated to technical resources for IT professionals. Zubair may be reached at .
|