|
Security
More and more of your personal information is
stored in an electronic format these days, which greatly increases
the risk of that information being accessed by someone without your
permission. That person can then illegally use your information
(such as your Social Security Number) to obtain money or credit—a
practice known as "identity theft."
A survey conducted by
101-identitytheft.com found that credit card fraud is the most
common type of fraud committed. An example of this would be if
someone opened a new credit card account using your name, or if they
used your credit card number to purchase items. The next most
frequently committed type of fraud is utilities fraud, where someone
opens up an account with a gas or electric company in your name. And
after utilities fraud comes bank fraud, an example of which would be
someone who puts up a phishing website that looks like it belongs to
your bank, and then sends you an e-mail message asking that you go
to the website to confirm your banking information. They would then
capture the information you enter into the website and use it to
access your bank accounts.
How
Does Identity Theft Happen?
There are
many ways in which people fall victim to identity theft. We'll go
over the non-technical ways first, and then discuss the technical
ways.
Non-Technical Means of Identity Theft
One very common non-technical way of getting personal information
about a person is to do what is called "dumpster diving." This is
where people search through your garbage looking for any
non-shredded personal documents or papers. In this day and age, it
is important to own a shredder and to shred any documents containing
bank, credit card, loan, or any other financial information before
throwing them away. A case in point, a friend of mine's mother who
lives in Philadelphia sees people drive around her neighborhood
every garbage day, stealing garbage bags in the hopes that they'll
find some type of information that will help them access someone
else's money or personal information. This was so widespread in her
area that the city did a public service announcement, asking people
to make sure that they shredded their personal information before
throwing it out.
You are also vulnerable to identity theft if you
lose or throw out receipts for your purchases without shredding
them. You should take a close look at your receipts when your
purchase items with a credit card. Check to see if only the last
four digits of your credit card number are there or if the whole
number is there. If you lost a receipt with your whole credit card
number on it, you run the risk of some nefarious person finding it
and using the number to make purchases.
Another way identity thieves can get information
about you is by stealing your wallet. Do you keep credit cards in
your wallet? How about your social security card? This is enough
information for someone to begin to steal your identity. You may
want to avoid carrying your social security card unless you know
you're going to need it.
Your identity can also be stolen through a method
that is commonly known as social engineering. This is when someone
tries to get you to trust them enough to provide some type of
personal information. This actually happened to me once. I received
a phone call from someone claiming to be from the Police Benevolent
Association. This individual asked for donations for the PBA, and in
return, he claimed that we would receive a courtesy badge. I don't
know if any of you have relatives on the police force, but I do, and
my own relatives couldn't get me a courtesy badge. Never mind the
PBA giving them out to people who make a small donation—I don't
think so! What this individual was trying to do was get me to give
him my credit card number, which he then would have used to purchase
things, thereby stealing my identity. Always be suspicious of any
offer that sounds too good to be true, and anyone who asks for your
credit card or other personal information over the phone or by
e-mail.
Technical Means of Identity Theft
Now for some of the technical ways someone could steal your
identity. How many of you have upgraded to a new computer? What did
you do with the old one? Did you throw it out? Before you threw it
out, did you remember to erase the hard drive? Did you erase it with
a specially made erasing program that prevents others from being
able to restore the information? If not, an identity thief could
access your old computer to gain access to whatever information you
had stored on it. For information on how to prepare your computer
for disposal, see
http://www.nyu.edu/its/security/disposal.html
Please note that this process is mandatory for
any NYU computer you wish to throw out or recycle, but you should
also follow those instructions before disposing of a home computer.
The same thing is true about removable media such
as zip and floppy disks, CDs, and DVDs. If you don't erase or
destroy them before you throw them out, or if you lose them, you are
at risk of someone finding them and misusing the information that is
on them. Identity theft could also happen if you keep personal or
sensitive information on a laptop computer, smartphone or PDA and
then you lose that device. Do a Google search on "lost laptop" +
"personal information" and you'll get a sense of how frequently
identity theft happens in this way.
Another opportunity for identity theft can be
created when one company has another company handle their backup
tape storage. For example, this year, a well-known company lost
backup tapes that held thousands of customers' information for
another company. That other company was then forced to tell their
customers about this breach so that they could keep an eye on their
credit reports for suspicious charges—a complete nightmare for
everyone involved. Again, search Google for "Lost backup tapes" and
you'll be shocked to see how often this happens.
Your information could also be stolen if you do
business with a company or organization and that organization or
company keeps an electronic file on you. If the computer where your
information is kept gets broken into, the intruder can get to your
information and then use it without your permission.
Now that so many people are using one or more
computers at home, residential wireless networks are becoming
widespread. If you use wireless at home, you have to make sure that
you are the only one who can access your network, otherwise a
stranger can connect to it and have access to all of your
information. You can find instructions on how to lock down your
wireless network at:
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm.
Finally, public computers at unsecured
cyber-cafés are popular place for identity thieves to get people's
personal information. You don't know how much of the information you
access stays on that computer after you finish using it, so you
should never access your sensitive information from this type of
location.
How
Identity Thieves Use Your Information
So,
once these people actually have your information, just what do they
do with it? Well, there are many possibilities: They may call your
credit card issuer to change the billing address on your credit card
account. The imposter then runs up charges on your account and,
because your bills are being sent to a different address, they're
likely to get away with it for a while before you realize there's a
problem. They may open new credit card accounts in your name. When
they use the credit cards and don't pay the bills, the delinquent
accounts are reported on your credit report. They may establish
phone or wireless service in your name. They may open a bank account
in your name and write bad checks on that account. They may
counterfeit checks or credit or debit cards, or authorize electronic
transfers in your name, and drain your bank account. They may file
for bankruptcy under your name to avoid paying debts they've
incurred under your name, or to avoid eviction. They may buy a car
by taking out an auto loan in your name. They may get identification
such as a driver's license issued with their picture, in your name.
They may get a job or file fraudulent tax returns in your name. Or,
to add insult to injury, they might give your name to the police
during an arrest, and if they don't show up for their court date, a
warrant for arrest will be issued in your name!
You will get lots of security tools and
documentation from different vendors i.e microsoft, checkpoint,
linux, cisco etc.
Certification, which gives you more knowledge on
computer security
Available
downloads |
