Thursday, August 10, 2006

Don't Become A Victim Of Identity Theft

Identity theft can happen in many different ways. Some are out of your hands and you can do nothing about them, for instance when your information are leaked by institutions due to negligence. But your identity can get stolen in several other ways, ways that can be prevented.

A week ago I received an auto-responder from an U.S. University informing me that the person I contacted was on leave at that moment and would get back to me as soon as he was at the office again. What made my eyes pop out of their sockets was the subject of e-mail they were referring to. Someone sent this person an e-mail about something I don’t even want to mention here, an e-mail, according to them, that was sent from my e-mail address associated with my cyber-security web site. This has been a clear case of identity theft. I guess the spammer who sent the original message did not think I would get an auto-responder informing me about it. I was lucky in this specific case because you never know how much people send e-mails under your own e-mail address.

Some advice to webmasters. Never use the “mailto” tag on your web pages. Spam spiders crawl your website looking for e-mail addresses and specifically “mailto” tags. You make it too easy for spammers to get your e-mail address when you use “mailto” tags. Rather embed your e-mail address in an image with a font that is readable to your visitors and at the same time hard to be converted to text by spam spiders. This will decrease the chances of having your e-mail address spoofed in some kind of spam e-mail and you will also have a smaller chance of receiving spam. This is not foolproof, but will certainly fool less advanced spam spiders.

Never reply to spam e-mails. Many spam e-mails contain a spoofed e-mail address. You will only supply your e-mail to somebody you don’t know a thing about and the best of all, the person may not even be associated with the e-mail in the first place. Other spammers count on the possibility that you reply to their message in order to confirm that your e-mail address is active. If you ignore their e-mail you will have a better chance of not receiving an e-mail from them in the future. The vast majority of spam e-mails do not even contain a valid e-mail address you can reply to. Your reply will most of the times bounce back. It is also dangerous to click on the links of spam e-mails. They sometimes link to web sites that contain malicious software that will turn your innocent computer into a spamming device to do their dishonest promotion work for them.

National lottery e-mails are nothing other than information harvesters. You normally have to supply your social security number or some kind of identification number, telephone numbers, postal addresses, fax numbers, e-mail addresses, even physical addresses. You can’t win a lottery if you haven’t entered one and even if you entered one you should have lottery numbers that correspond with the ones in the e-mail. Lottery competitions normally work on a basis of collecting your prize with a valid lottery ticket. You never receive a notification via e-mail that you have won, you have to watch television or read the newspaper to see if you have the winning numbers. Never reply to these e-mails or phone the numbers supplied in them, these people are only harvesting your personal information, nothing else.

Chain letters is another way of getting your identity stolen. Ever noticed the large number of e-mail addresses contained within chain letters, especially if they have come a long way? By forwarding chain letters to all your contacts, not only makes yourself guilty of spamming, you also walk the risk of supplying your e-mail address to other spammers.

Petition lists is a very clever way of harvesting personal information. These lists are normally about sensitive matters that stir up emotion from the readers in order to move them to forward the list with their name and contact details to everyone they know. Petition lists normally have a statement that if you are, lets say number 100, on the list you have to send the list back to person listed at the top. Now think clearly about this. Lets say you are number 50 on the list and you forward this to 5 other people and each of them forward the list to 5 persons each. You end up with multitudes of the same list, where the first 50 people on the list are the same every time. Do you really think the creator of this list is going to filter trough all these lists and remove all the duplicate entries? No, petition lists is only a way of creating a never-ending source of personal information for spamming and illegal activities.

The FBI is stepping up its fight against online fraud with a new initiative called Operation Identity Shield. It is nice to see the authorities doing something about this, but the root of the problem still lies with the uninformed Internet users. If you don’t have the knowledge to identify these threats, you will take part in identity theft practices without even knowing the dangers they impose.

Coenraad de Beer - Platinum Author

Cyber Top Cops - The Cyber Security Specialists Platinum Author

No comments: