|
The Safety Column
The Growing Danger of Identity Theft
Tiger Woods and Oprah Winfrey have been victims. So were almost ten million others in the United States last year. Identity theft is increasing, and the Internet is its latest arena. Not all identity theft takes place online, but some of the sneakiest techniques are being perfected there.
"Identity theft still continues to be the number one and growing online crime in 2003 and it's probably going to be the same in 2004," says Brian Reilly, Georgetown University Information Security Officer. "In most of the identity theft cases the goal is to...collect information like date of birth and Social Security Number to perpetrate some type of financial crime."
Computer-aided identity theft starts when a thief breaks into a database or tricks victims into divulging personal information. Increasingly common are information-collecting e-mail attachments that, as Reilly explains, "are either virus infected or are programmed in such a way that they're going to send...information back to the virus writer, or they're going to do both."
November's PayPal virus is one example. Unlucky recipients received e-mail claiming their PayPal accounts were going to expire; they were asked to fill out an attached form to update their records. The form asked not only for credit card number, but for a PIN and three-digit security code. Social Security Number, driver's license number, mother's maiden name, date of birth, place of birth...the form asked for just about every piece of personal information imaginable.
How can you tell if a request for information is legitimate? First, know that your PIN and password are intended solely to protect your privacy, never to identify you. As NetID office manager Anne Marie Alexander says, "Your identity is only as safe as your password."
Also important to know is how companies will collect information and contact you. PayPal, for instance, posted their information collection policies online after the virus targeted its customers. Their Web site states, "PayPal emails will never ask you to download an attachment or a software program. ... If we require information from you, we will notify you in an email and request that you enter the information only after you have safely and securely logged in to your PayPal account."
"One of the best things that users can do is before they receive one of these messages," says Reilly, "is to be aware of the company's stated policies and procedures. If there's a problem, how is my bank going to contact me? Are they going to call me on the phone, are they going to send me e-mail, are they going to send me a random executable and tell me to run this program, are they going to direct me to a Web site?" A visit to the company site or call to their hotline will answer these questions. Don't submit to the panic the e-mail is trying to induce in you. Remember that companies want your business, and remember that your information is valuable. Guard it carefully. |
