Protect your identity, protect your pocket; so writes Greg Day, Security Analyst, McAfee International Ltd.
Wikipedia defines identity theft as "a term used to refer to fraud that involves stealing money or getting other benefits by pretending to be someone else." Over the last few years, Internet fraud has emerged alongside physical fraud as a considerable risk, coinciding with continued use of the Internet for a range of transactions, from shopping to banking. Online fraud and identity theft have the potential to have a significant impact on our personal finances and at a time where talk of a global credit crunch is putting this subject at front of mind, more and more people are turning to the web to look for ways to get the most out their money. From tracking and managing money to comparing prices and searching for the best deals, the internet is fast becoming a first port of call. Furthermore, the convenience offered by the Internet means that online transactions are likely to be here to stay, so how can we continue to take advantage of being able to do everything without leaving our desks, but make sure that we are not putting our identities – and even our money – at risk?
A report from the Federal Trade Commission (Consumer Fraud and Identity Theft Complaint Data, January – December 2007) revealed that last year, consumers reported fraud losses totaling more than $1.2 billion, with identity theft making up 32 per cent of complaints.
In addition to the rapid take-up of online transactions, the sudden growth of social networking sites has contributed to the growth of online fraud and identity theft, with many Internet users publishing a raft of personal information – from their birth dates to pets’ names – on easily accessible websites. This doesn’t mean that we shouldn’t do these things, but as we continue to post such information, we should be aware that we are at risk of simultaneously giving away details that may enable the perpetrators of Internet crime to second-guess supposedly confidential passwords that we are using as we transact, and exercise an appropriate degree of caution.
But whilst people are becoming more aware of the threat of identity theft, with so much information on us now posted somewhere on the Internet, we are at risk of becoming our own worst enemy. As we continue to leave behind a trail of personal data through our use of social networking sites and other online activities, it is becoming easier for those with malicious intent to glean personal information about every aspect of our lives.
The bottom line here is that there is no reason why we can’t continue to transact online or do anything else on the Internet, as long as we know what steps to take to keep our personal information and our money safe as we do so. One step that really is key is that we all take care when it comes to the information that is publicly available about us. Criminals have been seen to be piecing together personal information found on a number of sites and information can be accessed through aggregating sites such as spock.com. Our use of Web 2.0 sites also means that many of the answers to questions commonly asked as part of security checks are freely posted on social networking by unsuspecting users and all this information is becoming a focus for those wanting to commit fraud. The important thing to remember is that not every dialogue box needs to be completed and it’s always a good idea to complete only those that are deemed obligatory.
The bottom line when it comes to sharing information on the Internet is that at if you wouldn’t tell something to someone who came up to you in the street and asked for it, then you should think twice before posting it online, where it can be seen by any number of people and will be almost impossible to remove. Unlike sharing information with your friends, who in time will forget what you’ve told them, information posted online is there forever. It can be much harder to remove any personal details that you’ve posted, especially if it is replicated on other sites. The bad guys are always going to be looking ahead to try to find new ways to catch out innocent Internet users so a little more care is required, both in terms of how we behave in all online activities and when conducting electronic transactions.
When transacting online, there is a lot that can help to secure personal information and money, to stop it getting into the hands (or pockets) of the Internet bad guys. A very obvious step, but one that is often overlooked, is that you should always make sure that the site you are using is legitimate: this can be quite a challenge as bogus sites can look as good as the real ones, but if you are unsure then pick up the phone and contact the site. If you can’t get through then you can’t be sure that it is safe to enter your credit card details. You should also do whatever you can to make sure that the computer you are using is as secure as it can be: if it’s your own PC, one belonging to a friend or family member or a machine in a public place, make sure that it has the right security tools in place to maintain the confidentiality of any information that you enter.
Be extra cautious when using computers or connections in public places. Public computers may be compromised, as there are devices that can log your keystrokes and capture your personal information in that way. Equally, be cautious when using wireless connections – the FBI has recently published a warning of the dangers of Wi-Fi hotspots (http://www.fbi.gov/page2/may08/wifi_050608.html), in which they highlight that hackers can "grab your personal data out of thin air". Their advice to users of such access points is to make sure your laptop has up-to-date security and to turn off Wi-Fi capabilities when not in use, set your computer so that you have to manually select the network to which you connect and even go as far as to advise against transacting or using email or Instant messenger programmes. It’s clear that the threats relating to personal data are being taken more and more seriously, further highlighting the need for caution, particularly when you are using the Internet in a way that could make you vulnerable.
Another option is encrypting important data on your PC, so that if the worst happens and someone else gets access to it, perhaps on an insecure WiFi connection, your personal or sensitive information cannot be accessed.
As we look to the future, security threats will continue to evolve and it’s essential that anyone using the Internet is keeping up with emerging threats and how they need to protect themselves. For example, threats relating to mobile phones have long been recognised for their potential but that they are not yet at the same level of threat, as the functionality is still evolving so current usage presents less opportunity when compared to PCs, although there is the potential for them to grow and the high ratio of mobile phones to PCs provides plenty of scope for criminal activity. The great thing about technology is that is does evolve and deliver great benefits, but it’s always necessary to consider what this means when it comes to the accessibility of personal information and the potential to conduct fraud. If we continue to be savvy to the threats, the Internet can continue to simplify the way we live as well as save us money and time.
About McAfee International Ltd
The company is exhibiting at Infosecurity Europe 2009, the vent held on April 28 to 30 in its new venue Earl’s Court, London. The event provides a free education programme, and exhibitors showcasing new and emerging technologies. For further information – visit
