Don't be a victim of identity theft

Identity theft is on the increase, to the tune of 10 million victims in the US and $50bn (£26.7bn) in costs. Share this list of preventive measures with your end users, friends, and family to help protect them from this escalating problem

Identity theft, which involves misusing another person's credentials and personal information (name, address, national insurance number, driver's licence, credit card, bank account details etc.), is one of the fastest growing crimes. ID thieves usually use this information to access the victim's money, obtain property fraudulently in the victim's name, or disguise their own identity when committing crimes.

According to the US Federal Trade Commission there were more than 685,000 complaints of consumer fraud in America last year, with 37 percent involving ID theft. The true number is considered to be much higher; fightidentitytheft.com estimates 10 million Americans have already been victims, at a total cost of more than $50bn.

There are steps you can take to avoid becoming one of these statistics, and to minimise the damage if you are targeted by an ID thief.

#1: Only shop at trusted sites

Some people think buying things online puts them at inordinate risk of identity theft -- yet those same people think nothing of allowing a waiter or retail store clerk to whisk their credit card away to some back room where they could easily record the numbers and information or even make a "white card" copy of its magnetic strip. The key to safe online financial transactions is to shop only at reputable Web sites and to be sure transactions are secured with SSL encryption (which you can recognise by the little "locked" icon that will appear at the bottom of most Web browsers) so someone can't steal your payment information as it passes across the Internet.

One caveat, though: Scam sites can encrypt their transactions too. So we're back to the basic: Buying from Amazon.com or the Microsoft Web site is safer than ordering from Joe's Homepage (unless you know who Joe is and that he can be trusted).

#2: Protect your personal information

Online or off, it's not just your credit card number that you need to guard diligently. In some cases, just a name is enough for an ID thief to gather much more information about you. If you have a name that's common, like John Smith, it won't be so easy, but if your name is unusual, so that you're the only one with that name in your particular city or region, an ID thief may be able to find out your address, phone number, and date of birth through an online "people search".

With that information, a thief may be able to dig up details of how much your home is worth, the kind of car you drive, and get an idea of whether you're a good target. Be aware of your online presence and opt out of as many directories and databases as possible.

#3: Protect PINs and passwords

Make sure you have strong passwords for online banking, bill paying and other financial services. Don't use easily discovered passwords such as your mother's maiden name, your social security number or your birth date. A good password is long (at least eight characters; 14 is better) and complex, containing a mixture of upper and lower case letters, numbers, symbols, and not containing any words found in the dictionary. PINs are often limited to four numeric digits. If you have a choice in creating the PIN, make sure the numbers are random and not easy to guess (for example, don't use your street number or the last four digits of your national insurance number).

It goes without saying that you shouldn't write down your passwords and PINs, and you should never share them with anyone else. If it's absolutely necessary to do so (for example, in an emergency you need a friend to withdraw money from an ATM with your card), change the password or PIN immediately afterward.

#4: Protect sensitive data on your computer

If you have personal or financial information on your computer, use Windows EFS or a third-party encryption program to protect it. Update virus software regularly and use a firewall to prevent intrusions. Keep your operating system and applications updated, especially with critical security patches. Use an anti-spyware program. Don't use file sharing programs or visit Web sites that are more likely to contain dangerous code, such as hacker sites, porn sites or warez (pirated software) sites. Don't open attachments from people you don't trust and don't click on links in strangers' email messages.

Don't put sensitive information on laptops, handheld computers or other portable devices unless absolutely necessary. If you need to access such data on the go, store it on a flash drive or memory card and carry it separately from the computer. Don't set your computer up to log on automatically, especially if it's a portable.

If you sell or give away an old computer, first use an overwriting program to get rid of the information on the drive (just deleting or even formatting is not enough). Even better, remove and destroy the hard disk and let the new owner install another one.

#5: Use an alternate identity for casual Web surfing

Savvy Internet users have learned that it's smart to have multiple email addresses and to use an alternate (for example, an account with a Web mail service such as Hotmail, Yahoo, or Google Mail) when you need to enter information to access a site. If you're just casually surfing and not conducting business, there's no reason to give any site your real email address, or real name, address or other personal information.

Some sites require you to register (at no charge) to access or post to the site. And some of these sell their lists of registered users for marketing purposes. An identity thief can easily pose as an advertiser and buy the same list. Having several alternate identities can help you track down what sites are selling your info. For example, Jeff might use the name Jeff Johns when he registers on a site called John's Fishing Gear, and the name Jeff Booker when he registers on a site called the Big Book Place, and use email addresses associated with those names (jjohns@gmail.com and jbooker@hotmail.com, for example). Now when he starts getting tons of spam addressed to his jbooker account, he knows the Big Book Place is the one that sold his info.

#6: Learn to recognize phishing scams

Phishing emails are a particularly insidious form of spam. It's annoying enough to have your mailbox fill up with junk mail from legitimate companies, but phishers aren't really selling anything; they're just "phishing" for your credit or debit card number, bank details or other personal information.

A good example is the ever-popular "You qualify for low rates on home refinancing." The scam site isn't a mortgage company, but its Web site is set up to make you think it is. When you fill out the detailed loan application, you give the phisher a wealth of information that includes your national insurance number, banking information, income, employers, present and former addresses, relatives and friends' names and addresses, and much more that can be used to impersonate you.

Other examples of phishing messages include those purporting to be from your bank or credit card company, or a legitimate site with which you do business, such as eBay, notifying you that you must click a link to update your account information. Many even claim they're asking you to do this to prevent your account from being closed or used fraudulently.

Phishing messages can often be detected by the fact that links go to a different URL from the one that appears in the message. For example, if you hover over "www.ebay.com" in the message, you might see that the hyperlink actually takes you to www.scammersite.com/ebay. A good rule of thumb: Never respond to any email message asking you to return personal information. Instead, call or write directly to the company that the message purports to be from.

#7: Use cash or credit

There are lots of ways to pay for your purchases these days, but some are safer than others. When it comes to protecting your identity, good old-fashioned cash is still king. Unfortunately there's no way yet to make a purchase by inserting a £20 into a slot in your computer.

Often you have the option to pay for online purchases by credit card, debit card or direct debit from your bank account. All of these require you to submit precious information that an ID thief would love to get hold of.

None of these types of information is more or less likely to be stolen, but there are a couple of advantages to paying by credit card. First, many sites require that when you pay by credit card, you enter the security code (the three-digit number on the back of your card). This adds a layer of protection, since a fraudster who obtained your credit card number from a receipt or other source would not know this number.

More important, if you do become a victim of credit card fraud, your liability is limited by the card provider. You may not get the same protection with debit cards.

Cheques also provide an opportunity for fraud, as they contain a wealth of financial details. A clever scammer could use a cheque to get access to your money.

#8: Get off the lists

Keeping "preapproved" credit offers out of the hands of identity thieves by using safe mail management practices is good; stopping them from being sent to you altogether is even better. After all, even if you use a PO box or locked mailbox, it's possible for a dishonest postal employee to intercept them.

You can register with the mailing preference service (020 7766 4410), telephone preference service (0845 070 0707) and fax preference service (0845 070 0702). It is mandatory for companies to comply and after registering you should not receive any direct marketing unless you have asked for it, or are a customer of the organisation that sends it. If this doesn't work, make a complaint in writing through the Information Commissioner.

When completing a product warranty or other form, such as a competition entry or subscription, tick the opt-out box so your details are not stored or sold to others for junk mail.

It's also possible to have your name kept off public copies of the electoral roll, and you can ask the Royal Mail not to deliver unaddressed mail.

#9: Check your credit report

Identity theft can go undetected for a long time. Someone's out there, using your name and social security number to open credit accounts or apply for loans, but because he or she is diverting correspondence to a different address you may not know until the collection agencies start hunting you down. By that time, thousands of dollars of debt may have accumulated. One way to keep an eye on what's going on with your account is to check your credit report regularly.

Find a service that will provide a copy of your current Experian credit report. Often this is available as a free trial.

#10: Report identity theft attempts

If you're a victim of identity theft, report it to your local police. You may need a copy of the police report to submit to creditors as proof. Contact the fraud departments of credit bureaus and your financial institutions to put a fraud alert on your account. If necessary, close the accounts that have been compromised.

Story URL: http://news.zdnet.co.uk/security/0,1000000189,39268493,00.htm