US-CERT Cyber Security Tip ST05-019 -- Preventing and Responding to Identity Theft

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                      Cyber Security Tip ST05-019
                Preventing and Responding to Identity Theft

   Identity theft, or identity fraud, is a crime that can have
   substantial financial and emotional consequences. Take precautions
   with personal information; and if you become a victim, act immediately
   to minimize the damage.

Is identity theft just a problem for people who submit information online?

   You  can  be  a  victim  of  identity  theft  even  if you never use a
   computer.  Malicious people may be able to obtain personal information
   (such  as  credit  card  numbers,  phone numbers, account numbers, and
   addresses)  by stealing your wallet, overhearing a phone conversation,
   rummaging through your trash (a practice known as dumpster diving), or
   picking  up  a receipt at a restaurant that has your account number on
   it.  If  a  thief  has  enough  information,  he or she may be able to
   impersonate  you  to  purchase  items, open new accounts, or apply for
   loans.

   The  internet  has  made  it easier for thieves to obtain personal and
   financial   data.   Most   companies   and  other  institutions  store
   information  about  their  clients in databases; if a thief can access
   that  database,  he or she can obtain information about many people at
   once  rather than focus on one person at a time. The internet has also
   made it easier for thieves to sell or trade the information, making it
   more  difficult  for  law  enforcement  to  identify and apprehend the
   criminals.

How are victims of online identity theft chosen?

   Identity  theft  is  usually  a  crime  of  opportunity, so you may be
   victimized  simply  because your information is available. Thieves may
   target  customers  of  certain  companies  for a variety of reasons: a
   company  database  is  easily  accessible,  the  demographics  of  the
   customers  are  appealing, there is a market for specific information,
   etc.  If your information is stored in a database that is compromised,
   you may become a victim of identity theft.

Are there ways to avoid being a victim?

   Unfortunately,  there  is  no  way to guarantee that you will not be a
   victim  of  online identity theft. However, there are ways to minimize
   your risk:
     * Do  business  with  reputable  companies  -  Before  providing any
       personal   or  financial  information,  make  sure  that  you  are
       interacting  with a reputable, established company. Some attackers
       may  try  to trick you by creating malicious web sites that appear
       to  be  legitimate,  so  you  should  verify the legitimacy before
       supplying  any  information  (see  Avoiding Social Engineering and
       Phishing  Attacks and Understanding Web Site Certificates for more
       information).
     * Take advantage of security features - Passwords and other security
       features  add  layers  of  protection  if  used appropriately (see
       Choosing  and Protecting Passwords and Supplementing Passwords for
       more information).
     * Check   privacy   policies   -  Take  precautions  when  providing
       information,  and make sure to check published privacy policies to
       see  how  a  company  will use or distribute your information (see
       Protecting  Your  Privacy  and  How  Anonymous  Are  You? for more
       information). Many companies allow customers to request that their
       information not be shared with other companies; you should be able
       to  locate the details in your account literature or by contacting
       the company directly.
     * Be  careful what information you publicize - Attackers may be able
       to  piece  together  information  from a variety of sources. Avoid
       posting  personal  data  in  public  forums  (see  Guidelines  for
       Publishing Information Online for more information).
     * Use  and  maintain  anti-virus  software  and a firewall - Protect
       yourself  against  viruses  and  Trojan  horses  that may steal or
       modify  the  data on your own computer and leave you vulnerable by
       using  anti-virus  software  and  a  firewall  (see  Understanding
       Anti-Virus   Software   and   Understanding   Firewalls  for  more
       information). Make sure to keep your virus definitions up to date.
     * Be  aware  of  your  account  activity  -  Pay  attention  to your
       statements,  and  request  copies  of your credit reports from the
       main credit reporting companies on a yearly basis.

How do you know if your identity has been stolen?

   Companies  have  different  policies for notifying customers when they
   discover  that  someone has accessed a customer database. However, you
   should  be  aware  of  changes  in  your  normal account activity. The
   following are examples of changes that could indicate that someone has
   accessed your information:
     * unusual or unexplainable charges on your bills
     * phone  calls or bills for accounts, products, or services that you
       do not have
     * failure to receive regular bills or mail
     * new, strange accounts appearing on your credit report
     * unexpected denial of your credit card

What can you do if you think, or know, that your identity has been stolen?

   Recovering   from  identity  theft  can  be  a  long,  stressful,  and
   potentially  costly  process.  Many credit card companies have adopted
   policies  that try to minimize the amount of money you are liable for,
   but  the  implications  can  extend  beyond your existing accounts. To
   minimize the extent of the damage, take action as soon as possible:
     * Contact  companies,  including  banks,  where  you have accounts -
       Inform  the  companies where you have accounts that someone may be
       using  your  identity,  and  find  out  if  there  have  been  any
       unauthorized  transactions.  Close accounts so that future charges
       are  denied.  In addition to calling the company, send a letter so
       there is a record of the problem.
     * Contact  the  main  credit reporting companies (Equifax, Experian,
       TransUnion)  -  Check  your credit report to see if there has been
       unexpected or unauthorized activity. Have a fraud alerts placed on
       your  credit  reports to prevent new accounts being opened without
       verification.
     * File a report - File a report with the local police so there is an
       official  record  of  the  incident. You can also file a complaint
       with the Federal Trade Commission.
     * Consider  other  information  that may be at risk - Depending what
       information  was  stolen,  you may need to contact other agencies;
       for example, if a thief has access to your Social Security number,
       contact  the  Social  Security  Administration.  You  should  also
       contact  the Department of Motor Vehicles if your driver's license
       or car registration have been stolen.

   The  following  sites  offer  additional  information and guidance for
   recovering from identity theft:
     * Federal Trade Commission -
       http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm         and
       http://www.consumer.gov/idtheft/
     * United States Department of Justice -
       http://www.usdoj.gov/criminal/fraud/idtheft.html
     * Social Security Administration -
       http://www.ssa.gov/pubs/idtheft.htm
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-019.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ6CUUX0pj593lg50AQLRzwf/UOFnQcVY0Yf7ZSdKEpOEIZ4Vaz2+NDWv
SUphI8pQ6UPjROAFwxDNdB6C16VRDraxpUx7c0fQQzP+Xw7sxHayBUgBhobduawJ
UARINllPJD5dtrD/Sv1JhBDMqmc6icItGhkAgJ9igM5JzSSlzEo+9BHHAagytu0P
TEYrNaGk/FhQtQpB9rmYLyHbRvoikN+bDs4EPkYgmScVgqPskXDrfyO0W32DoDzj
OTxSTitZhTWVXwTftm17jAe9HrnnF8kFFijkDQmJR4SWydJbUplX4MBVN/vmr6Iz
JDaDqrJplYNotraqR502RCcaPDE2lMQr7ejUkvaigxY6bySURNTYpw==
=IM9D
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux