Solutions for Identity Theft, Credit/Debit Card Theft, and Personal Information Theft
Part I: Overview
Mike Angelo -- 29 June 2005 (C) -- Page 2
Exploits, Risks, and Solutions
There are many places where information about you can be found. Some information about you can be found on your computer and in your records. Some information about you can be found on the computers and in records of people, government units, organizations, institutions, companies, and business enterprises that have collected information about you -- and often doing so without breaking any laws.
However, today we focus on personal information that already exists on your computer or that you (perhaps unwittingly) provide to people and to other entities over the Internet. Securing your personal information from access by evildoers via the Internet is something within your control. It is something you can do right now. And it is something you should do right now!
Web browsing can open you to all sorts of information theft. But, there are many things that you can do, and should do, to protect yourself from information theft when you are surfing the Web.
Some of the Web-browsing, information-theft exposures such as phishing are clearly noticeable and take advantage of carelessness on your part. Others such as evil scripts are not all that visible and take advantage of your lack of knowledge and/or failure to properly configure your Web browser. In some cases your Web browser is a piece of crap security-wise -- and you should change your browser.
Firewalling your Internet connection is very important too. The IRChelp.org has a very good Firewall FAQ Web page. You ought to look it over. There is a link to it in the Resources section at the end of this article. Although it is targeted to IRC and other Internet chat and messaging activities, it contains material with which anyone using the Internet should be familiar.
Among the biggest information-theft threats that come from Web surfing and e-mail are cookies, forms, phishing, and scripts.
Here is an excerpt from Paula Zahn's Stopping Identity Theft show that explains phishing. The show transcript has more about phishing and how to protect yourself against phishing expeditions. Please read the full show transcript.
Filling-in and then submitting forms on Web pages is another potential security and privacy trap. More information could be, and likely is being, sent back with the form than what you have typed into the form. Additionally, as in phishing, the information could be directed to a Web server other than the one from which (you think) you got the form.
Included in this caution are form-based, e-mail contacts on Web pages too. Rather than provide the actual e-mail address for you to contact people from the Web site, you are asked to fill out a form-like e-mail.
There you type in your message and then send that. Just as with the problem with Web-page forms, more information than what you type in the message space could be going along with your message -- and just as in phishing, the information could be going to a different Web site -- an evil Web site set up to harvest personal information.
This additional information could be personal information or other information you have on your computer that the Web page has caused to be harvested in the background -- unnoticed by you. Scripts embedded in Web pages can search your computer for information about your computer and about you. Cookies can be used to tie bits and pieces of information harvested about you and your computer as you surf from Web page to Web page, thus forming a complete picture of your personal information and other information about you and your computer.
We strongly recommend that you do not use Web-page forms and Web-form-like e-mail contacts. If the Web site does not provide you with actual e-mail addresses to use, forget them and go on to another Web site. If a Web site wants you to fill out a form rather than giving you an e-mail address to which you can send the information in the form, forget them and go on to another Web site.
The question you need to answer for yourself in deciding whether to expose yourself to Spam and identity theft or information theft by using Web forms and Web-form-like email contacts is:
If your answer to that question is NO, then forget that Web site and move on!
KDE, KMail, and Konqueror Articles
KMail -- One of the Best E-Mail Clients (Editor's Choice)
Impact of the Mandrake-Conectiva Acquisition on the Linux Landscape
Is Netscape Losing the Browser Wars?