Solutions for Identity Theft, Credit/Debit Card Theft, and Personal Information Theft- Part I: Overview

MozillaQuest the on-line computer magazine

29 June, 2005

Office and Productivity Software

SCO IP, SCO v Linux, & Caldera v IBM

Solutions for Identity Theft, Credit/Debit Card Theft, and Personal Information Theft

Part I: Overview

Securing your personal information from access by evildoers via the Internet is something within your control. It is something you can do right now. And it is something you should do right now!

Mike Angelo -- 29 June 2005 (C) -- Page 2

Article Index

Identify Theft IS Not Identity Theft, Per Se

Information Theft

Exploits, Risks, and Solutions

Looking at the Information Theft and Identify Theft Big Picture

Resources

Books

Office on the Linux Desktop

You can do all your office work in Linux just as well as you can in M.S. Windows. OpenOffice is a free, office suite comparable to M.S. Office that runs in both the Linux and Windows environments.

OpenOffice 1.1 -- A Complete Office/Productivity Software Suite for GNU-Linux, FreeBSD, MAC, MS-Windows, Unix, and more

Creating a Simple Newsletter with OpenOffice/StarOffice Writer - a free word processor

Creating a Simple Contact or Personal Information Manager with OpenOffice/StarOffice Calc - a free spreadsheet

Creating a Personal or Company Budget with OpenOffice/StarOffice Calc - Part 1: Basics

Exploits, Risks, and Solutions

Securing your Web Browser

There are many places where information about you can be found. Some information about you can be found on your computer and in your records. Some information about you can be found on the computers and in records of people, government units, organizations, institutions, companies, and business enterprises that have collected information about you -- and often doing so without breaking any laws.

However, today we focus on personal information that already exists on your computer or that you (perhaps unwittingly) provide to people and to other entities over the Internet. Securing your personal information from access by evildoers via the Internet is something within your control. It is something you can do right now. And it is something you should do right now!

Web browsing can open you to all sorts of information theft. But, there are many things that you can do, and should do, to protect yourself from information theft when you are surfing the Web.

Some of the Web-browsing, information-theft exposures such as phishing are clearly noticeable and take advantage of carelessness on your part. Others such as evil scripts are not all that visible and take advantage of your lack of knowledge and/or failure to properly configure your Web browser. In some cases your Web browser is a piece of crap security-wise -- and you should change your browser.

Firewalling your Internet connection is very important too. The IRChelp.org has a very good Firewall FAQ Web page. You ought to look it over. There is a link to it in the Resources section at the end of this article. Although it is targeted to IRC and other Internet chat and messaging activities, it contains material with which anyone using the Internet should be familiar.

Among the biggest information-theft threats that come from Web surfing and e-mail are cookies, forms, phishing, and scripts.

Phishing

Here is an excerpt from Paula Zahn's Stopping Identity Theft show that explains phishing. The show transcript has more about phishing and how to protect yourself against phishing expeditions. Please read the full show transcript.

SIEBERG: . . . A phishing scam is one of the fastest growing online scams on the internet (sic), and probably everybody who has an e-mail account has received a phishing e-mail. You may not even be aware of it. It looks like it is from a trusted source. It may have the logos of companies that you deal with. It has all the information. It says, we need to update your personal information. We need you to do it right now or we'll close your account, so it's kind of threatening you, and you think that could be real.

If you click on a link in the message, it might take you it (sic) a website that looks real, and it says update all your personal data here. Well, you go ahead and do that and you hit submit. It doesn't go to that company. It goes to the scam artist, and by then they've got your information and it's too late.

ZAHN: How many legitimate institutions would actually ask you for your Social Security number and any of these other personal information online?

SIEBERG: The easy answer is absolutely none. That is not how they do business, and never click on an e-mail link within an e-mail message to get to one of these companies' websites. Call them or type in the website address in your browser.

(Stopping Identity Theft, Paula Zahn Now, CNN, May 26, 2005. Link in the Resources section at the end of this article. )

Web Forms and E-Mail

Filling-in and then submitting forms on Web pages is another potential security and privacy trap. More information could be, and likely is being, sent back with the form than what you have typed into the form. Additionally, as in phishing, the information could be directed to a Web server other than the one from which (you think) you got the form.

Included in this caution are form-based, e-mail contacts on Web pages too. Rather than provide the actual e-mail address for you to contact people from the Web site, you are asked to fill out a form-like e-mail.

There you type in your message and then send that. Just as with the problem with Web-page forms, more information than what you type in the message space could be going along with your message -- and just as in phishing, the information could be going to a different Web site -- an evil Web site set up to harvest personal information.

This additional information could be personal information or other information you have on your computer that the Web page has caused to be harvested in the background -- unnoticed by you. Scripts embedded in Web pages can search your computer for information about your computer and about you. Cookies can be used to tie bits and pieces of information harvested about you and your computer as you surf from Web page to Web page, thus forming a complete picture of your personal information and other information about you and your computer.

We strongly recommend that you do not use Web-page forms and Web-form-like e-mail contacts. If the Web site does not provide you with actual e-mail addresses to use, forget them and go on to another Web site. If a Web site wants you to fill out a form rather than giving you an e-mail address to which you can send the information in the form, forget them and go on to another Web site.

The question you need to answer for yourself in deciding whether to expose yourself to Spam and identity theft or information theft by using Web forms and Web-form-like email contacts is:

Is what this Web site has to offer worth the risk of subjecting myself and my family to even more Spam and to identity theft and information theft?

If your answer to that question is NO, then forget that Web site and move on!

See Cookies and Scripts on Page 3 ----->

Continued on Page 3 ----->

See Conclusion on Page 3 ----->