According to the Bureau of Justice, over 17 million Americans were victims of identity theft in 2014. This is an increase of a million cases over the year 2012 and prior to that, there was a 33% increase between the years of 2005 and 2010.
People often make the mistake of believing that something like identity theft could never happen to them. It even happens in environments that would seem to be safe, according to this statement on a public forum.
It is easier to believe that it wouldn’t happen than to try to ascertain how one would handle the circumstances if it did happen. Psychologically speaking, it is very normal for people to think that it couldn’t be them and that they can skate through life without those issues. It is called optimism bias.
When it comes to identity theft in particular, the reality is that anyone who has ever made an online payment has put themselves at risk, to some extent. Microsoft, in their security training, mentions that the only way to truly be “safe” is to stay off of the computer and not plug into any network. This practice would not allow the use of computing, and therefore, it is not a practical solution. However, Microsoft does offer “best practices” that includes the evaluation of what is needed and how much is needed in each scenario.
What Is Identity Theft? What are the Signs? What is the Impact?
The stress of having an unknown person gain access to personal data and bank account information is enough to cause anyone to feel overwhelmed and out of control. Sadly, by the time an individual’s identity has been stolen, it is often too late to prevent additional unauthorized charges and the issues and damages only compound.
The Damages Unfold
Identity thieves often implement a strategy of destroying the credit history of their victims. When they have succeeded at this level of destruction, it can take years for their victims to repair the damage that has been done. Without a stable credit history, the victims are left in a state where they are unable to make higher dollar purchases. This may not sound that bad, at first, but when put into the context of basic human needs, there is the realization that this can affect the victim’s ability to obtain a place to live (house purchase; renting), as well as transportation to work (i.e. car purchases; car leases), and many more areas of basic livelihood. This means that even an attempt at putting life back together and in order is thwarted by the ongoing damage of this crime.
Based on the grim outlook of the compounding effects, a feasible approach that has been suggested is one that includes a prevention strategy. To implement a prevention strategy, there needs to be an ability to identify signs that an identity may be at risk. Fortunately, there are companies who specialize in this area and have compiled lists of signs. One such example is “Signs of Stolen Identity” by ID Theft Authority.
The more that identity theft can be prevented, the better the odds are that the victim will survive without permanent damage. The first step is to move past the denial and realize that identity theft can happen to anyone. The next step is the prevention strategy, which also includes looking for and identifying the signs.
There are a few “easy steps” that can be taken to start the process of effectively minimizing the odds of becoming the next victim of identity theft. Nothing is 100% foolproof, but implementing good habits of protective measures and protective patterns of behavior will help to lessen the odds of being the next victim.
Trojans and computer viruses are often used by cybercriminals to gain access to personal data and credit card information. Just like the historical story of the Trojan horse, a computer Trojan is like a smaller packet/software that unleashes damaging code into the computer.
Once an infection has occurred, the virus or Trojan sits and waits for personal data to be entered by the user. When the virus software detects a credit card or social security number (easily decipherable through patterned algorithms identifying the patterns of data like social security numbers and credit cards), the software records that number and sends it to a remote server where it is recorded in a database. That database is then accessed and used by the cyber criminals who are behind the security breach. At this point, the criminals have gained access to a database of stolen information; valuable information like credit cards (stealing money) and social security numbers (stealing identities).
Anti-virus software, as its name suggests, is built to identify virus code (based on a previous identification of virus code and “learned behavior”). With these continued improvements and updates, the anti-virus software can detect the nefarious actions of the virus software that is collecting personal and financial information off of the user’s computer. The anti-virus software is made to neutralize (destroy) the virus software, rendering it null and void on the user’s computer. This is assuming that the anti-virus software is 1) premium; 2) reputable and proven; and 3) kept up-to-date (ensuring that each new virus software code has been identified and programmed into this defending software).
Emails and Phishing Scams
Phishing is a common method used by criminals to gain bank account information. It involves sending fake emails that appear to be from a bank or other financial institution. This usually involves faking an important alert, such as warning of possible account closure or possible breach of security. The objective is to prompt the user to click on the link enclosed in the email, taking them to a decoy (fake) web page and requesting that they login with their banking credentials.
If the user enters their personal data, that information (user name, account number, bank password, etc.) gets recorded and sent to the criminal (or recorded in the criminal’s database for future retrieval).
The preventative measure to take involves ensuring that the email is scrutinized carefully. While there are many phishing attempts that look very similar to the original banking information, there are often telltale signs that it is not the bank itself. Even beyond an inspection of the graphics is an inspection of the link. Many times the name of the bank will be a part of a subdomain and not the main domain. So, a link may be something like paypal.fakedomain.com. In this case, the domain is “fakedomain.com” and the “paypal” is part of a sub-domain. A domain owner could put anything they wanted in that position, and it does not have any credibility. Another similar component to check is the “from” email address of the email, to ensure that it is truly coming from the bank’s email server. That particular check is more tricky and may not be as conclusive.
Another counteractive measure is to choose to go directly to the bank website, bypassing the link that is enclosed in the email. That way, the premise of the email can be tested directly. If there is truly an issue with the account, it would be evident by accessing the bank account directly, via the bank’s website. There would be no need to rely solely on the information that is provided in the email communication.
Of course, another option, similar to Microsoft’s security advice, is to avoid the Internet and phone the bank (with a phone number that is obtained from a source other than the phishing email) and ask the questions of the bank itself.
It is also vital for users to be cautious when downloading files or attachments. Downloads should only be accessed from trusted sources. Even the most benign software (i.e. music files, utility software, etc.) can masquerade as something safe and still include nefarious code that will install viruses and key loggers. Keyloggers are software programs that record the keystrokes that the user enters and given enough time, the keyloggers will reap the information that puts the user at risk.
The crime of identity theft is not likely to go away anytime soon. The hope is that the laws of the country(ies) will eventually catch up to the severity of the crime. In the meantime, users need to take it upon themselves to do everything that they can to protect themselves and to protect their computers and devices.
Protection of themselves and adjusting their behaviors and awareness will assist them when using devices or environments that are unfamiliar to them. Protecting their devices and computers will aid them in assisting others as they use each others’ computers and resources. Possibly, through group effort and diligence, the tide will turn.