US-CERT Cyber Security Tip ST05-019 -- Preventing and Responding to Identity Theft
- To: security-tips@xxxxxxxxxxx
- Subject: US-CERT Cyber Security Tip ST05-019 -- Preventing and Responding to Identity Theft
- From: US-CERT Security Tips <security-tips@xxxxxxxxxxx>
- Date: Wed, 17 Sep 2008 16:12:19 -0400
- Organization: US-CERT - +1 202-205-5266
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-019
Preventing and Responding to Identity Theft
Identity theft, or identity fraud, is a crime that can have
substantial financial and emotional consequences. Take precautions
with personal information; and if you become a victim, act immediately
to minimize the damage.
Is identity theft just a problem for people who submit information online?
You can be a victim of identity theft even if you never use a
computer. Malicious people may be able to obtain personal information
(such as credit card numbers, phone numbers, account numbers, and
addresses) by stealing your wallet, overhearing a phone conversation,
rummaging through your trash (a practice known as dumpster diving), or
picking up a receipt at a restaurant that has your account number on
it. If a thief has enough information, he or she may be able to
impersonate you to purchase items, open new accounts, or apply for
loans.
The internet has made it easier for thieves to obtain personal and
financial data. Most companies and other institutions store
information about their clients in databases; if a thief can access
that database, he or she can obtain information about many people at
once rather than focus on one person at a time. The internet has also
made it easier for thieves to sell or trade the information, making it
more difficult for law enforcement to identify and apprehend the
criminals.
How are victims of online identity theft chosen?
Identity theft is usually a crime of opportunity, so you may be
victimized simply because your information is available. Thieves may
target customers of certain companies for a variety of reasons: a
company database is easily accessible, the demographics of the
customers are appealing, there is a market for specific information,
etc. If your information is stored in a database that is compromised,
you may become a victim of identity theft.
Are there ways to avoid being a victim?
Unfortunately, there is no way to guarantee that you will not be a
victim of online identity theft. However, there are ways to minimize
your risk:
* Do business with reputable companies - Before providing any
personal or financial information, make sure that you are
interacting with a reputable, established company. Some attackers
may try to trick you by creating malicious web sites that appear
to be legitimate, so you should verify the legitimacy before
supplying any information (see Avoiding Social Engineering and
Phishing Attacks and Understanding Web Site Certificates for more
information).
* Take advantage of security features - Passwords and other security
features add layers of protection if used appropriately (see
Choosing and Protecting Passwords and Supplementing Passwords for
more information).
* Check privacy policies - Take precautions when providing
information, and make sure to check published privacy policies to
see how a company will use or distribute your information (see
Protecting Your Privacy and How Anonymous Are You? for more
information). Many companies allow customers to request that their
information not be shared with other companies; you should be able
to locate the details in your account literature or by contacting
the company directly.
* Be careful what information you publicize - Attackers may be able
to piece together information from a variety of sources. Avoid
posting personal data in public forums (see Guidelines for
Publishing Information Online for more information).
* Use and maintain anti-virus software and a firewall - Protect
yourself against viruses and Trojan horses that may steal or
modify the data on your own computer and leave you vulnerable by
using anti-virus software and a firewall (see Understanding
Anti-Virus Software and Understanding Firewalls for more
information). Make sure to keep your virus definitions up to date.
* Be aware of your account activity - Pay attention to your
statements, and request copies of your credit reports from the
main credit reporting companies on a yearly basis.
How do you know if your identity has been stolen?
Companies have different policies for notifying customers when they
discover that someone has accessed a customer database. However, you
should be aware of changes in your normal account activity. The
following are examples of changes that could indicate that someone has
accessed your information:
* unusual or unexplainable charges on your bills
* phone calls or bills for accounts, products, or services that you
do not have
* failure to receive regular bills or mail
* new, strange accounts appearing on your credit report
* unexpected denial of your credit card
What can you do if you think, or know, that your identity has been stolen?
Recovering from identity theft can be a long, stressful, and
potentially costly process. Many credit card companies have adopted
policies that try to minimize the amount of money you are liable for,
but the implications can extend beyond your existing accounts. To
minimize the extent of the damage, take action as soon as possible:
* Contact companies, including banks, where you have accounts -
Inform the companies where you have accounts that someone may be
using your identity, and find out if there have been any
unauthorized transactions. Close accounts so that future charges
are denied. In addition to calling the company, send a letter so
there is a record of the problem.
* Contact the main credit reporting companies (Equifax, Experian,
TransUnion) - Check your credit report to see if there has been
unexpected or unauthorized activity. Have a fraud alerts placed on
your credit reports to prevent new accounts being opened without
verification.
* File a report - File a report with the local police so there is an
official record of the incident. You can also file a complaint
with the Federal Trade Commission.
* Consider other information that may be at risk - Depending what
information was stolen, you may need to contact other agencies;
for example, if a thief has access to your Social Security number,
contact the Social Security Administration. You should also
contact the Department of Motor Vehicles if your driver's license
or car registration have been stolen.
The following sites offer additional information and guidance for
recovering from identity theft:
* Federal Trade Commission -
http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm and
http://www.consumer.gov/idtheft/
* United States Department of Justice -
http://www.usdoj.gov/criminal/fraud/idtheft.html
* Social Security Administration -
http://www.ssa.gov/pubs/idtheft.htm
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-019.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSNFkJnIHljM+H4irAQIhnAgAlPayrSAOm597GSlsQ0EiCWIgHt/HWreO
3/SwGYFzwl83AXOcZV7JCUkMPWkmViDTsuo+Xt1f9ZX1tmq7+IbVXWgxJByJO/4b
7Pl4iphchR+FjgchTGmv5uSmpv8GXAMMeN0Mp8SC6aWVDLHXzy2ovCzUs0kgEVZA
GgcVvlLiuObSA4sNPw4Vo+dTKQoWEFTplU3aUOweeYm8++C5neVLhE0NzLtsQ/ei
u/UAYlZXfgaM0JzIH+g2Aw2E6UI8jmH0mdtOPKMCSU7m6bxnk19q2ruR187RiK/S
Fj0cd0IJjsI7Nw6g41XMiZlNvgZoYKn5wn+ZMRHBI2YYey48gbmxJA==
=0Hoc
-----END PGP SIGNATURE-----
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
