The dangers posed by malware were a very real concern for computer users long before the internet became commonplace, but while many considered irrecoverable loss of data and important files to be the worst-case scenario, identity theft is arguably a greater threat.
Using personal information to register for credit cards, mobile phones and other services can be dangerous, so it’s vital to be aware of exactly how financial loss can happen and what steps you can take to prevent it.
Malicious parties can gain access to personal information in a number of ways. Infection from a virus such as a Trojan horse is particularly dangerous since you are unaware that your system has been compromised. A hacker could gain control over your computer; retrieve sensitive information as it is entered and send it back to the source. They often do this by using keylogging software to record keystrokes that could contain sensitive data such as passwords, account details, usernames and personal information.
Phishing is another fairly common method and though it’s inherently less dangerous because it requires you to volunteer personal information yourself, it’s vital to be aware of the nature of this threat. Phishing typically involves cleverly formatted e-mails intended to convince you that you are being asked for personal information from a legitimate source. They often request that you provide sensitive details in response, usually with the threat of a service, account or order being suspended or discontinued.
In a similar manner, “rigged websites” that appear genuine and typically offer a service or a discount on a purchase that may sound too good to be true can retrieve personal information through a registration process that will be required before the “offer” can be received. Without sufficient protection, these sites can be difficult to spot, which just underlines how important it is to be aware that these sorts of threats exist and to know how to avoid them.
The dangers posed by identity theft
Identity theft can typically be separated into two categories:
“True name” identity theft involves a thief using personal information to open accounts and register services in your name – be this credit cards, mobile phones or transactions at online marketplaces.
“Account takeover” differs in that information gained from illegal access to your computer is used to log in to existing accounts and perform transactions in your name. Both are very dangerous, and both can result in significant financial loss.
There are a number of “horror stories” that illustrate exactly how dangerous identity theft can be. Examples include Jack Todey, a businessman who fell for a phishing scam by replying to a genuine looking e-mail that appeared to be in relation to his bank account. After following a link within this e-mail to avoid apparent suspension of his account and entering his personal details as requested, Jack soon realised that £1000 had been withdrawn, though luckily in this instance the bank refunded the money after a lengthy analysis of the source of the transaction.
Katie Nimmo fell afoul of hackers by not updating the internet security software on her computer and belatedly discovered that malicious software had taken control of her PC and sent bogus e-mails to her friends that included a link to further spread the malicious code. Also, the personal information retrieved from her computer was used to register for several credit cards and sign up to a number of gambling and casino sites.
It goes without saying that even if a bank or service is willing to refund money lost to fraud, it’s really not worth taking the risk, so what can you do to avoid this and make sure that your personal information and financial details are safe from prying eyes?
Security is king
First of all, always have a strong security suite that is regularly updated and includes specific virus protection software against threats such as identity theft and phishing, alongside standard antivirus and antimalware protection. Online fraudsters are particularly adept at disguising behaviour so a suite of tools designed to detect and eliminate threats in this way is essential.
Also, there’s no overstating the need for you to recognise and avoid threats on a personal level. You should consider these “ground rules” for your peace of mind:
- Use strong passwords and change them from time to time.
- Don’t store passwords and personal details in an easily recognisable document on your computer.
- Make sure your bank or credit card company offer protection against fraudulent transactions.
- Lock your portable devices such as notebooks.
- Before sending personal details, make sure the recipient is legitimate and not just impersonating the company in question.
- Check and double-check bank statements, online transactions, standing orders and payments to make sure they are recognised and genuine – this counts for smaller payments as well as large quantities, since it’s often the smaller amounts that go unnoticed, and could signify the fact that someone has gained access to your account or personal details.
- Shred bills, bank statements and other materials that contain personal information.
- Cancel credit cards that you’re not using anymore.
If you have any doubt as to whether a request for further information or personal details is genuine or not, phone the company in question or log in to the website in the usual manner to address the situation directly.
With this information in mind and a regularly updated security suite, you can avoid identity theft and take advantage of the convenience and speed of online browsing and monetary transaction without being an easy target for thieves and hackers.