by Laura Yecies
Doesn’t it seem like every Web site wants a plethora
of personal information from you today? It’s getting out of hand. “Register
now” they say and, then proceed to ask everything from your favorite
color to your mother’s maiden name so you can buying that rare antique
tea set, connect with old friends or simply read a news story. Beyond the sheer
annoyance factor, do you really want so much info about you floating around out
of your control?
(FYI…I understand why Web sites want the info, to
better understand customer desires and in some cases target
advertising…and in the interest of full disclosure we do ask for some
information but only require a valid e-mail for the free firewall. I’m
not questioning their goal or intentions, just the practice risks).
Because of all this data, your PC may no longer be the
holy grail of hackers. That’s because there are far more valuable assets
to target…consumer databases. Every form you fill out results in data
stored in some data canter somewhere in the world. Since 2005,
Privacyrights.org has been maintaining a list of all the reported cases of data
breaches (link to list: (http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP).
I’m not going to pick on any specific companies in this forum, but I
encourage you to scroll through the list. It’s pretty shocking just how
many companies and organizations have lost data on people like you.
How it works:
Hackers can use any number of attack techniques to gain
entry into a customer database, including something as simple as stealing a
laptop containing customer data. More elaborate attacks may include employee
password theft, a backdoor Trojan, a compromised Web server, and more.
Once they have access to the database, a hacker can look
up (or download) customer records such as a transaction history, credit card numbers,
date of birth, passwords, and on occasion even your social security number.
That personal profile data, depending upon how complete,
can fetch up to $100+ on black market Web sites frequented by identity thieves.
According to our researchers, the most active ID theft markets are China and Russia.
When an identity thief or hacker has an adequate profile
of you, they can institute any number of different attacks, depending upon the
information at hand. For example:
- Without ever attacking your PC directly, an ID thief can
open up credit cards in your name and run up the bill. When you fail to pay it,
your credit can be damaged.
- A hacker can use a little bit of personal knowledge to
trick you into downloading malware onto your PC, thereby allowing him to steal
the password to your online bank or stock brokerage account (and drain it), or
steal your credit card and spend freely without consequence.
- Hackers are also morphing bits of data from multiple
people to create a new fictitious person, thereby often escaping notice of
credit bureaus and watch groups.
What to do?
For one, try to limit
the kind of information you give out online. If a Web site requires
registration for non-transactional purposes (IE reading a story, joining a
message board etc), consider using an alias, a “disposable” e-mail
address, and/or a birth month that’s off by a month. Restrict the number
of sites that know all about you. For hackers, it’s a numbers game, and
the fewer sites that know who you really are, the better. If you do any sort of
shopping or banking online, you can’t totally prevent this, but
it’s about risk mitigation.
Sign up for a credit watch program. YES,
we’ve heard all about the recent challenges at LifeLock (link to: http://blogs.pcworld.com/staffblog/archives/007008.html).
But we maintain that it’s important to have a credible service keep an
eye on your credit (unless you plan to do so yourself). It’s an integral
part of your Internet Security, which is why we offer it as an option with your
Opt out of junk mail. By
opting out of physical junk mail, an ID thief can’t steal credit
applications out of your mailbox and sign up in your name.
We have more general ID Theft tips here (link to the ID
Theft Protection center).