Security Sin 4 - “I don’t keep personal data on my PC so I'm safe from identity theft"

Protecting your identity is one of the most important things you can do. With internet banking increasingly popular, as well as online shopping and billpaying, our personal details – such as name, address and date of birth – are becoming more important in identifying ourselves.

Having your identity stolen can be devastating. Criminals can open bank accounts in your name and take out thousands of pounds in loans. They can apply for credit cards and use them to run up debt. It is also a horrible feeling to know there is someone out there pretending to be you.

As we increasingly use our personal details online we are giving criminals more opportunities to steal our identities. One of the recent internet success stories has been the rise of social networking sites. A lot of people include information such as their full name, date of birth and address on their profile. This is exactly what a criminal needs to steal someone’s identity, and broadcasting these across the internet only makes it easier for them, so changing your privacy settings to limit who views your information or, even better, removing those details altogether, will help keep your identity safe.

A lot of criminals will also try a more proactive approach. Malicious software such as spyware has been created that, once downloaded, will scan your computer for personal details. Keylogging software has become popular amongst cyber criminals, as it records what you are typing. Through this software criminals can see what your usernames and passwords are, and gain access to your online bank account or email.

Through scam emails and web sites that pose as legitimate businesses such as banks or PayPal, criminals can trick you into handing over information which they can then exploit. The most popular method for this is sending spam emails that pretend to be from your bank – known as phishing. Great lengths are taken to make the emails look official, from the language used to company logos. The subject of the emails varies, but they usually involve a request for you to go to a web site and enter in your account details. Alarm bells should always
ring when you receive an email from your bank that you weren’t expecting, especially if it asks you to supply your private details, as
most banks will never do this. If you do get an email that you are concerned about, it is always a good idea to ring or visit your bank
to make sure the email is legitimate. When giving personal information to anyone you should always make sure you know who they are, and if you are using a shared computer (in an internet café for instance) check that you haven’t left any details on screen. If you are giving details over the phone, make sure no one can overhear.

Passwords are a good way of ensuring that people cannot gain access to your personal details or accounts, and it is important that these are kept secret. Unfortunately a lot of people use passwords that are easy to crack or guess, giving criminals easy access. It is always best to use what is known as a ‘strong password’ made up of random upper and lower case letters, numbers and symbols. Unlike passwords that are made up of words or names, these ‘strong’ passwords are very difficult to crack, and if you make sure you use a different password for every account, and never write your passwords down or tell them to anybody else, then this will add an extra defence against identity thieves.

Article continues

Reader rescue

This month we visited Windows Vista Magazine reader Rolf Bunn in Croydon, who recently found himself the victim of identity theft. Our survey on reader’s internet habits found that more than four per cent had been victim of identity theft, and Rolf wanted to tell us how it had happened to him.

Like many victims, Rolf found out that his identity had been stolen by chance:

“I was trying to get money out of a cash machine when my card was declined. I tried the machine next to it, and was declined again. I thought ‘that’s weird, I have money in the account’ so I called my bank.”

To Rolf’s surprise, after he explained the problem to the bank he was passed over to their fraud department. “They asked me if I was in India! They told me someone had tried to buy something with my account details there.”

Because Rolf had bought something with his card in the UK shortly after the incident in India, his bank had noticed that it would be impossible for him to have travelled between the two countries in such a short period of time. Because of this they had put a hold on his bank account to prevent any more money coming out. Thanks to his bank acting swiftly, the damage caused by having his identity stolen was minimised. However, Rolf is still not sure how his details were stolen, so he was keen to join our campaign and make sure this never happened again.

Our first port of call in making sure that Rolf’s PC was safeguarded was to check the anti-virus and spyware protection, and both of these quickly raised concerns. Rolf’s antivirus software was not configured properly and kept displaying an error message. Because of this the software hadn’t been updated to look for the latest threats, so there was a distinct possibility that all manner of internet nasties were residing on Rolf’s PC. His anti-spyware wasn’t much better. Having been recommended lots of different anti-spyware packages by friends
and family, Rolf had installed all of them, which had led to the different programs conflicting with each other and even identifying each other as spyware. Having more than one anti-spyware application installed often does more harm than good.

We decided that the best course of action would be to remove the faulty anti-virus software and many instances of antispyware, and start over again with a fresh copy of PC Tools Internet Security Suite. This contains both anti-virus and anti-spyware technology in one package – eliminating the threat of software conflicts. We then moved on to look at other ways of securing his computer. When Rolf uses his PC, every web page he visits, every file he opens and every conversation he has using an instant messaging program is recorded in various places. This is done by computers to make life easier, so you can quickly go back to a web page you viewed a couple of days ago, for example. Although this starts off with good intentions, the information can be easily exploited by criminals to gain access to your personal information. We explained to Rolf that it is good practice to remove this information from your computer regularly, and so we installed
PC Tools Privacy Guardian, an application that clears all that data from the PC. It also makes sure that deleted files sent to the Recycle Bin of Windows Vista are deleted permanently, which is another important move in the fight against identity theft.

We then talked about Rolf’s computing habits, and how these could be altered to better defend against fraud. We were initially shocked by Rolf’s admission that he kept all his passwords in one file on his computer. Thankfully, unlike 58 per cent of the respondents in our survey
who don’t protect sensitive data, Rolf had encrypted and password-protected this file, making it difficult to access. Although it is not ideal to store your passwords anywhere, at least there was some protection. Rolf told us his method for creating passwords, which was far from strong. We explained that once someone figured out the method, guessing the passwords would be easy. We then pointed him in the direction of the Microsoft Password checker web site, which lets you type in a password and gives it a rating telling you how strong it is. This is a great resource for finding out how strong or weak your passwords are, and as we told Rolf, if your password is classed as weak then you should think about changing it. We then showed Rolf the Strong Password generator on the PC Tools web site (found at www.pctools.com/guides/password) that will ensure that passwords are impossible to crack.

Before we left we reminded Rolf to never give away personal details to people he didn’t know, and to never throw away whole letters, such as bank statements and bills. Thankfully Rolf was ahead of us on that one, always making sure that all of his letters were shredded before throwing them out. When we left we were confident that Rolf’s PC was secure, and Rolf felt a lot safer. As we gave him advice on how to keep his details safe online, Rolf asked “Why don’t they tell you this when you buy a new PC?”

Worried that you’ve become a victim of identity fraud?

Have your details gone missing?

If you’re concerned that you’ve become a victim of identity theft because bills have gone missing, or your passport or driving licence has been stolen, then you should contact the following organisations:

Royal Mail www.royalmail.com

Identity and Passport service www.ips.gov.uk

Driver and Vehicle Licensing Agency www.dvla.gov.uk

Has someone used your credit card or bank account?

If someone has used your credit card or online bank account you must contact your bank to let them know. Most banks will have a fraud department that will help you. You can check if someone has used your credit card by studying your credit file for any suspicious transactions. Contact a credit reference agency such as Equifax (www.equifax.co.uk) or Experian (www.experian.co.uk). Web sites such as
www.banksafeonline.org.uk and www.cardwatch.org.uk are also good resources.

Have you contacted the police?

Identity theft is fraud, and you should always let the police know so that they can help reduce online crime. For more information, visit the web site of the UK Association of Chief Police Officers at www.acpo.police.uk.

Win security software worth £50

To make our campaign a success and fight back against viruses, spyware and scams, we need your support. Pledge that your PC is free of the seven deadly security sins, and you could win a copy of PC Tools Internet Security Suite, worth £50. We have 70 copies to give away and we will be selecting 10 winners every issue until January. Entrants will be rolled over each month so the sooner you pledge the more chances you have of winning.

Go to www.securitysins.com to find out more.