April 27th, 2013, 08:41 AM
Hack Your E-mail to Protect Yourself by Jeff Rosenspan
Hack Your E-mail to Protect Yourself
by Jeff Rosenspan, 4-27-2013
According to a recent article by Ryan Clark and Ben Sutherly of The Columbus Dispatch, identity theft is on the rise and we're making it easier and easier for criminals to gain access to our private data. In a world full of passwords, order confirmations, and usernames, many people make the mistake of using their e-mail accounts as digital filing cabinets for sensitive information. Do you have an e-mail folder labeled "receipts" or "bank stuff"? If you do, you have made it easy for criminals to find the information they're after. Some colleges are taking steps to curtail this practice. The Identity Theft Protection Committee at East Carolina University, for example, requires its students to obtain written permission before transmitting any sensitive data by e-mail. Most of us are more casual about our communication, to our detriment. This short article will help you understand the risks and protect yourself.
With the right stolen information, criminals can access our bank accounts, transfer bank balances, open new bank accounts, apply for loans, obtain passports, receive government benefits, and even file phony tax returns to get our refund checks. According to CNBC, The U.S. Treasury estimated that refund fraud due to identity theft cost the taxpayers $5.2 billion in 2012. Unfortunately, financial identity theft is only the tip of the iceberg.
Experian's service ProtectMyID.com details a wide variety of other types of identity theft, including criminal identity theft (giving stolen credentials to authorities), synthetic identity theft (using a stolen social security number and linking it to a fake name), medical identity theft (usually resulting in insurance fraud or tampered medical records), and child identity theft (using a stolen social security number of a minor to get a clean credit rating). All are illegal, and all are on the rise.
How can we avoid identity theft? Last year, the Identity Theft Assistance Center in Washington, DC, found that over 70% of child identity theft was the result of "friendly fraud" by a family friend or relative. Typically, this occurs when private information is left out in a place where it's readily found by prying eyes. You can avoid this danger simply by placing important documents in locked cabinets or safes, but it's harder to be vigilant with digital data. E-mail accounts have passwords required to get in, but this only gives you a false sense of security.
When we use public computers at place like libraries, college campuses, or retail stores, we make ourselves vulnerable to identity theft. On June 28, 2012, the Superior Court of New Jersey decided that it was illegal to even read another person's open e-mail (Marcus v. Rogers), but identity thieves are doing much more than reading. Security specialists at CreditGuard estimate that more than 15% of identity thefts occur because of a specific and avoidable careless error: people use public computers to check their e-mail and forget to log out. When criminals have access to your e-mail, it's usually just a matter of moments before they find out enough sensitive data to start the fraud process. By searching your e-mail account for "Password", "Profile", "Username", and "Mom", for example, a criminal could instantly have access to all of your banking data and even your mother's maiden name.
What can we do about it? Beat them to the punch. You can find out what sensitive data is available by simply doing what the thief would do: open your e-mail and search yourself. Yahoo Mail has a box labeled "Mail Search" (AOL has "search mail", Hotmail has "search e-mail", Gmail has a magnifying glass icon next to the search box). Click the box, type PASSWORD, and hit enter; you'll be surprised at what pops up. The full list of important search words is below. Use this list to search your e-mail account and delete, download, or hide your sensitive date.
Here is the list:
Access, Account, Activation, Address, Bank (Banking), Confirmation, Credit, Details, DOB (Date of Birth), Expiration, FAFSA, Identification, Information, Insurance, License (Driver's License, Professional License), Loan, Login, Member (Membership), Mom (for Mother's Maiden Name), Number (Social Security Number), Passport, Password, Phone, Photo, PIN, Profile, Security (security code), Signature, SSN, Transcript, Transfer, Username
Jeff Rosenspan is a computer security consultant with WConquest in Boston, Massachusetts
April 30th, 2013, 09:36 AM
Interesting!......very interesting, but also very American in its orientation.
I say that because the Social Security Number is extremely important in a US context whereas; over here in the UK, it is not. I don't even know my SSN, although I could find it; if needs be. Our SSN is purely taxation and welfare benefits related and plays no part in your personal ID.
Hence, you could not open a bank account in my name; hell, even I would have difficulty opening a bank account in my name I would need to show up personally with passport, drivers licence, and other ID if I don't drive. This is because our system is aimed at preventing money laundering and tax fraud. Sure, I could probably open an online account, but only if I was vouched for by my current financial services provider who had already done the verification.
One aspect of security that the article seems to have missed is that you are keeping your e-mail online, rather than downloading and storing locally. That means that you are trusting a remote provider to hold your data securely, and you probably don't download a local backup?
Do any of you remember Megaupload, and all those legitimate users who lost all their data?
Just a few thoughts................