The recent
spate of news on major compromises of user data has gotten a lot of attention,
but in fact most victims of identity theft get compromised in less spectacular
ways.
I spoke with
Justin Feffer about identity theft in the real world. Feffer is an instructor
at FBI-LEEDA,
a national non-profit which works to educate and advance law enforcement. He's
a cyber crimes investigator in southern California. Feffer says the main things
for users to look out for are:
- Malware, particularly keyloggers, installed on the computer. Obviously these can steal your identity by capturing the keys you press and the screens you see. You can prevent them by running as standard user, running up to date antivirus software, keeping your operating system and applications up to date and exercising caution.
- Misconfigured peer-to-peer apps are also a common mistake of users. If a user configures P2P applications like Limewire to share too large a portion of the file system, such as all of My Documents, then other users on the network can see anything you put there, such as your Quicken file. If you have kids, make sure they don't install and misconfigure such apps.
- Phishing is not quite the threat it used to be, but it's still widely used. Nowadays the real phishing threat comes from targeted phishing attacks called spear phishing, in which the attacker uses some prior knowledge of you to tailor the phishing e-mail to what you would expect in a real one. In the recent massive Shady RAT attack described by McAfee, the initial attack vector into victimized organizations was a spear phish. Be aware of the site you are actually viewing and be especially suspicious of links that come in unsolicited e-mails.
- Nigerian-type scams are also probably never going to go away because they rely on human weaknesses. When you receive an unsolicited offer that sounds too good to be true, it is.
- Criminals often install skimmers on ATMs and other card reading devices, including credit card readers. These are devices which install over the reader appear to be part of the machine. When you insert your card the skimmer reads it and records the information on it. They are often used in combination with surreptitious cameras to record the keys you press for the PIN. Feffer says that in southern California skimmers are especially popular on gas pump, but they are also being used on the smaller point of sale readers found in stores.