Instead of paying big bucks for a credit monitoring service, you can do nearly everything yourself at no cost. We put together a list of steps for being your own identity theft monitor you can perform. It takes a little perseverance but is worth it and you do not have to share personal information with *another* company.
Doug
How much do you think you are worth on Internet? Not much, I’m afraid.
This came off FraudArena and is the going rate for your personal information:
$1.50 credit card number, cvv2
$5-$50 stolen medical ID card
$6-$18 basic identity information
$6 British passport number and bank details
$7 hijacked PayPal account with credentials
$14-16 fulls” are a complete set of data identifiers, i.e. name, address social security number, bank account, and mothers maiden name
$30 Passwords and codes to access consumer credit reports
$30-$300 immigration papers with a social security card
Just thought I would pass this along.
Doug
How many times have you been to a business that “needs” to copy your driver’s license, credit card, or other sensitive information? Car rental places, banks, and medical facilities are notorious for this practice. Another popular use is to make copies of tax returns.
Most photocopiers in the past few years have disk drives in them that help in producing copies. Problem is most of them have no security feature in them (digital overwrite or encryption) so a nefarious person could easily grab the information off the drive. The most vulnerable copiers are ones that are sold to another party. Copiers in small businesses can be easily stolen.
Most small businesses, libraries, tax preparers, and copy shops are not aware of the potential problem or if they were they may not know if their particular copier is a threat.
Next time you make a copy of sensitive information make sure the copier has data security features installed. It can save a large headache.
Doug
I am appalled at the number of people who freely put their social security number on their driver’s license. Of course I am more appalled that the DMV (department of motor vehicles) would ask such a question.
We were in the DMV waiting our turn for a change to the driver’s license. We moseyed up near the place where people visit to take care of DMV business and heard this conversation several times:
DMV: “A new license, I see. Do you want your social security number on it?”
Applicant: “Um, ok.”
No one questioned if it was necessary (which it is not). Five out of six people answered this way.
Lose your wallet or purse? Get it stolen? There is all a thief needs to steal your identity on your driver’s license. Many places photocopy your driver’s license (like car rental places and health care centers to name a few). Where does that photocopy go?
Like I have said before, the number one prevention mechanism for identity theft is in the mirror.
Doug
If you have not noticed by now, most banks, credit unions, and credit card companies do not have secure logins easily available. The login page is on an unsecured web page which means there is no simple way of verifying the login page is real or spoofed. We have written about this in a previous article. But there may be a way around this.
Go to your bank or credit card company login page. If the URL starts with https:// you are in luck - you can check the security information to make sure the web page belongs to the right entity. If the URL begins with http:// you are treading on dangerous ground. Enter a phony login id and password and try to login. Most likely an error will occur and now the login page URL begins with https:// - your lucky day. At least now the login page can be verified for correct ownership and the sensitive information sent to your bank/credit card company is secure and going to the right place.
I have tried this trick on several unsecure banking and credit card sites - and it worked every time!
Doug
mysecurepc.com has posted a web page with many privacy tips for everyday life. One of the most unbelievable privacy concerns is the U.S. Post Office. When I read the list of who gets sent your information in their privacy statement I about fell out of my chair.
Also take a look at identity theft prevention tips for statistics on identity theft in 2006. Still at the top of how thieves get your personal information is lost or stolen wallets and purses. Unfortunately, business malfeasance is at the top, too.
Doug
It is 2007 and time for tax related information to be mailed out. One of the easiest and effective ways identity thieves get your information is through your mailbox. Crooks know between Jan and April are the prime months for personally sensitive information to reside in mailboxes. After all, tax statements, 1099s, and other related mail has all the information on them an identity thief wants.
One way to help thwart thieves is to get a locking mailbox. They make in nearly impossible for a thief to steal your mail but very easy for the mailman to use. And only you have the key - not the mailman.
Doug
If you use Skype’s chat feature you may get an urgent message to download a file named sp.exe and run the program. Once the program is run it installs other programs that can steal passwords and other personal information. The Trojan horse looks like it comes from the Asia region of the world. It also connects to a server and downloads additional code.
As we all know, downloading and executing a program by someone we do not know, it not a good idea without investigation. No legitimate company would do this.
Doug
Getting rid of a computer or a hard drive? Does it have sensitive data on it? Just deleting it does not do the job. Even reformatting the hard drive is not good enough.
Deleted data is simple to recover, especially in Windows XP. A data recovery program, often free, is all that is needed to undelete data. What can be done to ensure that prying eyes will never see your data?
Plenty.
Boot and nuke an open source program will completely wipe out any data on a hard drive. It is a dangerous program (i.e. there is no turning back once it erases) so be careful in using it. It meets the DOD (Dept of Defense) requirements for complete eradication of data. A bootable disk or CD is created then the computer in question is booted up and goodbye data.
Some entities such as some government agencies and private parties use drastic measures such as saws, sledge hammers, and grinders to ensure no data is left behind. While this may do the job the hard drive cannot be used again…it is off to the land fill.
There is an easier way to get rid of your data but still be able to reuse the hard drive. In Windows XP you can encrypt all your data files, reformat the drive and you are done. This erases the encryption file keys forever. Perhaps the encrypted files can be recovered but without the decryption key all is lost.
Don’t forget to securely destroy CD/DVDs used to store data. Several paper shredders have a feature for chopping up a CD/DVD. We do not think this is a good enough solution. Once the CD/DVD is chopped up, separate it into several piles and dispose of them separately.
Doug
The scams never go away. The PIN block fraud involves your debit card. When a debit card is swiped, say at a gas station, the information on it is sent to a server. Included in this information is your debit card number, the data from the magnetic strip, and the encrypted PIN code. When you enter a PIN number it is sent to the server, too. The server unencrypts the PIN number (residing from the magnetic strip) and compares it to the one you entered. Of course they must match in order to complete the transaction.
Here lies the problem: some retailers save your debit card information (including the PIN number) on their server. There is *no* reason to save it - it should be erased after it is used for the current transaction. A hacker then breaks into the retailer’s computer system and steals the debit card number, the encrypted PIN, and the key to unencrypt the PIN. Then counterfeit debit cards are made and it’s off to the nearest ATM machine.
How do you fight it?
A few ways.
1. Use a signature instead of a PIN number when using the debit card.
2. Do not use a debit card; use cash. Especially with no name gas stations, stores, etc. I only use the debit card at one grocery chain and I use cash for other transactions.
Doug
