When ITAC surveyed 275 identity theft victims who used the ITAC’s free service over a one-month period, 160 consumers (58%) did not know the source of their identity theft. Another 115 consumers (42%) did know how their information was compromised. These 115 consumers attributed their identity theft to the following sources:

* Friends, relatives, in-home employees – 26 cases, or 22.61%

* Computer hacker/virus/phishing – 25 cases, or 21.74%

* Mail (stolen or fraudulent address change) – 24 cases, or 20.87%

* Lost/stolen wallet, checkbook or credit card – 15 cases, or 13.04%

* Corrupt business or employee – 12 cases, or 10.43%

* Data breach – 8 cases, or 6.96%

* House burglarized – 4 cases, or 3.48%

* Instant credit – 1 case, or 0.87%

Getting accurate information about the sources of identity theft is difficult because identity theft – the opening of a fraudulent new account or account takeover – is often confused with other types of fraud, like the unauthorized use of a credit card.

Nevertheless, it is up to each of us to be on guard against the possibility that our documents, or worst yet, our computers, could be compromised. Sometimes it may seem like a losing battle, but they are some steps we can take to prevent becoming the next victim. Here are some precautions:

* Do not keep your Social Security card in your wallet.

* If your Social Security number is on your driver’s license, remove it. (In some states it is now illegal for a driver’s license to be issued with a Social Security number.)

* When shredding important papers, make sure you use a cross-cut. “If it is shredded in strips and not cross-cut, I can put it down right in front of me and put it back together and there you have it,” says “John”, who uses his skills as a computer defense specialist to protect you, and is skilled in the ways of hackers and thieves and can ruin your credit and your life.

* “Don’t use wireless for anything that you would not want put in a public newspaper. Though it’s a nice convenience, your information is basically floating in mid-air. I could be two blocks away with a high-powered antenna picking up his information.”

* The key is defense in depth or layers: Anti-virus, computer patches, and firewalls, and most importantly, updating them once a week. There are types of protection for wireless but they can be hacked in as little as twenty minutes.

Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.

To protect yourself, you need an Internet security team of experts making sure that you, your family, and your business computer are always safe and secure. The best protection you can have in today’s rapidly changing world of cyber-attacks is to have expert support for all your Internet security needs that will provide technical support without any hassles and without charging you extra fees. It will become even more critical than it is today as time goes on. You need to find your own personal team of experts to rely on. If you ever have a security problem, you will want to have a trusted expert you can call for professional help, without any hassles and extra costs!

These cybercriminals leave you with three choices :

1. Do nothing and hope their attacks, risks, and threats don’t occur on your computer.

2. Do research and get training to protect yourself, your family, and your business.

3. Get professional help to lockdown your system from all their attacks, risks, and threats.

Remember: When you say “No!” to hackers and spyware, everyone wins! When you don’t, we all lose!

© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator

Bob squinted at the email and began to read:

“Dear eBay User, as part of our security measures, eBay Inc. has developed a security program against fraudulent attempts and account thefts. Therefore, our system requires further account verification…”

Security Measures. A threat to suspend his account to prevent “fraudulent activity”. The email went on to say that there were “procedural safeguards with federal regulations to protect the information you provide for us.”

Bob clicked the link and was confronted with an authentic looking logon page, just waiting for him to input his user name and password and confirm what ebay supposedly didn’t know.

He almost did it. The page looked absolutely authentic, and he had already been “set up” by the email message. His fingers were poised over the keyboard when he happened to glance at the URL.

There was something very, very wrong with it.

“PHARMING” TO FLEECE SHEEP

The art of “pharming” involves setting up an illegitimate website that is identical with its legitimate prototype, for example the ebay page Bob was almost suckered into using, and redirecting traffic to it.

“Pharmers” can do it in two ways:

1.By altering the “Hosts” file on your computer. The Hosts file stores the IP address of websites you have been accessing. By inserting a new IP address into the database field corresponding to a website, your own computer can be redirected to the pharmer’s website. Any information you give the bogus site is immediately hijacked by the pharmer.

2.Hijacking the DNS (Dynamic Name Server) itself. A DNS matches the names of address with their IP addresses. If this server can be coerced into assigning new IP addresses to traditional names, all computers using the name resolution provided by the DNS server will be redirected to the hijacker’s web site.

Once that happens, it’s time to be fleeced.

DOWN ON THE PHARM

“Pharmers” hijack your “hosts” file or DNS servers using Spyware, Adware, Viruses or Trojans. One of the most dangerous things you can do is to run your computer without some form of Internet Security installed on it.

Your security software should be continually updating its virus definitions, and be capable of warning you if something has been downloaded from a web site or through email. It should be able to remove it, “quarantine it”, or tell you where it is so that you can remove it by hand.

You should also have Spyware and Adware programs installed, and be aware of any change in Internet browsing patterns. If your home page suddenly changes, or you experience advertising pop ups (which may pop up even when you are not hooked up to the Internet), you should run a Virus, Spyware or Adware scan.

Thanks to the efficacy of these protection programs, pharming is a lot more difficult than it used to be. It isn’t as easy to hijack a computer as it once was.

So, the “pharmers” have teamed up with the “phishermen” to get you to visit the bogus web page yourself, and enter all the information they need.

PHISHING TO CATCH YOU ON THE PHARM

As Bob discovered, the page he had been taken to by the bogus email message was identical to the ebay logon page. Identical in every way except for the URL.

Out of curiosity, he checked the URL for the ebay logon by accessing ebay directly and clicking on the logon link. The two URL’s were nothing alike, except the bogus one did have the word “ebay” in it twice – just enough to make it look authentic.

By combining the two techniques, the phishermen/pharmers had avoided the high tech problems associated with downloading a Virus that could get past his protection software. They had gone straight for the throat.

Bob’s throat.

YOUR ONLY REAL IDENTITY THEFT PREVENTION AND PROTECTION

The only real protection against the pharmers and phishermen is YOU. There are three things you must consider when you read any email demanding information:

• Why do they want it? Be extremely skeptical when they say they have to “update their records”, “comply with federal regulations”, or prevent fraud. They are the ones initiating the fraud.

• Why can’t this be done at the website? Why not invite you to access the website directly and provide this information? The answer is because the bonafide company doesn’t need an update.

• What does the URL look like? Is it a series of subdomains some of which have the name of the bonafide company? Most likely the subdomain is set up with a free hosting company.

• Have they provided partial information about you as a guarantee that the email authentically comes from the legitimate source? Be very careful of this one. This technique is effective for “pretexting”, impersonating a person or company, and was used in the Hewlett Packard scandal to collect information. Just because they know your first and last name (and any other information – known only to the legitimate source) doesn’t mean the email is legitimate. They probably hijacked the information off the server.

THE BOTTOM LINE

The bottom line is: don’t provide any information at the behest of an email, no matter how authentic it looks, or how authentic the page it directs you to looks. If you must log in, do so at the parent site itself.

Your Identity Theft prevention and protection is, in the final analysis, up to you.

Don’t be the next sheep fleeced by the pharmers who caught you with the phisherman’s hook. Being dropped naked into their frying pan is NOT a fate you want.