Tuesday, November 13, 2007

Protecting yourself from Identity Theft

Yesterday the Government - for once saying the right thing - made it clear that people need to become more aware of protecting their identity online. With the growth of faster, cheaper Internet access this will become a problem in furtue. The key lies with education more than anything. Some basic tips for protecting your privacy is to realise that privacy is instrincally linked to anonymity.

1) Browse the Internet anonymously. Every time you visit a website or do anything it leaves a source address for the connection. There are unscrupulous websites out there that use this data - often after tricking people into following links - to carry coordinated attacks or use your machine as a dumb terminal in a wider attack.

The key is to anonymise all your web traffic. This is just like dialing 141 and turning off caller id when you make a phone call. Think of it this way, when you buy something in a shop do you freely tell the person your home address just because they ask you for it? Use Jap or Tor to ensure your privacy and security.

2) Ensure that you use multiple online identities for different tasks. Using a single-sign-on for everything is universally dumb. Break down your tasks into security tiers based on what you are willing to compromise if one of the identities is exploited. Ideally you should try and use different identities for different websites if you can. Whatever you do do not use the same password for all of them.

3) Have multiple email addresses for different things. If a website wants your email address then it needs to have a decent reason for it. This might be because it is a business and you are purchasing something from it. Again approach this on the basis that you don't give your home address to a stranger just because they ask for it. If you must give your email address out to a site that really has no need for it be aware that the address may find its way on to a spammer list at some point.

4) All your financial login details should be different to each other and should be in no way related to any of your other passwords and logins. Thankfully banks are quite wise to these things now and tend to randomly generate usernames which cannot be changed and are, technically at least, unique. Your bank will never email you asking you to click a link and login. Period.

5) If someone emails you an attachment and you're not expecting it be wary and speak to them first. This is especially the case if the email says "open this, it's funny". It's probably been sent by a trojan/worm and your acquaintance has no idea they've been infected.

6) Don't post your entire life on Facebook or other social networking sites, and try not to post your phone numbers online. In the case of the former it will probably lose you a potential job, or might lose you your job. In the case of the latter, it's just best to publish an email address for contact (that is not the same as your main one).

6 comments:

gammydodger said...

Thanks Dizzy, very valuable advice - I hope people read it and take action. From what I am seeing I doubt that the general public in the UK or the USA really understands the risks, particularly from their online activity (see Am I Being Stalked Online?). Maybe at the moment these risks are low, but it's only a matter of time before all the data about you online starts to get joined up - and then it'll be a different story.

I'm going a different direction - if Privacy is my right to manage who knows what about me, then I should be the owner and manager of my information online. And if much of the information about me out there is inaccurate, then perhaps it's my responsibility to correct it. So here's my personal solution Too Much Information. I worry about putting this information out there, but when I think about it, there's no more here than people already have.

Anonymous said...

Further to Dizzy's excellent advice a few more hints. Make certain that you have a working firewall - esp for OUTBOUND traffic. If your machine is compromised with some form of malware you would want to stop details being sent from your machine. This one if often forgotten. Get some of the many free tools that are available for protecting your system but make certain that they are reputable. I use AVG anti-virus, SpyBot S&D and Adaware (all from filehippo) and sweep you machine on a regular basis. Make certain that all security patches are installed. Don't write down your passwords anywhere ...

DIVINE said...

Compared to Windows is OSX (and linux?) much safer from malware, bots etc..?

Thanks

Rich Tee said...

You see some pillocks online suggesting that we must use our real names. My name is unusual and if I had used it on the net over the years it would be quite easy for somebody to find out everything I've said for years just by using Google. So no way am I ever going to do that.

Regarding Facebook, you should make your profile private and not fill in your date of birth. I would also recommend not filling the education or work history but that would spoil it for a lot of people. These can't be seen if your profile is private.

Ttony said...

And remember children, passwords are like underpants. Change them often, don't show them to anybody, and don't let even your best friends see them.

Anonymous said...

At present there is no question that Windows is much much more susceptible to attack than Un*x based systems. It is the sheer number of Windows targets that attracts the bad guys - monocultures always are more vulnerable than a mixed environment! This doesn't mean that Unix based systems are invulnerable - they are not. One or two Unix programs are notorious for security problems (sendmail for example) but the inate kernel protection offered by the operating system helps.