These days, no one is posting her social security number and mother’s maiden name online (right?). But users have plenty of other ways to get their identities stolen in cyberspace. Even if you're engaging in seemingly innocuous behavior, identity thieves can pounce on personal information and create a new financial identity for you -- or just impersonate you and ask your friends for money.
It's bad enough when personal information is compromised, but enterprise information is also at stake. Think of all the users creating passwords for online services like Dropbox, where they store sensitive documents (against company policy, of course) or just access paid databases. Even if users don't choose their own passwords, the mechanisms used to retrieve lost passwords may be compromised when end users engage in risky behaviors. Additionally, for enterprises, when an end user is impersonated, it may reflect poorly upon the company.
One way to combat this cyberthievery is to present it to end users in an unusual way, such as “If you want your identity stolen, here’s what you can do…” Below are a few suggestions you can give in this regard:
Play the name game.
You know those silly games where you post your middle name plus the name of the street you grew up on, and that’s your stage name? They're all over Facebook, and people love seeing that their stage name is Stella Elm. Identity thieves also love these games. When someone posts the results of those combinations online, they’re posting information usually needed to answer identity verification questions. It’s like opening up the blood bank to a gaggle of vampires, who can then use this information to retrieve lost passwords, hack into accounts, and impersonate end users.
Use the same password for everything, and make it really easy to guess.
When a user deploys the same, easy-to-guess password, like a firstborn’s name or a pet’s name, for all applications and accounts, they’re laying out the welcome mat for identity thieves. Tell them to pick something harder to guess, add in some numbers and special characters -- and pick a different password for each site.
Register on every single site, even sketchy ones.
The rule of thumb is that if it’s too good to be true, it probably is. No one’s going to get a free iPad or Coach bag; at best, they’ll get spammed, and at worst, get scammed. If there’s a compelling news article on a site that requires registration, look for an alternate way to access the site, like with a Facebook or Twitter log-in or by using a service like BugMeNot.com, which provides passwords to Websites that require registration but are otherwise free. As a last resort, set up a free email account with Gmail, Yahoo, even Hotmail, to be the account you use to register for all these random sites and services; use a password that is very different from online banking passwords; and give a fake birthday.
Friend everyone who asks on Facebook.
Clearly, Facebook friends aren’t always who they seem to be. In addition to doing users bodily harm, thieves and imposters can break into bank accounts and corporate applications. Or they can impersonate users, ask their friends and family for money, and spread all sorts of nasty viruses. The lesson is, sharing can be dangerous. Even posting things like a childhood landmark (“Picture of the house I grew up in on Wisteria Lane – they cut down the avocado tree!”) can cost a user and any apps and locations on her network money, goodwill, or both.
Click on every link.
Click on that link from a grammar-school friend posted on Facebook, even if the words are misspelled and the infinitives are split. Click on the link in that email from a distant cousin, even when her subjects don’t agree with her verbs. There’s no way those sites could have malware, right? And most definitely click on the links sent by scammers purporting to be PayPal, Amazon, or your bank, and be sure to enter as much personal information as possible. Or don’t, because identity thieves love setting up these traps to catch unsuspecting, trusting people and their personal information.
Of course, no one actually wants his identity stolen. It can take years to repair damage from data breaches brought on by user negligence. It can take users themselves years to repair credit and reputations damaged by identity thieves and online impersonators. To avoid all this, the above reminders are useful to everyone.
The message in a nutshell for anyone online: Guard personal information, think twice before posting -- and click with caution.
This is a great and insightful article on increasing internet and online security. One great piece of software out there on this front is 1Password, which gives you, the end user, the ability to store and generate dynamic passwords. As a professional in the security industry with MSA Investigations, I highly recommend it! For updated information about IT security practices, follow our blog and check out MSA's online security experts for amazing tips.
Haha, grest observation, David. I agree. People usually need to be forced by mandate to follow these simple safety rules. Either that, or they have to believe their well being depends on doing the right things.
It's possible, though, to make a habit of security protection. After all, you can get in the habit of doing all these other things, no?
but it's not realistic. A person is supposed to come up with a hundred unique passwords and keep them all straight? Without resorting to writing them down? Don't click on things on Facebook...okay, but that's kind of the point, isn't it? "Yes, you can go to the amusement park, but don't ride on any of the rides, because they might be dangerous"? Seriously, who's going to do that?
How can a person or a firm be risked by using an easy to guess passwords only and not by using passwords having some difficult to guess special characters ??
as far as i know hackers usually don't guess rather they have some techniques and skills to do so ... and so using special characters in the respective passwords to make it harder to conjecture could be of no use then...
@Mashka: It's not just the SSN but a combination of SSN and other personal details that help in identifying. I know it's a weak strategy but that's what companies have been using.
I agree with all five. Unfortunately, there are countless users who routinely do one, two, three, or all of the above. I cringe at number 3, which reminds me a lot of my sister's teenage kids who register for every free clipart or online gaming site they can find. Of course, I tell them the do's and dont's when they're on the Internet when I can, but you know how kids can be sometimes.
Oh, and number 4 and 5, too. Those are just nightmares (and viruses) just waiting to happen.
According to consumer reports magazine -june 2012 , Eleven percent of households using Facebook said they had trouble last year, ranging from someone using their log-in without permission to being harassed or threatened. That projects to 7 million households—30 percent more than last year 2011
LifeLock CEO Todd Davis -- who advertised his SSN to promote his company's services. He needed it himself afterwards when his identity was stolen over a dozen times...
@Michael Good point. Online retailers like Zappos and even LinkedIn also have found themselves in the embarrassing position of having to warn their subscribers to change their passwords because their system has been hacked.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Last week's official US release of the BlackBerry Z10, the BlackBerry 10 touchscreen device, on the AT&T network marked the official entry of BlackBerry as a player in the formidable US smartphone market. While most consumers may not be swayed from their shiny, sleek iPhones and Android devices, businesses may still have a compelling reason to deploy BlackBerry 10. However, BlackBerry needs to do a few things before businesses will jump on the bandwagon, including opening up their management API and luring consumers to their device.
Whenever I whip out my BlackBerry Bold in public, someone will undoubtedly say, "Oh, how cute. You still use a BlackBerry." Yes, I do, and I'll use it until the day I die.
As legacy applications outlive their usefulness, companies look toward the cloud for maximum efficiency and minimum expense. But nothing is as simple or easy as just “moving to the cloud.” Legacy applications need to be modernized, and data has to be migrated. It’s the kind of headache that makes any seasoned IT pro reach for the coffee maker -- and a fistful of Advil.
Social integration, mobility, and the cloud -- with a side dish of social media -- are becoming evermore critical elements of enterprise content management (ECM).
New tools like laptops, tablets, smartphone, and wireless connectivity let us work from San Diego to Katmandu, and anywhere in between. But time management remains a problem.
Showing results is the best way to win over social business doubters, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution's Mitch Wagner interviewed Maida at the E2 Innovate conference.
Wells Fargo uses social software to replace email chains and help its sales team collaborate more effectively to land deals, according to Kelli Carlson-Jagersma, VP Collaboration Strategy for Wells Fargo. Mitch Wagner spoke with Carlson-Jagersma at the E2Innovate conference
A recent release of the popular TweetDeck app for Twitter power-users gives new life to software that had previously taken a wrong turn. Here's a quick walk-through of the new TweetDeck, to show you why it should be at the top of your Twitter toolkit.
A growing number of HR managers are suspicious of individuals who do not take part in social media and view them as anti-social in real life as well as online.
Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Companies are still getting their feet wet with social networking and what employees should and shouldn't broadcast. But they don't always involve HR and PR. Here's why they should, and what they risk when they don't.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
