A friend was recently the unfortunate victim of credit card theft. I haven’t yet found a fortunate victim, but ultimately there is bound to be a criminal stupid enough to deposit money into a stolen account J In today’s online world, unless you can determine how the credit card theft occurred you really must assume identity theft as well. In this case my friend has the credit card in her possession, so we can’t rule online attacks that may have compromised other information.
In all of this there is a call to action for companies throughout the world. The details in this blog will deal with US based attacks, but network administrators throughout the world need to hear this. Employers need to be the resource that employees look to first in case of identity and credit fraud. We all know that too many people use the same passwords in multiple locations. Are you certain that employees are not using their network password for their online banking? Their MySpace account? Paypal, eBay, stock broker, etc.? You want your employees to tell you when they are victims of such attacks. You want them to know you will help so that they will let you know when it is time to monitor remote connections using their credentials and when it is time for them to change their passwords. This is also an excellent opportunity to teach some basic security at a time when a person might be more receptive to education than they would otherwise be. But, back to the masses…
The first step, preferably now, before you are a victim, but even after a crime has occurred is to go to http://www.idtheftcenter.org/. I encourage you to browse around the site, they have some prevention tips at http://www.idtheftcenter.org/preventiontips.shtml. Even if you are already a victim this is an excellent resource. For those who have already experienced credit or identity fraud they have a section with victim resources at http://www.idtheftcenter.org/vresources.shtml.
The FTC also provides excellent resources, including clear steps on what you need to do if you are a victim. You can find this information at http://www.ftc.gov/bcp/edu/microsites/idtheft/
Your credit report can help you identify identity theft before you might otherwise know it. https://www.annualcreditreport.com/ is where you can go for a free copy of your credit report from three credit agencies.
You only get one credit report per year for free. Your credit report contains information about YOU and you should be entitled to view it at any time at no charge. Perhaps in a future column I’ll provide a list of state and federal law makers to petition.
The three major credit agencies are Experian, Equifax, and TransUnion. All three of these companies want to sell you “services”, but Experion and TransUnion tend to try to make it harder to find out how to get your free credit report without buying something from them. As far as I know, you have to go through annualcreditreport.com to get the free reports. You will be invited to open an account when you go for your free annual report. I recommend you do so and write down your user name and password. Generally you can check back for a month. You will need this information to do so and they will not make it easy for you if you do not have this information. You do not have to send these companies any money. If you can’t find out how to get your free report, keep looking and/or call or email them. It is there.
Review your credit report and look for anything you do not understand. I found out that one of the agencies thinks I’m 12 years older than I am and another thinks that an address I lived at 7 years ago is my current address. The only problem I am aware of that I have had with identity theft is that someone was contributing to my social security account after a wallet was stolen in high school J
If you have any questions or comments you can post replies to the blog or email me at firstname.lastname@example.org
Director of Technical Education
Author ESET Research, ESET