Identity theft is nothing new; it's been around for ages. Nevertheless, the crime has certainly evolved. No longer do unscrupulous criminals need to dig through your trash or pilfer your mailbox to acquire personal information illegally.
No, with the Internet, tech-savvy criminals and hackers can resort to online trickery to steal identities, which they can then use to create fraudulent credit accounts, withdraw funds from bank accounts or otherwise cause mayhem for affected victims.
Online identity theft may seem a high-tech endeavor, and in some cases, it is. However, most of the time, criminals and hackers gain access to personal data through simple misdirection techniques and often just by asking. By following a few simple rules and using some common sense, though, you can protect your identity online and save yourself from the frustration and headaches that having your personal data compromised causes.
These days, virtually every legitimate website that requires personal information from you also requires you to create an account with a username and password. This applies to shopping sites, bank websites, social networks and just about any other type of online portal you can imagine. Consequently, a strong password is essential for protecting your personal information online. Nonetheless, many online users continue to create easily guessed passwords, such as children or spouse names, birthdates or even simple words or numbers such "password" and "123456." While creating a password you can remember is certainly important, so is creating one that is difficult for hackers or others to crack or guess.
Creating a strong password requires more than simply making one with a lot of letters or digits. A strong, hack-resistant password should contain letters (both uppercase and lower case,) numbers and symbols. Additionally, a strong password should not contain a name or word contained in a dictionary. Hackers can use dictionary-based, brute force attack programs to discover passwords based on common words.
In most cases, a password need not be overly long or contain too many characters. For most online applications and portals, a password between 8 and 12 characters should suffice. For online banking and other financial activities, though, you may want to consider passwords between 12 and 20 characters. Still, the quality of the password is much more important than the length. To illustrate, consider the following password scenario:
Joe Doe has an account on a social networking site. His username is "joe_doe," and his password is "joedoe120171" (without the quotes.) Joe's birthday is December 1, 1971 and is listed in his account profile.
Mary Jones has an account on the same social networking site. Her username is "umbrella_girl1800" and her password is "\nE2o.Pi1/" (also without the quotes.) Her birthday is not visible in her account profile.
With the above example, it's easy to see that Mary's password is much stronger than that of Joe - even though it is shorter in length. Joe's password contains his name and birthday and is relatively easy for an experienced hacker to guess. Whereas, Mary's password probably doesn't make any sense to anyone except her, and would be very hard to guess or hack with brute-force tools. Because Mary is also concerned about her online privacy, she omits her birthday and other vital personal information from her social network profile.
Anti-virus and Anti-malware software
Using secure passwords can help protect your personal identity information online. However, if you are like many other computer users, you probably have documents or files on your local hard drive that contain biographical data such as your full name, date of birth and maybe even your Social Security Number. Whether it be for a resume, application or some other type of form, we all create documents using our personal information much more than we realize. This brings up another concern for protecting your identity - viruses and malware that search for your personal data and transmit it to others.
Criminal hackers and programmers often insert viruses and malware inside legitimate applications, and then just wait for unsuspecting users to download them. Consequently, it is imperative that you install anti-virus and anti-malware programs on your computer and keep them updated. This will help protect you from spyware and viruses that send document data stealthily to remote computers.
An internet firewall is essential
The Internet is essentially just one huge network that allows computers to communicate with each other. When you access a Web page or content on the Internet, you are viewing files on a remote server computer, similar to the way you would open or view documents on a local network. Consequently, protocols must be used to limit access between computers on the Internet so only data meant to be shared is visible. This is accomplished with the use of firewalls.
Firewalls are an essential component in protecting your personal data and information. Without one, other users on the Internet could possibly view files on your computer if they discover your IP address. Most good anti-virus suites include a firewall that limits access to your computer. Even if the suite does not have one, though, Windows includes a personal firewall that is reliable - as long as it's enabled. Therefore, always ensure that you have a firewall application active on your computer to keep hackers and intruders from simply viewing or downloading documents on your PC.
Watch out for phishing emails
One of the most effective methods hackers and crooks use to obtain personal information is simply asking for it in an email - albeit by fraudulent means. Criminals and hackers use phishing emails to solicit passwords, social security numbers and other important personal information by utilizing fake templates and email addresses that resemble those of legitimate banks and websites. The hackers send the messages out in bulk with the hope that a few users will fall for the guise by clicking on the links in the email and entering their passwords or other crucial information.
In most cases, the email message requests that you verify or update your password, social security number or other information by clicking a link in the message. If you click the link, you will usually be directed to a site that resembles or is a perfect copy of the real thing. However, the site is actually fake and nothing more than a collection site for passwords and other data. Once you enter the data, you will be shown a confirmation or thank you message that appears to be genuine. Nevertheless, instead of confirming or verifying your information, you have actually given it to the criminal who created the site.
Emails from banks, social networking sites and other legitimate sites never ask for your password, social security number or other important personal information. If you receive an email that does, mark it as SPAM and delete it immediately. Below are some examples of phishing emails:
Surfing the internet safely
Just as hackers use phishing emails to trick users into giving up their personal information, they also create well-designed, attractive pop-ads and websites. Criminals and hackers create and post thousands of new phishing websites every day. Consequently, one of the most effective ways to protect your identity online is to surf smart and be wary of links you click and sites you visit.
Keeping your browser updated to the latest version will help considerably in avoiding phishing or malicious websites. Most modern browsers include a blacklist of phishing and malicious websites and warn you when you attempt to access one of the bad sites. However, these blacklists are only effective when you update your browser regularly. If you don't update your browser, the blacklist for the bad sites doesn't update either. Additionally, if you have a real-time anti-virus suite installed (and you definitely should,) the program may have an anti-phishing component. If it does, make sure to enable it, as it will help to protect you against malicious websites as well.
When visiting any website that requests your personal information, look for the padlock icon in the lower-right corner or the address bar of the browser window. The presence of the pad lock icon indicates you are connected to the remote server via a secure SSL socket. SSL helps to ensure that the transmission of the data remains private and only between your machine and the remote server. If you don't see the padlock icon, don't enter any information that could identify you.
Don't share too much personal information
While social media networks such as Facebook, Instagram, and Twitter allow you to communicate and share with friends and family, they are also prime targets for hackers and others that may want to steal your personal information. Consequently, you need to be careful about what type of information you share on social networks and with whom you share it.
Most social networks have an "About" or similar page that enables you to list biographical data about yourself, such as your birthday, place of residence and so on. While it's probably okay to share this information with people you know well, you must take care that others you don't know do not see the information. If you must post your birthday, make only the day and month visible. Never post your complete address or primary email address. If you must post this information, select the options in your account settings to make it private or invisible to other members.
Be careful about the people you accept as friends on social networking sites. While social media is an excellent way to meet new people, you should consider limiting the number of members that can see your personal information. Finally, take care not to post comments or status updates that reveal too much about your place of residence or employment. Perceptive hackers and criminals can quickly piece together your information from your social media profile and posts and gather information needed to steal your identity.
Here are a few examples of a secure Facebook profile page:
And, here are a couple of examples of a Facebook About page that reveals a little too much information: