Inside Bearleft.net
Best Of BearLeft.net
A Cry Heard Round The World: Kim Sun-Il died desperate and alone, but he did not die unheard.
Looking At And Longing For Mars: Reflections on a childhood dream.
A Robot May Not Harm a Human Being. Is The Opposite True?: Thoughts on the future rights of artificial intelligence.
Long After The Boys Of Summer Have Gone: What makes a relationship work?
Winter Of Our Feline Discontent: What the cat wants, the cat gets. But what DOES it want?
To Tell The Truth: There may be no honor among thieves, but can't we find it even in a few good men and women?
Should The Human Brain Retire?: We know that we cannot win forever. We know that machines will continue to improve. So why don't we let the human brain retire gracefully now, with honors?
Translate This Page
Read Bear Left in:
Chinese
German
Japanese
Korean
French
Italian
Portuguese
Spanish
Translations powered by Alta Vista Babelfish
Privacy Policy
To learn how services incorporated into this blog may use personal information, click here.
Total entries in this blog:
Published: Sep 16, 2005 01:40 PM
Sun - May 11, 2003
Part III: How To Protect Yourself Against Identity Theft
Simple precautions taken
today can make you a less vulnerable target tomorrow.
This article is informational in
nature and is not legal advice. If you need legal counsel, consult a licensed
attorney in your
jurisdiction.
Because your personal information is entrusted to every business with which you transact, you cannot eliminate the risk of identity theft by insiders, but you can and should take immediate steps to reduce your vulnerability to other forms of identity theft. Here are some tips:
Safeguarding your person
Carry only a few essential credit cards, debit cards, or affinity cards in your wallet or purse. Store these credit card numbers, their expiration date, limits, and customer service numbers in a physically secure location other than your wallet or purse so that you can cancel the cards quickly if they are lost or stolen.
Memorize the PIN numbers for your credit cards and phone cards. Do not write these numbers down or carry them in your wallet.
Do not carry insurance cards embossed with your social security number. Instead, carry a photocopy of both sides of these cards. Black out the last four digits of your social security number on the photocopy.
Do not carry your passport, military ID, medicare card, or social security card with you unless you have to—and store them in a physically secure location when they are not on your person.
Do not carry blank checks in your wallet or purse. These checks may be cashed by a thief or, worse, used to create new checks in your name.
Reducing computer vulnerability
If you have an always-on DSL, T1, or cable connection, install firewall software to help prevent unauthorized access to your data. Make sure all of your software (including your operating system) is configured properly and is kept up-to-date as new security vulnerabilities are discovered.
Never carry out transactions over a WiFi connection that is not—at a minimum—encrypted with the WEP protocol. Transmitting your personal information (including web site passwords) over an unprotected WiFi connection is literally broadcasting the data to the world.
Do business online only with merchants that you know and trust. Make sure their order forms are encrypted with SSL protocol so that data you provide to them is secured against online snoopers. A padlock symbol appears in both the Internet Explorer and Netscape browsers when you are accessing a secure web page.
Do not use your name, company name, driver's license number, passport number, social security number, mothers' maiden name, spouse's name, PINs, children's names, or your address as your password for any online system. This information is easy to obtain and may be available to anyone who steals your wallet or purse.
Consider changing passwords for your online accounts at least monthly. Here is one easy way to create a memorable password that is difficult for someone else to guess: Use the first few letters of a memorable phrase as your password and throw in some unexpected capitalization and numbers to stand for letters. For example: "Four score and seven years ago" could be translated to: f5a7Ya.
If an online service assigns you a default password, change it promptly.
If possible, do not email or instant message passwords or personal information to anyone. Not only can emails be intercepted, but a copy of the email may be kept by your ISP, where it could be accessible to unscrupulous ISP employees. IM messages may be intercepted and may be archived on your hard disk (consider turning this feature off). An IM archive on your hard disk may provide valuable personal information about yourself and your personal contacts to anyone who steals your computer.
Delete copies of all emails you receive that contain personal or sensitive information after you have read them.
Do not use the "autocomplete" or "remember password" features available in many modern web browsers to complete your credit card number and address information on order forms or to store web site passwords. Do not enable "remember me" cookies for web sites. If your computer is stolen, these conveniences may enable to a sophisticated thief to make transactions using your identity or even gain access to additional personal information, such as your bank accounts.
Most web browsers store the web pages you frequent in a browser "cache" on your hard disk so that such pages can be opened more quickly the next time you visit them (only new information is pulled from the web server). The browser cache may be a liability if it contains pages which reveal your personal information and your computer is stolen. Delete the browser cache and history files periodically.
Whenever technically feasible, encrypt and password protect sensitive files on your hard disk, such as Quicken files and correspondence which includes personal information.
If other residents have access to your computer, consider creating separate, password protected user accounts for them on the computer to isolate your personal information from theirs. Password protect your screensaver so that the computer is not vulnerable when you are logged into your account but have stepped away for a moment.
Don't leave printouts or backup disks or CDs with sensitive information in an unsecured location.
When deleting sensitive files, use a "shredder" utility application to overwrite the files on your hard disk so they are unrecoverable. Consider periodically using a utility to "wipe free space" on your disk for the same reason.
Telephone/PDA
Although modern cellular and cordless telephones are less vulnerable to snooping than their predecessors were, their broadcasts may be intercepted so it's still safest to avoid discussing sensitive personal information over such a connection.
Do not save personal information such as passwords, account numbers, PINs, mother's maiden name, your home address, etc. on your PDA or cell phone. These devices may be lost or stolen.
Do not program your calling card numbers into your cell phone.
Do not pre-configure your phone or PDA with an instant messaging buddy list of all your friends. A thief who steals the phone or PDA could correspond with them to obtain sensitive personal information. They, of course, will think that they're communicating with you!
Reducing vulnerability at home
Mail theft is a common occurrence. Ideally, your mailbox should bear a lock accessible only to the mail carrier. Outgoing mail should be placed in postal boxes or dropped off directly at the post office.
Buy yourself a shredder, preferably one with a confetti cut, and use it to shred every piece of junk mail or mail you no longer need which has your name, signature, or address on it. That includes magazine labels, credit card offers, receipts that you no longer need and are not keeping for tax purposes, voided checks, non-essential commercial correspondence, and packing receipts.
Personal papers, blank checks, credit card receipts and other important documents should be stored in a secure, locked, and preferably hidden location.
Sensitive computer files should be encrypted, and you should keep backup files in a secure location.
Do not write your passwords down and pin them to the wall over your computer because anyone visiting your home will then have access to this information.
Reducing vulnerability at work
Do not leave sensitive personal information in your office or cubicle. If you must keep it there, never store anywhere except a locked drawer to which you have the only access.
Do not store sensitive personal information on your office computer. The computer may be accessible to numerous people on your network or in your information services department. One of these people may be an identity thief.
Do not print sensitive personal information at work. If you must print such information there, do not leave your printouts on the printer.
Do not leave negotiable instruments such as checks at work.
Lock your office door when you leave your office even if you will be gone "only for a few minutes." Never leave your purse unattended.
Do not store personal passwords or credit card numbers on your work computer, where they may be vulnerable to in-office personnel or to a thief who steals your office computer.
Do not write your social security number on expense reports and shred these reports before disposing of them.
Do not print social security numbers on paycheck stubs.
Do not use social security numbers as employee IDs.
Make sure that your business locks personnel files when they are not in use.
Institute an office policy to limit access to sensitive files, such as personnel files. Be particularly vigilant about restricting access to contractors, consultants, and temporary employees.
Shred sensitive trash before disposal.
See who is within earshot before having a sensitive conversation, particularly about personal information. (i.e., Do not order merchandise over the phone from your cubicle as everyone around you will learn your credit card number).
Don't put sensitive personal information, such as bills, checks, or correspondence with creditors, into an unlocked, unguarded outgoing mail slot at work. For that matter, try not to send such correspondence from work.
Assess how the business you frequent or work for may expose you to identity theft using this survey by the Identity Theft Resource Center.
Other ways to reduce risk
If your mail is delayed, or if you have not received a credit card that you expected, call the originating party and the post office. Identity thieves may have filed a change of address in your name to divert your mail and gain access to documents.
At the ATM, be sure to shield your personal identification number from observers using your hand and body. Do not dispose of credit card or ATM receipts in a public trash bin.
Be wary of e-mail requests for personal information, especially when they appear to originate from companies which should already have the information.
Cancel unused credit cards so that identity thieves cannot use these accounts.
Do not print your social security number on checks.
Do not give out personal information over the phone unless you initiated the call or know the caller.
Review your credit card bills, utility bills, and bank statements (including online banking statements) promptly. Report unauthorized use immediately.
Keep an up-to-date check book so that you'll notice if checks are missing. For that matter, use checks sparingly—they are easy to duplicate and contain personal information about you.
When your order new checks, pick them up at the bank to avoid theft or duplication of these documents.
Sign up for a credit reporting service through one of the three major credit bureaus. Order a report from each of the bureaus, or a three in one report, at least once per calendar quarter.
Protect your social security number. Do not print it on your checks! If a business requests your social security number, ask if other personal information can be substituted for it.
Arrange to have a customer service security password placed on all your credit card accounts. This will make it more difficult for someone to call and impersonate you. Do not use something obvious for this password, such as your spouse's name or your mother's maiden name.
Opt out of the use of your personal information by database companies, direct mailers, and telephone solicitors (more on how to do this in a later post).
This is part three of a series. To continue reading the rest of the articles in this series, select:
Part I: It Happened To Me; It Can Happen To You
Part II: How Identity Theft Occurs
Part IV: What To Do When Your Identity Is Stolen
Part V: Online Resources for Identity Theft Victims
Part VI: Opting Out--How To Protect Your Privacy
Because your personal information is entrusted to every business with which you transact, you cannot eliminate the risk of identity theft by insiders, but you can and should take immediate steps to reduce your vulnerability to other forms of identity theft. Here are some tips:
Safeguarding your person
Carry only a few essential credit cards, debit cards, or affinity cards in your wallet or purse. Store these credit card numbers, their expiration date, limits, and customer service numbers in a physically secure location other than your wallet or purse so that you can cancel the cards quickly if they are lost or stolen.
Memorize the PIN numbers for your credit cards and phone cards. Do not write these numbers down or carry them in your wallet.
Do not carry insurance cards embossed with your social security number. Instead, carry a photocopy of both sides of these cards. Black out the last four digits of your social security number on the photocopy.
Do not carry your passport, military ID, medicare card, or social security card with you unless you have to—and store them in a physically secure location when they are not on your person.
Do not carry blank checks in your wallet or purse. These checks may be cashed by a thief or, worse, used to create new checks in your name.
Reducing computer vulnerability
If you have an always-on DSL, T1, or cable connection, install firewall software to help prevent unauthorized access to your data. Make sure all of your software (including your operating system) is configured properly and is kept up-to-date as new security vulnerabilities are discovered.
Never carry out transactions over a WiFi connection that is not—at a minimum—encrypted with the WEP protocol. Transmitting your personal information (including web site passwords) over an unprotected WiFi connection is literally broadcasting the data to the world.
Do business online only with merchants that you know and trust. Make sure their order forms are encrypted with SSL protocol so that data you provide to them is secured against online snoopers. A padlock symbol appears in both the Internet Explorer and Netscape browsers when you are accessing a secure web page.
Do not use your name, company name, driver's license number, passport number, social security number, mothers' maiden name, spouse's name, PINs, children's names, or your address as your password for any online system. This information is easy to obtain and may be available to anyone who steals your wallet or purse.
Consider changing passwords for your online accounts at least monthly. Here is one easy way to create a memorable password that is difficult for someone else to guess: Use the first few letters of a memorable phrase as your password and throw in some unexpected capitalization and numbers to stand for letters. For example: "Four score and seven years ago" could be translated to: f5a7Ya.
If an online service assigns you a default password, change it promptly.
If possible, do not email or instant message passwords or personal information to anyone. Not only can emails be intercepted, but a copy of the email may be kept by your ISP, where it could be accessible to unscrupulous ISP employees. IM messages may be intercepted and may be archived on your hard disk (consider turning this feature off). An IM archive on your hard disk may provide valuable personal information about yourself and your personal contacts to anyone who steals your computer.
Delete copies of all emails you receive that contain personal or sensitive information after you have read them.
Do not use the "autocomplete" or "remember password" features available in many modern web browsers to complete your credit card number and address information on order forms or to store web site passwords. Do not enable "remember me" cookies for web sites. If your computer is stolen, these conveniences may enable to a sophisticated thief to make transactions using your identity or even gain access to additional personal information, such as your bank accounts.
Most web browsers store the web pages you frequent in a browser "cache" on your hard disk so that such pages can be opened more quickly the next time you visit them (only new information is pulled from the web server). The browser cache may be a liability if it contains pages which reveal your personal information and your computer is stolen. Delete the browser cache and history files periodically.
Whenever technically feasible, encrypt and password protect sensitive files on your hard disk, such as Quicken files and correspondence which includes personal information.
If other residents have access to your computer, consider creating separate, password protected user accounts for them on the computer to isolate your personal information from theirs. Password protect your screensaver so that the computer is not vulnerable when you are logged into your account but have stepped away for a moment.
Don't leave printouts or backup disks or CDs with sensitive information in an unsecured location.
When deleting sensitive files, use a "shredder" utility application to overwrite the files on your hard disk so they are unrecoverable. Consider periodically using a utility to "wipe free space" on your disk for the same reason.
Telephone/PDA
Although modern cellular and cordless telephones are less vulnerable to snooping than their predecessors were, their broadcasts may be intercepted so it's still safest to avoid discussing sensitive personal information over such a connection.
Do not save personal information such as passwords, account numbers, PINs, mother's maiden name, your home address, etc. on your PDA or cell phone. These devices may be lost or stolen.
Do not program your calling card numbers into your cell phone.
Do not pre-configure your phone or PDA with an instant messaging buddy list of all your friends. A thief who steals the phone or PDA could correspond with them to obtain sensitive personal information. They, of course, will think that they're communicating with you!
Reducing vulnerability at home
Mail theft is a common occurrence. Ideally, your mailbox should bear a lock accessible only to the mail carrier. Outgoing mail should be placed in postal boxes or dropped off directly at the post office.
Buy yourself a shredder, preferably one with a confetti cut, and use it to shred every piece of junk mail or mail you no longer need which has your name, signature, or address on it. That includes magazine labels, credit card offers, receipts that you no longer need and are not keeping for tax purposes, voided checks, non-essential commercial correspondence, and packing receipts.
Personal papers, blank checks, credit card receipts and other important documents should be stored in a secure, locked, and preferably hidden location.
Sensitive computer files should be encrypted, and you should keep backup files in a secure location.
Do not write your passwords down and pin them to the wall over your computer because anyone visiting your home will then have access to this information.
Reducing vulnerability at work
Do not leave sensitive personal information in your office or cubicle. If you must keep it there, never store anywhere except a locked drawer to which you have the only access.
Do not store sensitive personal information on your office computer. The computer may be accessible to numerous people on your network or in your information services department. One of these people may be an identity thief.
Do not print sensitive personal information at work. If you must print such information there, do not leave your printouts on the printer.
Do not leave negotiable instruments such as checks at work.
Lock your office door when you leave your office even if you will be gone "only for a few minutes." Never leave your purse unattended.
Do not store personal passwords or credit card numbers on your work computer, where they may be vulnerable to in-office personnel or to a thief who steals your office computer.
Do not write your social security number on expense reports and shred these reports before disposing of them.
Do not print social security numbers on paycheck stubs.
Do not use social security numbers as employee IDs.
Make sure that your business locks personnel files when they are not in use.
Institute an office policy to limit access to sensitive files, such as personnel files. Be particularly vigilant about restricting access to contractors, consultants, and temporary employees.
Shred sensitive trash before disposal.
See who is within earshot before having a sensitive conversation, particularly about personal information. (i.e., Do not order merchandise over the phone from your cubicle as everyone around you will learn your credit card number).
Don't put sensitive personal information, such as bills, checks, or correspondence with creditors, into an unlocked, unguarded outgoing mail slot at work. For that matter, try not to send such correspondence from work.
Assess how the business you frequent or work for may expose you to identity theft using this survey by the Identity Theft Resource Center.
Other ways to reduce risk
If your mail is delayed, or if you have not received a credit card that you expected, call the originating party and the post office. Identity thieves may have filed a change of address in your name to divert your mail and gain access to documents.
At the ATM, be sure to shield your personal identification number from observers using your hand and body. Do not dispose of credit card or ATM receipts in a public trash bin.
Be wary of e-mail requests for personal information, especially when they appear to originate from companies which should already have the information.
Cancel unused credit cards so that identity thieves cannot use these accounts.
Do not print your social security number on checks.
Do not give out personal information over the phone unless you initiated the call or know the caller.
Review your credit card bills, utility bills, and bank statements (including online banking statements) promptly. Report unauthorized use immediately.
Keep an up-to-date check book so that you'll notice if checks are missing. For that matter, use checks sparingly—they are easy to duplicate and contain personal information about you.
When your order new checks, pick them up at the bank to avoid theft or duplication of these documents.
Sign up for a credit reporting service through one of the three major credit bureaus. Order a report from each of the bureaus, or a three in one report, at least once per calendar quarter.
Protect your social security number. Do not print it on your checks! If a business requests your social security number, ask if other personal information can be substituted for it.
Arrange to have a customer service security password placed on all your credit card accounts. This will make it more difficult for someone to call and impersonate you. Do not use something obvious for this password, such as your spouse's name or your mother's maiden name.
Opt out of the use of your personal information by database companies, direct mailers, and telephone solicitors (more on how to do this in a later post).
This is part three of a series. To continue reading the rest of the articles in this series, select:
Part I: It Happened To Me; It Can Happen To You
Part II: How Identity Theft Occurs
Part IV: What To Do When Your Identity Is Stolen
Part V: Online Resources for Identity Theft Victims
Part VI: Opting Out--How To Protect Your Privacy