Identity Theft and Phishing

Discussion in 'Computer Science & Culture' started by Arne Saknussemm, May 28, 2014.

  1. Arne Saknussemm trying to figure it all out Valued Senior Member

    Messages:
    1,353
    I don't know enough about it to talk, so please those of you in the know about such things share your expertise. Some of our friends here at SciForum use their real names as usernames. Is that safe? To me it seems to leave a door wide open into their possible email addresses and their LinkedIn accounts, Facebook and Twitter and all that. Am I right? Wouldn't it be advisable to create a username that leaves not a hint as to your real identity? Please explain just what phishing is, and how likely identity theft might be if bad folk knew our real names because we exhibit them on a public forum. Thank you.
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,104
    Some might well use their real names, others might actually claim they do while actually using a friend, a colleague or their arch nemesis.

    What "data collection" through such methods is lovingly referred to is "Social Engineering". That's where an operation of data-mining through a number of publicly available sources can allow for an ever greater digital footprint to form of a given person. The more direct information given about a person the more information can be collected and the more companies can be defrauded further of either information on that person or goods with the suggestion that person is the recipient.

    Using pseudonyms isn't absolute security, it just aids in obfuscating to reduce the information that can be collected. In my particular case my overall pseudonym has a far greater digital footprint than my actual name. (Try it, Search your full name on google and see how many hits comes up and how many actually point to you)

    This again is using Publicly available information as opposed to Darknet data sales which I would gather you won't find search engine spiders coming across.
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. milkweed Valued Senior Member

    Messages:
    1,654
    As far as real name @ sciforums, meh.. I think the bigger risk is in employment. Most of us are aware of people who have lost their jobs via facebook posts (as an example).

    http://mashable.com/2011/06/16/weinergate-social-media-job-loss

    phishing is testing the waters to see if you can hook someone. The nigerian email scams are an example of phishing at its most rudimentary level. Respond to the plea for help and you hand over cash usually with a promise of great return on your money. You decide on your level of involvement. I've received emails USPS, UPS, etc. asking me to click on an attachment to find out what the problem is with my shipment (there was no pending package arrival). Of course these were scams intended to install malware/virus onto my machine and they are just taking their chances that one of 100K people will be waiting for a package. Other phishing scams include that initial email saying there is a problem with your account and if you follow the link provided, the scam site will look exactly like the real bank website but will install steal your info via what you enter, such as login password. Those scam emails come to my not-real-name accounts. Again, if 10 out of 10K people use that particular bank and one clicks the link and enters their login/password... So using a nick@your-email.com isnt protection from theft, rather its how you decide to respond.

    As I understand it, the majority of ID theft via internet happens via someone you do legitimate business with not securing the data you give them and hackers get into their systems and download the info whether it is an employer with your soc sec number, government (too many depts require ss number). I have one account I use for internet stuff. It has a limit on daily transactions. It has a limited amount of money in it and once in a while I call up and report the card lost (not stolen), usually two years or sooner if something happens (like the Target breach). I get a new number that way so if my former info is hacked via a third party, its not valid and I am safe. I have zero auto payments via internet. If I am ever forced to auto pay, I will set up an account for that separate from my internet account. Same with direct deposit (right now I get a physical pay check). btw when the target breach happened there were other major companies involved not publicly identified.

    http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112

    So how do you protect yourself when companies fight tooth and nail to keep you unaware?

    I took someone to a doctors appointment and as we were waiting for the doc I sat down infront of the computer and tried to surf the net. I could not but was horrified to find out this particular (locally major) healthcare providers computerized medical record system was internet explorer based. Talk about a potential Security breach. Within two weeks of that was this:

    http://www.reuters.com/article/2014/04/28/us-cybersecurity-microsoft-browser-idUSBREA3Q0PB20140428

    It is likely every persons medical record was as exposed as everyday users were. This hospital chain uses the same internet I do to talk to each other. And when the doctor came in an pulled up the patients info, there was the scanned drivers licence (picture ID) current address and all kinds of info that I could see a few feet away. And they have the ss number also, though I could not see if it was displayed. I have no idea how many systems beyond this hospital chain out there are internet explorer based or how many dont keep up with security.

    So your greatest risk isnt with your home computer system, rather the target is the bigger fish with the most potential usable data. Google gathers a lot of info on users and tries to link everything together. And look at how its trying to get companies to use their services for business. Yahoo recently removed the opt-out of data mining for its users. Anyways, its is likely that, should you be the victim of internet ID theft, its not going to be your doing rather its going to be via someone elses corporate malfeasance/cost saving.

    Feel better yet?
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. !!!!!batman!!!!! Registered Member

    Messages:
    30
    one of the reasons i use my currant alias (the one im using here) is that it blends into the background of all the content related it. the footprint of batman was so big before i began using it that determining how much of the indent was me is massively difficult unless your some one who already knows me well enough that any nick i pick would be irrelevant. basically the best advise i can give is if being hidden is an issue, use something for a nick that is already so common that a Google search will flood the person with with to much info to filter threw. it basically act like using a super long password in that a brute force attack would take so long that its pointless.
     

Share This Page