Secure IT! Newsletter
The Newsletter of the Information Security Group | ISG@brown.edu
Archive Edition: June, 2005
Archives Home Page

Your Identity - Don't Get Caught Without it!

by Connie Sadler, Director of IT Security, CIS

Connie SadlerYou can't have an e-mail account today and not be the victim of spam and various attempts at Internet fraud. One of the latest identity theft scams is called "Phishing" (pronounced like fishing).

This scam simply looks like an official e-mail (or pop-up) from a trusted service provider (CITI, E-Bay, your bank, your retailer, a government agency, etc.). It looks official, but is actually an attempt to get you to click on a link that leads you to an official-looking form to provide personal information.

Be very careful. Always contact your service providers to verify any online request you receive. Once the information is out, your personal data can be stored in thousands of locations and sold repeatedly. Phishing is a crime that can make you a victim over and over again. Identity theft is the fastest growing crime, and will not get better until technology improves, and we learn to implement it effectively. There are also few risks to the perpetrators, and in some states, this activity isn't even illegal. Most courts still see identify theft as a "victimless crime" although lives have been severely impacted by it.

So, here are a few tips for e-mail users:

Man fishing for a computerBe very wary of any request to go to a web site to input personal information, verify your account, etc. You can't be too careful.

If you do receive online requests for personal information, contact the requester yourself to verify that the request is legitimate.

Always check your bills and credit card statements for unauthorized charges.

Never carry your Social Security Card - and ask service providers who use the SSN as an identifier to provide you with another number (most will comply).

Keep a list of all credit card numbers and other important accounts in a secure location - along with phone numbers to their customer service departments.

If you are victimized, get a police report immediately and contact fraud prevention units in the companies you do business with.

Become more informed about what you can do. Some excellent web sites exist to provide consumer education. Try the following:

http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm or http://www.criminal-justice-careers.com/crime/id-theft.html or http://www.idtheftcenter.org

And please remember to keep your operating system and anti-virus protection up-to-date. This has never been more important. Contact your DCC or the Help Desk (3-HELP) to ensure that your workstation is being automatically protected.