Identity theft still at large

Thousands of people carelessly surrender their personal information to Web sites without considering the consequences, be it for online shopping, applying for a new service, or just registering on an Internet forum.

Although Internet signups are convenient and helpful, this makes users fall victim to fraudsters quite easily. In my experience, many Web sites have a total disregard for Web security, leaving their users' information easily available to prying attackers.

If you think an attacker wouldn't be interested in your details, think again. With enough details, an identity thief can easily obtain credit cards, take out bank loans, get issued personal documents such as passports and driver's licences all in your name.

Many people won't even realise their identity has been stolen until they review credit card statements, or start receiving bills for items or services they haven't purchased. Some unfortunate people receive calls from ICT explaining their bad credit ratings, creating a huge situation without the users having done anything wrong.

While many companies are reluctant to sign up for security services, they too, do not realise their users are at risk. In addition, they often do not realise the head of these companies can be held liable for negligence.

My company recently performed a security audit on a large South African Web site, where we were able to quickly gain access to the critical user database due to poor coding. The client in question was also unaware of how much of an effect this could have on the end-users – the general public. This amount of information could get an attacker a seriously large amount of money, especially by selling details to willing buyers.

Hackers could sell a person's information all over the world, without the user even realising anything is happening and leave the victim in a great deal of debt and trouble. The database we gained access to contained over 350 000 legitimate users. Each entry containing ID numbers, first names, last names, cellphone numbers and home address, among other contact details.

It always amazes me how, even after presenting results, giving sound proper advice, and writing articles on the subject, some companies still do nothing to protect their end-users. Even after we informed this specific company of what risks face its network and what issues users faced, it was still unprepared to obtain further security services from any IT security company to safeguard users' details.

Even if you registered with a site a few years ago, the Web site probably still stores that information. If you are worried about a site that has your details and you no longer use the site, e-mail the administrator and ask him to remove the details from the database.

Everyone really does need to be careful with personal details; South African Fraud Prevention Service has reported that identity theft is on the rise in SA, especially via fraudsters using the Internet to obtain information.

With many cases being reported daily, now is the best time to start protecting clients' information. Here are a few ways to help prevent identity theft:

* Know exactly which Web sites have your details. Many people are unable to recall how many sites they have given their details to, making it hard to determine how their details were stolen.
* Make sure a site is secure and legitimate before giving it any personal information. Even when dealing with large companies, be sure that no confidential information is given out unnecessarily.
* Use a secure payment transaction system like Paypal when performing transactions online.
* If a site asks for your ID number, try to obtain an account in person or ask if there is a different method of applying. People often underestimate the importance of their ID numbers.
* When discarding paper documents, try using a good paper shredder. 'Dumpster diving' is a simple, effective way for people to obtain private information, of both people and corporations, by going through their garbage looking for discarded documents with valuable information.

Phishing is still a huge issue and an easy avenue for an identity thief to obtain details. Phishing sites are those set up by fraudsters that look just like the original site and asks for personal details. Hackers also employ social engineering or 'pretexting' in which they can pose as someone they are not and get you to tell them personal information.

Social networking services such as MySpace, Bebo and Facebook are some of the easiest ways for an identity thief to get personal information. These services provide a world of information from physical addresses, names, date of birth to favourite movies and photos. When using these services, try not to give out too much information and only make your profile viewable to people you know and trust explicitly. Also again be wary of potential phishing sites asking you to change passwords and usernames.

If you have become a victim of identity theft, register a case with the SA Fraud Prevention Service at www.safps.org.za, or call the hotline at 0860 10 1248.

* Dino Covotsos is the founder and CEO of Telspace Systems.

  POST YOUR COMMENT

Headline

Comment

Name

Email

I have read and agree to the Terms of Usage.

Please enter the CAPTCHA characters below