id theft

Identity theft and fraud related to ID-theft becomes increasingly popular with online tools gathering momentum and popularity. There are many resources out there that can help, but some stands out of the crowd.

What I like with this site is that they have a high volume of relevant articles. And they are easy to read, easy to understand - even for someone not very familiar with the ID-theft challenge. And I like that. There are too many sites wasting time and focus by forgetting who is reading.

If you are looking for ID-theft prevention, or even ID-theft protection, you will find many articles and information to help you. You can also register for free, and access a discussion board, and it seems to be a living, breathing community discussing and helping each others.

At least I know where I will be headed next time I am looking into ID-theft resources.

Edit: I live in Europe, thus some of the tips and resources on this website is not directly relevant to myself. But. Most of the general tips and information is relevant to me, and people no matter where they reside. I also find the tips related to business’ to be of great value, as it seems to be hard work to get some companies to realize their responsibilities when it comes to protect their employee data.

ID-theft

Earlier this week, I received a new wall post on my Facebook profile. Now, I do not use Facebook a lot – I mainly maintain a small network to test and research this trend – so receiving a wall post was kinda fun.

Except – this particular post was written in English, by a Norwegian. Further, the message pointed to a service I had a very hard time imagining that my contact would be promoting.

Yes, yes, I know, I am a bit too paranoid!

Anyway, I contacted my friend, and as I suspected, she had not posted this – or the 150 other messages posted to her contacts. I started to poke around a bit, and pretty soon she admitted that she had experienced other strange episodes lately.

One of the other signs where that when on MSN, MSN would disconnect her, stating that she where being loged on using a different computer. Unlike some of us, she only had one computer she used for this.

I started to suspect that a key logger or other spyware had infected her computer, and made sure that she changed her log on details (username and passwords) on all the services she uses – and that she did so from a different computer.

The next step now is to reformat and reinstall the OS and applications – just to make sure that any software that may have been hidden is gone for good. Did I mention I am paranoid?

I also told her to go to the police – not because I think they can do anything about this event – but to make sure the event ends up in the statistics.

She may have picked up the key logger while browsing the net. She might have got it through a download – or by an email from a friend. Or by a large number of other means available to hackers. She might also have left her credentials while using her friends computer.

It does not really matter in this case. What does matter is her statement when I started to ask about the spam message on Facebook:

“I received reactions from my other contacts too – and I told them I had not done it. I thought it was just a system error, and wasted no more time considering it”.

(Emphasized by me)

And here we have the base of the challenge – normal users are not able to tell a threat from an error. Heck, sometimes us pro’s have problems with the very same challenge! And as threats evolve, and gets better at hiding, the harder it gets to know for sure.

I remember reading about this a while back – how all the errors in IT-systems have taught users that when unexpected things happen, it is just an error. Just restart and get on with it. (Please provide link if you know the story – I am unable to find it…).

And the result today is that when you do not understand what is going on with the computer, you just write it off as a “system error”, and get’s back on to what you where doing.

We spend a large amount of time to teach users how to deal with security. But if we are not able to teach them the difference between a system error and a plain security threat – how can we ever expect to succeed?