Identity Theft and You

The term “identity theft” is tossed around a lot – you see it everywhere. However, when it comes to identity theft what you think you know about it can can be more dangerous that what you don’t know about it.

There are a lot of myths about identity theft, and we’re pretty sure that some of these myths have been perpetuated by the same people who perpetrated the fear of tracking cookies: security software companies. Security software companies, particularly those whose Internet security suites which contain firewalls make ridiculous claims that a firewall can miraculously stop identity theft, and they add insult to injury by claiming that anti-spam software – sometimes contained in these security suites also protect you from identity theft.

The fires of those myths are fanned by companies like Lifelock, who make such ridiculous claims that the FTC fined they for making ridiculous claims. How many of you remember the guy who started Lifelock foolishly driving around in a van with his social security number painted on the side to show how Lifelock protected his identity even if he showed the world his social security number?

Supposedly, you were supposed to believe that Lifelock would protect you even if you stupidly published your social security number like this — now rich – idiot did.

This shenanigan cost this guy a lot – his identity was stolen 13 times.

LifeLock CEO Todd Davis, whose number is displayed in the company’s ubiquitous advertisements, has by now learned that lesson. He’s been a victim of identity theft at least 13 times, according to the Phoenix New Times.

That’s 12 more times than has previously been known.

In June 2007, Threat Level reported that Davis had been the victim of identity theft after someone used his identity to obtain a $500 loan from a check-cashing company. Davis discovered the crime only after the company called his wife’s cellphone to recover the unpaid debt.

About four months after that story published, Davis’ identity was stolen again by someone in Albany, Georgia, who opened an AT&T/Cingular wireless account using his Social Security number (.pdf), according to a police report obtained by the New Times. The perpetrator racked up $2,390 in charges on the account, which remained unpaid. Davis, whose real name according to police reports is Richard Todd Davis, only learned a year later that his identity had been stolen again after AT&T handed off the debt to a collection agency and a note appeared on his credit report…

But wait, there’s more and you can read it here.

Of course, most of you aren’t going to publish your social security number on your Facebook account, or tweet it on Twitter or paint it on the side or your house or car. The point I’m making is that Lifelock is just one of many companies and security software developers who make absurd claims in order to trick people into buying a security software program or security service.

The public should be infuriated with this sort of trickery, but as the snake oil salesmen of a bygone era knew so well, people tend to believe crazy, patently false claims, if they’re marketed correctly. I be most of you who have seen Lifelock’s TV commericals didn’t know that its founder had his identity stolen thirteen times while supposedly protected by Lifelock.

Even Lifelock’s claims, though false, are a lot less false than claims made by companies like Symantec (Norton), McAfee, Avast, AVG, Comodo, and other security companies who either flat out claim their firewalls prevent identity theft or at least allude to it.

Here’s what Symantec/Norton says about Norton 360 (a security suite):

NORTON 360™ ONLINE
ALL-IN-ONE SECURITY
Ultimate protection, performance, and peace of mind against digital dangers.

• PC security defends against viruses, spyware, botnets, and more
• Identity protection safeguards you against online identity theft 
• PC Tuneup keeps your PC running at peak performance
• Automated backup and restore protects your important files from loss
• Protects your identity when you buy, bank, and browse online…”

We’ve bolded the false claims made and could have bolded another — PC Tuneup keeps your PC running at peak performance — but didn’t because this article is about identity theft. We’ll cover one-click PC tuneup scams in another article.

The sheer audacity of Norton (and many others) amazes us. That they can get away with such nonsense is predicated on one thing – no one can prove they are not true. If someone using Norton had there identity stolen – and we will be there are a plethora of them – Norton could claim several things to divert the blame away from them. How many people have had their identity stolen while using Norton and other security software no one knows – but you can bet the number is very large. So these companies play their marketing games trying to one-up the other by making more and more bodacious claims which no average user can ever really dispute.

These companies do more harm than good by spreading the myth that security software or identity theft services can somehow magically protect you from yourself.

And then you have the people who won’t buy online because they’re afraid they’ll have their identities stolen, and then who march right down to Walmart or Best Buy and slide their credit card through the scanner – or worse – dine out and hand the waiter their credit card. Whether the people who claim they won’t buy online know it or not, they are buying online anytime they run their card through a credit card reader or use their credit card to dine in a restaurant – it is all going out over the internet and all those card numbers and purchase and names and addresses are all being stored on – you guessed it – the Internet.

Even if you don’t own a credit card, you’re on the Internet. If you have a social security number or a driver’s license, you’re on the Internet. If you pay real estate taxes, you’re on the Internet.

Everyone wants an easy way to speed up their computers or remain safe online – and there are many legitimate companies that know this and pander to it.

Only you can prevent your identity from being stolen. And it’s not by using a security software program, though you need a good antimalware/antivirus. And it’s not by not refusing to shop online. It’s by accepting the fact that your safety depends on you.

An amazingly high percentage of identity theft occurs because people click links in phishing emails that supposed were sent by their banks or credit card companies. They are taken to a clone site – which looks exactly like the bank’s or credit card company’s site and they voluntarily give up their social security number and other vital private information.

Another way identity theft happens is people who use weak passwords or use the same password for every site. Once a miscreant knows your email address he can try to log into your email account using one of many password cracking tools. If your password is “password” or “brenda58” it will take them about 2 seconds to crack the password, get into your email account and find out a lot about you. And if any of those emails came from a bank or credit card company – then your identity is at risk. And once they know your email password, they’ll go to your bank and credit card companies and use the same password to try to log into your accounts. And they’ll be successful if your one of the many millions who use simple passwords and then compound the problem by using that same simple password on every site.

It’s human nature to want to blame someone else for our own woes, but a good percentage of the time we create our own troubles – and we’re not just talking about the Internet either.

If you want to protect your identity, don’t believe anyone who tells you that their software or their services can protect your identity. It is, after all, your identity and only you can protect it. So accept the responsibility and the challenge and start today to protect your identity by forgetting the myths and lies of those who want to sell you a panacea for everything.

Here’s the secret to keeping your identity safe:

1. Use strong passwords – If you’re still wandering around without a password manager, get one and allow it to generate 12-14 character random passwords for each site. Don’t worry about remembering them – that’s what the password manager is for. LastPass is free and it now includes a feature that lets you change your passwords easily and frequently.

2. Never use the same password for every site. Don’t ever use the same password on two sites. Use different STRONG passwords for every site you have to log in to.

3. Change your passwords at least every six months. Replace one strong password with a new strong password especially on financial sites, credit card sites, or online stores.

4. Never, ever, ever, ever click a link on an email that looks like it came from your bank, your stock brokerage, your credit card company, or any online store or financial site, that asks you to change your passwords or other information by clicking a link. Never ever click that link. If you’re in doubt, type the address of the site in your browser and go to the site and check to see if you need to change anything – if you do it will show up when you log in. If you click links in emails that ask you to change your password or anything else on a financial site, bank site, credit card site, online store or any site that deals with money or highly sensitive information – you’re going to get your identity stolen faster than you can say “Cloudeight”.

So now you know that trickery abounds and many companies just want your money and will make all sorts of false promises and wild claims to get it. And not a single software program or service can protect your identity.

Only you can.