Tips for preventing identity theft - Digital Hygiene: Conclusion

By Don Gardner

This is the sixth and final installment of a series of articles by Don Gardner, Clearwater County Emergency Management Coordinator, about protecting your digital identity. 

Digital hygiene when traveling, especially abroad

Did you know that a U.S. judge ruled that Customs and Border Protection has a right, without a warrant, to search your laptop when you enter the United States, even if you are an American citizen?

Do you access your bank accounts, email accounts or mortgage accounts online? Do you pay your rent, medical bills, parking tickets, credit cards, etc., from your computer or mobile device? Consider that you are essentially carrying your identity with you in an easy-to-steal package that might as well be wrapped with a ribbon.

Here are some tips.

Take “burn” laptops, tablets, and smartphones that are “clean” (free of substantial amounts of information) and are disposable when the trip is concluded.

Remove your battery from your devices even if they’re “off” during important conversations.

Wait an hour after landing at the airport before turning on your smart phone, and turn off your phone an hour before your return.

Lock every device with a password.

Update your stored owner information to just a phone number.

Turning off Bluetooth is an absolute Must, and adjust your near field communications (NFC) settings.

Enable data storage encryption.

Don’t open attachments from, or link to unknown source.

Do not download any software during your trip.

Watch for “shoulder surfers” - they’re watching for your password and reading your monitor.

Use your cellular G3 or G4 network, not the free WiFi in airports, hotels, and coffee shops, if possible.

Assume that a misplaced device is lost or stolen and report this immediately.

Just watch out for your digital self when you travel. 

How to report identity theft

If you suspect, or become a victim of, identity theft, follow these steps:

Report it to your financial institution. Call the phone number on your account statement or on the back of your credit or debit card.

Report the fraud to your local police immediately. Keep a copy of the police report, which will make it easier to prove your case to creditors and retailers.

Contact the credit-reporting bureaus and ask them to flag your account with a fraud alert, which asks merchants not to grant new credit without your approval.

Credit-reporting bureaus: Equifax: 1-800-685-1111 - Experian: 1-888-397-3742 - TransUnion: 1-800-680-7289.

To request your credit report, go to www.annualcreditreport.com or call 1-877-322-8228.

Tips for preventing identity theft - Digital Hygiene: Part 5

By Don Gardner

This is the fifth in a series of articles by Don Gardner, Clearwater County Emergency Management Coordinator, about protecting your digital identity.

Wireless theft

Your credit card information could be stolen just by walking by someone in a store or a mall that has possession of an RFID scanner. An RFID tag is located in credit cards that are noted by a radio signal symbol on the back of the card. If you have this radio signal on the back of your credit card, you need to take some precautionary measures.

The RFID tag includes a tiny microchip that works with an antenna sending out a radio signal with your credit card information. While it makes it easier for customers during checkout, it also makes stealing easier for committing fraud.

How can you protect yourself against wireless identity theft?

Leave the RFID credit cards at home. Only use these cards for only online purchases, and have another credit card without the RFID tag for outside purchases, or simply use cash.

You could wrap the RFID cards in aluminum foil before putting them in your wallet and it would block the signal, but it’s not a great idea. Or you could use a protective sleeve to help block RFID scanners from reading your card.

If a separate protective shield is not desired, consider a special wallet, such as DataSafe wallet. These wallets are manufactured with materials that have been approved by the Government Services Administration to block RFID transactions.

Monitoring credit card statements on a regular basis for errors or unknown charges can help detect purchases you did not make. Credit card fraud and identity theft can occur even if precautions are taken, however; monitoring statements regularly can help mitigate this risk.

Helpful sites

There are a host of tools, sites, and practices that can improve your chances of avoiding catching that digital virus or risking your private information. Below is a list of links that is by no means inclusive. Just remember, practicing good hygiene in your digital life will help ensure your offline activities aren’t interrupted. 

Tor - Anonymous browsing on the Internet https://www.torproject.org/

Tails - Bootable operating system with lots of privacy and security tools baked in https://tails.boum.org/

Guardian Project - Mobile security tools https://guardianproject.info/

TrueCrypt - Enryption of your data at rest http://www.truecrypt.org/

Avast - Anti-virus software http://www.avast.com/en-us/index

Tactical Technology - Has lots of resources for good digital hygiene for activists https://www.tacticaltech.org/

Portable Apps - Easy-to-use bootable apps http://portableapps.com/

Google 2-Factor Authentication - Increases email security https://support.google.com/accounts/answer/180744?hl=en

RedPhone - Encrypts mobile calls https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone

TextSecure - Encrypts text messages https://whispersystems.org/

Facebook Privacy Settings - Change your Facebook Settings https://www.facebook.com/help/445588775451827

Increase the length and complexity of your passwords and use something like KeyPass for password management http://keepass.info/

Next week I will conclude this series, by providing tips to protect your information while traveling, and by describing how to report identity theft.

Tips for preventing identity theft: Digital Hygiene: Part 3

By Don Gardner

This is the third in a series of articles by Don Gardner, Clearwater County Emergency Management Coordinator, about protecting your digital identity.

This week I will discuss more advanced steps for protecting your digital identity. These are Level 2 steps. 

Level 2

Your email is basically not secure. Regular email has no more security than a postcard in the mail. Regular email can be easily “sniffed” from any PC in a network, ISP, etc.

There are many way to safeguard your email. We won’t go into great details but I will give you some ideas you can research and then choose which system will work for you:

Create a strong email password. Never use simple or easy to guess passwords.

Do not click on email links or open attachments.

Phishing emails that contain links or attachments can lead to malware that can subvert your computer’s defenses or trick you into giving up your password. You can be targeted by phishing emails personally crafted to appear to be from people or businesses you know, so be very careful. Don’t open attachments or click links unless you’re expecting them. Never give out your password to anyone or download any software you are unfamiliar with and don’t use on a regular basis.

Scan all email attachments before downloading and opening them. This includes unexpected email attachments from people you know. Viruses and spyware easily spread through email attachments by emailing themselves to email addresses listed in contact lists and address books.

When downloading files and pictures beware of hidden file extensions. Windows, by default, hides the last name extension of a file, so that an innocuous-looking picture file, such as "susie.jpg,” might really be "susie.jpg.exe,” an executable Trojan or other malicious software. To avoid being tricked, unhide those pesky extensions, so you can see them.

Connect to the internet over secure internet connections. Avoid public open wireless connections.

If you need to email several people, consider using Blind Carbon Copy (BCC) to send to multiple recipients. You can help prevent the spread of known good email addresses by not giving other parties access to your contacts list.

Separate your email accounts. Keep several active email accounts open that you use for different purposes. This can include one or more personal email accounts that you use to email friends and family, a business email account, and some throwaway accounts that won't cause a problem for you if they get hacked or suspended.

You may want to give your throwaway email address to those within your friends and family circle who like to send email forwards, hoaxes, and always seem to be the ones who need help removing the latest spyware from their computer.

Use encryption secure e-mail. Some examples are:

PGP (Pretty Good Privacy). This type of software is used for both decryption and encryption of email messages. It also includes the ability to use digital signatures as a form of password protecting the content in an email.

S/MIME is another form of email encryption software. This form uses a certification key to encrypt the message. A private key is used by the receiving system to decipher the message. It is based on a combination both MIME and public key cryptography standards (PKCS).

Online web-based email account can provide some security. Hushmail is perhaps the best-known. It’s available for free, at least for some basic features, which is pretty nice. https://www.hushmail.com/

Countermail is a paid service which keeps its servers in Sweden. It uses OpenPGP, but also has advanced options like a hardware USB key, so nobody can even start the email process without inserting a USB drive into the computer https://countermail.com/

NeoMailbox is based in Switzerland, and is a traditional paid service like Countermail. It uses OpenPGP encryption, but also has some nice features, like the option to choose your own domain or use an unlimited amount of disposable email addresses. It also might be the easiest to use; it plugs into lots of existing mail services like Thunderbird, Outlook, and even has an Android app. http://www.neomailbox.com/

Enable two-step authentication. More and more online services are beginning to offer two-step authentication which adds an extra layer of security to the log-in process. This includes apps such as Twitter, Facebook, and DropBox. Today, however, I will discuss Google, since many of us are forced to use its services on a daily basis.

By adding the two-step verification process to your Google account, every time you log in, a verification code is sent to your phone, which you must input in addition to your username and password. This means that even if your password is stolen or cracked, an attacker cannot log into your account without your verification code. If you have a regular Gmail address, you can enable this feature yourself.

Encrypt your hard drive. If you lose your laptop, whoever ends up with your computer can access all your files even without knowing your log-in password. If your computer leaves your control (at a border crossing, for example), having your hard drive encrypted, and turning your computer off will keep the data inaccessible until you turn it on and enter the password.

FileVault on Macintosh and TrueCrypt on Windows are the usual recommended ways to encrypt stored data.

Update your browser. Considering the amount of time you spend surfing the web, this might be one of the most important things you do to improve your digital hygiene. Online criminals take advantage of security holes in browsers to infect your computer with a plethora of malicious code.

As browser developers discover these threats, they provide fixes via updates. Browsing the Web without an updated browser is like fishing with sharks without the proper gear — it’s extremely dangerous and leaves you open to a variety of attacks.

Be wary of free WiFi, because it also means that someone controls that network and can access your computer and smart phone. There are also programs that will allow anyone to see what you are doing on that WiFi system and can even look into your files. Use your cellular G3 or G4 network hotspot, not the free WiFi in airports, hotels, and coffee shops, if possible.

Mobile phones also serve as a type of individual locator, thanks to phone tracking - a method which determines your location by triangulating your position from mobile phone towers and wireless hotspots. To make matters worse, apps and games installed on your phone can reveal your location publicly or record your movement; at times without even asking if you want this information shared. The best solution is to disable your location settings on your mobile phone.

Next week I will describe more Level 2 tips on protecting your digital identity

Digital Hygiene: Part 1 - tips for preventing identity theft

By Don Gardner

This is the first in a series of articles by Don Gardner, Clearwater County Emergency Management Coordinator, about protecting your digital identity.

Digital hygiene is like personal hygiene: once you start doing it, it becomes second nature, and you’re better off. Bad digital hygiene, like not brushing your teeth, can lead to gunk.

Whereas the gunk in your teeth from failing to brush regularly will put you in the dentist’s chair, the gunk from failing to protect your mobile phone or computer could ruin your credit and, sometimes worse, compromise the security of friends and colleagues around you with whom you communicate.

It could be inadvertently opened emails, that link you clicked but that didn’t go anywhere. The Internet is a cesspool of viruses, trojans, back doors, worms, and more, and whether you realize it or not, every day you wade through it to get to the content you really want. Identity thieves will steal your personal information from many sources. They can damage your credit status and cost you time and money restoring your good name.

Here are some steps you can take to better protect yourself. Everyone should start with Level 1 and then continue with the other levels (which I will discuss in future articles) as you feel you may need.

Level 1

Lock your cell phone. Sure, it’s annoying to punch in four digits every time you want to use your phone, which is probably dozens of times a day (at least). But that’s a minor inconvenience compared to the huge hassle that awaits if someone snatches your phone and steals your sensitive data.

Most mobile phones are not secure at all, for a variety of reasons. Setting a password for your mobile phone is important; however, because many of us store personal information on our phones, this includes contacts, access to social networks, calendar, and files.

Anyone using your phone will have direct access to all of these things. Keep in mind, however, that if you lose your phone, your password can eventually be hacked. As such, you should never store sensitive information on your mobile.

Social media privacy settings: Think before you post on social media sites. Social media is a computer criminal’s dream come true. Your digital imprint says more about you than your social security number or even your bank account number.

Thanks to something called metadata, individuals can figure out, for example, who you spend the most time with, track your movements, and find out who your family members are and where they live. They can even learn what diseases you have.

Not only should you be strategic about what information you put online, but you should be careful about who is able to access that information. Each social network has its own vulnerabilities and privacy settings. Be wise about what you post.

Never post personal information such as your address, phone numbers, e-mail address, driver’s license number, Social Security Number (SSN), birth date, birth place, school’s name, or student ID number. When blogging, do not disclose your location for any given day or the exact location for an event you are going to attend.

Be careful when posting photos. Make sure they do not provide clues – such as where you live, work or go to school. Also, do not post photos depicting negative behaviors – including drinking, provocative poses or illegal activities.

When a picture is taken with a digital camera or smart phone, there is information contained in the picture file, such as where the picture was taken (GPS location), when it was taken, and information on the device which took it.

Criminals can use this information to track you. While you may attempt to delete the photo at a later time, it will continue to exist in the cyber world.

Bank and business websites often require you to answer security questions before you can log in or when you want to change your password. But the questions are relatively common ones, such as your mother’s maiden name or the name of your first pet. If you’ve reminisced about your beloved childhood dog on Facebook, or given a shout-out to your mom, Jane Doe Smith, via Twitter, savvy hackers can use this info to hijack your accounts.

I recommend using fake answers that you can remember for your answers to security questions.

Next week I will offer more Level 1 tips on protecting your digital identity.