Super heroes have a secret identity for a reason
I loved comic books as a kid, all the adventure and excitement. The foreboding that the villain would discover the hero’s real identity, it was all so exciting. Then I grew up and found out that the villain’s were running roughshod over everyone’s identity every day and it wasn’t so exciting any more.
I might not be a super hero, at least not most days, but I do have a secret identity. I’ve had one since I first logged onto the internet capable computer in the college lab in 1991. My friends all laughed at my paranoia but I was undaunted, you’re not paranoid if someone really is out to get you. At the time the internet was comprised mainly of email and message boards used by a small segment of the student population and there was a finite number of things a thief could do with your identity if he stole it.
Today it’s all different though, today the internet is a mass media outlet with billions of interactions that are increasingly more difficult to trace. Literally millions of people are online and you can find personal information for most of them on a social networking site of some kind.
If that sounds wrong to you in some way you’re not alone. As the internet has grown I’ve been surprised how increasingly willing people are to divulge personal data for everyone to see. There’s an unsettling false sense of security among too many internet users and the bad guys are quick to prey on it.
I recently ran into a scam I hadn’t seen before on, of all places, a forum. Someone I didn’t know referred me to a site with insurance quotes, the reference was on topic and truly seemed to fit the conversation. Because we have safeguards in place that prevent navigation to and download of viruses and malware I don’t often worry about following links on forums so out of curiosity I followed it. I wasn’t a bit surprised to find that the first thing it did was ask for my personal information.
This was one of the more inventive uses of targeted Phishing I’ve ever seen. Unlike emails spamming your inbox this truly seemed relevant and I wouldn’t be at all surprised if it works well for the bad guys.
If this has made you a little paranoid that’s probably not a bad thing but paranoia alone won’t save you from online identity theft. You have to be smart and you have to know the rules. Most importantly, you have to follow them.
Let me start out by saying it’s impossible for everyone to keep up on every single type of scam. There are just too many. That’s why we have rules that cover these things so that when the newest scam come up you’re already ready for it.
1. Use protection. This is the most important, regardless of your operating system you should keep your security patches up to date. Whatever your system requires in the way of antivirus or malware protection make sure you install the updates and that you use the software. Don’t let it give you a false sense of invulnerability but don’t let it lapse either.
2. Have a secret identity. This is easier than it sounds, on sites that require personal information for an online profile use either a nickname or an alias birth date. There is absolutely no reason a social site needs your personal information so don’t provide it entirely. If you opt for an alias birth date be sure to write it down and use the same one consistently. Never display your DOB for everyone to see.
3. Never talk to strangers. Your mom had the right idea about stranger danger. You should never, ever, under any circumstances type your identifying information into a site you didn’t type directly into your browser yourself. This is true if you find an interesting referral on a forum or you get an email from your bank. If it seems legitimate type the domain in yourself and log into your account. Any correspondence sent to your email will also appear in your account information. Don’t be afraid to pick up the phone and check it out directly.
4. Never assume. Even if the request for information is coming from someone you know that’s no guarantee of safety. There are some real super villains out there who have the tools to pose as your friends and family. Just because Aunt Edna sends you a link to the charity pledge drive doesn’t mean it’s safe. Take the time to double check.
5. Stay informed. There are lots of great newsletters from reputable technology publication and awareness groups that alert you to new scams and do their best to keep you educated. Subscribe to one and read it. You can also read up on the latest scams at Snopes.com As you become better informed you’ll find it easier to spot those bad guys before they have a chance to pull off their sinister plans.
If your site has a forum, message board or other interactive media then you need to do your best to protect your users. You don’t want to delete legitimate information sharing so check every link yourself, just be sure to scan the links for viruses first. When in doubt, delete posts that might lead others astray and explain why if the poster complains. That’s all it takes to be a Super Hero.