Spam with good security message

Bit of spam that I received that contains a good message about security.

A true story:

This lady has changed her habits after her handbag was
stolen. Her handbag which contained her mobile, credit card,
purse etc was stolen. 20 minutes later when she called her husband,
telling him what had happened, he said ‘I’ve just received your SMS asking
about our Pin number and I’ve replied a little while ago.’

When they rushed down to the bank, the bank staff told them all the
money was already withdrawn.

The pickpocket had actually used the stolen mobile phone to SMS ‘hubby’
in the contact list and get hold of the pin number. Within 20 minutes
he had withdrawn all the money from the bank account.

Moral of the lesson:
Do not disclose the relationship between you and the people in your
contact list. Avoid using names like Home, Honey, Hubby, sweetheart, Dad,
Mum etc, and very importantly, when sensitive info is being asked
through SMS, CONFIRM by calling back.

Vidya

——————————————————————————–
Exclusive Marriage Proposals! Find UR life partner at Shaadi.com Try it!

Very odd but I can’t argue with the content of the message, it is pretty good advice about how to avoid identity theft.

Identity theft: Six clicks from a cyber crook

The Telegraph: Posting innocuous personal details on social websites could expose millions to fraud, says Heather McLean

Organised crime is no longer carried out by hackers and script kiddies; it’s gangs of criminals who are well funded and well organised,” warns William Beer, a security expert with Symantec.

The traditional view of computer hackers has been out of step with reality for quite a few years now. As more and more people come online and online services become integrated parts of their lives then the more lucrative it is for criminal gangs to become “cyber criminals”.

Cyber thieves target social sites

The BBC reports that social sites such as Myspace and Facebook are prime targets of cyber thieves.

The quasi-intimate nature of the sites makes people share information readily leaving them open to all kinds of other attacks, warn security firms.

Detailed information gathered via the sites will also help tune spam runs or make phishing e-mail more convincing.

It is not just the information that people make public that they wouldn’t ordinarily tell a stranger but that add-ons to these social sites may inadvertently create vulnerabilities whereby criminals can compromise a users computer and install trojans or keylogging software to steal bank details.

Identity Theft monitoring by Garlik

The BBC reports on a new service that is designed to help users reduce their risk of identity theft through a monitoring facility. The service is kind of like the constant surveillance of the Orwellian Big Brother but where the individual is in control of the surveillance upon themselves.

The Garlik Datapatrol service has been set up by the founders of the internet bank Egg with the intention of putting users back in control of the information that is held on them in public databases that are easily accessible through the internet.

The service brings together from the internet, public databases, and Credit Reports all the personal information it can find on a user and then displays it in a simple online format. Then on a monthly basis users will receive an update summary of additions or changes to their online profile as well as highlighting any risks or suspicious activity.

By facilitating individuals access to the information that is held on them the service puts its users on an equal footing with the criminals that might seek to steal their identities and as irregularities are often the first indication of a problem the monitoring system gives users an early warning and the possibility of nipping it in the bud before any negative consequences have occurred.

My only concerns are the security of Garlik’s database and the trustworthiness of the company. They seem to have a fairly robust system to establish user’s identity and to then authenticate users accessing the personal information gathered in the server database. But it presupposes that an individual’s identifying information hasn’t already been compromised or stolen.

I can see this service being a boon for identity theft rings who have enough data to register falsely for the service in order to further the scope of their thefts by letting Garlik do the legwork as it were in accruing further information.

Garlik’s secure servers would also be a prime target for criminals and so I would hope that they have taken the security of their servers as seriously as any bank would with theirs. Is the physical access to the servers as well secured as the online access is?

My second concern would be that as a new company they haven’t had the time to build a reputation or a record of establishment of trust. Registered users will be empowering the company and placing a lot of trust in the security of the service and the authenticity and accuracy of the personal information data provided to users. Having said that there is nothing to suggest that Garlik is in any way a disreputable company it is merely my natural paranoia.

I would have more faith in Garlik presently than I would in the UK government in securing any personal information I would give them.

Garlik are currently offering free trials to people signing up for the Datapatrol service at their website. http://www.garlik.com.

People with concerns about identity theft and security online should also take a look at the following website Get Safe Online which has been set up by banks and prominent internet companies.

Review: Identity Theft: What it is, How to Prevent it, and What to Do if it Happens to You

Cory Doctorow of BoingBoing reviews the book Identity Theft: What it is, How to Prevent it, and What to Do if it Happens to You

Hamadi assembles dozens of identity-theft cases in short narrative form, like little cautionary tales, and then strings them together with some interconnecting material to show you who commits identity theft, who falls victim to it, how identity thieves work, and what steps are most likely to mitigate the threats.

Amazon.co.uk link