Google
yourself to check identity-theft vulnerability
by Alan Zisman (c) 2004 First
published in
Business
in Vancouver September
7-13, 2004; issue 776, High Tech Office column
Why don't you go Google yourself?
No, nothing obscene. And not an invitation to buy into the popular
search engine's new stock offering.
Instead, taking a few moments to check Google for your name can help to
see if you're a potential victim of identity theft or other scams. Go
to Google's website, enter your first and last name in quotation marks,
like "Alan Zisman," and see what comes up. Search for your address and
your phone number. Your social insurance number and your credit card
numbers.
It may be interesting to see the contexts in which your name pops up,
or who shares the same name. It's more dangerous if your name appears
to be connected to other identifiers like your SIN or credit card
numbers, as can happen with poorly secured school or medical
information, for instance. Such information has also shown up in court
documents posted online.
Even names with corporate positions can be problematic. Hackers have
been known to use such information to pose as an employee to obtain
password and other information. And something as seemingly innocent as
your name, address and phone number in a school parent committee list
might not be something you want posted on the Web.
Google for your e-mail address; if you can find it online so can
"spambots" - automated software that routinely wanders the Web
"harvesting" e-mail addresses for spammers.
If you find personal information online, contact the website to get it
removed.
More information on so-called Google hacking is available at
www.johnny.ihackstuff.com.
So-called phishing is an Internet growth industry. These apparently
realistic, but fraudulent e-mail messages that entice users to go to a
website and type in sensitive information such as account numbers and
passwords. I've received e-mail appearing to be from Internet payment
company PayPal and from several banks. While it's easy to ignore
messages appearing to be from a financial institution where you're not
a customer, the number of phishing messages is increasing. The
Anti-Phishing Working Group reported over 1,400 different phishing
attacks in June alone, with reports of attacks growing an average of 52
per cent each month this year.
Research firm Gartner estimates that approximately 30 million users
have received such messages, and roughly 1.8 million users may have
fallen for them.
Mailfrontier, an anti-spam filtering service, filters out suspected
phishing messages separately from other spam. It discovered that 10 per
cent of the time customers were sending the fraudulent messages back to
their inboxes, presumably intending to follow up on them.
The company surveyed users, asking them to identify messages as
legitimate or scams. With 1,000 adults surveyed, 28 per cent were
unable to pick out the frauds. Mailfrontier has followed up with an
online test (www.mailfrontier.com). See if you can tell which messages
are legitimate and which are scams.
Similar to phishing are the techniques used in some e-mail viruses that
mimic the look of, say, the Microsoft website in order to trick users
into running an attached file that promises to be a security upgrade.
Remember that Microsoft never sends end users e-mails with files
attached.
A recent report sponsored by AT&T reports that 78 per cent of
the
254 of senior business executives surveyed consider security the top
network concern. While this increased awareness at the top is good
news, the same percentage admitted to opening e-mail attachments from
unknown senders. The most common way that Internet viruses and worms
are spread. Nine per cent admitted to sharing their passwords with
someone outside their company.