Google yourself to check identity-theft vulnerability

by  Alan Zisman (c) 2004 First published in Business in Vancouver September 7-13, 2004; issue 776, High Tech Office column


Why don't you go Google yourself?

No, nothing obscene. And not an invitation to buy into the popular search engine's new stock offering.

Instead, taking a few moments to check Google for your name can help to see if you're a potential victim of identity theft or other scams. Go to Google's website, enter your first and last name in quotation marks, like "Alan Zisman," and see what comes up. Search for your address and your phone number. Your social insurance number and your credit card numbers.

It may be interesting to see the contexts in which your name pops up, or who shares the same name. It's more dangerous if your name appears to be connected to other identifiers like your SIN or credit card numbers, as can happen with poorly secured school or medical information, for instance. Such information has also shown up in court documents posted online.

Even names with corporate positions can be problematic. Hackers have been known to use such information to pose as an employee to obtain password and other information. And something as seemingly innocent as your name, address and phone number in a school parent committee list might not be something you want posted on the Web.

Google for your e-mail address; if you can find it online so can "spambots" - automated software that routinely wanders the Web "harvesting" e-mail addresses for spammers.

If you find personal information online, contact the website to get it removed.

More information on so-called Google hacking is available at www.johnny.ihackstuff.com.

So-called phishing is an Internet growth industry. These apparently realistic, but fraudulent e-mail messages that entice users to go to a website and type in sensitive information such as account numbers and passwords. I've received e-mail appearing to be from Internet payment company PayPal and from several banks. While it's easy to ignore messages appearing to be from a financial institution where you're not a customer, the number of phishing messages is increasing. The Anti-Phishing Working Group reported over 1,400 different phishing attacks in June alone, with reports of attacks growing an average of 52 per cent each month this year.

Research firm Gartner estimates that approximately 30 million users have received such messages, and roughly 1.8 million users may have fallen for them.

Mailfrontier, an anti-spam filtering service, filters out suspected phishing messages separately from other spam. It discovered that 10 per cent of the time customers were sending the fraudulent messages back to their inboxes, presumably intending to follow up on them.

The company surveyed users, asking them to identify messages as legitimate or scams. With 1,000 adults surveyed, 28 per cent were unable to pick out the frauds. Mailfrontier has followed up with an online test (www.mailfrontier.com). See if you can tell which messages are legitimate and which are scams.

Similar to phishing are the techniques used in some e-mail viruses that mimic the look of, say, the Microsoft website in order to trick users into running an attached file that promises to be a security upgrade. Remember that Microsoft never sends end users e-mails with files attached.

A recent report sponsored by AT&T reports that 78 per cent of the 254 of senior business executives surveyed consider security the top network concern. While this increased awareness at the top is good news, the same percentage admitted to opening e-mail attachments from unknown senders. The most common way that Internet viruses and worms are spread. Nine per cent admitted to sharing their passwords with someone outside their company.