While it is my belief that you, as an individual, are much more exposed to ID theft in the physical world, you can easily fall prey to online ID theft and compromise. Things such as phishing, malware, and hackers getting at your information are all easy things to do on a mass scale. While somebody can steal your credit card at a restaurant, for example, online miscreants can steal hundreds -- thousands, even -- of credit card numbers in one fell swoop.
So this post is to help you protect yourself while you're online. It will contain the standard advice as well as some suggested products that you should use while online. The hopeful outcome of this post is that you'll get off to a good start with a comprehensive post that contains much -- if not all -- of the information you need to protect your ID online.
Most ID theft that occurs online is based off social engineering, which is a fancy term for getting you to give up secret or confidential information to thieves without arousing your suspicions. For example, phishing is a form of social engineering where the ID thief mocks up a web site that looks exactly like the authentic web site, but instead, when you type in your username, password, and/or passphrase, that information gets sent to the ID thief who then uses it to fraudulently access your credit line(s).
This sort of thing often occurs in email, where the crook hopes you will click on the link he has put in the email. Often times, the email link doesn't even point to an authentic-looking web site, but after you click on the link, the damage has already been done. Sometimes, you're duped into giving away critical information. Sometimes, clicking the link installs some malware, which is computer programming that installs itself on your PC which many times opens a back door into your system (i.e., your hard drive is exposed).
Sometimes key loggers are installed, which "phones home" all the information you type in including name, Social Security Numbers, birthdates, and usernames and passwords.
All of this sounds scary, and it is. However, just as in the physical world, it's a numbers game. It's also question of how easy you make it for crooks. Leave your keys in the ignition and you've pretty much given the car thief permission to take your car. Same goes for online activity. If your system is harder to crack than the tens of thousands of other users on your network, then the crook may just pass you by.
So the idea is to fortify your system to the point that it just becomes too inconvenient to penetrate.
Multiple lines of defense are always better than one line of defense, even a super-strong line of defense.
I'll use the car theft analogy again. Install an alarm system with remote arming, lock your doors, keep your keys in your possession, and park your car in a well-lit, frequently-traveled area. Same with your computer: With your computer and other online activities, it's a little more complicated, but you can probably reduce your risk by about 80 percent just by using a few precautions.
First things first: Never give out personal information to any web site that you don't trust. Additionally, never give out information requested by a web site whose URL you didn't type yourself. If somebody contacts you via email, get in contact with them and talk to them on the phone.
Those are the social engineering precautions.
Now for the system precautions.
- Hardware firewall. Linksys provides some very good ones. Stick with a great brand. If you go wireless, make sure you change the default username, password, and SSID. Also, use WPA for the encryption component and choose a strong password
- Software firewalls are your second line of defense. Anything that gets through your hardware firewall ought to be stopped right here. ZoneAlarm, Comodo, Symantec, Trend, McAfee, and a few others all fill the bill quite nicely. Turn off the built-in Windows firewall, not because it's bad (it's quite good, just not as good as those mentioned here), but because it may interfere with the others. There is no need to use more than one software firewall (same goes for anti-virus).
- Turn on the feature in Windows called Data Execution Prevention.
- Install an antivirus program. Trend, Comodo, Symantec, McAfee, and Kaspersky all offer great solutions. There are a host of free ones, too.
- Install anti-spam and anti-malware programs. Trend, Comodo, Symantec, McAfee, and others provide great products for stopping adware, malware, and spam.
- Anti-root kit software is out there. The idea with root kits is they infect your system without any visible signs and then surreptitiously do evil things. I don't know much about root kits, or their defenses, so do a Google search and find out for yourself.
- Don't ever store your usernames or passwords on your PC. It's actually better to write them down and put the list in your wallet than it is to put them on your hard drive. Unless, that is, you encrypt the contents using something like RoboForm. It's simply the best thing since sliced bread. Seriously.
- Surf anonymously, only revealing personal information when absolutely necessary. You can try TOR, or an anonymizing service like Anonymizer.