Identity Theft and Human Error


There's a common stereotype associated with "the hacker" - rapid typing, green flashing text, dark rooms and secrecy.

In reality, someone looking to steal your identity, whether for profit or just for fun, can do it with a simple phone call and a quick Google search - no tech skills required.

Understanding how this can happen makes it easier to mitigate or outright prevent damage, should you be the target of a cyber attack.

An Example

In a recent high-profile case, Gizmodo, a popular tech blog, had its Twitter feed hacked and taken over by pranksters. Wired Magazine was able to easily replicate the hack, and details how it was done here. All it takes is a few lies to a customer service representative and a flawed password recovery system.

By looking at how this hacker was able to succeed, we can pinpoint two weak spots in account security - password recovery and linked accounts. Here are a few tips to keep you safe on both fronts:

Put effort into your security questions.

In this victim’s case, his password didn’t matter. What mattered was how to create a new one. In many cases, this can be startlingly easy, especially when the security questions can be easily researched. If you have a Facebook account, it’s probable that you’ve mentioned your pet’s first name, your hometown, or your favorite color, so it’s not a good idea to make these the answers to anything.

Activate Two-Step Authentication.

You might have this already activated with a bank account - in order to change any account information, you must provide an extra pin number, which is sent to your phone. That way, a hacker would need physical access to your cell in order to continue. While at times it may seem like a hassle, this is a crucial step in preventing unauthorized account changes. If you have a Gmail or other Google account, you can activate Two-Step Authentication here.

Use Multiple Email Addresses.

Another thing that made this hacker’s job easier was that most of the victim’s accounts were tied to the same email address. Whenever a password was reset or emailed, it went to the same account - one the hacker already had access to. Since he was quickly opening the emails and then deleting them, even if the victim had logged into his email, he might not have noticed anything happening.

Delete Confirmation Emails.

Don’t save old passwords or confirmation emails in your account. Anyone who gains access to your email will then know, with minimal effort, what other accounts they can immediately access.

Avoid Linking Accounts.

Don’t tie all your accounts together either. While it can be tempting to use your Facebook to log in to all your other social networks, it can be devastating if your Facebook is hacked - that will give the hacker instant access to everything else linked.

Disable “Autofill” Options.

If your log-in name and password automatically fill themselves in, how would that help to stop a laptop thief? Worse, if your credit card info saves itself, having your computer stolen could lead to your bank account being emptied, too.

Treat Every Account Like It’s Your Bank Account.

Just because an account seems unimportant doesn’t mean you should make it any less secure. Making an account easy to break into just gives a hacker a convenient place to get his foot in the door. Create a strong password, set up security questions, and don’t use the same ID and password combination for any two accounts.

The idea of identity theft can be intimidating, especially for those who don’t understand how it works. Just remember that it’s like any other theft. It’s not always possible to avoid risk, but a little common sense can prevent the worst.

To continue reading about Identity Theft, read this post: My Identity's Stolen - Now What?