Not sure if it's a good thing or a bad thing, but a recent poll of 1,500 people in Britain found that more brits worry about having their identities stolen than they do about having a heart attack or being diagnosed with cancer.

The survey found that more people had some form of identity theft protection and insurance than had critical illness insurance.

I don't think having your identity stolen is worse than a heart attack but at least it seems brits are getting the message.

There are plenty of trends in security and banking but this might be one you won't welcome. According to a story in Computerworld, banks in New Zealand are looking at the viability of introducing a Code of Practice that would allow them to inspect the computers of customers who claim to have lost money to identity thieves and other scams.

The goal appears to be to give the banks the opportunity to refuse to cover losses incurred by customers if their computer shows they didn't have adequate security installed, didn't patch their computer when they should have, or just exhibited bad computer habits or lack of surfing savvy.

Apart from the logistical nightmare, it seems crazy that any bank would get away with such a stunt. Or is it that crazy?

Check out the story at Computerworld. 

http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025780&source=NLT_SEC&nlid=38

It’s very easy to find someone to blame when it comes to identity theft (apart from the thieves).

We can blame the credit bureaus for buying and selling our personal information without permission. Or we can blame the government and our legislators who refused to regulate the lucrative trade in our financial information.

We can even blame ourselves, as consumers, for not taking enough responsibility for our own security and protection against identity theft.

But much of the blame has to fall upon the businesses, both large and small, that are failing to protect the confidential customer and employee identity information in their care.

Click to read more ...

The San Francisco Chronicle recently ran a great story that chronicles the real life drama of an identity theft victim who thinks she recognizes the thief six months later at a Starbucks, chases her through the streets of San Francisco, loses her, and with the help of the police finally has her cornered and arrested.

According to the victim, a creative consultant living in San Francisco, the crime that started with the theft of mail from her mailbox eventually cost her six months of hell and $30,000 in lost earnings. Yet despite pleading guilty, the thief got away with time already served in jail waiting for her day in court (a paltry 44 days) as well as three years probation.

No wonder she smirked and waved at her victim during sentencing. She was already on probation for other crimes when she committed this theft. And no wonder victims feel victimized all over again when thieves who ruin credit and lives get away with a slap on the wrist and a smirk.

You can read the entire story at  

http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2007/06/15/MNG77QG0G11.DTL

There’s been a lot of talk lately about the difference between phishing, a very potent form of identity theft, and its close cousin pharming.

To clear up some of the confusion, let’s first focus on what “pharming” is:

Pharming is a form of Internet identity theft scam designed to trick you into handing over your personal information. It usually focuses on stealing login and password information for your bank or credit card accounts.

Instead of trying to trick you with an email (like phishing), though, pharming sets up bogus web sites and then either tricks you or forces you into visiting them.

Continue reading “How Pharming Can Lead to Identity Theft”

How Pharming Can Lead To Identity Theft

One of the most advanced pharming tactics, called “DNS poisoning,” is also one of the most complicated.

In this scam, thieves need to break into the servers that manage the DNS (Domain Name System) settings. When you type in the URL or domain name of a web site you want to visit, DNS settings are supposed to ensure that you go to the right web site.

DNS poisoning alters the DNS settings so that even when you correctly enter the URL of your bank or other legitimate web site, you still end up on a bogus website that looks like the real thing.

An even easier way to become a victim of pharming is to simply visit an infected website. If you haven’t been vigilant in downloading patches for your computer, especially patches for Microsoft products, the infected web sites can plant malicious code on your computer.

Every time you try to access a sensitive web site, like your bank’s, that malicious code instead instructs your computer and browser to go to the bogus look-alike site instead.

This can be a real nightmare if you’re not very careful about where and how you surf.

Fortunately, there are some basic precautions you can take to avoid pharming websites and prevent Internet Identity Theft.

•    Focus on Internet Identity Theft prevention and awareness. Make sure your computer security always up-to-date with your patching so that infected web sites can’t install malicious code on your computer.

•    Regularly scan your computer for any viruses, Trojans, or spyware that might have been planted there.

•    Be careful when you type the URL of a web site so that you don’t misspell it and end up on a pharming site instead.

•    Add your most commonly-used web sites, like your bank and credit card companies, to your favorites list or bookmarks in your browser. If you use those bookmarks every time you access those sites, you won’t risk mistyping the URL into your browser.

•    Be vigilant when accessing the web pages of your bank or credit card companies because they’re the prime target for pharming scams. Tell-tale signs of pharming include a page that asks for “too much information” or information the site should already know, or a site that has some design inconsistencies that just don’t look right.

•    When entering information into an online form, make sure that the page is secure. Secure signs include the letters “https” in the URL instead of just “http” -- the “s” means the site is secure and uses an SSL certificate to protect your information. Bogus or pharming web sites rarely use a digital or SSL cert and therefore will not usually display the “s.”

•    Similarly, a secure web page should also have the lock symbol in the browser, usually in the bottom of the browser window. A pharming page rarely includes the lock symbol.