Your Identity Could Cost Just Fourteen Dollars

I just learned from an article in the on-line publication Infoworld that your identity and all sorts of personal information associated with it may be available for purchase on the internet for just fourteen dollars. A research report generated by the Symantec Corporation suggests that identity theft criminals can purchase confidential personal information as follows:

U.S.-based credit cards with a card verification number were available for between $1 to $6, while an identity — including a U.S. bank account, credit card, date of birth, and government-issued identification number — was available for between $14 to $18,” the report said.

The report published this month by the Symantec Corporation entitled “Symantec Internet Security Threat Report Trends for July-December 06” discusses the disturbing trends of internet security and identity theft. Symantec comments on a shift in criminal activity on the internet:

Over the past two reporting periods, Symantec has observed a fundamental shift in Internet security activity. The current threat environment is characterized by an increase in data theft and data leakage, and the creation of malicious code that targets specific organizations for information that can be used for financial gain.

Instead of exploiting high-severity vulnerabilities in direct attacks, attackers are now discovering and exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and Web browsers. Those vulnerabilities are often used in “gateway” attacks, in which an initial exploitation takes place not to breach data immediately, but to establish a foothold from which subsequent, more malicious attacks can be launched.

The overall implications from this report suggest that consumers take the following steps to minimize identity theft risks:

Consumer Best Practices

1. Consumers should use an Internet security solution that combines antivirus, firewall, intrusion detection, and vulnerability management for maximum protection against malicious code and other threats.

2. Consumers should ensure that security patches are up to date and that they are applied to all vulnerable applications in a timely manner.

3. Consumers should ensure that passwords are a mix of letters and numbers, and should change them often. Passwords should not consist of words from the dictionary.

4. Consumers should never view, open, or execute any email attachment unless the attachment is expected and the purpose of the attachment is known.

5. Consumers should keep virus definitions updated regularly. By deploying the latest virus definitions, consumers can protect their computers against the latest viruses known to be spreading “in the wild.”

6. Consumers should routinely check to see if their PC or Macintosh system is vulnerable to threats by using Symantec Security Check at www.symantec.com/securitycheck.

7. Consumers should deploy an antiphishing solution. They should never disclose any confidential personal or financial information unless and until they can confirm that any request for such information is legitimate.

8. Consumers can get involved in fighting cybercrime by tracking and reporting intruders. With Symantec Security Check’s tracing service, users can quickly identify the location of potential hackers and forward the information to the attacker’s ISP or local police.

9. Consumers should be aware that security risks may be automatically installed on computers with the installation of file-sharing programs, free downloads, and freeware and shareware versions of software. Clicking on links and/or attachments in email messages (or IM messages) may also expose computers to unnecessary risks. Ensure that only applications approved by the organization are deployed on desktop computers.

10. Some spyware and adware applications can be installed after an end user has accepted the end-user license agreement (EULA), or as a consequence of that acceptance. Consumers should read EULAs carefully and understand all terms before agreeing to them.

11. Consumers should beware of programs that flash ads in the user interface. Many spyware programs track how users respond to these ads, and their presence is a red flag. When users see ads in a program’s user interface, they may be looking at a piece of spyware.

Symantec suggests that following these recommendations will minimize risks of identity theft. However, risks of identity theft will remain strong until consumers recognize the seriousness of the risk and sophistication of the criminals and until software manufacturers prioritize security ahead of profitability.