Identity theft is everywhere these days. Identity Theft, a new movie starring Jason Bateman and Melissa McCarthy, just hit the theaters—putting a pop culture spin on the problem. In the political world, some members of the Bush family, including former Florida governor Jeb Bush, are currently dealing with the aftermath of having their emails hacked and then obtained by the TheSmokingGun.com and splashed across the site. If you check your local paper, odds are you'll find stories about victims who have recently had their identity stolen.
All in all, identity theft cost Americans a collective $1.52 billion in 2011, according to data from the Federal Trade Commission.
It's a serious problem, but it doesn't have to be your problem. Avoid these five behaviors so an identity thief doesn't spot you and see dollar signs:
Watching porn online. Even if this would never apply to you, it applies to a lot of people, according to Steve Weisman, author of 50 Ways to Protect Your Identity in a Digital Age and founder of Scamicide.com, which offers information on scams, fraud, and identity theft. When people access porn sites—especially free ones—they're visiting a common place where malicious software programs like to lurk, Weisman says. "Criminals install the keystroke logging malware, and people end up downloading it on their office computers," he says. "Identity thieves have knowledge of psychology that Freud would have envied. They know what's going to appeal to adults, and certainly porn does."
Sharing too much information on social media accounts. You've probably heard this before, but it isn't stopping most people, is it? It's important to remain vigilant about what personal information we share on sites such as Facebook and Twitter, says Phil Becnel, managing partner at Dinolt Becnel & Wells Investigative Group, a private eye firm in Washington, D.C. Most identity theft cases he's seen either involve people getting their credit card information stolen at a restaurant or discovering a friend or relative applied for a credit card in their name. "The real danger is the latter, because it's a lot harder for an average person to remove derogatory information from their credit report than it is for a credit card company to write off some fraud losses," says Becnel.
If you can't help yourself, consider this strategy: When you're asked security questions on secured websites such as your bank's, Weisman says to "give a nonsensical answer that you will remember, but nobody else could guess." For instance, if asked where you went to high school, use the name of another high school you'll remember—or you could even plug in a number as your answer to make it difficult for someone to sign into your account. "Nobody," says Weisman, "is going to guess that the number seven is your high school."
Being careless with your passwords. If you use the same password for every site, or use simple words or letters (e.g., "password" or "1234"), you're asking for trouble. However, most people fail to vary their passwords, says James W. Gabberty, professor of information systems at Pace University in New York City. For instance, the passwords to get into your PC, your laptop, and your tablet should be different. He also recommends changing passwords about every 90 days.
"The reason is simple," Gabberty says. "Once inside your machine, key loggers—which may be lurking inside your computers right now—read every keystroke, reporting back to some 'mother ship' or central server information about you, your passwords, the sites you visit, and so on."
As for those passwords, Jonathan T. Rajewski, assistant professor of digital forensics at Champlain College in Burlington, Vt., suggests using a passphrase such as your favorite song lyrics, but supplementing part of them with special characters. For instance, Rajewski says if you like the line, "God bless America, land that I love," turn it into "godble55ameri9a,LandThatILove."
According to Gabberty, passwords should also not contain such things as friends' names, your date of birth, or your favorite sports team. "The more random [it is], the less likely you are to get hacked," he says.
Failing to fully educate your kids about viruses. Weisman says whereas con artists target adults with porn sites, others try to dupe kids on websites that offer free music or computer games.
Christopher Boyd, senior threat researcher at GFI Software, a company based in Clearwater, Fla., that develops Web, email, and computer-network security software, says many cyber criminals send fraudulent links and videogame "powers" to unsuspecting kids and gamers—teens who, say, want to beef up their character on World of Warcraft. "They see an offer to make their guy more powerful, they click on it, and a password stealer gets installed on their machine," Boyd says.
Moreover, YouTube—another favorite haunt for kids—is a bastion of malware, says Gabberty. He says kids who watch videos on the site should browse as limited users and not as administrators, which means you might want to check the user account your child is using to see how they're set up.
It can be tricky to teach children the nuances of the Internet, and how to tell if a website looks dangerous (especially when adults have trouble figuring that out themselves). Nevertheless, it's important to raise skeptical Internet users. "Remember, kids," Boyd warns, "they're all out to get you."
Assuming you're safe. In addition to catching errors on their credit report, many people today discover their personal information has been compromised when they learn a warrant has been issued for their arrest, says Ben Luftman, a criminal defense attorney in Columbus, Ohio. "Oftentimes when someone's identity is stolen, the person who stole the victim's identity is using their identification during traffic stops, and tickets can be issued in the name of the victim," Luftman explains.
To err on the side of caution, look for signs of possible identity theft every three months, recommends Gary Raphael, a senior vice president in risk consulting at ACE Private Risk Services, which offers insurance for high-net-worth individuals and businesses. He also says if you're robbed, don't just assume that because your big screen TV is gone, your problems end there. "A thief may be after personal information as much as property," Raphael says.
Even cyber criminals themselves aren't immune to identity theft. Boyd says some phishers become victims when malware writers go after them and lift the passwords they've stolen.
Not remaining vigilant has always made people vulnerable to crooks. For instance, you might think you don't need to take many safeguards with your computer because you're protected with anti-virus software. Weisman throws cold water on that idea, pointing out that cyber criminals are actively working on viruses and malware designed to get around a consumer's computer protection. Says Weisman: "The bad guys are often ahead of the good guys."