Thursday, August 21, 2008


By Muthoga Kioni (Published in the EAStandard 20th August 2008)

Stealing someone else’s identity is a vice that existed before the advent of computers. What has made it a nefarious crime is the ease at which loopholes in ICT systems can be exploited to steal an identity and commit other crimes.

Identity theft occurs when personal information is stolen by a cyber-criminal for unlawful purposes. The fraudster will use a false identity (yours) to commit a series of crimes, usually financially related.

Your identity is contained in various documents for example birth certificates, ID cards, bank statements, credit/debit card slips, driving licenses, passports and land registry documents. These documents are harvested by cyber crooks for identity details.

The threat of identity theft is best illustrated by the recent arrest of seventeen Kenyans in Kansas City (USA). They are charged with massive fraud in which they allegedly stole identity information (including social security numbers) from elderly nursing home patients. These details were used to prepare both federal and state tax returns using tax preparation software. They then allegedly filled false W-2 Forms (wage and tax statements) listing employers that the identity theft victims never worked for, false residence addresses, and other false information. Substantial amounts were refunded to these “ghost” employees by the Tax authorities.

On a personal level, ID theft can occur when your credit/debit card details are illegally obtained at retail outlets without your knowledge. This is called card skimming.

You are also vulnerable when conducting online financial transactions. “Man-in-the-middle” attacks can intercept your online bank passwords, e-mails and other crucial digital information.

How do you protect yourself?

Online shopping requires special precautions. Use a separate credit card just for your Internet shopping. Try and use sites that display “https” before their address when you are entering sensitive information. You can also look out for sites that display certification symbols from organizations, for example Thawte. Though usually safe, remember there are no guarantees.

Ensure that you also update your security software for example anti-virus/anti-spyware. Make sure this software is active when you are online and that it has been updated within the past week or so.

You should also avoid clicking on web links in “official” looking e-mail messages. There are some e-mails, purportedly from banks, that request for your account details. If an e-mail asks you to update your account number, or other personal information, don’t take the bait.

It is also advisable to use different passwords for your online accounts. Using a single password allows someone who obtains it to access all your accounts. You can use variations of one password. It is also possible to add a further layer of authentication by using a fingerprint reader to store passwords for sites you go to often.

No comments: