• My Tweats

    • Flickr Photos

    Avoiding Identity Theft

    EmaxHealth has an article from the Michigan Association of CPAs has a short article entitled Ten Smart Ways to Avoid Identity Theft, with 9 (not 10) preventive measures summarized as:

    • Guard your social security number
    • Memorize PIN numbers
    • Shred
    • Carry a minimum of personal information
    • Monitor bank statements and credit card bills
    • Secure your postal mail
    • Treat personal information with care
    • Install a firewall
    • Check your credit report

    The last step was actually a detection and/or reaction measure:

    • Consult with a CPA

    I will comment upon each of these measures in turn.

    Guard your social security number

    This is a good idea and should be extended to other valuable identifiers (e.g. driver’s license, passport ID, bank account numbers). This has become very difficult to do as you Social Security number is used and required by many sources. Don’t expect a good national ID card anytime soon. It would be difficult and expensive to implement and many in the information security field are also political libertarians and instinctively recoil at the idea thus there is little positive work being done on this.

    Memorize PIN numbers

    This is good advice. It has also been increasingly difficult as the number account/password combinations increases and the reliability of passwords decreases. Future Purpleslog will discuss this matter soon.


    I do own a paper shredder. I confess I do not use it consistently (either through laziness or subconscious microeconomic transaction cost analysis. Laziness mostly).

    Carry a minimum of personal information

    Good advice. In modern society, it is impossible to not care some identification. So this measure reduce identity theft only slightly.

    Monitor bank statements and credit card bills

    More good advice. I recommend doing this as part of your regular personal finance or todo/GTD/FlyLady activity on a monthly or quarterly basis.

    Secure your postal mail

    I don’t have much to add here. The recommendations here are: deposit outgoing mail that could be used to compromise you identity directly at the post office or a secure postal drop-off, don’t leave your mail sitting in your open post office box for people to grab, and when you are going to be gone for awhile stop your mail until you return.

    Treat personal information with care

    Duh. Remember to consider all mediums that you use: Verbal, Paper, Email, Web, CellPhone, Pay Phone, preprinted checks, etc.

    Install a firewall

    This should be more explicit: protect your home digital assets (PC, Mac, PDA)

    Use a software or hardware firewall (e.g. Zone Alarm)

    Use desktop anti-virus software preferably with built-in adware/greyware/scumware detection (I use free AVG for my PC)

    Periodically run Adaware or Spybot or similar tools

    For personal email, use a web-based system with built-in anti-virus and anti-spam (don’t use MS Outlook)

    Add security to your Web Browser. I use Mozilla Firefox with the following security related extensions: Target Alert, SpoofStick, Site Adviser

    Don’t install software from unvetted source

    Make regular backups of important information (e.g. burn CDs, burn DVDs, extra USB hard drive, use a internet backup service)

    Don’t setup and use unsecured WiFi access points

    Beware (and become educated) Social Engineering related attacks like Phishing and Pharming.

    Check your credit report

    Get a copy of you credit report free once per year from each agency and review it looking for incorrect and weird stuff.

    Consult with a CPA

    If identity theft has occurred, several experts should considered for help: CPA, CPA/Lawyer, Lawyers, Financial Adviser, and local law enforcement. Have fun for the next couple of years. 😦

    Other measures that should be considered in the future

    1. Insurance
    2. If you become a victim of identity theft, get a civil judgement against the perpetrator and publicize it. Ruin their credit. Retaliate with InfoSec Lawfare against the direct perpitrator and those organizations and individuals who enabled the perpetrator.

    Other links of interest on the topic of Identity


    3 Responses

    1. nice blog!


    2. I have been the victim of identity theft just like others from Bank of America and from others I’ve known that should have been trusted.


      Bank of America ranks the top two for identity theft check it out. Let me know of ways to approach this better.

    3. That sucks 08jus.

      In a prior life I worked as a security engineer for a network service provider.

      I was always shocked when we would come across vast dumps of third party identity information (e.g. name, address, ss nums, driver’s license, credit card nums, mother’s maiden names) – usually cached somewhere on msn.com. Do to some network coincidences, certain types of detected data dump came to the attention of my company – meaning me – first. Microsoft and the web caching where pretty blase about cleaning it up even though it would be datya for thousands of people.

      It happened often enough I had a script I ran against the data to make sure no names matching friends, mail it and co-workers were in the list. And even though the names were large amounts, I never caught the wiff of a public disclose by Microsoft on this breech.

      I had no standing to complain (no data from my company was stolen, and no infrastructure from my company was co-opted.

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google photo

    You are commenting using your Google account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

    %d bloggers like this: