Patrick Lambert follows up on the stolen celebrity credit reports. You don't have to be famous to be at risk. What can individuals and businesses do for protection?
The hacking underground is filled with all sorts of scams, but most of them are based on first obtaining information about unsuspecting victims. This can be credit card numbers, dates of birth, social security numbers, and so on. But the one item that contains all of that, and everything else a hacker could dream of, is the credit report. On a typical credit report, you find a lot more than just your personal information, you also have all of your financial history. A lot of financial institutions and businesses ask things like where you have a bank account, or what credit card you own, for the express purpose of combating fraud. But if the hacker has your credit report, then it's game over. There is nothing more that a business or bank can get access to in order to prove that you are truly yourself.
Identity thefts are not new, but earlier this month a fairly high profile incident happened when news came out in Bloomberg that a site was providing the complete information, credit reports included, of celebrities and politicians. Among the targeted names we find Michelle Obama, Paris Hilton, Ashton Kutcher and more. At this time, the site is still up, and the author was even so kind as to place a traffic counter on the front of the site. Right now, there are over 700,000 people who visited it. So the question naturally is, how do these people get their hands on them? It turns out that this is not very hard. Full information packages can be bought in underground channels for just a few bucks. The Tor network, despite all of the good that it does, also hosts many forums that deal with this sort of trade. Anyone who downloads the Tor Browser package can run a so-called Hidden Service, which can be a forum that is completely untraceable. This is what replaced IRC and Russian forums for these guys.
The underground transactions are typically done using digital currency like Webmoney or even Bitcoins, and are also hard to track. Finally all that remains is for the original crook to get the credit reports in order to sell them, and while there is no way to know where the celebrity reports came from, it could be from public portals like AnnualCreditReport.com, which is a service that has over 200 million US reports and gives them out freely if you know a few key pieces of information. Basically, finding the information is not hard, which puts us as customers and potential victims in a precarious position. You don't have to be a celebrity to be at risk.
What can you do to protect yourself?
Unfortunately, right now there isn't a lot that can be done. The stock response from credit agencies and financial institutions is that you should keep your personal information private, watch who you give it out to, don't let your credit card out of your sight, and make sure to look at your credit report on a regular basis. In fact, that last one is probably the most important. You can get a basic online credit report for free once a year, and you can pay if you want it more often. Of course this will only tell you something happened after the fact, such as if someone uses your identity to open a mortgage account. Legally, you won't be responsible for charges that you don't incur, but in reality having your ID stolen may mean a host of unwanted problems like calls from debt collectors or having to explain your story over and over again.
There are also ID protection companies such as LifeLock, which offers a service to protect your personal identity. The way they work is fairly simple: they monitor your credit report and alert you when they see any suspicious change. They then work with you to remove anything that wasn't done by yourself. Some even provide monetary guarantees to make you feel more secure. This will obviously cost you a monthly fee, and overall it probably isn't worth it unless you have some reason to think that you may be targeted, such as finding suspicious activities on your accounts.
Yet perhaps the most common way people get their identity stolen is by giving it away. Phishing emails and scam phone calls are still all over the place, and they work. There are a lot of sophisticated scams out there that will target older people or those living alone. Almost every week there is a new scam being invented somewhere, from renting scams, job scams, lottery scams, you name it. Businesses are not immune either, with business accounts being able to get much bigger loans. And quite often, the bad guys don't only ask for money any more during their scams, they want a bank account for wire transfers, or other similar purposes. Remember that it only takes a few personal details to gain access to a credit report, and at least for now, it's very easy for crooks to get their hands on those.