Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cringely on Identity Theft

Posted by michael on from the who-ordered-all-this-porn dept.

Boiled Frog writes "Prompted by the theft of his mail, Cringely investigates how easy it is to steal identities from government publications. In this article he explains how he got the identities of 300,000 people which he calculates to be valued at $65 billion dollars. If Cringely can do it, anyone can."

4 of 630 comments (clear)

  1. Re:Article is spot on. Happened to me.. by TopShelf · · Score: 5, Interesting

    I was somewhat luckier. On the same day, I got a notice from a small long-distance telephone company saying I had an account that was being sent to collections, as well as another note saying that the account had been closed and that no further action was necessary. When I called, it turned out someone had used a credit card number in my name to set up an account and wrack up charges, and was eventually recognized as a fraud and everything was closed out.

    The scary part was that if I hadn't called these guys up, I never would have known about the identity theft. How often does something like that occur, where the situation gets resolved but the intended victim is never informed???

    --
    Stop by my site where I write about ERP systems & more
  2. UK line of defence against Identity Theft by Boss,+Pointy+Haired · · Score: 5, Interesting

    If you're in the UK; you can register your name / address combination with CIFAS:

    http://www.cifas.org.uk

    The service is operated on behalf of the UK financial institutions by Equifax; and will add a layer of authorisation to your name / address combinarion when arranging credit etc. It probably means that you won't be able to buy stuff on instant credit; but the for the hassle that identity theft can bring I think it's worth it. Registration costs 12 quid for 12 months.

    Personally i'm amazed that institutions will lend large amounts of money without a definite proof of your identity; but I guess that's consumer forces for you - Dixons want you to be able to walk out of their store with that 32" wide screen TV purchased on instant credit. For all the sales that brings; they absorb the liability.

  3. SSN used as identifer by Cade144 · · Score: 5, Interesting

    In the article it is mentioned that your Social Security Number is used as a universal identifier and as "proof" of identity.
    This is not a good thing.

    I work in the medical records/medical billing industry and a patient's SSN is one of the vital bits of information we collect and use to help index records.
    Also the patient's date of birth.
    For billing purposes, we need the patient's home address.
    The health insurance company also needs all this information. In fact, if we don't supply all of the patient's personal information, they often don't pay claims.

    We try to protect private information. We have yearly training, and monthly filers reminding us of the importance of protecting confidential infromatin. We have every bit of discarded paper shreded, and we have pretty good locks on our doors, and we have a fairly paranoid firewall, but the truly determined employee could always get their hands on thousands of patient records with everything needed for identity theft.

    It's probably the same way at Hospitals and Insuance companies too. Too many people have access to private information, and the social and technological controls on it are too weak.

    I hope that no one who has access to my personal information decides to do a bit of creative fundraising.

    I don't have any answers, but we ought to think of solutions pretty soon.

  4. Stealing bank details by pubjames · · Score: 5, Interesting

    In the last couple of months there have been an increasing amount of very sophisticated email scams.

    For instance, E-Gold members (and others) have been receiving emails like this

    Dear e-gold user.

    At 09.05.2003 our company was attacked by unknown
    persons. Out administrators is working on the database restoring.
    If you have an active account, please check if it is still active, your
    current balance is right and all transactions can be processed.
    If you find that your account is inactive, please letus know
    immediately at e-mail service@e-gold.com
    To check your account, please click on the link below:
    https://e-gold.com/sci_asp/payments.asp

    It looks official, doesn't it? And the link looks ok too. But it is an html email, and the actual link went to a page located at e-gold2.com, which looked exactly like the real e-gold site. Thus the fraudsters were able to get peoples log-on details. More here.

    In the UK, many people have been receiving emails that look as if they are from Barclays bank (one of the biggest in the UK). It is a similar scam to the e-gold one. More here.

    I myself have recieved and email asking me to update my ebay account details. Only on close inspection did I realise that it was a fraud.

    I find this extremely worrying. Personally I am probably like many Slashdotters - paranoid about security and difficult to catch out. However most people aren't like that, and this new type of scam email is an extremely worrying development, because it could catch a lot of people out. People really need to be informed about this type of scam, but I've yet to see much in the press about it. Any journalists reading..?