Posts tagged as:

protection

It has been a crazy two days for me, I was an MC at a CyberSecurity conference and have been running around like a chicken with my head cut off.  One of the questions that came up for our panel of experts related to the validity of identity theft “protection” services. While the question wasn’t really on topic it certainly caught my attention as a personal finance blogger.

I really think someone should come around and slap these people for being so bold as to put the word protection anywhere near their logo. What they should really call themselves is personal assistants with an insurance policy rider.  They do not protect you from becoming a victim of identity theft, they really just monitor your credit to determine if you may be a victim.

At the point these services take any sort of action someone has already assumed your identity and is working to take out lines of credit in your name. They have just identified a theft that has already occurred and are working to mitigate that risk. Any credit monitoring service will notify you of inquiries or changes to your credit reports, their service(s) notify them so they can notify you.

Looking through the list of other services included with one of the majorly popular identity theft protection services I actually break out laughing.

  • Wallet Protection – The service I am not naming, actually lists as a feature that they will personally handle getting your contents of your wallet reissued if you lose your wallet. All this really means is someone else will call and ask your bank to issue you a new ATM card, or call your credit card company to get a new CC.
  • Junk Mail/Card Offer Reduction – It is crazy easy to stop getting credit card offers in the mail. You can do this for free, in less than ten minutes on your own. There is absolutely no reason you should consider this a feature of anything.
  • Free Annual Credit Reports – Again, you are paying someone for something that is easy to do, and free. All you have to do is go to one website to pull your three free annual credit reports. Calling this a service is just a giant crock of ….. turkey butts.

But Kyle they say they are going to pay me $1,000,000.00 if my identity gets compromised. RTFP, they say they will pay up to $1,000,000.00 to help FIX the identity theft if was the result of a failure in their service. I don’t know how anything could be a failure in their service since they don’t prevent the fraud, they just detect it early on.

What you really end up getting is a dedicated “assistant” who takes your money and monitors your credit. If something changes they give you a buzz. They also help you do things that are dead simple, and free, for a fee. The only real value is in the money and you only get what it costs to fix the problem, not a real value to you.

Now I know I will get a couple of comments from people telling me the $120 a year or whatever is worth not having the hassle of calling around or dealing with credit bureaus on your own.  I say it is a waste of money. What do you think?

{ Comments on this entry are closed }

vault

I don’t talk a lot about what I do but my About Me section of this site I mention that I am a Certified Information Systems Security Professional, Certified Information Systems Auditor, and Offensive Security Certified Professional. You can infer from that what you will but lets say security is an important part of my life. Security makes my wife crazy but it makes me comfortable. For the most part people are annoyed when they are “required” to change their password or use an RSA token to logon from home. These are just a few of the things corporations due to protect their intellectual property and businesses from compromise and theft.  Very few people actually take these principals and apply them to their home life which is a problem in America which not enough people are working to resolve.  Those same principals which your employer uses to protect their sensitive information can be used to help you protect your identity and prevent identity theft and fraud.

Shredding your documents

Seriously this should be the first thing you do with every credit card offer you ever get, shred it. Don’t throw it away, just shred it and then recycle it. People really do dig through garbage and find stuff. You may think they don’t do crazy stuff like that, but they really do. A good hacker, or even an ok one, is going to scope out their target and dig through their garbage. If for no other reason you can learn what the person does, what they like, and what groups they belong to. If you are throwing out gardening books and magazines then I can infer that you like to garden and I can then use that as an “IN” when conducting a social engineering attack against you. I can use that information to convince you that I am also a gardening aficionado and get additional facts about your life and you that could allow me to further assume your identity.

Wireless Access

This is my biggest pet peeve, DO NOT be that guy in the neighborhood with the wide open wireless access point sitting in your living room serving out your internet connection to the entire world. You might think to yourself nothing bad could happen, or even better, “who would want anything I have.” These are just crazy thoughts. People are constantly looking for easy access to the internet to perform nefarious acts. So while your wide open internet may not cost you anything, there is a good chance it could be costing someone else everything and when that happens the FBI will be knocking on your door.  If your are thinking about leaving your wireless unsecured think about how you would explain to the FBI why your computer just hacked that DOE database while you were at work. Along those same lines WEP encryption is the same as leaving your network open so either go with WPA or go with nothing. If I can get access to your WEP secured network in less than an hour you had better be certain someone else can do it a crap ton quicker.

Password Management

We live in a networked world where everything we do requires us to have an id and a password to get it done. It covers both our personal and our professional lives to a point where event the brightest minds in the world can’t keep up with every password they have.  This typically results in people using the same password for every account they possess. This works from the users standpoint but it also means that a single compromise of only one account password could result in the collapse of all of your financial accounts. Passwords are the simplest form of authentication and you shouldn’t take them lightly because hackers still look at these as the low hanging fruit. Each of your online accounts should have a separate password associated with it and each password should be complex and not consist of easily guessable words or phrases. If your childs name is Ethan and he was born in 2003 then the your password should not be Ethan2003. If you think I won’t know that about you then you had better have been doing a damn good job at the first tip I gave. Vary your passwords and use uppercase, lowercase, symbols, and numbers in your password. There are plenty of ways you can come up with complex passwords and if you have a hard time keeping track you can use a program like KeePass to keep track of them.

The Internet

This is my biggest vice and could at some point be a downfall. The Internet is like the wild west of the old days, the rules are constantly changing and the sherriff is mostly drunk.  We, as bloggers, provide a giant amount of information about ourselves to the world for scrutiny. The information you post on sites like facebook, myspace, twitter, blogs, and other social media can provide an exorbitant amount of information which hackers and identity thieves can use to build a social profile of you that makes social engineering attempts seem much more plausible.  If you can gather enough information about a person and their likes, dislikes, and life you can use that information to further convince them that what you are doing is a genuine endeavor.

Photo: (Anonymous Collective)

{ Comments on this entry are closed }