Internet privacy and security course
About translation
Previous Next

Chapter 120

Preventive measures in order to preclude identity theft

We have already told you why and how identity theft happens, now let’s talk about the way it can be prevented. 

Unfortunately, it is difficult to give any particular set of measures for identity theft prevention, therefore I will just offer several recommendations I know, so you could choose the suitable one for you.

Comprehensive Security

It is banal but at the same time the main advice. You should study this course and configure the security of all your devices. Data theft very often occurs via a compromised Wi-Fi router, phishing site or using malicious software. We are to teach you to defend against these threats.

We are not alone in our opinion: the FBI has recently published its advice on protection against identity theft. Key recommendations focus on attentiveness as well as caution when using public Wi-Fi. 

 

Advice

Configure comprehensive security for all your devices.

Use for transfer the mail services with the ability to delete data from the recipient

You may be surprised but there is a similar functional in Gmail and Protonmail, which allows you to delete the sent letter, to prohibit copying and sending data. In addition to the functionality embedded by developers, there are other services like Criptext. In our course we will teach you to protect sent letters as effectively as possible.

However, I would not overestimate these tools, as they will not become an insurmountable obstacle, in addition, the recipient may insist on sending documents with the possibility of downloading them.

 

Advice

Use to transfer mail (or messengers) with the ability to delete data from the recipient or to limit their actions with the ones.

Having sent by mail, delete it.

Probably, there is hardly any reader of the course not sending their documents and other valuable data by post at least once; and there is hardly any reader not knowing that all sent documents are saved in the mailbox in the folder with the sent letters; and the saddest thing is there is hardly any reader removing the letter with valuable data from the sent folder immediately.

The reader probably believes that their mail will never be hacked, so did Hillary Clinton, until her correspondence was posted on the website Wikileaks, and it cost her the presidency. The truth is malefactors put on the flow of hacking electronic mailboxes and checking them for the content of information that can be monetized. 

Basically, malefactors are looking for access and passwords to various sites and services, banking data, software keys, but also a photocopy of a passport or driver's license will make them happy, as all this can be sold profitably on the black market. The search, as a rule, happens automatically by keywords, at least, this is how a hacked mail is checked for the presence of letters from websites and banks: if there is a letter, it is likely an account is there as well.

This recommendation applies not only to mail, but also to messengers, if the data is sent through it. These do not have to be files, even if you sent the data in writing, they should be deleted then.

 

Advice

Delete documents that you send by mail or via messenger.

Ask the addressee to respect your personal data

Sending a letter with documents by mail or in a messenger, accompany it with a request to respect your personal data. Here I wrote an example of the text for the letter, you can use one or make your own version.

«In this letter I send copies of documents containing my personal data, and I would ask you to treat the information given by me responsibly. Responsible attitude to my personal data includes, but is not limited to the safety of their storage. Secure storage involves deleting documents from an email inbox. Please do not transfer or sell my personal data to third parties without my consent. As soon as the need for data storage is over, please delete them immediately. 

Email supplement

Of course one can talk a lot about the effectiveness of the advice, but in the complex of measures described here it definitely will not be superfluous. Security is a two-way process: the responsible attitude of your interlocutor and the measures taken to protect your personal data are no less important than the measures taken by you. 

 

Advice

Accompany the transfer of personal data with a request to treat responsibly their security.

Do not call photocopies of documents using key words

A few years ago, the social network VK.com introduced the ability to upload documents, and users began to actively use the new functionality to transfer valuable data, including photocopies of documents. The only thing, many users did not take into account that all documents are loaded by default with open access for all. The headers of the uploaded files were indexed, and upon request for a “passport”, fraudsters found new copies of documents every day, which they then sold on the darknet. 

I recommend to give neutral titles, such as “pic15” or “image1988” to any valuable documents, no matter how they are transmitted and stored.

 

Advice

Do not call photocopies of documents using key words.

Delete files from file sharing service

As in the case of mail, if you upload a file to a file sharing service, you should definitely delete it. I recommend to use only the file sharing services with client-level encryption, such as Mega. 

Some file sharing and image hosting services check downloaded data both automatically and with the help of site staff. I have already talked about it in detail here. 

 

Advice

Use only the file sharing services with client-level encryption.

Watermark on photos and documents

Watermark is the application of translucent information over a photo, there are many free sites and programs for applying watermark on the network. However, in the case of sites, do not forget that you are transferring a document or a photo to third parties, which is certainly not very good.

If you post a photo to a social network, you can add a watermark with a link to the page, if you send documents, you can add a link over the photo to the service for which the photocopy is made.

The only thing you have to consider is that some services use special software to check the sent images for changes. It is necessary to fight the scammers who are using photoshop actively to commit illegal acts. Such software will immediately mark your photo as the one that contains changes, and this may entail negative consequences.

 

Advice

Wherever it is possible use watermark.

Limited access to social network accounts

This is a standard advice that usually guidelines for protection against identity theft begin with. Perhaps this is reasonable, but I donot recommend using social networks, at least for this reason.

From time to time there are news on the network that this or that error or vulnerability led to receiving data, access to which is limited by privacy settings. I would not overestimate the possibility of profile privacy settings. That is just the small stuff … In 2018 the world and the US Congress discovered that Facebook had been transferring user data to 52 companies and 61 third-party developers. Companies received maximum information about the user, even their likes. Among the companies that received the data there was Chinese Huawei, suspected of working for Chinese secret service.

 

Advice

Limit access to social network accounts.

Restriction of using social networks for authorization

Today, social networks are not only a place where you can chat with friends or discuss current news, but also a tool for authorization on various resources. This is really convenient: no need to enter a username and password, if you can just click on the icon of the social network and now you are already logged on to the site. No need to make up passwords and recollect them... 

Probably, you yourself understand that in exchange for this you give the site access to your personal data. The site, of course, collects the data, sometimes sells, sometimes it is stolen by intruders. For example, the NameTests site for taking surveys stored data received from 120,000,000 users in open form.

This became known thanks to the researcher Inti de Kuqueler, who discovered that the site contains all data in open form and they are accessible to everyone without restriction. In addition to general data, one could get access to photos, posts and friends list. The dangers of social networks and data breaches are not the topic of this chapter, I just gave one example to make it clear. 

 

Advice

Do not use social network accounts with personal information for authorization.

Adding data to EXIF

This tip will be useful when transferring a photo of a document to a third party. There are enough programs and even sites that allow you to edit EXIF metadata, and you can add information there, for whom you pass the photo. Making changes to EXIF will not allow you to use a copy of the document, for example, to get a loan. Such organizations with the help of special software verify the authenticity of the photos and the absence of changes. Definitely such software will not allow a photo with edited EXIF data.

 

Advice

Add data to EXIF of the transferred documents.

Delete all unused accounts

This is not such an easy and banal task, as it may seem to you, and it is not a waste of time, since leaks from sites are one of the most common ways of identity theft.

Imagine: you are registered on a dating site, having reached or not your desired, after a while you decide to delete a profile. This is better than leaving it, but deleting in the settings, as a rule, means only excluding the profile from public access. The data is often either not completely deleted, or is generally hidden only for other users and can be restored at any time.

Ashley Madison dating site hacked by hackers even for a fee (for $ 19) did not delete all user data, which, by the way, was the official reason for hacking and caused a lot of lawsuits. Ashley Madison's leak caused irreparable harm to thousands of users, there were even cases of suicide, and the number of divorce proceedings and scandals are uncountable. 

The removal request must be prepared correctly, for example, for Europeans, the requirements must be based on the GDPR, and the request must be sent to the official contacts of the service. You will need to set aside some time, sit down and remember all the sites where you have been registered, and we will teach you all the nuances of a competent removal as part of the course.

 

Advice

Delete the accounts you are no longer using.

Tag paper

Many companies check document scans for changes and you cannot use watermark or EXIF editing. However, you can write the date and the addressee on a piece of paper and, without closing significant data, attach it on the top of the document when scanning or photographing. Even if a copy falls into the hands of intruders, they will not be able to use it on other sites and, most likely, will removed one as defective goods.

 

Advice

Use tags with data for photocopies and photographs of documents.
Previous
4916
Next