One of the ways in which criminals gain access to potential victims is by obtaining lists of names, addresses, phone numbers, credit card numbers, etc.
There is an underground market where these lists are shared, sold and traded. A list of 32,000,000 client names, email addresses and passwords was stolen from RockYou, a company that writes software for Facebook and other web sites. That list and others found its way onto the internet where criminals share them, so; if your information is on any of those lists then uncounted numbers of crooks around the world already have your personal information. Banks, insurance companies, hospitals and government agencies have all publicly admitted to having their computerized records compromised. There are undoubtedly many more thefts of personal data that have gone unreported.
An Australian technology professional and security consultant, Daniel Grzelak, has collected many of these stolen lists and created a web site to help the average person check to see if their password appears to be found on any of them. Point your web browser to https://ShouldIChangeMyPassword.com (a secure https site rather than http, no www). Enter your email address which will be checked against the stolen lists to see if it is found there. If your information is on any of the lists you will be warned to change your password without delay. I would point out that even if the site says your information is not found on any of the lists, this would still be a good time to change to a new and stronger password.Another web site of interest is available to check your credit card number to determine if it might have been compromised. This site is found at http://IsMyCreditCardStolen.com (again, no www) and as you will note from the VeriSign logo is verified secure. I will pause while you put down this paper to go to your computer and bring up that web site to check your credit card …
Done? You will notice that after you click on the [Check if my credit card is stolen] button that the next screen says “Tsk tsk tsk” and “This was a test. You have failed it.” I think it would have had more impact if the message read “If your card wasn’t stolen before it sure could be now!”
That site is intended to teach a lesson to those people who are susceptible or gullible enough to give away their personal and financial information. The intention is to educate and inform in a particularly memorable way. The site says “Your credit card details were not transmitted when you hit the submit button. But don’t trust this claim without question. Find a technically-inclined friend to verify it for you. After all, you’ve already been tricked once.” That is good advice, so in your browser click on View then Source to see the page source code, and sure enough I see the data you enter there is not transmitted. This page goes on to explain that not every web site on the internet is trustworthy and lists some of the things you should watch for to protect yourself. If you are one of the ones who entered your credit card number, then you should read all the information on that page at least ten times.
Social networking sites now contain a great wealth of personal information, and so if you are active on Facebook, Twitter, etc. then using a secure password is also important there. There is a site to verify the cryptographic strength of your Facebook, Linkedin, and Twitter passwords at http://www.ismytwitterpasswordsecure.com/
After that your next assignment is to point your browser to the Anti-Phishing Working Group web site at www.antiphishing.org. There you should read their advice on how to avoid scams and what to do if you have already made a mistake and given out your personal financial information.
It is only through education that consumers are going to become more vigilant, and I hope that everyone reading this will become better informed.
Occasional reporter contributor Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted through his web site at SMAguru.com