Technical Article Dumpster Diving vs. The Bit Bucket September 03, 2009 by Peter Silva 1998 article information security security us 0 Which is safer – a digital shopping cart or a metal shopping cart? Most (or many…some?) of us take great care to keep our personal Identity information safe. We make sure we send sensitive info over an encrypted tunnel, we use strong passwords for our various digital vaults, and other protective measures when navigating the treacherous Internet. But you might not have known that Stolen wallets and physical documents accounts for 43% of all identity theft (pdf) which means we also need to shred our printed materials. Many might feel uncomfortable entering their credit card for online purchases but have no problem handing that same credit card to a stranger (who then walks away with it) to pay for a meal at a restaurant even though online methods only accounted for 11% of all Identity Theft. There were almost 10 million Identity Theft victims in 2008, up 22% from 2007. A little over 3% of the entire US population was affected in 2008 and if I remember correctly, roughly 7.5% overall have been hit. The average cost per victim hovers around $500 – not counting time. 2009 is likely to top those numbers with high profile breaches like Heartland’s 130,000,000 credit/debit numbers stolen and the 5,000,000 compromised records from the single Checkfree breach. Even though Albert Gonzales (also the TJX hacker) is in custody and some 650+ banks reissued credit cards, the damage will continue as this info was still sold to other criminal outlets. 71% of fraud happens within a week of the personal compromise, so you’ll probably know fairly quickly if someone is claiming to be you since the crooks jump on the new data before you have a chance to react. The scary part is the remaining portion which might bite you 6 months later, when you least expect it. In the past, getting your identity stolen usually only affected you and your immediate family. Someone trying to buy something with your credit card and the hassles you must endure to resolve it. With Social Media, a stolen identity can have ripple effects. Stories continue to appear of ‘friends’ getting scammed. The typical ruse occurs when one of your ‘friends’ gets their profile hacked and the impostor pleads for help, usually in the form of cash, to get them out of a sticky situation – like stuck in a foreign country. ‘Oh my gosh, my close friend is in a tough spot. I trust them since they are part of my community and they recently posted that they are having a great time in a far away land. Better help them out.’ The impostor has already changed the profile password so the real owner is unable to alert their posse that this is a scam, if they even know it’s occurring. By then, it’s too late. While not directly Identity theft, digital criminals are scouring social media sites looking for their next heist. ‘Gee, Sandy posted that she’s looking forward to their trip to the mountains this Labor day. Looks like I'll be spending my weekend cleaning out their house.’ While I realize it’s fun to share the fabulous vacation you’re about to embark on, but you are also telling the world that you won’t be around. Ten years ago, we were always cautioned against saying, ‘We’re not home right now…’ on our answering machines. Better to tell, ‘Can’t get to the phone right now’ and yet we seem to forget that old simple rule when it comes to our social media messages. While the statistics show that most Identity Theft is due to lost or stolen items, the digital criminals are always lurking and there are some basic old-school rules we can follow to make sure they don’t follow us. ps #9 out of 26 Short Topics about Security previous stories: 8, 7, 6, 5, 4, 3, 2, 1 last modified: September 03, 2009 0 Comment(s): You must be logged in to post comments.