Data-Mine E-mail to Protect Yourself by Jeffrey Rosenspan

Oct 28, 2015 10:35AM PDT

Data-Mine Your Own E-mail to Protect Yourself
by Jeffrey Rosenspan

According to a recent article by Ryan Clark and Ben Sutherly of The Columbus Dispatch, identity theft is on the rise and we're making it easier and easier for criminals to gain access to our private data. In a world full of passwords, order confirmations, and usernames, many people make the mistake of using their e-mail accounts as digital filing cabinets for sensitive information. Do you have an e-mail folder labeled "receipts" or "bank stuff"? If you do, you have made it easy for criminals to find the information they're after. Some colleges are taking steps to curtail this practice. The Identity Theft Protection Committee at East Carolina University, for example, requires its students to obtain written permission before transmitting any sensitive data by e-mail. Most of us are more casual about our communication, to our detriment. This short article will help you understand the risks and protect yourself.

With the right stolen information, criminals can access our bank accounts, transfer bank balances, open new bank accounts, apply for loans, obtain passports, receive government benefits, and even file phony tax returns to get our refund checks. According to CNBC, The U.S. Treasury estimated that refund fraud due to identity theft cost the taxpayers $5.2 billion in 2012. Unfortunately, financial identity theft is only the tip of the iceberg.

Experian's service ProtectMyID.com details a wide variety of other types of identity theft, including criminal identity theft (giving stolen credentials to authorities), synthetic identity theft (using a stolen social security number and linking it to a fake name), medical identity theft (usually resulting in insurance fraud or tampered medical records), and child identity theft (using a stolen social security number of a minor to get a clean credit rating). All are illegal, and all are on the rise.

How can we avoid identity theft? Last year, the Identity Theft Assistance Center in Washington, DC, found that over 70% of child identity theft was the result of "friendly fraud" by a family friend or relative. Typically, this occurs when private information is left out in a place where it's readily found by prying eyes. You can avoid this danger simply by placing important documents in locked cabinets or safes, but it's harder to be vigilant with digital data. E-mail accounts have passwords required to get in, but this only gives you a false sense of security.

When we use public computers at place like libraries, college campuses, or retail stores, we make ourselves vulnerable to identity theft. On June 28, 2012, the Superior Court of New Jersey decided that it was illegal to even read another person's open e-mail (Marcus v. Rogers), but identity thieves are doing much more than reading. Security specialists at CreditGuard estimate that more than 15% of identity thefts occur because of a specific and avoidable careless error: people use public computers to check their e-mail and forget to log out. When criminals have access to your e-mail, it's usually just a matter of moments before they find out enough sensitive data to start the fraud process. By searching your e-mail account for "Password", "Profile", "Username", and "Mom", for example, a criminal could instantly have access to all of your banking data and even your mother's maiden name.

What can we do about it? Beat them to the punch. You can find out what sensitive data is available by simply doing what the thief would do: open your e-mail and search yourself. Yahoo Mail has a box labeled "Mail Search" (AOL has "search mail", Hotmail has "search e-mail", Gmail has a magnifying glass icon next to the search box). Click the box, type PASSWORD, and hit enter; you'll be surprised at what pops up. The full list of important search words is below. Use this list to search your e-mail account and delete, download, or hide your sensitive date.
Here is the list:

Access, Account, Activation, Address, Bank (Banking), Confirmation, Credit, Details, DOB (Date of Birth), Expiration, FAFSA, Identification, Information, Insurance, License (Driver's License, Professional License), Loan, Login, Member (Membership), Mom (for Mother's Maiden Name), Number (Social Security Number), Passport, Password, Phone, Photo, PIN, Profile, Security (security code), Signature, SSN, Transcript, Transfer, Username

Jeff Rosenspan is a computer security consultant with WConquest in Boston, Massachusetts

Discussion is locked

Reply to: Data-Mine E-mail to Protect Yourself by Jeffrey Rosenspan
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Data-Mine E-mail to Protect Yourself by Jeffrey Rosenspan
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

CNET Forums

Forum Info