Data-Mine Your Own E-mail to Protect Yourself
by Jeffrey Rosenspan
According to a recent article by Ryan Clark and Ben Sutherly of The Columbus Dispatch, identity theft is on the rise and we're making it easier and easier for criminals to gain access to our private data. In a world full of passwords, order confirmations, and usernames, many people make the mistake of using their e-mail accounts as digital filing cabinets for sensitive information. Do you have an e-mail folder labeled "receipts" or "bank stuff"? If you do, you have made it easy for criminals to find the information they're after. Some colleges are taking steps to curtail this practice. The Identity Theft Protection Committee at East Carolina University, for example, requires its students to obtain written permission before transmitting any sensitive data by e-mail. Most of us are more casual about our communication, to our detriment. This short article will help you understand the risks and protect yourself.
With the right stolen information, criminals can access our bank accounts, transfer bank balances, open new bank accounts, apply for loans, obtain passports, receive government benefits, and even file phony tax returns to get our refund checks. According to CNBC, The U.S. Treasury estimated that refund fraud due to identity theft cost the taxpayers $5.2 billion in 2012. Unfortunately, financial identity theft is only the tip of the iceberg.
Experian's service ProtectMyID.com details a wide variety of other types of identity theft, including criminal identity theft (giving stolen credentials to authorities), synthetic identity theft (using a stolen social security number and linking it to a fake name), medical identity theft (usually resulting in insurance fraud or tampered medical records), and child identity theft (using a stolen social security number of a minor to get a clean credit rating). All are illegal, and all are on the rise.
How can we avoid identity theft? Last year, the Identity Theft Assistance Center in Washington, DC, found that over 70% of child identity theft was the result of "friendly fraud" by a family friend or relative. Typically, this occurs when private information is left out in a place where it's readily found by prying eyes. You can avoid this danger simply by placing important documents in locked cabinets or safes, but it's harder to be vigilant with digital data. E-mail accounts have passwords required to get in, but this only gives you a false sense of security.
When we use public computers at place like libraries, college campuses, or retail stores, we make ourselves vulnerable to identity theft. On June 28, 2012, the Superior Court of New Jersey decided that it was illegal to even read another person's open e-mail (Marcus v. Rogers), but identity thieves are doing much more than reading. Security specialists at CreditGuard estimate that more than 15% of identity thefts occur because of a specific and avoidable careless error: people use public computers to check their e-mail and forget to log out. When criminals have access to your e-mail, it's usually just a matter of moments before they find out enough sensitive data to start the fraud process. By searching your e-mail account for "Password", "Profile", "Username", and "Mom", for example, a criminal could instantly have access to all of your banking data and even your mother's maiden name.
What can we do about it? Beat them to the punch. You can find out what sensitive data is available by simply doing what the thief would do: open your e-mail and search yourself. Yahoo Mail has a box labeled "Mail Search" (AOL has "search mail", Hotmail has "search e-mail", Gmail has a magnifying glass icon next to the search box). Click the box, type PASSWORD, and hit enter; you'll be surprised at what pops up. The full list of important search words is below. Use this list to search your e-mail account and delete, download, or hide your sensitive date.
Here is the list:
Access, Account, Activation, Address, Bank (Banking), Confirmation, Credit, Details, DOB (Date of Birth), Expiration, FAFSA, Identification, Information, Insurance, License (Driver's License, Professional License), Loan, Login, Member (Membership), Mom (for Mother's Maiden Name), Number (Social Security Number), Passport, Password, Phone, Photo, PIN, Profile, Security (security code), Signature, SSN, Transcript, Transfer, Username
Jeff Rosenspan is a computer security consultant with WConquest in Boston, Massachusetts