This post is contributed by Ashish Mohta from Technospot.net where he explain “what is technology in really simple words”.
According to data collected over years, around 10 million Americans are affected by identity threat every year. Identity frauds via internet are increasing on alarmed rate. The main sources are Phishing, email scams and others.
What is Identity fraud ?
Identity Fraud is to fake other user by stealing his detail, ids, password or even sometimes duplicating a site to misguide visitors.
How to avoid it ?
Your computer can be a gold mine for a computer thief.Here are some tips which can be followed to avoid identity fraud.
- Watch out for phishing scams: These are fraud emails and websites which impersonate trusted website to get your email password or even home address. One way to check is to check if it has “https” when you go for any secure transaction like paying money and login.
- Be careful of unknown emails: You might get lot of emails which will say “Yahoo” on the subject and they will say you have won prizes.They will ask you for full details and address to send it. Be careful, coz when you check the email “@xyz.com” It will never be from yahoo.
- Don’t Use the link on email: Never use the link on the email to visit the site unless you trust or know the sender. They might be faked url. If you wish visit the website directly by typing yourself and find out the information about it.
- Be careful about spellings of websites: Next time you type a website url, make sure you know the right spelling. There are lot of sites which take advantage of it. For example paypal.com can be miss spelled as paypol.com.
- Install anti-spywere and security updates Some emails might contain programs which can run on background of your computer and extract information from your browsers like saved password and emails.
- Keep your primary email safe: If you like to subscribe into different forums and others, avoid submitting your primary email id. Use your primary email id at places where you trust and at official places.
So next time you start using the computer, be careful what you are doing and where your information is going. Keep the tips in mind. If you want to keep yourself updated about new scams refer the site of FBI Escam Updates
If you have more tips and experience that can you can share with readers, please do so in comments. Ask anything or any doubts you have. Feel Free!
So if you want to get to know technology simple! Go to my blog and subscribe !
Written by 
wrote, on April 6th, 2007
sign your emails with GPG or open PGP it’s free and effective. I sign all my outgoing mails now
wrote, on April 6th, 2007
These Tips are very useful. Thanks
wrote, on April 6th, 2007
I have seen many softwares installed which record key presses. This might be used to steal passwords in cyber cafes. So the best way is to confuse the key logger by typing arbitrary letters in the middle (at some place other than the password box..obviously
).
wrote, on April 7th, 2007
While you are posting your mail ID on web post like this
name[at]gmail[dot]com
spam bots can’t sniff those type od IDs
wrote, on April 7th, 2007
I think my previous comment here was marked spam
Anyway I mentioned about the key logger software installed in many cyber cafes. They can steal your password so the best way is to confuse the logger with arbitrary keys pressed while typing the password. And changing the password as soon as one uses it from home.
wrote, on April 7th, 2007
Thanks for the tips, I never knew the thing about https! So you might have just saved my identity.
I’ve never experienced Identity fraud, maybe my identity is too boring to be stolen…how depressing…
wrote, on April 8th, 2007
[...] How To Avoid Identity Fraud by TechBuzz [...]
wrote, on April 8th, 2007
[...] which is used by the cyber criminals to get hold of your data. In my last post I discussed about “How to avoid identity fraud ?” , Now let’s discuss about phishing and spy phishing which is one of the major technique [...]
wrote, on April 8th, 2007
@Anirudh and Vikram: Thanks for sharing the tips here.
@Vikram: Thanks a lot, do tell other about it too, so they can remain secure.
@Kat: lol, just grow to be a ricj person, you will have people running around for your email id. https is the most important thing you should always know.
wrote, on April 8th, 2007
@Sharique: Keyloggers are something which is really difficult to beat down. You should know where you are using the system.
wrote, on April 9th, 2007
The From: field is easily forged. So, if it is not some idiot fooling around but an experienced identity theif (or even unexperienced), it will almost ALWAYS
appear to be from yahoo. A better way is to view full/complete headers and look for ‘Recieved: from’, or ‘x-originating-address:’ or similar. This can be
done in GMail by pressing the menu (downward pointing triangle) in the top-right of the message and selecting Show Original. In this example, an email I
recieved in Google Apps for hoppingmouse.com from AOL {comments in curly brackets are mine}
Delivered-To: ******@hoppingmouse.com
Received: by 10.67.62.11 with SMTP id p11cs48107ugk; {Note that for each step in the process another Recieved header is added, so it is the bottom one (ie
the first one showing the originating server) we care about}
Fri, 6 Apr 2007 23:59:19 -0700 (PDT)
Received: by 10.70.66.18 with SMTP id o18mr6797768wxa.1175929158865;
Fri, 06 Apr 2007 23:59:18 -0700 (PDT)
Return-Path:
Received: from mta.message.aim.com (mta.message.aim.com [65.167.67.222]) {This is the good bit, mta.message.aim.com is where this email came from}
by mx.google.com with ESMTP id 39si5724714wrl.2007.04.06.23.59.17;
Fri, 06 Apr 2007 23:59:18 -0700 (PDT)
Received-SPF: unknown (google.com: domain of AIM_Products@message.aim.com uses a mechanism not recognized by this client)
Date: Sat, 07 Apr 2007 02:59:08 -0400 (EDT)
Message-Id:
From: “AIM Member Message” {This is the From: field GMail displays.}
To: ******@hoppingmouse.com
Subject: ******, Kevin Bacon Invites You to Join Six Degrees
MIME-Version: 1.0
Content-Type: text/html; charset=”us-ascii”
Content-Transfer-Encoding: 7bit
Google has more info on these headers here: http://mail.google.com/support.....security=1
When reporting spam and phishing, it is important to include these full headers.
Also, apparently mail software is supposed to add a Sender: or X-Sender: header if the From: header is forged. In addition to this, extra forged Recieved:
headers can be added (but they cannot be removed). This means that, if a forger adds a fake Recieved: header, it will not be the last, but the second last
that shows the real originating server. More info can be gained here: http://www.rahul.net/falk/mailtrack.html
Below is an example of a forgery (copy-pasted off the site above):
From webpromo@denmark.it.earthlink.net Tue Jul 8 13:05:02 1997 Return-Path:
From: webpromo@denmark.it.earthlink.net
Received: from denmark.it.earthlink.net (denmark-c.it.earthlink.net [204.119.177.22]) {This line is the last step, inserted by the ISP}
by best.com (SMI-8.6/mail.byaddr) with ESMTP id NAA21506 for ;
Tue, 8 Jul 1997 13:05:16 -0700
Received: from mail.earthlink.net (1Cust98.Max16.Detroit.MI.MS.UU.NET [153.34.218.226]) {Claims to be Earthlink.net but is really uu.net}
by denmark.it.earthlink.net (8.8.5/8.8.5) with SMTP id NAA12436;
Tue, 8 Jul 1997 13:00:46 -0700 (PDT)
Received: from adultpromo@earthlink.net {This line is clearly bogus as it displays email addresses rather than server names.}
by adultpromo@earthlink.net (8.8.5/8.6.5) with SMTP id GAA05239 {Another way to identify bogus IP adresses is to ping to see if it exists, or whois or
traceroute to check the servers match}
for ; Tue, 08 Jul 1997 15:48:51 -0600 (EST)
To: adultpromo@earthlink.net Message-ID:
Date: Tue, 08 Jul 97 15:48:51 EST
Subject: Hot News !
Reply-To: adultpromo@earthlink.net
X-PMFLAGS: 12345678 9 X-UIDL: 1234567890×00xyz1×128xyz426×9x9x
Comments: Authenticated sender is {FORGED!}
Content-Length: 672 X-Lines: 26 Status: RO
PS, copy-paste this into Notepad so that you can read it properly.
wrote, on April 16th, 2007
Hi again.
Sorry about the length of my last comment, I probably should have trimmed it down a bit.
To the point, I have a feeling a spambot would be able to work out name [at] example [dot] com, by doing the following:
Find the words at and dot within 1 word of each other and get the words on either side
name [at] example [dot] com
Strip non-alphanumeric characters
nameatexampledotcom
Substitute at and dot
name@example.com
I may at some point in the future build a proof of concept PHP script showing this possibility, but by the time I get around to it, this filtering will be commonplace and there will be no need.
It would also probably be told to strip words like NOSPAM, another trick going around.
All this might lead to some false positives, but a lot more emails being harvested.
My suggestion: Computers aren’t capable of human thought. Use a riddle or other tricky thingy, like
[Ceasing to exist, to ___ into oblivion]@[a device used to make mathematical calculations, often fits in one's pocket].com
clearly means
disappear@calculator.com
(this is just a random example)
Also, Javascript tricks like the JS equavilent of <?php echo $user.”@”.$domain.”.”.$suffix ?> [I am not fluent in JS, hence the (useless) PHP example] could also be combatted by harvesting tools, I’m sure. (although this may be a little more difficult)
wrote, on September 16th, 2007
I have seen a lot of spam and I waste a lot of time marking them as spam. Why doesn’t google do it for me.
wrote, on October 3rd, 2007
By using a proxy, you not only protect your personal information from the site you are visiting, but you also reduce your risk of identity theft. Sites created for the purpose of phishing identities loom on the web, and every time you accidentally stumble upon a site you leave a footprint of your location. These thieves use all the information they can to eventually steal your credit information for their own profit. However, if you are safe and use a proxy such as this one, the risk for identity theft is greatly reduced.
Identity theft is a huge problem in today’s society. The transformation to online banking, checking, and bill paying has spawned a new avenue for thieves to steal from you. More important than money, though, is the personal information they can steal. Thieves use tactics commonly referred to as phishing. By using a proxy such as this one, you can greatly reduce your risk of identity theft.
http://therealproxy.info
wrote, on October 29th, 2007
[...] How To Avoid Identity Fraud [...]
wrote, on February 8th, 2008
[...] How To Avoid Online Identity Fraud [...]