By Sankar April 6, 2007

How to avoid identity fraud ?

This post is contributed by Ashish Mohta from Technospot.net where he explain “what is technology in really simple words”.

According to data collected over years, around 10 million Americans are affected by identity threat every year. Identity frauds via internet are increasing on alarmed rate. The main sources are Phishing, email scams and others.

What is Identity fraud ?

Identity Fraud is to fake other user by stealing his detail, ids, password or even sometimes duplicating a site to misguide visitors.

How to avoid it ?

Your computer can be a gold mine for a computer thief.Here are some tips which can be followed to avoid identity fraud.

  • Watch out for phishing scams: These are fraud emails and websites which impersonate trusted website to get your email password or even home address. One way to check is to check if it has “https” when you go for any secure transaction like paying money and login.
  • Be careful of unknown emails: You might get lot of emails which will say “Yahoo” on the subject and they will say you have won prizes.They will ask you for full details and address to send it. Be careful, coz when you check the email “@xyz.com” It will never be from yahoo.
  • Don’t Use the link on email: Never use the link on the email to visit the site unless you trust or know the sender. They might be faked url. If you wish visit the website directly by typing yourself and find out the information about it.
  • Be careful about spellings of websites: Next time you type a website url, make sure you know the right spelling. There are lot of sites which take advantage of it. For example paypal.com can be miss spelled as paypol.com.
  • Install anti-spywere and security updates Some emails might contain programs which can run on background of your computer and extract information from your browsers like saved password and emails.
  • Keep your primary email safe: If you like to subscribe into different forums and others, avoid submitting your primary email id. Use your primary email id at places where you trust and at official places.

So next time you start using the computer, be careful what you are doing and where your information is going. Keep the tips in mind. If you want to keep yourself updated about new scams refer the site of FBI Escam Updates

If you have more tips and experience that can you can share with readers, please do so in comments. Ask anything or any doubts you have. Feel Free!

So if you want to get to know technology simple! Go to my blog and subscribe !

Related Posts that you may like:

Discussion

Comments for “How to avoid identity fraud ?”

  • By using a proxy, you not only protect your personal information from the site you are visiting, but you also reduce your risk of identity theft. Sites created for the purpose of phishing identities loom on the web, and every time you accidentally stumble upon a site you leave a footprint of your location. These thieves use all the information they can to eventually steal your credit information for their own profit. However, if you are safe and use a proxy such as this one, the risk for identity theft is greatly reduced.

    Identity theft is a huge problem in today's society. The transformation to online banking, checking, and bill paying has spawned a new avenue for thieves to steal from you. More important than money, though, is the personal information they can steal. Thieves use tactics commonly referred to as phishing. By using a proxy such as this one, you can greatly reduce your risk of identity theft.

    http://therealproxy.info
  • I have seen a lot of spam and I waste a lot of time marking them as spam. Why doesn't google do it for me.
  • Adam
    Hi again.
    Sorry about the length of my last comment, I probably should have trimmed it down a bit.
    To the point, I have a feeling a spambot would be able to work out name [at] example [dot] com, by doing the following:
    Find the words at and dot within 1 word of each other and get the words on either side
    name [at] example [dot] com
    Strip non-alphanumeric characters
    nameatexampledotcom
    Substitute at and dot
    name@example.com

    I may at some point in the future build a proof of concept PHP script showing this possibility, but by the time I get around to it, this filtering will be commonplace and there will be no need.

    It would also probably be told to strip words like NOSPAM, another trick going around.
    All this might lead to some false positives, but a lot more emails being harvested.
    My suggestion: Computers aren't capable of human thought. Use a riddle or other tricky thingy, like
    [Ceasing to exist, to ___ into oblivion]@[a device used to make mathematical calculations, often fits in one's pocket].com
    clearly means
    disappear@calculator.com
    (this is just a random example)
    Also, Javascript tricks like the JS equavilent of <?php echo $user."@".$domain.".".$suffix ?&gt [I am not fluent in JS, hence the (useless) PHP example] could also be combatted by harvesting tools, I'm sure. (although this may be a little more difficult)
  • The From: field is easily forged. So, if it is not some idiot fooling around but an experienced identity theif (or even unexperienced), it will almost ALWAYS

    appear to be from yahoo. A better way is to view full/complete headers and look for 'Recieved: from', or 'x-originating-address:' or similar. This can be

    done in GMail by pressing the menu (downward pointing triangle) in the top-right of the message and selecting Show Original. In this example, an email I

    recieved in Google Apps for hoppingmouse.com from AOL {comments in curly brackets are mine}

    Delivered-To: ******@hoppingmouse.com
    Received: by 10.67.62.11 with SMTP id p11cs48107ugk; {Note that for each step in the process another Recieved header is added, so it is the bottom one (ie

    the first one showing the originating server) we care about}
    Fri, 6 Apr 2007 23:59:19 -0700 (PDT)
    Received: by 10.70.66.18 with SMTP id o18mr6797768wxa.1175929158865;
    Fri, 06 Apr 2007 23:59:18 -0700 (PDT)
    Return-Path:
    Received: from mta.message.aim.com (mta.message.aim.com [65.167.67.222]) {This is the good bit, mta.message.aim.com is where this email came from}
    by mx.google.com with ESMTP id 39si5724714wrl.2007.04.06.23.59.17;
    Fri, 06 Apr 2007 23:59:18 -0700 (PDT)
    Received-SPF: unknown (google.com: domain of AIM_Products@message.aim.com uses a mechanism not recognized by this client)
    Date: Sat, 07 Apr 2007 02:59:08 -0400 (EDT)
    Message-Id:
    From: "AIM Member Message" {This is the From: field GMail displays.}
    To: ******@hoppingmouse.com
    Subject: ******, Kevin Bacon Invites You to Join Six Degrees
    MIME-Version: 1.0
    Content-Type: text/html; charset="us-ascii"
    Content-Transfer-Encoding: 7bit

    Google has more info on these headers here: http://mail.google.com/support/bin/answer.py?an...
    When reporting spam and phishing, it is important to include these full headers.

    Also, apparently mail software is supposed to add a Sender: or X-Sender: header if the From: header is forged. In addition to this, extra forged Recieved:

    headers can be added (but they cannot be removed). This means that, if a forger adds a fake Recieved: header, it will not be the last, but the second last

    that shows the real originating server. More info can be gained here: http://www.rahul.net/falk/mailtrack.html

    Below is an example of a forgery (copy-pasted off the site above):

    From webpromo@denmark.it.earthlink.net Tue Jul 8 13:05:02 1997 Return-Path:
    From: webpromo@denmark.it.earthlink.net
    Received: from denmark.it.earthlink.net (denmark-c.it.earthlink.net [204.119.177.22]) {This line is the last step, inserted by the ISP}
    by best.com (SMI-8.6/mail.byaddr) with ESMTP id NAA21506 for ;
    Tue, 8 Jul 1997 13:05:16 -0700
    Received: from mail.earthlink.net (1Cust98.Max16.Detroit.MI.MS.UU.NET [153.34.218.226]) {Claims to be Earthlink.net but is really uu.net}
    by denmark.it.earthlink.net (8.8.5/8.8.5) with SMTP id NAA12436;
    Tue, 8 Jul 1997 13:00:46 -0700 (PDT)
    Received: from adultpromo@earthlink.net {This line is clearly bogus as it displays email addresses rather than server names.}
    by adultpromo@earthlink.net (8.8.5/8.6.5) with SMTP id GAA05239 {Another way to identify bogus IP adresses is to ping to see if it exists, or whois or

    traceroute to check the servers match}
    for ; Tue, 08 Jul 1997 15:48:51 -0600 (EST)
    To: adultpromo@earthlink.net Message-ID:
    Date: Tue, 08 Jul 97 15:48:51 EST
    Subject: Hot News !
    Reply-To: adultpromo@earthlink.net
    X-PMFLAGS: 12345678 9 X-UIDL: 1234567890x00xyz1x128xyz426x9x9x
    Comments: Authenticated sender is {FORGED!}
    Content-Length: 672 X-Lines: 26 Status: RO

    PS, copy-paste this into Notepad so that you can read it properly.
  • @Sharique: Keyloggers are something which is really difficult to beat down. You should know where you are using the system.
blog comments powered by Disqus

Welcome to TechBuzz

TechBuzz is a technology blog read by 3000+ readers every day. We regularly write about new trends in technology, useful computer application and new web services. If you are new here, please subscribe our feed or opt for email updates to get new articles to your inbox.

Free Daily Updates

You can get fresh daily articles delivered straight to your feed reader or email inbox. Please subscribe to our RSS feed or opt for our free newsletter

Recent Posts

Google&rsquo;s Chrome Tablet Concept Revealed
Google’s Chrome Tablet Concept Revealed
February 3, 2010
By Thilak
Ixquick. Ixquick allows users to surf the web with complete privacy. It let’s users surf the world wide web safely without revealing any personally identifiable or private information to the websites being viewed.

Ixquick is a free service which provides complete anonymity to the user enabling the user to surf the internet anonymously and safely. They claim it to be world’s most private search engine.

Surf The Internet Anonymously With Ixquick!

Surf The Internet Anonymously With Ixquick!
January 28, 2010
By Meghan
Apple iPad Unveiled
Apple iPad Unveiled
January 28, 2010
By Meghan
Happy New Year!
Happy New Year!
January 1, 2010
By Meghan
WordPress Version 2.9 Is Out!
WordPress Version 2.9 Is Out!
December 19, 2009
By Meghan