What harm can someone do with my online identity?
Your name, address, and information live as much on the internet as they do in a physical sense. If you perform any of the following online activities, you can be sure your information is out there:
- Social Media
- Online Shopping
Many major platforms such as Linked In have suffered data breaches. At the very least your name, email address and password were extracted. To see if your information was leaked, you can do a self-check at haveibeenpwnd.com
No doubt you will be surprised as to what breaches your information has been exposed in. There have been cases where the information was breached through an obscure third party that had no direct relationship with the victim.
This reveals the fact that online services resell information. At the very least the online service providers are using 3rd parties and sharing sensitive information with them. The 3rd parties do not adhere to the same security standards as their clients do.
We as users of these services can’t really cry foul either. One could make the case that if you are paying for the service, then you have legal standing to object or demand resolution. However, we all know that if a service is free you are the product.
You are the product!
Freemium services have become the norm over the past several years. Freemium is a business strategy where a software or a service is provided for free and additional features and functionality can be added by paying for it.
California and Europe have specific privacy laws, and violations can be costly. Outside of specific privacy requirements it could be argued users of free to use services do not enjoy the same protections as users who pay for using the service.
The reality is the provider can’t truly provide different layers of security for free and paid users. Understand that paying for a service means they get more information about you, such as payment information. They may get your bank information, or your credit card details. Paying for a service means sharing more information with the provider, but it may not mean you are any better protected from the risk of identity theft.
This information is known as PII, or Personally Identifiable Information. It is the precise information that hackers are looking for, due to what it can lead to. PII can lead to identity theft and the possibility of fake accounts being opened in your name.
The fake accounts can lead to liabilities being built up in your name. Depending on the type of debt, you may be liable unless you have an identity protection service. It is recommended that when making purchases online, you use a service such as Privacy. Privacy will allow you to create temporary use credit cards. These cards can be limited to a vendor, the amount of each transaction can be limited to a specific dollar amount. You can also create cards that are good for a single use only.
Outside of the convenience a service like privacy provides, it is good for signing up for free trials, and for online services.
Who hasn’t signed up for a free trial and forgotten to cancel before the expiration date? Well with privacy you can decide how much a vendor can charge you for per transaction. Set the amount per transaction under the cost of the service, so if you forget the billing will fail. Once the billing fails you won’t be stuck paying for a service you intended to cancel. It is best to set a reminder on your phone or calendar to simply cancel before the expiration date.
This isn’t an article about Privacy, but we will share one more benefit. Let’s say you sign up for an online service and you have a certain price. If you set the card limit to the monthly price plus tax, if the price goes up, the transaction will fail. This can help you avoid price hikes in the future. The true advantage of this is that using a temporary card from a service such as privacy can eliminate the card from being used for a shopping spree.
This won’t eliminate fraudulent charges, but thief would need to know your limit. If they ran small transactions, they may be able to get away with a few before the limit was reached and the card shut down. You can dispute these charges, like you can with your traditional credit card. The biggest difference is you are normally disputing a smaller list of charges with a smaller dollar amount. So, if you can’t get them taken care of you won’t be out hundreds or thousands of dollars.
How does Identity Theft Work?
Identity thieves work by putting the pieces of your digital identity together. The more pieces of the puzzle they collect the more likely they are to be able to impersonate you. Your name, and address are easy as they are public record, and county court records will reveal this information.
Your phone number is a little more difficult, but not impossible to obtain. Services such as Twitter and Facebook now require your cell phone number to verify your account. As we can see with the recent Twitter breach, nearly every service is susceptible to an attack. We know that the hackers were able to pose as verified users such as Joe Biden, and Barack Obama, and solicit their bit coin scam. What we don’t know is that while the hackers were in these accounts, did they gain access to sensitive information? Could they have extracted personal information that could lead them to be able to impersonate the former President and Vice-President?
Twitter won’t reveal what information if any was reveled, and don’t expect any of the owners of the compromised accounts to come forward either. With this situation who can blame them. For users of Twitter it would be beneficial to know that personal information was stolen.
Our recommendation is that you follow normal protocols and change your passwords and change your security questions as well. The more information you can keep out of the hands of hackers the better. Your goal is to make the puzzle to your identity difficult to complete.
We know a breach at Twitter occurred. We have little information regarding what information was stolen. In fact, the focus has been on the verified accounts. We haven’t heard much regarding other accounts that may have been compromised. Again, it is best practice to assume your data was exposed. The best response is to change information in your accounts, such as email address, password, credit card, and if you can your phone number.
Avoid Password Reuse and Recycling
Reducing, reusing, and recycling is great when it comes to items like plastic bottles. It should be avoided at all costs with passwords. Get in the habit now, of using different passwords for every account. Yes, this means that your Netflix account must use a different password then your Hulu account. Your online bank and credit cards should use different passwords as well.
We know how tempting it is to reuse passwords, but follow this one simple rule, don’t!
If you find it difficult to remember passwords, stop trying. Don’t look at this with a defeatist attitude, but adapt and overcome, by using a password manager. Seriously, that is what password managers are made for.
An argument could be made for using Google’s sync, or Apple keychain, but it is recommended you avoid both. Instead, purchase a reputable password manager. Be sure to read the reviews, and if they offer a demo, give them a try.
Having a password manager, you won’t use, isn’t good either. The point of having one, is to use it so that you can have a different password, for each account. If you can have multiple email addresses as well, do that. This will reduce the risk of someone gaining access to your email address then resetting your online accounts and locking you out of them.