Celebrities aren't the only targets of data thieves
SEATTLE – The disclosure of celebrities' personally identifiable information, or PII, is grabbing headlines this morning. But it's just another day in the teeming cyberunderground.
Caches of names, addresses, Social Security numbers, date of births and payment card data have long been widely posted on the Internet. Hackers sometimes do it to brag or make a political point. But most often, stolen PII flows into forums and exchanges, and are posted for sale -- for simple criminal profit.
"In most cases, when data is improperly accessed, it is peddled through black market sites," says Adam Levin, chairman of Identity Theft 911. "Oftentimes it is sold and resold."
The average cybercriminal is after quick cash, not military or industrial secrets, says Roel Schouwenberg, senior researcher, Kaspersky Lab.
"Celebrities are a special category as they garner so much attention, which can also mean the criminal just wants to expose them," says Schouwenberg. "Because they attract so much attention there's a much higher chance of a persistent law enforcement effort to catch the perpetrators."
Hampering law enforcement is the fact that cybercrime typically occurs across multiple borders. "The issue is which law enforcement agency exercises jurisdiction and what their resources are," Levin says. "They can go after the website, but many of these websites are offshore and it is impossible to collaborate with the authorities which could do something about it."
Rich celebrities can put their attorneys and private investigators on the job, cleaning up. The average person is wise to make himself or herself less of a target, says Troy Gill, Senior Security Analyst at message security firm AppRiver
"First, practice using lengthy passwords that contain numbers, letters and special symbols. Also use two-factor authentication whenever available since it shows you know your password and have an authentication token. And finally, never manage your financial accounts using the same recovery email account that you use for daily correspondence," Gill says.
Levin offers these addition tips:
- Do everything possible to limit exposure: shielding PII from those you don't know, don't give away the store when it comes to exposing personal information on Facebook, protect your computers and smartphones with the most up to date security software. shred all sensitive documents.
- Adopt a culture of monitoring: get free credit reports from annualcreditreport.com; self-monitor credit and bank accounts; enroll in transactional monitoring offered by banks, credit unions and credit card providers; and consider the purchase of credit and public records monitoring programs
- Have a damage control program in place: contact insurance agents, bank and credit union representatives and Human Resource departments where you work to see if there are programs available to help you through an identity theft disaster. Often times it is free or available at a minimum charge due to their relationship with the institution.