Protecting Your Identity Online
10/03/2008In the summer of 1995, The Net premiered in theaters around the world. Sandra Bullock played Angela Bennett, a computer software analyst who is the victim of identity theft. Those days, phishing might have been construed as attending a Vermont concert to hear some crunchy grooves, Trojan horse referred to the large wooden contraption Laocoön warned his fellow citizens about thousands of years ago, and malware might have been understood as what kids sported to the local shopping center.
These days, however those terms are all too common. Phishing is now in the Merriam-Webster Dictionary as a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly. Phishing can occur through a link to a website that appears to belong to a legitimate organization, but is actually only a spoof of the organization's website. Another common method of phishing - which often occurs concurrently with a spoofed link - is use of email, masquerading as a trusted organization such as eBay. In a phishing email, the recipient may be asked to supply the sender with personal information (i.e., credit card or social security numbers). What is comforting about these scams, though, is that the innocent computer user has the choice to supply their information or to ignore the fraudulent message. The latter is, without a doubt, the safest way to avoid being a victim of phishing scams.
Aside from the classical definition of the term, Trojan horse is defined by Merriam-Webster as a seemingly useful computer program that contains concealed instructions which when activated perform an illicit or malicious action such as destroying data files. Viruses and malware (see below) fall under the category of Trojan horses, which can take many different forms. Results of downloading a Trojan horse may enable someone else to have remote access to the victim's computer; files may be destroyed; information intended to be private may be stolen; in general, operating systems are made vulnerable. One example of a relatively common Trojan horse, with the file name waterfalls.scr, adds hidden programs and commands to the user's computer, in addition to failing to deliver the promised waterfall screensaver. How can a user avoid the consequences of downloading a Trojan horse? The simple answer is to not download the file. However, when the files in question give the illusion of being innocent programs that could aid a user with their computing needs (or add some style to their desktop), there may be a problem. This is why it is very important to have the most up-to-date anti-virus software available.
Malware also has an entry in the Merriam-Webster Dictionary: software designed to interfere with a computer's normal functioning. The portmanteau word derives from the combination of malicious and software . This general term's broad definition matches its broad usage, and includes Trojan horses and anything else that, once downloaded, damages or allows a person or program to gain access to the computer system of the affected (or infected) computer. The best way to protect against malware, besides circumspect computing, is to employ the use of anti-malware software, which can provide continuous protection against malware or can be used to detect and remove any potentially dangerous programs or files.
Angela Bennett's identity was stolen by malware sent to her by a colleague for debugging. Even if she had been more cautious with the file, it is unlikely that in 1995 her problems would have been avoided. However, the Identity Theft Enforcement and Restitution Act (ITERA) of 2008, which was recently signed into law, makes it easier for victims of identity theft to win compensation for their time, losses, and troubles associated with their attack. This law also means increased penalties for individuals convicted of not only identity theft, but also computer fraud, illegal wiretapping, or breaking into computer systems. The ITERA also drops the necessity for prosecutors to show that the illegal activity caused $5,000 in damages before bringing charges, as requested by previous (still valid) cybercrime laws.
