Identity theft: what to do?
The Right to Protection of personal data is the fundamental rule (not surprisingly formulated at the beginning of the Code regarding personal data which gives each individual the right to claim that the use of your personal data is carried out in compliance with your fundamental rights as well as your dignity.
What are the differences between identity and digital identity?
Identity: Identity is defined as the set of peculiar characters, the complex of generality, the set of physical characteristics, and personal data that distinguish an individual.
Digital Identity: A digital identity contains data that uniquely describe a person or thing (subject or entity), but also information on the relationships existing between the subject and other entities.
The world of digital identity uses its own jargon:
Subject or entity: person, organization, or software that wants to request access to a resource.
Resource: It is represented by a web page, information, a bank transaction.
Identity: a collection of data on a subject; it represents attributes, preferences, or traits.
Attributes: represent information about a subject.
Identity, security, and privacy are inextricably linked.
Theft Techniques of Digital Identity:
Social Engineering (SE): psychological techniques that exploit the inexperience and good faith of users to steal useful information to carry out subsequent technological attacks on systems through an impersonation.
Phishing: A form of SE that consists of the creation and use of emails and websites designed to appear as emails and institutional websites, to circumvent the Internet users of these entities and steal their personal information regarding their account (password, credit card number).
Vishing or Voice Phishing: request to contact a false telephone number to then give personal data.
Malicious Code: a family of software that has as its objective the total or partial damage or alteration of the functioning of an IT system. It can export personal data or take control of the attacked computer system. (e.g., Spyware, Keylogging, Redirector, Screen Grabbing).
Spoofing: a technique complementary to the various types of attacks, which consists of falsifying the origin of the connection in such a way as to make one believe that it is a different subject or system from the real one.
Sniffing: passive interception of communications to capture data (passwords, messages, transactions) through IT tools called sniffers.
Pharming: creating web pages identical to existing sites (banks, insurance companies, software houses, etc.) so that the user is convinced that he is, for example, on his bank's site.
Password Cracking: It is the software that attempts to access restricted areas of databases with web access and tries to access with passwords generated according to predefined algorithms.
What to do if you suspect identity theft?
1. First of all, block the credit cards and all the current accounts involved.
2. Contact the security or anti-fraud department of banks or financial institutions with which you have relationships, including credit card companies, utilities, Internet service providers, and all places where the credit card is used regularly, to report any fraudulent access or use of your account.
3. Change the passwords of all online accounts, starting with those related to information or financial institutions.
The Moment of the Notice
Are there ways to avoid identity theft?
Unfortunately, there are no ways to ensure that a user is not a victim of identity theft. In any case, some tips could mitigate this phenomenon:
Provide your data only to companies that have a good reputation - be wary of unconscious companies and make sure of the veracity of the website before entering sensitive data such as credit card numbers. Malicious people can simulate the website of a bank or a service company in all respects.
Use all security options - the correct use of passwords and all other security configurations, such as the secure connection with https protocol, add a level of protection.
Check your security policies - take the appropriate precautions when providing your personal data, and above all, check that it is possible to verify them both online and by contacting the company directly. When entering into the contract, many companies require their customers to be able to share user data with other companies.
Pay attention to the type of data provided - attackers could collect pieces of information from the most varied sources, so be careful of the information published, especially on the forums - Never give personal information by email or telephone.
Use and keep your programs up to date: personal firewall and antivirus - protect yourself against the attack of viruses and Trojan horses that would steal or modify some data on your computer. Remember always to keep your antivirus program updated.
Check your bank account frequently - many companies send their bank statements with a certain deadline; the advice is to check your bank account frequently and to report, in case of discrepancies, the anomaly to your credit institution.
Do does not provide your tax ID/credit card number or other personal data over the phone.
Chop up all documents that contain account information or personal data.
Keep important information in password-protected files and directories.
Use password management programs to automatically fill in your login information; avoiding using the keyboard.
Learn how to spot fraudulent emails and websites and other signs associated with phishing and pharming.
It is always good to be very careful before downloading programs, opening any attachments or clicking links contained in the text or images of an email message. You can then take simple precautions: for example, do not reply to e-mails from strangers, or hover the mouse over a link without clicking it and check - in the lower-left corner of the browser - the real URL (that is, the web address) to which you could be addressed.
Scams and email. Be wary of offers of extraordinary discounts on travel and gifts to be obtained by performing certain operations (for example, click on links, provide personal or bank data, etc.), which can arrive via social networks, e-mail, or SMS. Malware, computer viruses, spy software, and phishing (that is, a fraud aimed at acquiring confidential user data for illegal purposes) may be lurking. Here, too, the same precautions apply as for electronic postcards. A growing danger during the holiday season is that of false shipping notifications, which warn of the updating of order never made or of the need to collect a package. In doubtful cases, when no order has been made, and no delivery is expected, it is advisable to avoid providing personal data online, and do not click suspicious links or install any software indicated as necessary to complete the shipping and delivery operations. Indeed, companies in the sector usually operate through other channels.
Beware of the apps you install: During the holiday's many users of smartphones and tablets download free apps to access promotions or online stores to create and send postcards or activate games. These software products can also hide viruses or malware. In order to protect yourself, good rules are: download apps from official markets, carefully read the descriptions of the programs, consult any user reviews, prevent minors from downloading apps on their own.
Fake sites: Be wary of online shopping too obvious if you are not sure of the reliability of the site, if the Internet address of the site appears abnormal and if they are not followed standard security for online transactions.