How to protect your identity online

If you thought identity theft was a victimless crime, or solely in the domain of science fiction, think again. This type of crime, where criminals gather information on their victims and use them as tools for stealing money, is on the increase. If someone pretends to be you when claiming social security benefit, or taking out a loan, you can expect some very nasty legal letters and maybe even a visit from the police. You might find yourself unable to obtain credit, locked out of your bank account and potentially blocked from travelling abroad.

While identity theft can happen without the internet’s involvement, a lot of this type of crime occurs because it’s relatively easy to gather information on victims online. We’ll show you not only how to control the information available about you, but also how to lock down your accounts to reduce the impact of being targeted by fraudsters.

You should start with appropriate software on your PC, such as BullGuard Identity Theft Protection. This can monitor the internet for your personal details and warn you if they turn up for sale, so you can deal with the problem quickly before it’s too late.

Your email account is the family jewels

Almost every internet service available to the public relies on having an email address. It’s the standard way of verifying users. If you forget your password to a service it will inevitably send a link to your email account. Click this and you regain access to whichever service it was that you want to log into. Whether you are using an online banking service, cloud storage or iTunes, your email account is the hub of your online identity. Lose it and you’ll find yourself locked out of your internet life – and the hijacker of your account logged in.

Let’s forget, for a minute, that email messages are themselves insecure – though we’ll look into that later in this article. Access to your email account is something you should guard possibly more than any other internet account. Using a strong, unique password is very worthwhile, but make a serious effort to take things a stage further and use two-factor authentication. This usually involves having to type in your username, password and some other code, which changes every time you log in.

Gmail users can use Google Authenticator application to generate a fresh code for each login attempt. You can tell Gmail to trust your computer for 30 days so you won’t have to run this app every single time you log in. Email services, such as those from Yahoo!, will send codes by SMS to your mobile phone. Gmail and Hotmail can use SMS and/or authenticating apps.

Reinforce your bank account

If someone hacks into your bank account, a fraudster could potentially steal your identity and access your funds. You can reduce the risk of this happening by opting into any additional security services that the bank offers. For example, if there is an optional two-factor-authentication system, such as a ‘smart key’, available then elect to use it.

This should go without saying, but sadly enough people make this mistake that it’s worth mentioning: don’t publish photos of your new credit or debit card on the internet. Believe it or not some people are so proud that they’ve passed the rite of passage into cardholder-ship that they really do this!

Social media constraint

While you’re probably not silly enough to publish photos of your credit card on Twitter, be aware that criminals do monitor social media and will take advantage of any information potential victims leak. For example, in November 2015 a young lady won a significant amount of money on a horse. She proudly published a photo of her smiling face and the winning ticket, which showed a bar code. Someone online copied this barcode, printed it out and claimed her winnings from an automated cash dispenser before she could do the same. She lost hundreds of dollars as a result.

If you publish photos online check to see if there are any details in the pictures that someone could abuse. Obvious things to avoid are bank and utility statement, passport details and possibly even your address. Some apps will attach your location to your postings. Take a moment to consider the consequences of that. If someone wants your address and you publish a photo of you and your friends at a barbecue at your house, and the GPS coordinates are provided too, he has what he needs and can discover this from anywhere on the internet.

Head in the clouds

If you store important documents, such as scans of your passport pages, consider not uploading those to cloud storage services or, if you do want to do that, beef up the security for these. Dropbox and others support two-factor-authentication. Enable this wherever possible.

If, like many people, you use a web-based email service you might as well consider this a cloud-based storage service too. Every time you email an important file, such as a scan of a utility bill to a credit card company during an application, this document is stored in your Sent box. As mentioned before, lock down your email account.

Email is not secure

That said, email is a particularly insecure way to send messages. Not only is that utility bill sat in your Sent box, but it also resides in the recipient’s Inbox and has travelled across the internet without any encryption whatsoever. If you have to send sensitive details, which means anything that a criminal could use to commit a crime in your name by email, then consider encrypting it.

Good, strong encryption is really for experts. Studies have shown that regular internet users find the software too hard to use. It’s not their fault – in most cases it really is complex. One easier option is to archive your file(s) in a password-protected Zip file. Alternatively, you can rely on web encryption by saving your file to a secure file-sharing service like Dropbox or Google Drive and then email the link to the intended recipient, rather than the file itself.

Encrypt the web

A secure file-sharing service will use encrypted web connections. You’ll recognise these because your web browser will show a padlock and the web address will start with https:// instead of the un-encrypted http:// prefix. Whenever you consider entering any personal information onto a web page, look for this padlock. If it’s not there don’t press the Submit button or risk sending sensitive data across the internet in a way that anyone can read it.

This is important when using the web generally but is absolutely critical when you are connected via public WiFi services. In fact, if you can, sign up to a VPN service for your computer and phone so that all of your browsing happens over an encrypted tunnel. Not only will spies not see your details, they won’t even know which websites you are visiting.