UGN articles UGN articles
What happens when online criminals steal your eBay, Amazon or PayPal ID and password? Bad things for sure!
Yesterday, a close relative's identity was stolen.
The whole ordeal and the ensuing headaches of identity theft has prompted me to write and once again to remind everyone about online safety.
Folks, it's not a matter of "if" they will discover your password -- but "when". Below, I emphasize the iron-clad rules of dealing with passwords.
This person used a favorite pet's name as a password in an eBay account less than a year old. And that's all it took for a criminal to crack into the eBay account. Once in, they begin posting bogus items for sale and using the credit card account to spawn other accounts on other networks. We may not have even discovered it had it not been for an unwary user who emailed with questions about one of the bogus offers. The relative called me and said "I've got this email from eBay about a product I'm not even selling."
I knew at once what happened. We jumped on it and were able to stop it before the real disaster could happen.
These criminals employ sophisticated software and servers to rapidly harvest screen names from eBay, Amazon, blogs, and anywhere a "handle" or screen name is used. Incoming data is then compared to databases with millions of words, phrases, acronyms, street addresses and telephone numbers. It takes only a few seconds to then ping eBay and other online strongholds to test combinations. Once a 'hit' is made, they're in. It's only a matter of time.
These are not isolated, sleazy hackers crouched at a glowing monitor in the dead of night -- they're technologists and industrialists exploiting all means available. They are highly skilled and well financed businesses openly bragging that they can't be caught, and can't be stoped. They employ major computer installations which run around the clock, every day -- fully staffed for a single purpose: stealing and exploiting private information.
Online crime has been cited as one of the world most rapidly expanding industries -- transcending physical borders and language. The spam, porno and identity theft business has become so lucrative it can employ the fastest and most advanced technologies. Their multi-computer installations can parse millions of screen names and email accounts per hour, matching them to spam lists as well as gathered cookies from anyone who surfs the web. They employ intelligent agents and spiders to scour the web for possible UID and cookie matches. They can surf into your machine via broadband ports as easily as you can call to order a pizza... easier.
When a successful match is found, they sell it; use it to create more bogus accounts for spamming; or even worse, use it to burglarize bank accounts and charge card accounts. In this particular situation the criminal had already posted dozens of bogus products for sale on eBay.
No individual, law enforcement agency or government is any match for these criminals. Very few are ever apprehended, and when they are, they can afford the best legal defense money can buy. Many openly admit to maintaining installations in other countries beyond detection of U.S. authorities -- and boast they can have new installations up and running within hours. They are highly successful. Protecting yourself properly can prevent you from adding to that success.
1. NEVER use a word found in ANY dictionary, nor combinations
2. NEVER use a street, pet, child, relative
or other "term" found in any language
3. NEVER use "human readable" phrases of text
(If it makes sense, they'll find it.)
4. NEVER use your name or part of your name
5. NEVER mix or merge passwords into a "new" password
6. NEVER use the same password more than once
7. NEVER use less than 8 characters --
12 or more are better!
to ANY situation where a "password" is used:
AVOID situations where passwords are required. Ask yourself if you really need to join, subscribe, or participate in any activity where they ask you to set up a password and charge card, home address, phone or fax number. Spammers and crooks have also moved into the brick-n-mortar arena faxing their spam as well. Join the FTC's "Do Not Call" registry.
The recent surge in online crime has prompted many alerts of a renewed increase in criminal activities. Numerous reports of criminals cracking into financial services, auction services and other sources of easy personal or financial information are posted weekly.
Identity theft is quick and easy once a password or account is cracked. But Identity theft can also begin with
ALL people young and old need to understand this -- most vulnerable are: young people (who think they're invincible), the elderly (trusting and inexperienced in technology), the disadvantaged (searching for an easy way out) -- new, unskilled cable, DSL or wireless owners are most at risk. If you use a third device for online communications like Apple's new iChat, you'll have open proxy ports open and any 3rd grade hacker can help himself to your computer.
The victim of our story today had to cancel charge card accounts, and any online account the card was used for -- had to delete an eBay account, and wipe a paypal account clean. And that's just the beginning. A new checking account had to be opened and the prior one closed.
Protect yourself at all times, and share this message with others. If you are in a position to disseminate this message to a larger audience, please do so. Go to: www.ftc.gov/ to learn more -- and to report any suspicious online activity. It's your duty to report it.
Join a local computer user group or club, and get educated. Build a network of knowledgable friends or associates whom you can turn to with questions and help.
Be vigilant.
Protect yourself at all times.
And please link to this column, or re-publish on your web site.
Thanks for reading...
Fred Showker, Editor/Publisher UG Net News
Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director