21
Sep
09

Watch Out For (Digital) Pickpockets

It Could Happen To You

It Could Happen To You

In this IT-intensive era, it is easier than ever to prey on the unwitting and too-trusting.   Risk vs reward makes the glory days of good old-fashioned bank robbery obsolete, when all you need these days is a fast computer running password cracking applications to embark on a new career as an information-super-highwayman.

In my opinion, identity thieves should all go to prison and be cast down with the Sodomites, so they know what it is like to be humped by a train.  But there are a few easy ways you can help protect yourself from losing your savings and good credit to a wannabee Morpheus in Shenzhen.  Or even worse, to your trusted personal assistant.

More Secure Passwords

 One of the easiest and best methods of creating a super-secure password is using a mnemonic device.  Take a sentence incorporating numbers that is easy for you to remember, and use the first letter of each word for the password.  For example, if you have a yahoo mail account you might say “Yahoo! It’s been 5 years since I quit smoking heroin” and translate that to yib5siqsh.  It is also a good idea to change your password every few months.

 Also, if you set up a security question, make sure you make it difficult for anyone to guess.  Would-be identity thieves can probably figure out where you went to elementary school and your favorite pet through your Facebook profile.

 Beware of Phishers

 Aside from emails promising longer, thicker cocks for your woman or asking for help getting millions of dollars worth of dubious funds out of Nigeria, a popular scam is phishing, or sending an email which appears to be from a bank or websites like eBay or PayPal asking you to confirm your account, usually asking you to enter your password and personal information.  

 In the beginning, these emails were very amateur, with dodgy spelling (like from Bonk of Amerrica) and slapdash format that made it easy to tell right away.  But nowadays, phishers are getting really clever.  When you hover the cursor over the link they ask you to follow, it might say www.bankofamericasecuritysite.co.tv or something official looking, but NEVER click on those links.  Besides directing you to a legitimate looking site designed to fool you into entering sensitive private information, it might try to upload a worm or spyware onto your computer. 

 The rule of thumb is this:  any email that asks to to update your account information by directing you to another site is probably a scam.  If in doubt, pick up the phone and call the institution in question about what they want from you.

Sharing is Not Always Caring

If you log onto a shared computer (say, at an internet café or hotel) to check your email or Facebook, be wary that a dastardly program called a keystroke logger might exist.  This embedded program records everything you type and could be used to mine sensitive information.  

To guard against this, you can add another layer of security when logging in.  If you are using a computer running Windows XP, you can open what is called a virtual keyboard, which pops up on screen and allows you to enter information with the mouse (which is much less likely to be tracked).  To access it:

 On the Start menu, Go to All Programs, then point to Accessories, then point to Accessibility, then Select On–Screen Keyboard.

 If there is no onscreen keyboard, a quick-and-dirty solution is using the Notepad application.  Open this and start typing a string of random characters which you can cut-and-paste into the password field.  As an example from our previous Yahoo heroin password example (yib5siqsh), you can type something like:

 fkas0Aas31yib5fb34nyfuckuidentitythievesiqshfs345fhellood

 Then, cut and paste your password from the gibberish (I broke it up here into two blocks to make it even more difficult).

 When you are done, you can also go into the browser menu and delete your browsing history (Delete Browser History under Tools for Internet Explorer, click ‘Clear Now’ button in the Private Data section under Options).

 Social Security is Not So Secure

For Americans, a unique social security number is still the most popular means of confirming identity when filling out official documents.  In reality, this nine-digit number was not meant to be a panacea for identification, and might even be guessed based on an algorithm of when and where a person is born. 

 That being said, it is the best they have for the time being, so be careful to whom you give this information.  It is often surprising how often you are asked for your social security number (or identification card number) when filling out questionnaires.  If it is not a financial transaction (like applying for a loan or credit card, or opening up a bank account) why would they need that?  Leave it blank, and if it turns out they really need it, they can call you and explain why they need this information just for a discount card at Sam’s Club or when opening a VIP membership at Poseidon.

 Secretary of (your) Treasury

 Having a secretary or personal assistant can be a boon, helping make your life more efficient and convenient.  Working with someone a long time, eventually a level of comfort and trust builds up where you might ask them to perform financial transactions on your behalf.  Speaking with many people who have been burned by such associations, it is clear you should NEVER completely trust an employee, especially when they have access to all your personal information.

 Here in Thailand, this kind of abuse is more common than you think.  A personal assistant can be hired for as little as 10,000 baht per month, and despite being given regular bonuses and raises in salary, there is often too much temptation for these employees not to exploit a generous and trusting (or oblivious) boss.  Just to illustrate, a very well-known Thai politician was unknowingly swindled for hundreds of thousands of baht when it was discovered his housekeeper stole an ATM card and had been withdrawing money from his account over several years, and I know a prominent businessman whose found out his assistant would take out a little something extra for herself whenever he asked her to make a withdrawal.

 What can you do to protect yourself?

 

  •  First, NEVER allow anyone to sign anything on your behalf.  Yes, it may be convenient to have your assistant withdraw money from the bank to take care of the bills if you don’t have time or if you are out of town, but if they start practicing your John Hancock, you never know where it will stop.

 

  •  Periodically check with the credit bureau.  Make sure someone has not been applying for loans or credit cards under your name.  There are too many credit card companies that offer easy credit to anyone who can provide the bares minimum correct personal information.  And who is liable for all that debt your cheating employee accrued?  If you cannot adequately prove a fraud occurred, then you are.

 

  • Make sure all your credit card and bank statements come to your home address and not your office.  If you are very busy and need someone to help take care of your bills, this way you can take a look at them before delegating, taking note of suspicious transactions.  Another option that is popular in the USA that will eventually become standard practice here in Thailand is paying bills directly online.  In the meantime, if I can not pay a bill directly, I often take care of it myself through my bank. 

 

  • Keep a tight leash.  Make sure you have all the relevant personal information of your assistant on file.  This includes a copy of their ID, home address, and registered residence.  If you have to go to the police to track them down, then all this information will come in handy.

 

Thai police can be deliberately obtuse and lazy, especially if you don’t have juice through family connections with politicians, police, and army.  The sad reality?  If you walk into the police station expecting them to help you because it is their job, then you will be a sorely disappointed citizen (who will probably waste most of your day waiting for help).  Pull whatever strings you have to and make it clear from the start it is in their best interest to put down that doughnut and help you expediently.

Another tip, if you are able to convince your wayward assistant to go to the police station with you when you file a report, great.  Even if you have them sign a confession, make sure you have them also initial the police report.  Also gather whatever hard evidence of fraud you can through the bank and/or credit card companies.  The chances of recovering stolen money may be slim, but if you want justice to be served, sometimes you have to spoon feed our boys in brown.

 

Any other suggestions?  Please leave them in the comments section below.  Thanks!

Advertisements

2 Responses to “Watch Out For (Digital) Pickpockets”


  1. September 22, 2009 at 1:56 am

    Helooo Pub Iwas reading your blog, and I will say, “your blog is nice for articel and Pic so perfect”
    and one more than I found some information from your blog,
    see you agin , my be later i will be back visit at your blog

  2. 2 sista soulja
    October 7, 2009 at 12:29 am

    I got one recently, it caught my eye because in the subject line, it was spelled Bank of america. I thought the bank would have been more particular about the capitalization so I called the real Bank of America and they told me that they never sent me anything and to forward the email to abuse@bankofamerica.com.

    Dear valued customer :
    During our usual security enhancement protocol, we observed multiple login attempt error while login in to your online banking account. We have believed that someone other than you is trying to access your account for security reasons, we have temporarily suspend your account and your access to online banking and will be restricted if you fail to update.
    To get start :

    > Log on to https://www.bankofamerica.com/privacy/update.jsp

    This is the response that I got from the real Bank of America:
    Thank you for contacting Bank of America to report a potentially fraudulent email commonly referred to as a “phishing” email. We take your security very seriously and will investigate this matter immediately. If our investigation determines that the email is fraudulent, we will take steps to have the site shut down.

    For general account inquiries, or other fraud-related events that do not include fraudulent emails, please call the customer service number located on your account statement or refer to the Reporting Fraud section of http://www.bankofamerica.com/privacy.

    Some things to keep in mind regarding fraudulent emails:

    Unlike phishing emails, we will never ask you to verify personal information in response to an email
    Most fake communications convey a sense of urgency by threatening discontinued service
    Many fraudulent emails contain misspellings, incorrect grammar, and poor punctuation
    Links within the fake email may appear valid, but deliver you to a fraudulent site
    Phishing emails often use generic salutations like “Dear Customer,” or “Dear account holder” instead of your name
    The address from which the email was sent is often not one from the company it claims to be
    Keeping your financial information secure and confidential is something we take very seriously. For more information on how we protect your information, please visit http://www.bankofamerica.com/privacy.

    Hope it helps someone!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: