Identity Theft at Work<base href="http://www.atruereview.com/" /> <link rel="shortcut icon" href="http://www.atruereview.com/images/favicon.ico" /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link href="http://www.atruereview.com/templates/rt_versatility_iii/css/template_css.css" rel="stylesheet" type="text/css" /> <link href="http://www.atruereview.com/templates/rt_versatility_iii/css/style10.css" rel="stylesheet" type="text/css" /> <link href="http://www.atruereview.com/templates/rt_versatility_iii/slimbox/slimbox.css" rel="stylesheet" type="text/css" /> <link href="http://www.atruereview.com/templates/rt_versatility_iii/css/rokmoomenu.css" rel="stylesheet" type="text/css" />  <link rel="shortcut icon" href="http://www.atruereview.com/images/favicon.ico" /> <style type="text/css"> td.left div.moduletable, td.right div.moduletable, td.left div.moduletable-hilite1, td.right div.moduletable-hilite1, td.left div.moduletable-hilite2, td.right div.moduletable-hilite2, td.left div.moduletable-hilite3, td.right div.moduletable-hilite3, td.left div.moduletable-hilite4, td.right div.moduletable-hilite4, td.left div.moduletable-hilite5, td.right div.moduletable-hilite5, td.left div.moduletable-hilite6, td.right div.moduletable-hilite6, td.left div.moduletable-hilite7, td.right div.moduletable-hilite7, td.left div.moduletable-hilite8, td.right div.moduletable-hilite8 { width: 175px; } div.wrapper { margin: 0 auto; width: 868px;} </style> <script type="text/javascript" src="http://www.atruereview.com/templates/rt_versatility_iii/js/mootools.r462.js"></script> <script type="text/javascript" src="http://www.atruereview.com/templates/rt_versatility_iii/js/roktools.js"></script> <script type="text/javascript" src="http://www.atruereview.com/templates/rt_versatility_iii/js/mootools.bgiframe.js"></script> <script type="text/javascript" src="http://www.atruereview.com/templates/rt_versatility_iii/js/rokmoomenu.js"></script> <script type="text/javascript"> window.addEvent('domready', function() { new rokmoomenu($E('ul.nav'), { bgiframe: false, delay: 500, animate: { props: ['opacity', 'width', 'height'], opts: { duration:400, fps: 100, transition: Fx.Transitions.sineOut } } }); }); </script> </head> <body id="page_bg" class="f-default"> <script type="text/javascript" src="http://www.atruereview.com/templates/rt_versatility_iii/js/slimbox.js"></script> <div id="fxContainer"> <div id="fxTarget"> <div id="fxPadding" class="wrapper"> </div> </div>  </div> <div id="template" class="wrapper"> <div id="header"> <a href="http://www.atruereview.com" class="nounder"><img src="http://www.atruereview.com/images/blank.png" style="border:0;" alt="" id="logo" /></a> <div id="banner"> <div class="padding"> <form action="index.php?option=com_search&Itemid=5" method="get"> <div class="searchroflmao"> <input name="searchword" id="mod_search_searchword" maxlength="20" alt="search" class="inputboxroflmao" type="text" size="20" value="search..." onblur="if(this.value=='') this.value='search...';" onfocus="if(this.value=='search...') this.value='';" /> </div> <input type="hidden" name="option" value="com_search" /> <input type="hidden" name="Itemid" value="5" /> </form> </div> </div> </div> <div id="horiz-menu" class="moomenu"> <ul class="nav"> <li><a href="http://www.atruereview.com/">Home</a></li> <li><a href="http://www.atruereview.com/search.html">Search</a></li> <li><a href="http://atruereview.com/oldrev.php">Old Reviews</a></li> <li><a href="http://www.atruereview.com/atruereview/articles.php">Old Articles</a></li> <li><a href="http://www.atruereview.com/contact/contact.html">Contact</a></li> <li><a href="http://www.atruereview.com/links/links.html">Links</a></li> <li><a href="http://www.atruereview.com/accessories/2.html">Reviews</a></li> </ul> </div> <div id="top"> </div> <div class="clr" id="mainbody"> <table class="mainbody" cellspacing="0" cellpadding="0"> <tr valign="top"> <td class="left"> <div class="moduletable"> <h3> Main Menu </h3> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr align="left"><td><a href="http://www.atruereview.com/" class="mainlevel" >Home</a></td></tr> <tr align="left"><td><a href="http://www.atruereview.com/search.html" class="mainlevel" >Search</a></td></tr> <tr align="left"><td><a href="http://atruereview.com/oldrev.php" class="mainlevel" >Old Reviews</a></td></tr> <tr align="left"><td><a href="http://www.atruereview.com/atruereview/articles.php" class="mainlevel" >Old Articles</a></td></tr> <tr align="left"><td><a href="http://www.atruereview.com/contact/contact.html" class="mainlevel" >Contact</a></td></tr> <tr align="left"><td><a href="http://www.atruereview.com/links/links.html" class="mainlevel" >Links</a></td></tr> <tr align="left"><td><a href="http://www.atruereview.com/accessories/2.html" class="mainlevel" >Reviews</a></td></tr> </table> </div> <div class="moduletable"> </div> </td> <td class="mainbody"> <table class="sections" cellspacing="0" cellpadding="0"> <tr valign="top"> <td class="section w99"> <div class="moduletable"> </div> </td> </tr> </table> <div class="padding"> <h1 align="center">Identity Theft at Work </h1> <p> <strong>Company's computer not yours</strong></p> <P>The first rule of identity theft is the only way to steal someone's identity is to get access to the information. Our employees were providing an identity thief with everything they needed (passwords, social security numbers, addresses, etc...), right on a work computer. For me it seems stupid that HR is locked down and data is encrypted to protect our employees at work from identity theft, while employees don't protect their own data. </P> <P>Many employees think that a computer at work is their own. We had people saving bank information, tax documents, medical records, resumes, and all their passwords on the work computer that they use. I will elaborate on passwords. Passwords saved in the browser for ease of use are a huge issue. Anyone opening the web browser on this computer and user account can access all those sites. Also, the password file for the browser can be decrypted. </P> <P> think employees fail to realize is that the computer they work on is a company computer. Therefore, management, IT and HR can get access to that computer anytime they want. Not to mention other employees for if an employee is gone on vacation, another employee may use the computer to do the vacationing employees job. If the employee is terminated or quits, that computer goes back to the company. In a small company all the data on the ex-employee's account may be copied over to the new employee, so that employee has all the information and contacts to do the job. If the IT person is not paying attention, this might be all the ex-employees personal data. </P> <P>Now that we have established that a third of the company has access to each computer, why would anyone want to put their identity on something that is very accessible. I guess the employee feels they can trust management, IT and HR. Hopefully, there is never a bad seed hired that knows how much money can be made with identity theft. </P> <P><strong>Data in public places</strong></P> <P>We have public drives, as I am sure many companies do. Public drives are just that, data that is on the drive is accessible to workers in same department or even the whole company. It amazes me that we had to delete a information like resumes and medical records off these drives. An amateur who knows nothing about computers can easily get data they need to steal someone's identity.</P> <P><strong>Employees accessing other user accounts </strong></P> <P>Getting on other user's accounts is one point that I really hit with my company. I explained how easy it was for say Joe in sales to steal Sally's information, who works in marketing. Joe can wait for Sally to go to lunch or leave her desk. Of course, the company calendar will give Sally's schedule; therefore, he knows when she won't be there for a while. Joe walks over to Sally's desk with a thumb drive and puts it in Sally's computer. He sits down and because her computer is unlocked, he has access to it, on her account. Joe browses Sally's My Documents and pulls over her tax information and medical records. </P> <P>Now Joe needs some more information, so he brings up her web browser and goes to her history. She has been to her Hotmail E-mail, a shopping site, 401K account and bank. The password is saved for the E-mail and shopping site, but Sally's bank does not allow the user to save a password. To get the bank password, Joe uses the forgot password option on Sally's shopping account, logs into her E-mail because the password is saved, and now has the shopping password. A shopping account that has Sally's credit card information saved. This is so Joe can buy some nice things for himself later as a reward. </P> <P>Joe has the password now for the shopping site, but what good is that. Problem is that 90% of the users out there use the same password for everything. Odds are that shopping password will get Joe into her bank account, 401K account, and Sally's MySpace account. This way Joe can blog to everyone how she lost her identity. Joe tries the password and it works. Now he copies the history links, copying the URL for the sites into a text document and puts that on his thumb drive. This makes it easy for him so he doesn't have to figure what bank she belongs too later if he forgets. He then saves the password that was in the E-mail in the same manner, deletes the E-mail. Lastly, he deletes the E-Mail out of the Trash folder and there no longer is a trace that someone was in her E-mail. </P> <P>I figure all I need is about 5 - 10 minutes to steal employees identity. Being in IT I can easily sit down at a computer and not be question why I was there. For Joe, he might have to wait until her department leaves for lunch or they have a meeting together, remember the company calendar For the identity theft, Joe could also work late one night so he can hit multiple people at once.</P> <P><strong>Spyware and viruses</strong></P> <P>If you say the word virus everybody knows it is bad. If you say Spyware they think it could be bad. Users don't understand how it really affects them, not how they can steal identity or bring down a business. Keeping to the identity theft at work theme, some spyware and viruses can act as loggers. They collect information entered on a computer and return that information to some web site. While this could be surfing habits, this can also be passwords and banking sites. Every computer in our company had some form of Spyware on it. Thanks to our virus scanner and E-mail filtering we were almost virus free. That right there is the problem, companies are setup to prevent viruses and only a few will get through, but Spyware is running rampant in companies with an open user policy. Back to my wife's company, they only fix the computer when it cannot work anymore. That means Spyware could have been stealing information for months. </P> <P>Spyware comes from web sites or programs that are installed on a computer. These programs generally are freeware that people like to have such as screen savers, post it notes, graphics editors, etc... If it is free, the writer is going to make money somewhere. The intention is to send user information out to marketing firms, but the malicious ones will send information and passwords out to who knows. Why spyware doesn't get picked up by most virus scanners gets me? I will note most virus scanners are getting better at getting the malicious ones. I could write an article on Spyware and don't want to detract from identity theft, so I have said my piece. </P> <P>Even if companies have a virus scanner, spyware scanner, E-mail filter, and web filter, something will always get through. This could be because user was not updating correctly, the threat is newer than the scanners, or something caused the scanner to shut down. Thus, there is always a risk that identity theft will occur because of spyware and viruses. </P> <P><strong>Theft</strong></P> <P>Everyone forgets about the easiest way to steal information, steal the whole computer. With Blackberries and Laptops becoming and everyday part of business, thieves are mopping up. The data on these devices is more profitable then the equipment. Most of these laptops don't have the data encrypted. Same principles apply as above. Go to a Starbucks, wait for a laptop user to leave for the bathroom and take his laptop. Again, its probably not locked; thus, circumventing any bio-metrics. Of course, simple bio-metrics can be bypassed by pulling the hard drive and using it in a different system to read the data. </P> <table width="100%" border="0" cellspacing="0" cellpadding="10"> <tr> <td><a href="atruereview/Articles/identity_theft_at_work.php"></a> <a href="Articles/identity_theft_at_work.php">Previous (Introduction)</a></td> <td><div align="right"><a href="atruereview/Articles/identity_theft_at_work3.php"></a> <a href="Articles/identity_theft_at_work3.php">Next (Actions to Prevent Identity Theft at Work)</a></div></td> </tr> </p> </div> </td> </tr> </table> </div> <div id="footer" class="clr"> <div class="rk-1"> <div class="rk-2"> <div id="the-footer">  </div> </div> </div> </div> </div> </body> </html>