[PaulB]

Short of being a hermit what can you do to protect your identity?


https://www.theguardian.com/commentisfr ... y-password

[johnm]

Lie wherever practicable, so that real data is given only to official bodies where lying is an offence (e.g. HMRC) and your bank and take the Grauniad's social media advice.

[JoeC]

I've been lieing to cold callers for years. Telling them them the house is rented or the office is serviced so that as much as we'd love new windows, cheaper broadband etc it is not in our power to change supplier. We have few sales calls now.

I also told my team that they should tell cold callers to the office that it was against company policy to give out any information. This gives a useful get-out to even the friendliest and most obliging team member when they're being harrased by someone wanting to know how many telephone lines we've got

[chevvron]

1) Tell anybody who asks you're not on the internet.
2) Don't do online banking.

[riverrock]

For cold callers, I say I'm from "Fraud investigations department" or ask them their details so I can put them through to the telephone preference service.
Unless I'm bored. I've kept injury claims people on the phone for 25 min talking rubbish...
I no longer tell anyone my landline and few cold callers phone mobiles. Only my parents ever phone the landline, so I know its either them or rubbish.

I have a different password for every website (I use a detail of that website within the password so I just need to remember variations). I use throw away or different email addresses (I can add extra bits to googlemail addresses and they still come to me) for non important things. My primary email address isn't posted anywhere public.

I don't put real details into clearly insecure portals (surveys / wifi sign in) or pretty much anything that isn't https. If a company wants me to do something using a non-https website - I refuse.

I don't put on social media when I'm going on holiday, or post when I'm away from home. I use a credit card when out and about when possible.
I have had that credit card number fraudulently used twice - both times the bank caught it before the transaction completed.

However if they really want to impersonate me - I'm sure they'd find a way. I just want to be awkward, so they target others who are easier to impersonate before me

[stevelup]

2) Don't do online banking.

Online banking is perfectly safe.

[carlmeek]

An IT professional at work has just been done over and I had the pleasure of doing some forensic analysis for him. It was scary. Here's what happened:

1. He owed a building company 10k
2. They emailed him an invoice
3. An hour later an amended invoice arrived (changed bank details)
4. He wrote back to confirm a few details, they responded
5. He paid. The wrong bank account.

The company deny any responsibility.
Their email account is yahoo mail and the original invoice and amended invoice look identical.

To me it looked as if the most likely cause is a hacked password on yahoo mail.

[PeteSpencer]

The most recent thing I've had is an email from a Bank which looks kosher, with correct letterhead etc, telling me that my account has been compromised.

I've had five of these: easy to spot because I don't have accounts with four of them:

But the one from my bank was a corker\; none of the usual spelling mistakes, african grammar, plausible phone number etc. However the last four digits given in support were fictitious.

I was moved to log into my own bank's website and study the warnings before deleting it as a scam.

Made all the more worrying because my wife got a text from our bank in the spring which she deleted: Turns out it was real and someone had indeed been having a crack at her account.

So from now on receipt of anything purporting to be from our bank I phone the number I have on record for them or the fraud dept on their secure website....

[riverrock]

yep - just be careful of the scam using land lines. You get cold caller saying your account has been compromised, so please phone the number on the back of your card. You put the phone down, pick up and re-dial. They don't. You remain connected to the fraudsters but you think you're talking to your bank...

[leiafee]

The most important one of out that list as far as I'm concerned is Use a password manager so you can create unique strong passwords for everything you use.

Looks for https but remember that "secure" label only really means "private" - that encryption has been applied - you could be "securely" chatting to the biggest crook on the planet - no one checks you're really you when you buy a bog standard SSL certificate.

And stick your email address into https://haveibeenpwned.com and see if your data has already been scooped up in any existing breaches. (You can also be notified of new ones.

[Genghis the Engineer]

(1) Don't re-use any one password too much - have a system for them that you understand - nobody else needs to.

(2) Consider using private windows on your browser for critical stuff such as banking, and maybe even a confidential search tool such as startpage.

(3) Just never give out anything on the phone to anybody who has phoned you. If in doubt phone them back on a number you have stored somewhere. If they are genuine, they'll never object to that.

(4) Also consider that security has two sides to risk. One is not having your identity, money, critical data stolen. The other is not losing important information you need. You do need to balance these two - security and convenience are not natural friends.

(5) Anti malware / spyware software running on all your devices.

(6) Have a spare free email address you can give out - when it starts to attract too much Carp, just shut it down and create a new one.


I hopefully am not complacent - I've seen attempts to scam me numerous times. So far, nothing of any note has gone wrong for me. But it might.

G

[Genghis the Engineer]

yep - just be careful of the scam using land lines. You get cold caller saying your account has been compromised, so please phone the number on the back of your card. You put the phone down, pick up and re-dial. They don't. You remain connected to the fraudsters but you think you're talking to your bank...

I'm not sure if this really works with UK landlines and modern digital technology?

Anyhow, if unsure, just phone "back" on your mobile.

G

[carlmeek]

It does still work:). Our phones aren't modern or digital!

[Dave W]

The exchange will be, won't it?

[PatT]

We had a similar scam a couple of years ago when a letter arrived from a regular supplier advising of change of bank details. When that supplier queried why we had not paid it was revealed as a scam . Then a few months later this happened in reverse to one of our customers. The banks were absolutely no help at all. What puzzles me is why cant the banks identify the crooks? If you open a bank account you have to supply all kinds of identification