NEW YORK — You've taken to heart the chorus of warnings about identity theft; you invested in a shredder, and you're diligent about destroying any paperwork that makes mention of your personal information before throwing it away. But is that enough?
Not necessarily, says Jim Stickley, a cybercrime expert with TraceSecurity, a security compliance firm in Baton Rouge, La.
As TraceSecurity's chief technology officer and vice president of engineering, Stickley is responsible for discovering new online approaches to stealing consumers' personal data. He says Web-based identity scams are proliferating, and regular Internet users would be wise to spend as much time safeguarding their identity online as they do in the real world.
Here are two ways criminals use the Internet to gain access to your personal information:
• Fake online storefronts.
While there are many reputable online marketplaces, the Internet has made it easier than ever for criminals to dupe people into providing their credit card numbers and personal information.
One way is for con artists to lure people by setting up fraudulent virtual storefronts, says Stickley. Identity thieves build basic Web sites, modeled after real online stores, complete with fake customer testimonials. They draw customers by buying prominently placed Google ads promoting a "must-have" item for bargain-basement prices.
When customers log onto the Web site and place their orders, they are asked to provide everything from their shipping and billing address to their credit card and phone number. After this information is submitted, a page will pop up declaring that the requested item is out of stock, but by then it's too late, Stickley says — the thieves have everything they need to steal your identity.
The moral of the story: Be extremely wary about buying an item advertised by an unknown vendor for far below market value.
• Wi-Fi hackers.
Many cafe regulars and apartment dwellers are in the habit of using other people's Wi-Fi accounts to surf the Internet for free. Rather than investing in their own accounts, they use their computers to search for available networks without password protection and sign on. Piggybacking on someone else's Wi-Fi may seem like a small transgression, but it can put your computer at risk of being hacked.
When you sign on to someone else's account, you essentially grant them access to your computer. How?
"The person holding the Wi-Fi account you're using can set up a proxy server and use it to intercept your data," Stickley cautions.
They can even program their computers to decode encrypted information sent to your bank or other financial institutions, thereby gaining access to Social Security numbers, online trading information and bank accounts.
The morale of the story: To minimize the risk of having your personal information stolen, cough up the dough for your own Wi-Fi account.