Identity Theft and Spyware- The New Threat
Spyware vs. Adware- Know the Difference
It is also very important to understand the difference between
spyware and adware (a.k.a. pestware). There has been a large outcry
from consumers and privacy advocates over intrusive software and
cookies that are in reality more of a nuisance than a security threat.
This does not mean that adware is not a problem, but cookies and
adware should not be treated on the same level as spyware. They
are fundamentally different situations altogether and lumping them
together dilutes the threat of real spyware.
Adware generally refers to software that installs a reminder service
or spawns targeted ads as you surf. These advertisements are referred
to in the advertising industry as interstitials or simply “pop-ups”.
They might also profile your surfing habits, shopping habits and
most gather information in aggregate.
In a recent decision in the case of U-Haul versus WhenU a judge
determined that the use of adware was “legal”. In short
it meant that WhenU was not violating trademarks by having their
bundled software, SaveNow, display pop-up advertisements.
We do believe that more legal precedents will be handed down and
legislation will be enacted to control the use of adware that uses
drive-by downloads and deceptive installation techniques, but until
that time comes we urge users to read the End User License Agreement
for any software before they install it and to educate themselves
on the use of adware.
Spyware, as we know it, is software used to monitor actual computer
activity. As we mentioned before it can log your keystrokes which
means whatever you do on your computer is open to the eyes of prying
spies. This problem is greatly exacerbated in environments where
different users have access to a single machine. For example, a
local copy shop, a computer rental kiosk, a university or even a
friend’s home machine. These are typical targets for a thief
who wants to quickly grab information from unsuspecting users.
Public Terminals and Spyware
One particular case stands out as a red flag for using public terminals.
For over a year, unknown to people who used Internet terminals at
Kinko's stores in a New York store, Juju Jiang was logging everything
users typed including their passwords to financial institutions.
Jiang had covertly installed, in at least a dozen Kinko's stores,
spyware that logged keystrokes. He captured more than four hundred
user names and passwords, using them to access and even open bank
accounts online. This is a real world example underscoring the dangers
of how spyware can be used to steal someone’s identity. It
is logical to conclude that more of this type of ID theft will occur
because it is relatively easy to execute.
A thief doesn’t even have to be technically skilled to install
a commercial keylogger and to retrieve your personal information.
Once installation is deployed the thief can have information e-mailed
back to them or the software will open up a “backdoor”
where the spy can log into the machine and retrieve keystroke or
snapshot logs. Consumers must exercise even more caution when using
public computer systems and realize that in open computing environments
there are situations that can leave them vulnerable.
Monitor Your Credit
It is absolutely critical that you monitor your credit report on
a regular basis. If you find a change of address you did not initiate
or financial accounts you did not apply for request a copy of your
personal credit report. The credit report will include contact information
for requesting an investigation of incorrect information. It's also
important to watch your monthly billing statements for errors or
unusual activity. In Kim Smith’s case using a credit monitoring
service would have alerted her to far in advance to the activities
of the thief and saved her some embarrassment at closing time. After
applying for a loan, credit card, rental or anything else that requires
a credit report, request that your Social Security number on the
application be truncated (x’ing out key numbers) or completely
deleted and your original credit report be shredded before your
eyes or returned to you after a decision has been made. A lender
needs to retain only your name and credit score to justify a decision.
It is worthy to note that in the FTC study on identity theft fifty-two
percent of all ID theft victims, approximately 5 million people,
discovered that they were victims of identity theft by monitoring
You can request credit reports at the sites below:
Periodically Request Your Social Security Statement
Along with checking out credit reports U.S. consumers should request
their Social Security Earnings and Benefit Statement at least once
a year to make sure there is no sign of fraud. You can do this online
by surfing to here.
The statement will come via snail mail and is not sent online. If
you aren’t comfortable doing it online you can use Form SSA-7004
Identity Theft- Page Guide
Page 1 - Page 2 - Page 3 - Page
4 - Page 5