Free Wi-Fi access is being provided by the following sponsors:
The Daily Journal      City of Kankakee      Kankakee County Farmers Market        HomeStar Bank       Smith, Koelling, Dykstra & Ohm, P.C. Tyson Engineering Space Center Inc.       Peoples Bank      Standard Title      Payne Gray GrosSchmidt      Simms      Connected Community      Governers State      Acorn Design      National City Bank      National City Bank      Kankakee Community College      Grouchos Coffee Shop

Welcome to Tech Corner!

Tech Corner features technical tips, techniques, and the latest updates in technology.

You may recognize some of the guest columnist because they are professionals from local area businesses.

Internet Schemes and Identity Theft

Go to an Internet terminal, head to www.google.com and enter your first and last name, then search. What you find my surprise you. Somewhere within the search pages your name will be found, maybe even be on the first page. While you’re on the Internet, check out your IP address and where your connection starts. Finding your public IP could be easy; if you are technically inclined you can find the IP address within your network properties. For those who are not techies, simply point your browser to http://whatismyip.com. At the top of the page you will see your IP address. On the same Web site you can click on “IP Address Location” to see where your IP registers. There are many more Web sites and utilities that can be used; this just shows how easy it is to get information off the Internet. The more you dig, the more you will find.

As an Internet surfer you visit Web sites, these Web sites can track you by IP address, cookies that have passed to you from the browser, or any interaction you had with the Web site. So when you return to the same site, they know who you are (or who you’re supposed to be).

It’s hard to tell the good Web sites from the bad ones. Many sites claim they are secure, have encryption, and password protection on all data files. You need to take another step to ensure the data you are supplying is kept private and used only for the current transaction you are taking part in. Watch out for “phishing”— a scam in which the offender pretends to be a financial institution or legitimate company that sends spam or pop-up messages to get you to reveal your personal information. Under similar circumstances you may also find “pretexting”— another scam in which the offender uses false pretenses to obtain your personal information from financial institutions, telephone companies, standard database files and other sources.

So, let’s imagine that I’m on the Internet and I head over to www.amazon.com to buy a book on plumbing. I fill out all the forms, provide my billing information and shipping address, then hit submit. My personal data is than corralled into multiple transactions and databases confirming my identity, whether or not my credit card is legitimate, my shipping address and the most important element, my email address. In most cases my data is sent to the vendor supplying the goods. At this point I need to keep track of my order. For starters I will check my e-mail for order updates and monitor my credit card account (online) to see if the order was charged. I also keep any e-mails for future reference. If I suspect any foul play, I can stop my credit card payment and notify the seller/store. At this point you must keep a careful eye out for a scheme. Notifying your credit card company or bank (if you used pay by check) is also good. In most cases they can stop the transaction or put the transaction in dispute.

Here are some of the most common ID thefts:

• Checking account
• Credit card
• Dumpster diving
• E-mail
• Government
• Internet ID
• Loans
• Mail grabbing
• Phone
• Robbery
• Savings account
• Securities
• Utilities

These credit bureaus can check and monitor your credit: Equifax, Experian and Trans Union.

Protect yourself. Some reports show that as many as 70 percent of consumers are shredding documents. This process eliminates “dumpster diving” as a major source of data compromise for those who do shred their unwanted mail. Passwords protect your accounts, including e-mail. Therefore, don’t have your system log in automatically—always require a password entered by you and don’t write your password down anywhere. Passwords should be unique and should never reflect anything about you or your dealings. When shopping on the Internet do your homework to research any site you are dealing with. In some cases you can go to Network Solutions (www.networksolutions.com/whois/index.jsp) to issue a “WHOIS” search (search by domain name), which will tell you where the domain is registered. If you have a wireless network, ensure you have the proper security set like a WEP key or other security password. With so many WiFi devices available, you need to protect yourself from unauthorized users on your wireless network. Watch out for investment and product schemes that tend to provide results overnight, require you to submit a credit card, and continue charging your credit card until you cancel. The fine print with some products requires a subscription or an introductory charge that goes up in modest amounts. Credit card theft, known as “skimming,” occurs when your credit/debit card numbers are stolen through the use of a special storage device when processing your card. Do not release your social security number or bank account numbers. The agent site should not request this information and any transactions that require this information may not be valid. Depending on how you connect to the Internet, keep your firewall, anti-virus, and other security packages updated with the latest software releases. Delete suspicious e-mails that act as SPAM or are not recognized by you. Never throw away a computer that has been used to store personal data files, accounting files, etc. because the hard drive can be taken out and repaired, allowing your data to be stolen.

Have a plan in place should you be an unfortunate victim of a scheme or identity theft. Your plan should include the number(s) to call to stop all of your services, credit cards, and other banking numbers. This organized plan is your first defense and will keep you calm, because every minute will count when you’re calling to stop service. This plan also holds true for a lost wallet, cell phone, PDA, etc.

E-mail-based alerts for the purpose of monitoring transfers, payments, low balances, withdrawals, or for detecting outof-pattern activities, are good notification systems and usually are either inexpensive or free.

Home Internet users should ensure their systems are up to date with virus protection, the firewall is enabled, and the latest software patches are applied to the system operating software. On the other side of your connection is the ISP, they will control outside your local (home) network.

For business you can see similar security measures, from the router (or starting point) to the Internet. At the router, you can have a firewall appliance and a server running NAT (Network Address Translation) which hides/masks the internal network from the public (also known as aun-trust/trust network). Running IP routing, like “IPTables,” can also limit access to sensitive data. Servers, disk arrays and e-mail servers should always be patched with the latest software updates. Most of the major vendors will notify you of security-related bugs. Trade secrets and sensitive data are often encrypted and kept private only to the local network. On the local network, other restrictions are also based on which systems/computers can access the data.

On a business network, you could have many systems with access to the Internet. In cases where an employee has fallen victim, you can pull multiple access logs to help pin point the problem. This can even apply to a phone bill in which there was a service applied but not authorized. It seems more common now to find services applied on phone bills from Internet-based companies. These are usually easy to have removed.

Here are some handbook standards to consider:
• Systems have unique passwords that are changed every quarter.
• E-mails are filtered through more than one level of protection. Examples would be SPAM Assassin, Symantec Bright Star system, RBL (Real-Time Black Listing), both free and paid.
• Content filtering based in URL listings: sites that make the URL listings have questionable business practices, so the filter blocks them out. For personal users there are many products that block content filtering, allowing you to set up your browser to block sites.
• Do not permit downloads except from approved sites. Some programs, when downloaded, are Trojan Horses or viruses that can send data out to servers. Symptoms of this are your system slowing down, the network light is on continuously and your hard drive light is on when your system activity is minimal.
• PDAs, cell phones, and other handheld devices could contain personal information. Some of these are a little harder to protect. People often sync their handheld device to programs like Microsoft Outlook. The data from Outlook could be your calendar, contacts, notes or tasks. Items like the notes may contain information for you only.
• If you have a business, when you lose an employee they may have data on the hard drive. In some cases you could take out the hard drive and keep it for later use. The other option could be to backup the current data. In either case, whoever gets the new computer should be starting fresh.

We have found a few sites to help with internet schemes and identity theft. Call 877-ID-THEFT or use the ID theft report form at www.consumer.gov/idtheft, to receive a booklet from the FTC with stepbystep instructions on how to clear your name. The FTC site www.ftc.gov/bcp/edu/microsites/idtheft/ has a lot of good information on prevention, another is www.ic3.gov/about/. The Internet Crime Complaint Center (IC3) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet-related criminal complaints. Another site is www.usa.gov/Citizen/Topics/ Internet_Fraud.shtml, which is a good place to start. The first page of this Web site has all the starting points for reporting Internet fraud and schemes.
Tech Corner Archives
WI-FI KANKAKEE, LLC
PO Box 401
Kankakee, IL 60901-0401