28 Apr 2010
[With a nod towards Paul Simon's fabulous song 50 ways to leave your lover ...]
While researching identity theft for the latest NoticeBored security awareness module, I came across a list on one of the major websites of about 15 ways to steal someone's identity. With a bit of lateral thinking, it didn't take long to expand the list to 30 ways to steal and exploit an identity and I'm sure I have continued in the same vein - but instead I stopped at 30 and left it to our customers' employees to think up another 20 ways and maybe earn themselves a security awareness prize in the process.
I realise some may feel it inappropriate to describe identity theft so openly. My argument is that people need to know what they are up against if they are to stand a chance of preventing it, and in particular resisting the plethora of social engineering attacks currently doing the rounds. The truth is that scammers, hackers and fraudsters have plenty of ways to find out how to commit identity theft, starting with their own email inboxes or spam folders of course. Withholding this kind of information for fear of giving identity thieves more ideas seems rather short-sighted. How else are we to explain identity theft to employees if we don't give them a decent clue about what to watch out for, and what to do if they do spot the warning signs?