Wednesday, December 8, 2010

Identity Theft Made Simple

No, this isn't a tutorial on how to copy the magnetic stripes off of credit cards or how to harvest social security numbers. You don't have to be nearly that crafty to commit identity theft on a small scale. All you really have to do is wander around internet-enabled computers that are publicly accessible, because if my observations are any indication, sooner or later (probably sooner) you'll find a computer on which someone has forgotten to log out of whatever they had been logged into before they left. There are a handful of self-service computers near where I work, and at least once a week I see an abandoned monitor with a personal account of some sort in plain view.

It's usually something as relatively low-security as an email account, and sometimes as medium-sensitivity as a college student's registration account, but when you can email their boyfriend/girlfriend a hostile breakup note or a fictitious confession of infidelity (which could be fun and fast if you had a nice elaborate one already written up as a text file and stored on a thumb drive you carry around with you ... not that I'd ever do that), or you can decline the financial aid package that a student really needs, the damage that can be done even on that level becomes clear ... to say nothing of the high-impact identity theft that can occur when someone passively allows a stranger to stroll right on into their own bank account, which -- express verbal consent or not -- is just what you'd be doing if you neglected to take the oh-so-simple step of clicking the "log out" button.

And with Facebook it can be somewhat trickier, since even if you close the browser completely and re-launch it later (unless the preferences setting that purges the browser's cookies when it's closed is active), Facebook keeps you logged in ... so it'd be easy to trash-talk a stranger's friends, change their status to being in a relationship with their friend's underaged sister (relax, folks ... just an out-of-the-blue example), or anything else that an armchair cyber-sociopath could dream up. Hijacking a stranger's passwords is getting more difficult, though, since nearly all reputable sites require users to verify their old password immediately before entering a new one.

News reports everywhere have been saying that identity thieves are getting more and more clever, but that's only half the story. Identity theft victims are getting more and more careless and/or stupid. Fortunately for you all, folks, I'm an honest guy, and whenever I see an abandoned machine that's still logged into something touchy, I'll usually just log it out rather than confess a random user's neo-Naziism to their entire address book, or finance my own vacation to Europe ... not that the whim might not strike me someday, somewhere....