- The Washington Times - Thursday, June 20, 2002

Anyone who enters the phrase "create an identity" into a popular Web search engine such as Google will see more than 5,000 sites pop up,says Paul Colangelo, director of Industry Affairs for the databasefirm LexisNexis. The Internet, in addition to revolutionizing the way we communicate and do business, has emboldened those who traffic in identity fraud.

Identity thieves use the Web in two ways. They can go online and, through various means, acquire such sensitive material as Social Security and credit-card numbers, or they can swipe wallets or rifle through people's trash to obtain such personal data, then anonymously go shopping online using someone else's information.

Experts say people aren't defenseless against the Web's nefarious side. Software products and a healthy dollop of common sense can protect Internet users against identity fraud in the computer age.

Fred Hoch, vice president of software programs with the Software & Information Industry Association, headquartered on Vermont Avenue NW, says identity theft is growing "significantly," and that growth is fueled in part by the Internet.

"As a mass consumer product, [the Internet has] only been around for five or six years," says Mr. Hoch, whose association represents more than 800 software and information companies.

Jay Foley, director of consumer and victim services with the Identity Theft Resource Center, says that 20 years ago, crooks had to go into various banks and stores when using stolen identity information to make purchases or get a loan. They risked having clerks recognize their faces, should the authorities wise up to their plans.

Today, a thief can shop online with bank and e-commerce Web sites without fear of being identified, says Mr. Foley, whose San Diego-based group helps people nationwide in dealing with identity fraud.

Mr. Hoch says consumers should adjust their online behavior as a first step toward protecting their identities.

When shopping online, "be aware of who you're dealing with," Mr. Hoch says. Working with the site of a large, established company, such as J. Crew, offers a measure of protection. Large firms have plenty to lose if their customer service breaks down or is hacked. A tiny retail outlet that one might find while browsing the Web should be viewed with caution, he says.

Secure shopping sites can be spotted easily: Their Web addresses begin with an "s" on the "http" coding, like this: https://www.johndoecompany.com.

When a consumer enters information into a Web site, he or she should check how the company might use such material, says Mr. Colangelo, whose company includes 1,600 public databases and is being used by several law enforcement agencies to help track down identity thieves.

Many companies post their privacy policies on their sites.

A more assertive way to prevent thieves from swiping information from a computer is to install fire-wall software on the hard drive.

Fire-wall programs prevent unknown computers from making contact with your computer system. Such software is flexible, allowing users to control what kind of sites such as an Amazon.com can access a computer and which ones cannot.

Mr. Foley says fire-wall software programs can range in price from $29 to $100 for a basic home personal computer.

Consumers strapped for funds can download a free version of the Identity Theft Resource Center's fire-wall software program at www.zone alarm.com, Mr. Foley says.


A company in Fairfax provides consumers not just with fire-wall protection, but with a comprehensive package to help guard against every step of the identity-theft process.

PromiseMark sells a package that features fire-wall protection, credit monitoring, reimbursement insurance and assistance if one's identity is stolen. It costs from about $50 to $120 a year.

The company started out in 1997 offering virus-protection software but noticed the need for identity protection shortly thereafter. It began offering its protection plan against hackers and identity theft about two years ago, says Jim Basara, PromiseMark's chief operations officer.

A recent example of the vulnerability of online users came with a fraudulent e-mail purportedly from America Online, Mr. Basara says.

The mass e-mail asked AOL users to click on a link to go to an AOL Web site and update their information. The site the link led to was a forgery, an expertly crafted page that resembled what would appear on an actual AOL company site.

"They were trapping credit-card and personal information [through the fake site]," Mr. Basara says.

It's not enough to have fire-wall software, Mr. Basara says. Consumers need to keep that software updated. Security software is only as effective as the latest update, he says, because criminals are continually finding new ways to exploit the Internet.


A newer trend in protection software is to use "hosted" software. Under this plan, the software is hosted on a company's computer server, but the consumer's Internet system taps into it for protection.

In the not-so-distant past, computer hackers preyed upon companies and government Web sites either for mischievous reasons or to glean personal information. Now, with such firms shoring up their security systems, hackers are turning their attention to individuals.

Illegal software applications allow criminals to scan random Internet protocol addresses the address particular to an Internet-connected computer throughout the day until they find vulnerable computers.

That makes computers connected to the Internet through broadband or cable modems arrangements in which the connection is left on day and night more vulnerable to attack.

Dial-up connections attach to the Web for one interval at a time through phone lines.

Extra caution should be taken when surfing the Web on a stranger's computer.

Tom Arnold, chief software architect and vice president of product strategy for InfoSpace in Bellevue, Wash., says Internet cafes should be used judiciously.

"You have to assume you're not in a trusted environment," says Mr. Arnold, who also serves on the board of trustees for the National Coalition for the Prevention of Economic Crime. Some such computers could have data-recorder software installed in them, which can record a user's keystrokes and report them to another computer.

E-mail is one of the safer modes of transmission, but it also isn't infallible. Mr. Arnold suggests downloading e-mail encryption "shareware" free downloadable software from www.pgpi.org to protect any sensitive missives.

Despite the frightening possibilities, Mr. Arnold says most of today's Web surfers should be safe.


Going online without taking the right precautions, though, will increase those odds.

Jim Vaules, chief executive of the National Fraud Center in Horsham, Pa., says a talented hacker can find a person's Social Security number in addition to public information such as someone's name, address and telephone number.

Mr. Vaules says rogue Internet sites offer ways to order false passports and driver's licenses. "The Internet has provided the tools and tech to make this easy," he says.

Mr. Foley says that if someone suspects he or she has been a victim of identity fraud, the first step is to contact the three main credit-reporting agencies. Get a copy of your credit report, he says, to see where the damage has occurred.

"It gives you the information you need to process it with law enforcement," he says. "That report is absolutely key. It's the central piece for clearing your name."

Next, the victim should begin writing letters to various creditors, enclosing copies of the police report.

The process isn't easy.

Repairing the damage wrought by an identity thief can take years, he says, depending upon the extent of the damage.

Sign up for Daily Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide