Complete Transcript of Interview – Randy: Abrams – ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
February 16 2008
Alan: It is said the “identity theft” is now America’s fastest growing crime and we know it can be a very big problems to anyone. But, just what is the real cost of identity theft? Our Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Well, thank you Alan. It’s my pleasure to be here.
Alan: In newspapers today, it was reported that, “Americans lost over 45 Billion dollars due to identity theft in 2007.” But, that is not the only cost of identity theft, is it?
Randy: Well, the real cost of identity theft goes well beyond dollars. There are a lot of emotional trauma; people feel violated; they feel like nothing they have is safe, at all. So, there is a lost of revenue in terms of the time that you spend trying to recover your identity; trying to get your bank accounts and all that set back to being right. The true cost is in human emotions, as well
Alan: In talking to people that have been hit by identity theft, they know that there are the victims; but the banks and the credit card companies treat them like they are guilty until they prove themselves, innocent.
Randy: That often times is the case. Banks and other financial institutions are going to say, “Well, prove that you are not just taking the money,” even though that there are terrible security measures in place when it comes to proving identity for financial institutions.
Alan: But, where is all this identity theft coming from?
Randy: More identity theft is perpetrated, using low-tech methods. But, the high-tech identity theft is a growing problem; it’s becoming much more of a problem. Right now, good old-fashioned “dumpster diving; getting receipts from restaurants; pulling information out of your mailbox,” is more than ½ of where the problem is coming from and quite possibly more than 70%.
But, you can’t ignore the computer, (the high-tech related side of it.) And there are some techniques that can help to mitigate that aspect of it, as well.
Alan: It’s not just dumpster diving, anymore. I’m getting whole hard drives that have been donated to schools or charities and then you look at the hard drive and you see just all kinds of stuff that really shouldn’t have been let out the door.
Randy: Hard drives are just one of those areas. People get rid of their computer and they done a simple format on the hard drive and think the data is gone, but it’s not. When do a regular format on the hard drive, it’s like ripping the table of contents out of a book, but all the information is still there. And the table of contents can easily be restored. There is what they call, “data wiping,” that should be done when you get rid of a hard drive.
However, the same thing absolutely goes for cell phones. Most people don’t realize that when you delete the contacts from cell phones and other information from cell phones, it generally is not really deleted. It can be recovered with some pretty inexpensive tools. Recycled cell phones can be another source of information that people can use to perform identity theft.
Alan: Talking about recycled cell phones, how do they get the information off that? We usually swap out the card that’s in there, don’t we?
Randy: Yes, but cell phones often have “built-in memory,” so you can save address information to a SIM card or you can save it to internal memory, as well. And frequently the default is to internal memory as well.
Alan: It almost looks like we are the ones that are shooting our self in the foot. We are always looking for the easiest and the fastest way of getting the information from point A to point B and we want all of this information at our fingertips so isn’t that part of the problem?
Randy: Security is a tricky challenge. It does require more work than not having security. Until people get bit, they generally aren’t going to consider the extra work required to secure their information.
Alan: And then we look at these little flash drives; these little thumb drives that go on the back of our computers, USB. They hold just a ton of information. Because you want to have all this information with you, but if it falls out of your pocket, then the whole company gets to be vulnerable, doesn’t it?
Randy: If you didn’t encrypt the data – yes. And that’s where encryption is a fairly simple tool for thumb drives. You can put information in zip files with good passwords and that’s encrypted well enough to halt all but the most wealthy and dedicated types of crooks.
Alan: Well, they were talking on the news that “Over 9.9 million Americans have been hit by identity theft.” What can we do to stop it or what can we do to even slow it down, some?
Randy: There are a variety of techniques that can be used. One of them is to check your credit report, (you get a free report every year). We really need to hound our lawmakers because you should get a free credit report of your credit anytime you wanted; it shouldn’t be just the “once a year” thing. Because, that’s one of the first things is to mitigate it if it has happened - is to notice on your credit report that there are incorrect entries.
Another thing is to shred papers, documents that have your information on them. That’s your Social Security Number; bank account numbers - stuff like that. Take your mail to a secured mailbox in a high profile location. Don’t just throw it in the mailbox on the street corner where someone could come by and beat the mailbox open and no one’s going to know it.
There is a growing problem with electronic identity theft with the use of computers. And there are a variety of technologies that can help. But, what’s really important is that you do keep your operating system applications updated, because often time’s identity theft is assisted or aided by exploitation of vulnerabilities that had been “”patched”.
Use security software, like firewalls and high-quality anti-virus on your system to prevent and detect things like “keystroke loggers” that can get your bank account information. Once they have got, they have got a lot of information about your identity. These are some steps offered to take to help prevent becoming a victim of identity theft.
Alan: If you have never been a “victim”, you really don’t know how it feels. I know someone, personally that accidentally put in the wrong information when they thought it was PayPal and for the next two weeks their life was just absolutely turned upside down because they had to go to the bank; they had to change all their credit cards. All these things that you normally don’t even think about; paying your bills online; you have to change all that information. It is a major disaster when that happens.
Randy: It is and if it’s only two weeks that was messed up they got off light, compared to a log of people. I have a good friend that actually works for a company where they actively hunt down phishing schemes and are often able to alert the banks, before the phishers have a chance to use the information. Once it is out there, you can’t take a risk, even if you are pretty sure that they caught it before the phisher used the information. You just can’t take the risk.
Alan: I know we try to block all these phishing attacks from emails, but a lot of times we go to a website and if we’re not careful something is going to be put on our computers. How does ESET Software block that and keep that from actually becoming a nightmare?
Randy: ESET Smart Security and ESET Anti-virus are part of a solution. Often times, programs called keystroke loggers are used. These are malicious programs that will look at where you are at and notice when you browse to a bank or to PayPal or to eBay or things like that.
When they see that you are at a place of interest they will start capturing everything you type in and send it to a remote attacker. But, these programs can be detected with the high-quality anti-virus product like ESET. So, that is one way to help protect your self.
It is also equally important to be careful what you put out on your MySpace pages or your Facebook profiles and stuff like that, because some people put almost all the information required to perform identity theft, right up in public on their pages. As hard as we might try, we can’t protect you from yourself if you are putting that information out there for everyone to see.
Alan: The younger generation really doesn’t realize that with all this information they put on MySpace and My Journal – that they are just opening the door for a potential time bomb in the future.
Randy: Today’s younger generation is used to “laying it all out on the line” and they don’t realize how the “bad guys” out there are going to exploit that information. Fundamentally, I think that the change in our society brought on by computers has created a need for different kind of education, starting in elementary school.
It didn’t used to be that we had to dedicate courses to things like social engineering, because those kinds of attacks were one-to-one. You didn’t have one person attacking 500 people at once and to perform the attack, you generally had face-to-face or traceable communications.
Today, it is all done virtually anonymously and in very, very high quantities. One-to-many is the norm, now. So, I think the fundamental changes in how our society is able to interact with each for good and for bad have really mandated a need for a different kind of education, social education in the schools.
Alan: It’s almost like attacking the castle, you have 1,000 warriors who trying to attack the castle and a good number of them are going to be killed, but all it takes is one to get over the walls to open up the gates and then everybody comes in.
You know we just get bombarded with emails after emails and some of them look so official from your bank; coming in off-hours when you can’t really pick up the phone and call your bank to find out if this true or not. But, it’s got something that says, “Your account has been suspended," until you do something. How do you tell what is a good email from a bad email? I mean, one of the things that we should not do when we get one of these emails?
Randy: Do not use any information that is in that email in terms of websites, telephone numbers. Call your bank from a number that you already know is good. Call them and ask them. Type in your bank’s web page; very often they are going to have information about that email that you received, warning you that that’s a hoax. So, that is a good place to start. But, definitely use external information to contact whoever is sending this message, saying to you that is such a problem.
Computers only tell you what they are told to tell you. Bad guys can make it look like some official sent you something that says whatever they want it to say. And the computer is going to say that.
Alan: I hear this all the time; “I move my mouse over the URL and it says it’s going to my bank. Why can’t I click on it?”
Randy: Because it was programmed to say it’s going to your bank. It doesn’t mean that is where it is really going and it doesn’t mean that’s a legitimate email. Just because I say I’m the president of the United States and you vouch for me, does that make me the president?
Alan: Not really.
Randy: No, not really - emails are even easier to trick.
Alan: Here at Let’s Talk Computers, we get all kinds of emails. We get emails from Bill Gates, saying that we’ve got free software. We get emails from our bank; we get emails from Wal-Mart, saying that we have won a free shopping card; we get emails from eBay, saying that we have not sent a bidder a product that he has won and paid us for. We even get emails from the IRS! These are very official looking emails. And the sad part is that there are people that will actually click on these emails and get caught.
Randy: Yes, there are. People have exploited the gullibility of others for thousands of years.
Alan: And the thing that we need to more than anything else is definitely to be vigilant in what we click on. But, we have to have the right kind of tools. This is where ESET comes in.
Randy: We provide security software to help protect things like phishing attacks; to detect things like keystroke loggers that might steal your information. But, just like driving a car, one safety device or two safety devices isn’t going to keep you safe. In addition to putting on your seat belt, you still have to steer the car or you’re going to crash into something.
So, using ESET’s Anti-virus Products and Smart Security Products can help you be more safe, but you’re going to have to think and take actions to secure your security.
Alan: Talking about “taking action,” all you have to do is go to the ESET Website and you can download a free full-featured Trialware. This is not stripped down in any manner, is it?
Randy: No, they call it Trialware. Really, it’s a trial of the full-featured Software. It’s not comprised; it’s not stripped down; it updates during that full month; it cleans, disinfects; and detects just like the regular Product. Because it truly is the regular Product - you just need a different license to make it last for a year, instead of month.
Alan: Randy, where can we get this Software?
Randy: Go to http://www.eset.com and you can download an Evaluation copy for yourself.
Alan: Randy, as always it’s been our pleasure to have you as our guest here on Let’s Talk Computers – talking about how we can keep our self, safe. We look forward to having you talking to you later.
Randy: Thank you very much, Alan. It’s always a pleasure to be here
Visit ESET on Facebook
Follow ESET on Twitter