How to Steal an Identity
This article's main purpose is to highlight how easy it is to steal an identity. I certainly do not condone identity theft and I take no responsibilities with how you choose to use any of the information about identity theft in this article. It's amusing to me how many times you can explain to people the importance of taking simple security measures to prevent identity theft and other types of security breeches, yet no one listens until something bad happens to them directly.
Or, people listen when you show them how easy it really is to do something - as in this case, steal an identity. This is why I've chosen this slant on the article - how to steal an identity, rather than how to prevent identity theft. We've all heard plenty of preventative measures, but let's face it, what gets our attention are the "how they did it" stories. So, here's the story of one way to easily steal an identity.
CNN Interviews Identity Thief
Hi-Tech Identify Theft Tools Required
1. A modern cell phone (with camera and video)
2. A pulse
How to Steal an Identity in 2 Easy Steps
1. Use your cell phone to take a picture of someone's business card.
2. Use your cell phone to video someone typing in their password.
Good Intro Video to Identity Theft
What Information Is Required to Steal an Identity?
- Date of Birth
- Social Security Number
Why the 2 Easy Identity Theft Steps Work
There are several reasons why this is so easy:
- I don't know why, but for some reason a lot of people tape their business card to their computer or laminate the business card and attach it to their laptop bag. This makes it easy for you to simply snap a shot of someone's business card. I know, you're thinking, a business card? Yep - the business card gives you a couple critical bits of information - the username and domain name, hidden in the form of an email address. For instance, if I give someone my business card and it has my email address as email@example.com, you know my username is "kea" and I will more than likely logon to a website similar to https://mail.hubpages.com to check my hubpages email.
- I travel very frequently and you'd be surprised at how many people at the airport have their business card out in the open and logon to their computer and corporate email server without making any effort to hide what they are typing. It's also alarming to me how many people don't know how to type - this makes it even easier to capture them typing a password!
- Because people are oblivious to this identity theft technique, it's easy to take a picture of the business card and record password typing with your cell phone. Next time you're at the airport, coffee shop, or anywhere with wireless access or with a lot of people with laptop computers, take notice of how many people are doing something with their cell phones....you won't stand out, even if what you're doing is taking pictures of business cards or shooting video of someone typing. Just be sure to turn off that camera noise that some phones make when you snap a shot :)
Dell's Mail Server
Tips to Prevent Your ID from Being Stolen
As I mentioned earlier, I mainly put this together to increase
awareness. I'm not at all advocating stealing identities. Here are
some simple rules to follow to prevent your identity from being stolen, by someone using the tactics described in this article.
1. Don't tape your business card to your laptop or laminate it and put it on your laptop bag.
2. If you're in a public place (airport, coffee shop, etc.) and you need to enter your username and password, do so discreetly and make sure no one is observing you or has a cell phone pointed in your direction :)
3. Preferably, find a seat with your back against a wall to prevent people from viewing your screen.
You Have the Picture and Video - Now What?
This takes a little skill and experience, but if you got a clean shot of a business card you know the username and domain, as I mentioned earlier. Now, it's just a matter of finding out the web address for the email server. Here's an example:
1. Let's say the last business card you snapped a shot of was for someone that worked at Dell Computers - domain name: dell.com.
2. Here's what I tried to get the mail server:
- http://mail.dell.com - this timed out
- https://mail.dell.com - this worked and brought me to the logon screen
It's not always this easy - some companies use different names for the mail server, like "owa.company.com," but in my experience most companies use "mail.company.com" with https.
NOTE: You can eliminate this guesswork by snapping a shot of the person's screen as they bring up their company email server - you can get the URL (address) from the picture.
3. Getting the password from the video - this is a little trickier and requires some experience. Ideally, you would have started the recording when you notice the user at a logon prompt, preferably one to the email server. To get the password from the video, copy the video from your phone to your computer and replay it in slow motion until you figure out the pattern.
4. Yes, I know, you're thinking....okay, so what I have access to a person's email account...big deal, right? Maybe, but most likely, you can find enough information about a person from his inbox and sent items to steal his identity. Just logon every now and then and peruse the person's emails for key bits of information, like social security number, address (usually in the Global Address List), birthday, etc. Without going into great detail, to avoid getting caught, you should disguise your IP address and computer information prior to logging on with the stolen credentials!
5. OK, so what if you don't find enough information to steal the identity? Well, if you're really bored, you can send emails using the compromised account...use your imagination on this one.
I take no responsibility for any actions you take, based on any information contained in this article. I do, however, hope you learned something and are now more vigilant about your own security!