Wednesday, December 12, 2007

Cyber Crime

Yesterday I discovered that my credit card details, home address, telephone number, email address, and password had been posted online. I won't link to it for obvious reasons, but I was quite annoyed. Luckily the card had expired and the password was irrelevant.

There were over 300 of us up there, mostly from the UK it seems. I "scraped" the page for email addresses and contacted my fellow victims. Inevitably many emails bounced back, but I have had more than 10 responses (and even one phone call). We are still not sure how these details got out, but I expect some online retailer was hacked and the user database extracted. I am not sure how to escalate the matter further, but some of the others are looking into it.

I discovered my details using Google Alerts: you register search terms and it emails you if it finds a new page containing that term. I use it to monitor terms like "WiMAX" and "Keima" to find out what is happening, I also monitor my own name, which is how I discovered the criminal website. Thanks Google - this more than makes up for your recent indiscretion.

If you want to protect yourself, I would recommend the following:
  1. Check your bank accounts online and regularly.

  2. Register your name with Google Alerts; put it in quotes so it looks for the whole name. It is also fun to find out who is talking about you.

  3. If your name is common then this won't work, but you could register your credit card number, address and phone number.

  4. Use different passwords for each site you log into. Many of the victims in this case will have used the same password that they use to log in elsewhere, which opens them up to all sorts of other problems. I generally use a new password for each website and store them all in a password protected store (an encrypted Outlook folder). This also allows you to use much more elaborate passwords that are unlikely to be cracked by brute force.

Don't have nightmares!

No comments: