it's been done...
Posted on 02/04/2021 6:38:23 AM PST by rktman
Your “application for unemployment benefits has been approved,” stated the letter from the Illinois unemployment bureau a few weeks back. That was perplexing, since I never applied and wasn’t unemployed. So I immediately told my (part-time) employer and the state unemployment agency.
Turns out somebody had stolen my personal information – again. [Insert grimace emoji here.]
Since this was the third time I’d been a victim of identity theft and fraud, I was steamed and wanted to know how thieves kept getting my information and conducted their grifting. If I knew where they got my information, maybe I could change some of my online behavior or take better precautions. I spent a lot of time on the phone giving my state unemployment agency my details. They were so swamped, it took them weeks to get back to me after I left a voicemail reporting the fraud.
I realized I would have to take matters into my own hands. This led to a month-long odyssey that included interviews with security experts and law enforcement officials and some frightening insights about the modern thieves market called the dark web. It was also a dispiriting trek as I was reminded how helpless we can be in the face of global technology that makes life easier for both the law abiding and the criminal.
(Excerpt) Read more at realclearinvestigations.com ...
A lot of people would be disgusted and 🤢 by some of the things that go on out there. Libs, probably not. Even participants.
Thanks.
For what it’s worth, I finally set up a yubikey to access certain sites.
Yubikey seems to be a “no-brainer” security device to create another level of security. Once yubikey recognizes your computer and the site you’ve registered with, there’s no way anyone can hack into your account without the yubikey. Or at least, that’s what I’m told.
To access a site, you must physically plug the yubikey into your computer and then tap it when prompted.
I’ll now go cross my fingers and rub my lucky rabbit’s foot, just in case.
Can you recommend a place I can read more about this security? I have the padlock and it is clickable.
Thieves kept getting my information.
Every agency or company has a long list of names and information more often tan not it’s sold not stolen.
Ever winder how so many lap top of business people get lost?.
It even happens with the FBI.
The benefits of having an Eastern European name that was mispelled on immigration papers has its benefits. Hard to steal your identity.
Having a different random password for every site is nice, but it is equivalent in security to using gibberish1, gibberish2, etc. Your adversary only gets a few tries in a properly designed site and won't guess. If the site is not properly designed and insecure then nothing will save you from having all your personal info stolen.
My cert on ny throwaway website says "Issued by: Sectigo RSA Domain Validation Secure Server CA" That means I used one of the cheaper cert issuers and they validated my domain meaning I have control over the contents of the website (it could be malware, and they don't care).
OTOH when I click on the padlock for bbt.com it says "Issued by: DigiCert TLS RSA SHA256 2020 CA1" which a more expensive cert issuer and they check more about the company (BB&T) before they issue it. They won't give one to someone claiming to represent BB&T, the applicant would have to prove they are authorized by BB&T, a manual process which takes days. It's called business validation and it costs more often $100 or more per year versus $10 or less per year for domain validation.
Yubikey is recognized by the server you are connecting to. Your computer is just he go-between. You can use the same yubikey on any computer (that's one of the advantages).
“I’ve often wondered if Lifelock was reliable for protection.”
_______________________________________________
When I applied for a new account, before I even got out of the store, Lifelock had left both a text message, a voice message, and sent me an e-mail.
Before I finished applying for a car loan, the same thing happened. Before I even signed the paperwork.
Years ago, we used a card we use for our vet bill at a Lowe’s which was going out of business. AT THE REGISTER, we were advised our credit card wanted us to call them from the Lowe’s Customer Service.
The particular card company picked up it was NOT a vet purchase and wanted to make sure it was us making the purchase at Lowe’s.
My beloved did have one account compromised because he failed to have security measures in place; got it all taken care of and he’s better at it, now.
While I dearly hope we never have to use the ‘after ID theft’ part of Lifelock, I would imagine it’s good.
Very thoughtful thread... thanks for posting.
it's been done...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.