
Identity theft at epidemic levels, warns Cifas - pmoriarty
http://www.bbc.co.uk/news/business-41011464
======
guscost
Paraphrasing from a comment I can't find anymore:

Identity theft is a PR con job. Think about it - the idea that a criminal can
"steal your identity" is patently ridiculous. What they actually do is defraud
your bank, or a vendor, or the government, by impersonating you. Instead of
taking responsibility for being defrauded and paying for effective
countermeasures, these institutions try to convince us that when _they_ get
defrauded it is somehow _our_ responsibility. Then they _sell us_ the
countermeasures.

It's one of the most impressive strategic manipulations of public
understanding that I've ever seen.

~~~
hitekker
You took the words right out of my mouth.

I'd add that we don't formally teach the basics of our credit system (or even
our financial system) partly because children would easily poke holes into the
accepted explanations.

"Why would a bank let someone pretend to be me? Shouldn't the bank ask for
more info?"

"Why does it take forever to know my credit but any business can get in a
second?"

"Does the government run the three companies that set your credit score? Why
not?"

It's a kind of unconscious, societal embarrassment that manifests as an
educational taboo.

We don't talk about what we don't want to think about, or more specifically,
our society doesn't teach what it has accepted without critical thinking.

------
Buge
>Update your computer's firewall, anti-virus and anti-spyware programmes. Up
to 80% of cyber-threats can be removed by doing this

Does identity theft usually involve malware? I would think the biggest "cyber-
threat" risk is phishing and I don't think firewalls and antivirus are going
to help you with that beyond what safebrowsing already does.

Antivirus can actually open you up to certain attacks with memory corruption
vulnerabilities in the file parsers that automatically run.

~~~
fnordian_slip
"Antivirus can actually open you up to certain attacks with memory corruption
vulnerabilities in the file parsers that automatically run."

Yeah, I thought the idea of firewall == snake oil was pretty well-accepted
among computer-literate people. The kind of people who might benefit from it
will just make an exception for malicious software without reading the
prompts, and power users know what to download.

And in addition to that it makes people even more insecure as it promotes a
false sense of security. It seems that having a firewall makes people even
more likely to turn their brains off and clicking "yes" on any dialogue
without reading it. Favorite quote after finding malware on someone's system:
"But I have a firewall, this is impossible!"

But most importantly is probably the viewpoint of the top comment: Banks and
other companies have changed the narrative so that users are responsible for
their poorly implemented security features.

This is quite absurd, when you think about it.

------
Multicomp
If the general public would learn and implement even one out of the below list
items, they would significantly improve their online security

1\. Learn how to type facebook.com into the URL bar vs. Googling for Google,
then searching Facebook, then clicking the Facebook ad that redirected to a
phishing site (happened to my sister)

2\. Use password hygiene (you'd never reuse the same kleenex would you?)

3\. Use a password manager

4\. Don't be obstinate when computer people try to help you improve your
online security.

5\. Update your crap, stop clicking Remind Me Later

A dismissive sniff is NOT the proper reaction - those computer nerds aren't
wearing spandex anymore deary.

"I don't want to do that!" Well fine, I'll wave goodby as you do the
equivalent of driving down the freeway with no doors, no seatbelts, and three
flat tires~!

~~~
heavenlyblue
Oh come on: you may make a point of users not caring about security, but in
essence it all comes to the entities that actually care: banks, who need to
prove it was user's fault; government, whose voters are not going to vote for
the president who could not deliver a safe government; shops who pay for
chargebacks...

Why don't we just stop trying to make users remember all of the safety
measures they've got to take care of (which by the way sound to a layperson
more like a cargo cult rather than a genuine problem), and implement proper
public-key authentication on all of the websites?

Identity theft is a problem - that's true. But the solution is the practical
one and not ideological.

