The life of an ID thief

Ever wonder how people's identities get stolen? A New York Times profile of 22-year-old convicted identity thief Shiva Brent Sharma explains a lot – especially about how it happens through phishing sites (more than lost credit cards and riffled-through garbage cans). The people most vulnerable to phishing-related ID theft are new to the Web. They're victimized by "social engineering" more than anything else. In other words, they're tricked. They believe an email when it looks like it's from their bank or an online retailer and says (as one of Sharma's did), "We regret to inform you, but due to a recent system flush, the billing information for your account was deleted." They're told to "click here" and got to a Web page that also looks like their bank's where they can fix the problem. They "fix" it by typing in name, address, credit card number, mother's maiden name, social security number, etc. The Times says about 100 owners of the some 100,000 email addresses Sharma acquired in one exploit fell for it. A prosecutor told the Times these methods are being used all the time, Sharma was just one of the first caught using them (caught three times). Sharma told the Times this is an addiction and he worries that, when he's served his 2-4-year sentence, he'll "relapse." If anyone in your circles is new to the Web, tell them to read this story – it's an interesting human story that'll also give them some cyberstreet smarts in one sitting. For a more academic take, see CNET's "The secret of phishers' success." And a US Justice Department study released in April actually adjusted earlier ID theft victim figures from the government downward, the Associated Press reported.