• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

Identity Theft Protection Explained

by wing

What is Identity Theft?

You must have heard about ‘impersonation’ or identity fraud-the way one Internet user take on another user’s identity and gain illegal access of another user’s emails or data files. Annually almost 750,000 people are being affected by impersonation-the number one consumer complaint filed with FTC(Federal Trade Commission).

The technical name of identity theft is session hijacking. In fact, over the Internet taking on someone else’s identity is very easy than doing the same on physical world. When you start communicating with another person or visit any website, even when you just send email, each time you need to establish a TCP session connection with your destination computer, where the website resides or emails are stored. Each TCP connection start a TCP session in order to facilitate data transfer ( to learn about TCP read TCP/IP protocol suite or OSI layers) between computers. Session hijacking means taking over such type of TCP session by another person, using your session data. 

identity theft protection
identity theft protection

How users’ activity is marked by the web servers?

When you login into your email account by entering user id & password(which is your online identity to prove yourself to someone that you are actually the person who you claim to be ), the web server creates a “UID” and sends it as a cookie to our browser. After logging in email account, usually, one checks Inbox or composes emails- each action of user is marked by a cookie file, which is stored in the computer. So, cookie actually helps us and the web server to know about users’ status e.g. if he is idle or sending emails.

Each cookie has an expiration time, normally one-hour, from the time it is issued. During this one-hour life span, if you remain idle after checking you emails, then exactly at the end of one-hour your account will be automatically signed out. So, the purpose of cookie is to let the web server know about a user activity and state.

No matter whatever you do with your email account after login, the cookies keep all the track of our activities and if this very same cookie string can be paste into anyone’s computer during the active life-time period of a cookie, then that person will get instant access to your emails-and will be able to do whatever he wish to accomplish with your emails.

How to Prevent Identity Theft or session Hijacking?

Actually, session hijacking is weakness, for what most of the blame goes to web application development team. During the web application or email application development if a development does not follow appropriate cookie control mechanism, then you might be a victim of session hijacking. From your side, you just need to pay attention on that if your organization’s IT manager is tracking cookies, if so then any rouge IT personal can make abuse of those cookies to gain illegal access to your emails.

  • Always logout your email account when you no longer need them.
  • Whenever possible, try to use https or SSL for your email, if your email vendor provides such facilities.
  • Try to use digital signature with files or emails, this will not prevent session hijacking but it will certainly prevent from alternating your actual messages by the intruders.

Identity theft is such a typical and difficult-to-detect type attack that it cannot be detected by any intrusion detection and prevention systems, so most of its prevention depends of the email application software(how cookie is controlled in a web session) and on following of some of the mentioned tips.

Related Posts:

  • digital certificate creation process
    What is Digital Certificate?How it Works?
  • Top 10 Tips to Prevent Data Exfiltration
    Top 10 Tips to Prevent Data Exfiltration
  • ways to prevent online banking fraud
    5 Ways to Prevent Online Banking Fraud
  • RFID security threats
    Top 10 RFID Security Concerns and Threats
  • Top 10 PHP Security Tips
    Top 10 PHP Security Tips
  • cyberstalking
    Top 5 Tips Dealing with Cyberbullying/Cyberstalking…

Filed Under: Internet Security and Safety Tagged With: identity, protection, secure

Primary Sidebar

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Related Posts

  • digital certificate creation process
    What is Digital Certificate?How it Works?
    A digital certificate is a way to confirm the identity…
  • Top 10 Tips to Prevent Data Exfiltration
    Top 10 Tips to Prevent Data Exfiltration
    To prevenet data exfiltration from your organization, you can classify…
  • ways to prevent online banking fraud
    5 Ways to Prevent Online Banking Fraud
    If you are a frequent user of online banking, you…
  • RFID security threats
    Top 10 RFID Security Concerns and Threats
    Like any other security devices and mechanism RFID is not…
  • Top 10 PHP Security Tips
    Top 10 PHP Security Tips
    This is a list of  top 10 PHP secuirty tips…
  • cyberstalking
    Top 5 Tips Dealing with Cyberbullying/Cyberstalking…
    Both children and adults are vulnerable to various types of…
  • laptop security
    Laptop Security Devices and Tips
    Providing physical security to your laptop is your primary concern…
  • Top 10 Ways to Prevent Data Leak
    Top 10 Ways to Prevent Data Leak
    Who wants to lose his sensitive and confidential data? The…
  • ransomware network
    Top 12 Effective Ransomware Protection Tips
    What is ransomware? Ransomware belongs to the family of malware…
  • 11 Symptoms to Identify  if Someone has Internet Addiction
    11 Symptoms to Identify if Someone has Internet Addiction
    Only a handful of research has been undertaken so far…
  • what is vpn and its basics
    What is VPN and How it Works?
    By reading this post you can learn about VPN and…
  • cookies setings
    What are Cookies in Web Browser
    What are cookies Cookies are a small piece of software…

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com