"someone stole one of my rubbish bags" - STOP identity theft!

It seems a long time ago now that your supermarket receipt had all your credit card details printed on it and people would unwittingly toss them aside in the car park ready for them somebody to pick them up and follow them home so that they get the address to match as well.

It all sounds very silly now because our levels of understanding about identity theft have matured since these days but if you only sit back a minute and think how easy it is for information to be gathered about you you can see what a problem this can be. The problem is that just as our understanding of identity theft is moving on the 'goalposts' that we benchmark against are moving on as well.

Have you ever thought about how easy it is to get someones mothers maiden name? or to find out what was your first school?

Do you always use the same password when you register with sites online?

Here are our Leonmedia top tips on protecting yourself:

• Shred everything. Start with the physical side. When you open a bank account think about what they will ask for as proof of identity - utility bills, other bank statements. Shred all of these and don't let them get into the wrong hands. Credit cards - cut them up and if you have to do it by hand and cannot cut up that small dispose of the cuttings in separate bags for separate week collections.

  44% of Britons STILL DON'T shred documents containing sensitive information before placing them in the bin

• Protect everything you do online. Get yourself virus protection and firewall protection. If you are not sure here, either give us a call or go to PC World and ask them. Do not be afraid to spend some money if it is going to give you peace of mind.
• Don't install every piece of shareware you can find. It is commonly known that the 2 major areas of virus infection are either through opening email attachments or downloading and installing infected software. If you are not sure about the content (or you were not expecting the email) then do not open it.
• Don't use easy to guess passwords. Ever heard of a dictionary attack? A dictionary attack is where a hacker runs a 'dictionary list' against your account. This makes it easy to break passwords if they are based on a known word construct. More detail on dictionary attacks can be found here
• Don't give up too much information. If you are on facebook or other social networking sites don't tell the whole world everything about you. Set up your account security properly. If you are inquisitive set up a dummy account (that isn't one of your 'friends') and have a look to see what sort of information a stranger can find about you.
• Don't use the same password. Let us imagine a scenario where you register with a site and set yourself up an account. The site may be legitimate but what if the company get in a temporary worker to cover holidays and he decides to log on to their server and download a copy of all the email addresses, logins and passwords? It probably doesn't matter for this site but what if your password is the same as that for your bank account or paypal account? You would (or maybe you wouldn't) be surprised to learn that there are many people who always use the same password. For larger organisations it doesn't matter so much as they have protection in-house to secure against this risk - but if you are using the same password everywhere then you are really not helping yourself.
• Set your wifi up properly. There are varying levels of wireless encryption and people still have their routers set to the old encryption WEP. This is very hackable and if somebody wants to they can break into your encrypted network. Always use WPA-II if it is available. Secondly, change your network name to something non-descript - do not advertise your address or your network provider as part of your network name. Thirdly, change your router login and passwords; larger companies use default sequences of logins and possibly passwords as well thus making you vulnerable to the aforementioned dictionary attacks.
• Social engineering. People are clever - and you should never give up any more information than is necessary. When my bank call me on my mobile and ask to identify me by asking some 'identification' questions I will always call them back using a legitimate phone number from my own records. Social engineering can be in many forms, either door to door, by phone and more commonly now as emails or on online forums and social networking sites. Typically it is done by someone in authority or knowledgeable on a particular subject. Read the wiki page on this subject for more detail.

So how much of a problem is it? Well it looks like it is always going to be a problem given the amount of information that is out there 'online' and our need to use the internet for so many things in our every day lives. When I had my first house alarm many years ago I ask endless questions about how secure it was.

But the real cruncher was not about how secure the alarm was but it was when the salesman put it into the context of a burglar. 'You can always be burgled if someone really wants to burgle you', he said, 'but the good thing is that most burglars are opportunists. This means that if they walk down your road and all your windows are closed and you have an alarm box prominently displayed they are less likely to burgle you as they will always want to take the easiest option'. The same applies for identity theft it seems. But then what if the alarm salesman was working me and was just using a social networking technique I have disucssed to make the sale....