Is Sarah Palin Safe? No. Identity Theft and Government Officals
You’ve probably seen in the news that a hacker gained access into Sarah Palin’s Yahoo.com email account. The hacker used a simple scheme and basic social engineering tools (research on Google and Wikipedia, common-sense guessing) to reset the password on the account and assume ownership of her email. [For a full account of how a professor, Herbert H. Thompson, used these tools to steal a friends identity (with their permission), visit his recent and extremely interesting article, How I Stole Someone’s Identity and the companion radio interview.]
In addition to denying Governor Palin access to her own account, the hacker had full control to:
- Read every saved and current email in her account (hopefully she never sent her Social Security Number, passwords or account numbers via email, not to mention correspondence pertaining to her role as candidate for Vice President of the U.S.)
- Steal the email addresses and any other sensitive information stored in her contacts (John McCain might want to change his email address)
- Send out emails as if the hacker were Sarah Palin, or worse yet, send out official emails as Alaskan Governor, Sarah Palin
The potential for abuse is mind boggling. Sarah Palin should take immediate steps to protect her stolen identity and to secure her future privacy. Here are a sampling of the steps I would recommend:
- Before closing down the compromised account, she should review all of the emails and contacts to which the hacker had access. Any account numbers, passwords, pin numbers or other personally identifying information that she sent via email should be handled on a case-by-case basis. For example, if she emailed her credit card number, that account should immediately be closed. This is a perfect example of why you shouldn’t send any information by email that you don’t want published on the front page of a newspaper.
- Subscribe to an identity surveillance service so that she can monitor the illegal use of her identity beyond standard credit report tracking. Remember, less than 20% of identity theft touches your credit report, so it is important to monitor other sources of risk, including non-credit loan reports, cyber-trafficking of your personal data, and court, criminal or government documents posted online, etc. The compromised data may not be used for years, so it is important to keep a watchful eye over time and not resort to a one-time credit check.
- Monitor her credit reports for free. This is important because it will allow her to establish a baseline credit file. In other words, she will know what the credit portion of her identity looks like before the thief has a chance to take advantage of it. That way, when her credit file changes (and she is alerted to the change by the surveillance service in step 2), she will immediately recognize the change.
- At the very minimum, place a fraud alert on her credit file with Experian, Equifax and TransUnion. I recommend going one step further and actually placing a complete credit freeze on her social security number. This will keep any identity thieves from setting up new credit accounts in her name by assigning a password to her credit file. It is slightly inconvenient and can cost a few dollars, but it is the best step for someone whose identity has been knowingly stolen. Make sure to sign up for the identity surveillance (step 2) before freezing credit, as this makes the monitoring process more difficult.
- Change her habits. The longer-term solution to this problem is for Governor Palin to stop revealing so much personal information (to corporations, on the internet, etc.). Identity thieves collect personal information about you in small pieces (a birthday from Wikipedia, your address from Google, your home value from mypublicinfo.com, private details from your blog or website, etc.). This is not an easy task, especially when you are a public figure. But a bit more discretion on her part will go a long way.
Unfortunately, Sarah Palin isn’t alone in needing to take these steps. You should too, before your email correspondence ends up as the top story on CNN.
John Sileo is America’s Top Identity Theft Speaker and the award-winning author of Stolen Lives: Identity Theft Prevention Made Simple. To learn more about having John motivate your audience to proactively protect sensitive information, please visit www.ThinkLikeASpy.com or call 800-258-8076. For further identity theft prevention tips, visit the Sileo Privacy Project at www.Sileo.com.