The Observer is a Student-run, daily print & online newspaper serving Notre Dame & Saint Mary's. Learn more about us.



Identity theft a threat on campus

Sarah Mervosh | Thursday, April 2, 2009

If you ever received a credit card application and promptly threw it in the garbage or if your date of birth is posted on Facebook, it is easier for someone to steal your identity, according to Director of Information Security Gary Dobbins.

“By the time you realize [your identity has been stolen], you’re out trying to buy a car,” he said. “Someone runs a credit check on you and realizes that you’ve already owned four cars and several boats. And you had no idea.”

College students are particularly vulnerable because many students have not had to depend on their identity and therefore, do not realize its worth.

“They might not have even realized its value yet, but the criminals certainly have, Dobbins said. “They would prefer to steal it from you before you realize that it is important.”

College students also tend to receive a lot of credit card applications, he said, which makes them more vulnerable. A blank credit card application in the garbage can give someone the opportunity to steal your identity.

“I could open it up, fill out your name, and start taking on your identity slowly, starting with that,” Lenette Votava, organizational communications analyst, said.

If identity thieves fill out their addresses on enough credit card applications under your name, then it is more believable to the credit card company that you may have moved -and they gain control of your identity and finances.

“They build it up a step at a time in terms of plausibility,” Dobbins said.

Another reason college students are vulnerable is their widespread use of social networking sites, like Facebook, Dobbins said.

“People are very willing to give away a lot of what we would call valuable information on social networking [sites],” he said.

“Valuable information” is information that other institutions would consider private and would use to prove that you are really you, such as your birth date, your high school, your mother’s name, or your best friend’s name.

“What you think isn’t easily discoverable surely might be. And with enough of those little mini-secrets, someone can establish plausible credibility that they are you,” Dobbins said.

Dobbins also said that even if you limit Facebook so only friends can view your profile, you still might not be safe from identity theft. He said someone trying to steal your identity could use a Facebook application to collect information about you. Clicking “Allow” when installing an application may give someone access to personal information.

“Who wrote that application? What are they doing with that application? Delivering virtual carnations or creating a library about you [and your personal information]?” Dobbins said.

If someone calls and claims he or she is from a bank, the IRS or even the Office of Information Technologies (OIT), be wary of imposters, Dobbins said.

“Anybody can say they are the IRS,” he said. “E-mail is so incredibly easy to forge … Caller ID is easy to spoof.”

If you think the person calling is legitimate, ask for their agent’s number to check for legitimacy, Dobbins said. He also said to ask for a number where you can call them back, and then cross-check that number with the one given for the agency online.

“A legit agency will not intimidate you from attempting to verify their legitimacy,” Dobbins said. “If they are illegitimate, they will try to scare you, try to tell you you will be fined if you don’t answer right now.”

Dobbins said there are people who pose as the OIT to try to trick students into giving them their NetID and password.

“The problem with these impersonation attacks is that they are looking more and more legitimate everyday,” Dobbins said. “It used to be they would be so full of misspellings and nonsense … that it would be impossible to believe them. Now they will follow on the heels of the e-mail upgrade that we actually did and they’ll sound like us.”

He emphasized that students should never give out their password, even to OIT.

“If we destroy your account, we would find a way to get a hold of you and find a way to verify that you were you, like with a picture ID, and we would hand you your new password,” Dobbins said.

Dobbins said that if he could get one thing across to students, it would be to never give an agency information it should already have.

“We will never ask you for your password,” he said.