Vicvelcro | 05-09-2010 05:21 AM | I would not allege that your entire identity was stolen. I would state that I have not used my account for quite some time. After a certain amount of playing completely dumb, I would gradually get more educated and eventually 'suspect' that my account was hijacked. Not my whole identity. Just my accounts.
A good (bad) keylogger or rootkit could conceivably (and often does) gather all that info.
Suppose I get hit by a rootkit. I don't know it yet. I log in to my bank. Check my credit cards. Do some ecommerce. Visit some pr0n sites. You know, normal stuff.
All that data would be packet-sent to a server somewhere. The invader might not touch my data for six months. Then BOOM, they use all the information to hijack my online identity. Not my real life identity. They would not have my ID cards or my CVN numbers. But they could take over my ecommerce related resources.
So, play dumb, then less dumb, then undumber, then not so dumb.
Don't admit that you allowed anyone to do anything.
If it becomes necessary later, you can still do the thing with the credit agencies. |