Another thing an attacker can do is to take over your social network account (Facebook, for example) or Gmail, by calling the support, pretending to be you who “lost a phone” and “got locked out of email”, and sending them the scan of your passport to “prove” he is you. This has happened in past (see for example “Aaron Thompson lost control of his Facebook account after an attacker used social engineering and a fake passport”).
There is an app that integrates with Dropbox that encrypts your data, so that you get the convenience of having it everywhere but much more difficult to steal. It’s called BoxCryptor, check it out. I have my passport and some insurance stuff on there as a backup.
A passport copy can often contain sensitive information such as date of birth which can be used to access other sensitive information such as bank accounts. However, most transactions where you need to get in touch with customer care to get access will also require additional details such as secret passphrases, PINs, address information, or account numbers – none of which are available on your passport, hence the passport alone will usually not help anyone steal your identity. Additionally, if trying to steal your identity in person as opposed to online or the phone, they’d need to look similar to you and/or back it up with some form of secondary ID such as a national ID or a driver’s license, and obtaining BOTH your passport copy and your secondary ID can be hard for a casual counterfeiter.
Dropbox isn’t the only way to store copies of your passport; some people do this by saving a scanned copy in their email account. Whatever way you choose, if you are concerned protecting data then you should look into enabling two-factor authentication on such accounts where in addition to your password you also need to enter a one-time password generated either by an app or sent to you by text message to access the account. Since receiving text messages is free in most countries even when roaming (or is reasonably cheap), this can be a good way of boosting security on your account while travelling.
Yes – it does increase the risk of identity theft, however for most successful identity thefts, the attacker would need various other bits of information as well.
The best way to think of it is that every piece of information about you an attacker has, the less effort he has to expend to impersonate you.
Once an attacker can impersonate you they could steal your money (this happens a lot with online banking), your house, your credit rating, your reputation, and generally cause you major problems.
General recommendation is to not place anything in Dropbox unencrypted, if it is at all sensitive.
We have a range of questions on this topic over on Security SE and more than happy to discuss in the DMZ – the Sec.SE chat room.
Credit:stackoverflow.com‘
4 Mar, 2024
4 Mar, 2024
4 Mar, 2024