One crime flourishing in the Internet age is identity theft. Unscrupulous information vendors are willing to sell whatever info about you that they can get. Since obtaining credit cards and purchasing goods online is getting easier and easier, there is greater potential for abuse, and a higher incentive for the bad guys.

Identity theft is when a criminal takes your personal informationââ,¬"like your name, address, social security number, mother's maiden nameââ,¬"and uses it to establish credit and charge items to you.

Identification cards and credit cards are applied for using your personal information, and once the credit cards are issued, the bills start rolling in.

With sites like AT&T's AnyWho, PeopleFind, and US Search, finding anyone's published, and sometimes unpublished, address and telephone number is now quick and easy.

Are you setting yourself up for problems by divulging too much of yourself online? We'll take a look at the ways you provide information about yourself online, and look at what you can do to protect yourself in this brave new world. We'll also show you what to do if you suspect you've been a victim of identity theft, and provide plenty of online resources.

If you've ever wondered what you can do to minimise your risks of identity theft online, read on.

Ways in which you divulge info online

You may be exposing more about yourself than you realise in your online activities. For instance, did you realise that if you have your browser configured in the most common way, your name and e-mail address are available to any Web site you visit?

This may seem like a paranoid suggestion, but many people keep the name and e-mail fields in their browser's options or preferences blank or filled out with bogus information. Of course, you are sacrificing the convenience of letting the browser provide that information for you in some situations. But if you do this, and monitor your cookies, you'll always know when, and to whom, you are providing personal information.

Then there are the myriad accounts that most of us maintain to access a variety of sites and services. Surely you've been asked to fill out long forms of personal information to register for Web sites. Most of these include a question near the end asking if it's OK if they share this information; if they're polite it's defaulted to No.

We're not saying that reputable sites will pass on your personal information to criminals, but clearly the more places you put this information the more chances exist of it being appropriated for misuse.

You should think seriously about allowing an unknown company or person to collect personal information about you. If you give them permission to "share this with a few of our select advertisers," it will most certainly be sold to other companies who trade in identities and demographic information. This is one of the possible ways that your personal information gets spread around.

Even if you don't give them permission, do you really know if you can trust the people behind the Web page to respect that? Those names and addresses are valuable, especially if they can be tied to shopping or surfing habits. Before giving personal information, it may be good to check out the site's privacy policy. Keep in mind, though, it's still really the honor system.

Cookies

Let's not forget about "cookies" while we're on the subject of divulging information. Cookies, in this context, are the files that Web sites can store and access on your hard drive, to keep track of what you've done there before. This can be handy, and in most cases cookies are useful and desirable, but room for abuse exists.

You can tell your browser not to accept any cookies, but it probably isn't practical for most of us to surf that way. Instead we recommend setting the security preferences on your browser to prompt you before accepting any cookies. That way you can decide if it is a site that you want keeping track of your info.

Typically, you'll want to accept cookies from sites where you have set up customised or personalised views or that require logins. Trusted commerce sites that you have done business with in the past are worth saying yes to also, as it will save you time if the site can remember and reuse your billing data.

To access your browser's security settings in Navigator, select Preferences from the Edit pull-down menu and click on the Advanced tab. You'll see choices to disable all cookies, accept all cookies, accept only cookies that go directly back to the requesting server, and prompt before accepting cookies. In Internet Explorer, choose Internet Options from the Tools pull-down menu and then select the Security tab.

What you can do to protect yourself

Of course what you really want to know is what you can do to prevent, or at least reduce, the odds of becoming a victim of identity theft. There are several things you can do, most of which are just part of a common sense approach to controlling your online identity.

Obviously, precautions should be taken not to reveal your personal details to strangers who have no business with them. Be very wary of new online acquaintances who press you for personal info. Never reply to spam e-mails.

Other common sense tactics are to steer clear of contests, sweepstakes and something-for-nothing offers. Inevitably what really is happening is that your personal details are being collected and soldââ,¬"that is the real currency of these deals.

As mentioned earlier, you can increase the level of privacy of your surfing by anonymizing name and e-mail settings in your browser.

Follow these instructions to access the personal information settings of your browser: In Netscape 4.0 and higher, select Preferences from the Edit pull-down menu, and go to the Identity screen under the Mail and Groups tab. For Internet Explorer 4.0 and higher, select Internet Options from the Tools pull-down menu and go to the Personal Information section of the Content tab. Then select My Profile to access and edit your personal info.

Another common tool is to use disposable e-mail accounts for non-private communication. A good strategy is to use your permanent, ISP-related e-mail address for only personal communications with friends and family, and to obtain some secondary e-mail accounts for other purposes. There are many free e-mail services like Hotmail and Yahoo! Mail, so having a few extra accounts around won't cost you a dime.

You can even go as far as configuring several e-mail accounts for different purposes. For example, one with your correct details for making online purchases, and another with bogus details for more risky uses like newsgroup postings and non-commerce site registrations.

Caveat Emptor

An important aspect of protecting your identity online involves being aware of where you are and what you're doing online. It sounds silly, but it can be easy to follow a few links, and then find yourself with a form to fill out and not even know what it's for.

Especially pay attention to where you are if you're deciding to make a purchase online. Most importantly, before you send your credit card number anywhere, make sure the site is using a secure server to encrypt the transaction, and that you are using a secure browser. On a Windows PC, a secure server will be shown by a small lock icon in the bottom of your browser window. The URL of a secure page should begin with "https" instead of "http." If a site doesn't support secure transactions, they're not ready for your online business.

Another thing you can do to help assess a Web site's credibility is to examine their privacy policies. There has been a real push recently to incorporate privacy policies into most sites that collect information or transact business, and it's worth looking for one if you're considering giving up some personal information.

Also examine the site for a TRUSTe or BBBOnLine seal. These organisations certify sites that maintain certain minimum privacy and honesty standards. Check if a site is truthfully displaying a seal by visiting the certification organisations directly.

For the most extreme levels of privacy you're going to have to work a bit. If you want to be absolutely sure your mouse-clicks aren't being monitored, you can surf cloaked by an anonymiser service. Check out sites like Anonymizer.com and IDzap for more details.

To keep your e-mail and files as secure as they can be, encryption is the way to go. Not quite user-friendly enough to be seamless yet, but worth the effort if you need the highest level of security. Programs like Pretty Good Privacy (PGP) and Invincible Mail are leading the way.

Encrypting your files will render them meaningless to most observers by applying a specific algorithm to your data. To decode the encrypted files the correct decryption key is required. The key is an algorithm that "undoes" the work of the encryption algorithm, making the files readable again.

What to do if you suspect you've been a victim of identity theft

If you get suspicious bills or phone calls from creditors about unknown debts, you may have been the victim of identity theft. By all counts it is a terrible experience, and many victims have described the profound sense of violation that often accompanies identity theft.

The good news, if you can call it that, is that you almost certainly won't be held responsible for any of the debt incurred as a result of identity theft. This is fraud, and our laws put that burden squarely on the creditors' shoulders. But, you can also expect a long and painful experience getting it all straightened out.

Once you know that you're a victim of identity theft, the first thing to do is call the police and file a report. Make sure to ask for a copy of the police report, as you'll need this in your dealings with banks, credit card companies and credit bureaus.

Next on the list should be to call all your credit card companies and explain the situation, and close your existing accounts and open new ones. The same should be done with your bank accounts.

Now call the fraud departments of the three main credit bureaus in this country, Equifax, Experian, and Trans Union. Explain the situation to them, and ask for your account to be flagged with a fraud or security alert. Ask for them to call you explicitly to verify any future credit requests; they will be glad to help with this.

The FTC recommends that you check your credit report annually with all of these companies, which can be done online for around US$8 each.

If someone has been using your driver's license number you should request a new number and license from your DMV. They'll need to see the police report as well. If your social security number has been fraudulently used you can also request a new number from your local office of the Social Security Administration.

A couple of other numbers that you may want to call are the Social Security Administration's Fraud Hotline and the Federal Trade Commission's ID Theft Hotline.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.