Protecting yourself from Internet Identity Theft is
simply
a matter of taking steps: be careful with the contents of your email,
know
the more prevalent scams, and make sure the financial tools you use on
the
Internet are protected.
Email
What’s in YOUR Email?
Writing to family, friends, or businesses is an acceptable and
reasonably secure way to share information. More than likely the postal
workers won’t read or share your letter with anyone. The contents of your
letter are safe from prying eyes because of the envelope. Email has no
envelope! Every time you email something, it heads out into cyber space
and who knows what aliens peek at your information on the way to its
destination. Legitimate companies never ask for information via email,
because email is NOT SECURE!
Email Phishing
“Phishing” (pronounced “fishing”) is a fairly new Internet scam. The
idea behind phishing is just like when a person goes fishing. The
fisherperson baits the hook and throws it out hoping to catch a fish. Lots
of fish ignore the hook but one or two might grab it. Crooks throw out
masses of bait hoping that a few fish will be tempted and grab the
hook.
Morning coffee or tea is brewing and it’s time to check out the
morning’s email. Most of it’s spam (junk email) and is deleted that without a
second thought. Suddenly an email catches your eye. The subject line
could be:
Your account will be TKO’d from eBay
Update and Verify Your PayPal Account
Fraudulent Activity Notification
NOTICE eBay Obligatory Verifying-Invalid User Information
Citibank Online Security Message
TKO Notice: Urgent Fraud Investigation
You probably do Internet business with that company or you’ve visited
their site so of course you have to open the email; it’s official right?
Upon opening the email you may see something like:
“Today we had some trouble with one of our computer
systems. While the trouble appears to be minor, we are not taking any chances.
We decided to take the troubled system offline and replace it with a
new system. Unfortunately this caused us to lose some member data. Please
follow the link below and log into your account to make sure your
information is not affected. Account balances have not been
affected.”
(From actual phishing email received by the author.)
The email looks official and the link you are asked to click on looks
official, and here’s the really scary part, the website that pops up
looks very legitimate! The website can ask for your:
Login information
User name
Password
Account number
Social security number
If you fill in that information you have just been hooked and are now a
victim of Internet Identity Theft.
Don’t Get Caught on the Phishing Hook
There are several ways you can protect yourself from these phishing
scams. First of all don’t panic. Chances are that the email is
fraudulent and your account is safe and secure.
Step 1: DO NOT CLICK ON THE LINK!
Step 2: If you did click on the link, (most of us have done this at
one time or another, including the author) check out the header address
on the website. Legitimate companies have a simple address which
contains the business name, followed by “.com” or “.org.” If the header
address has an impossibly long string of letters and numbers with the
business name somewhere in the middle (or missing altogether), you’re
probably being phished.
Step 3: Close the email (and the phishing website).
Step 4: Go to official website of your particular company. You
probably know the address and have been there many times before. You will be
surprised at how much the official site looks a lot like the phishing
site; however, notice website’s header address; more than likely it
looks nothing like the phishing website’s header address.
Step 5: Go ahead and login to see your account status. Chances are
there is nothing wrong with your account. On the off-chance there is a
problem, you can fix it securely and safely from the official website.
Step 6: Look for a link on the official site to report your phishing
email and follow the directions for reporting the fraudulent email.
Step 7: Don’t worry. Go on about your morning business. Eventually
you will learn to recognize these phishing emails at a glance.
You can also report phishing scams to the Federal Trade Commission
(FTC) by forwarding the email to: spam@uce.gov and to keep up-to-date on
the latest scams by visiting: www.ftc.gov/spam.
If you suspect you’ve been scammed, file a complaint at: www.ftc.gov
and then click on the “file a complaint” button.
Checking Your Credit Status on the Internet
It’s a good idea to check your credit status occasionally and doing so
on the web is very convenient. You need to be aware of a new Cyber
Scam where crooks set up false credit reporting sites just to steal
your information. How can you tell if the site is legitimate?
Web Page Encryption
All legitimate credit reporting sites will only ask for your personal
information on a page that is encrypted. Never, never, never give
any personal information, especially your SSN (social security number) on
a page that is not encrypted!
Check for Encryption
A few ways you can check to see if the page is encrypted are:
Look for a small padlock in the lower right hand corner of the
Internet Browser window. Is it open or locked? Locked means you’re safe.
Check the Internet address in the long white rectangle at the top
of the browser. If the address starts with “https” it is
encrypted. If the address starts with “http” then it is NOT encrypted.
Right-click (with your mouse) somewhere on the page. Click on
“View Properties” and then look for what type of “Connection”. It should
show as “SSL” or “using encryption.”
Keep Your Internet Financial Tools Secure
Ever notice how hard it is to follow an old path in the forest? It
twists and turns and there are lots of side paths that lead nowhere.
Maybe it’s time to take a page from nature. Make the pathway to the funds
that you use for Internet transactions hard to follow.
Bank Account
It might be a good idea to have a separate bank account that you only
use for Internet transactions. Don’t make it a joint account with your
significant other; one name on the account protects others.
Open the bank account at a bank other than the bank where you have most
of your existing accounts. That way all your eggs are not in the
same basket or under the same financial institution’s roof.
It’s also good idea to keep a minimal amount in the account. It
hurts a lot less to lose 50 bucks than 500.
Credit Card
It’s not a good idea to use any ol’ credit card (or multiple credit
cards) on Internet transactions. The same principles as you use to
protect your bank account can be applied to the credit card you use over the
Internet.
Get a new credit card and only have one card holder (You). Don’t ask
for another credit card from your existing company, use a different
company.
Most people don’t realize you can call and request a credit limit
reduction. After you receive the card, all you have to do is call
that company and have them REDUCE your credit limit to an amount that
won’t be a financial disaster if a crook runs up your balance.
Each month you should go over your statement with a fine tooth comb.
If you find unauthorized charges, take action immediately! Call your
credit card company and let them help you through the process.
Computer Banking Software
Do you use one of the popular financial software programs, such as
Quicken or Quick Books to keep up with your checking account? When you
installed the software did you enter your financial institution’s name and
your account numbers? Do you download transactions from that site? If
you are nodding your head, “yes” right now, you may be a risk for
Internet Identity Theft. In all likelihood, your information is secure;
however there may be a small risk.
Downloading financial transactions is handy and in most cases done very
securely. While most financial institutions are generally very secure,
your web browser might be at risk.
A web browser is a software package that allows you to display and
interact with web pages. Most people are familiar with the “Internet
Explorer” Web Browser. US-CERT (United States Computer Emergency Readiness
Team) has an article that explains how to evaluate your browser’s
security settings. Check out the US-CERT’s article at:
http://www.us-cert.gov/cas/tips/ST05-001.html.
If the crooks can’t get in they can steal your stuff, so remember to
always log out after downloading your data and it’s a good idea to
disconnect from the Internet whenever you’re not using it. If you aren’t
connected, nobody can hack in and steal your information!
You could put a hefty lock on the Internet door by removing your
account numbers and/or financial institution from the software. When
installing the software it might be best to check the box, “This account is
not held at a financial institution,” or something similar to that
request. It does mean that you won’t be able to download transactions; it
also means that your account information can’t be stolen by crooks. It’s
up to you to decide how safe you feel.
Where to Report Suspected Identity Theft
Federal Trade Commission (FTC):
FTC Identity Theft Hotline: 1-877-438-4338
FTC Website: http://www.consumer.gov/idtheft
Fraud Hotlines for credit reporting agencies in the United States:
Equifax: 1-800-525-6285
Experian: 1-800-397-3742
TransUnion: 1-800-680-7289
There are numerous ways thieves, crooks, and hackers can steal your
information costing you time, money, and sometimes leading to the loss of
your identity. Crooks work on the assumption that an uninformed person
is easier to scam. Don’t let yourself fall into that trap. Inform
yourself, protect yourself and keep updated on the latest scams. One
final suggestion is something that we all dislike but need to do; use
combination of letters & numbers for any password and change your
password often!