Another good tactic: Only
use one credit card
when shopping online. Designate one card for making your online purchases.
Internet criminals often use unsolicited commercial e-mail, known as “spam,” to commit Internet fraud and identity theft. Spam can be used to target unsuspecting consumers and lure them to official looking Webs sites—such as a billing center for an online service provider or the front page of a mortgage information form. When users enter passwords, SSNs or credit card information, the information may be taken and used or sold by identity thieves. To prevent being duped in this fashion, practice the following 10 things: 1)
Never purchase spam-advertised products.
2)
Always protect your personal information—assume that anything online may become public.
3)
Never send personal information to email requests. (You should never be asked for a password, credit card number or SSN from a legitimate source via e-mail.) 4)
Verify every transaction.
2 0 0
C H A P T E R 9
5)
Beware of
get rich quick schemes
.
6)
Never pay “up front” for loans or credit.
Legitimate lenders generally do not “guarantee” a loan or credit card before you apply.
7)
Refrain from clicking on Reply or Remove. Some senders may remove your address, but others may flag your e-mail address as “live,” and send you more spam or even sell the address to other spammers. Instead, forward spam to the FTC at
[email protected]
.
8)
Use a “public” e-mail address when online. Set up and use a
public e-mail
address
—either an additional address from your ISP or a free e-mail address.
Use this e-mail address when participating in newsgroups, joining contests or anytime that your e-mail is requested by a third party online. Potential spam will go to your public e-mail address instead of your private e-mail address.
9)
Don’t post your e-mail address online.
You’d be surprised how often you use your e-mail address online for newslet-ter subscriptions, to join online groups or in chat rooms. Before you post your e-mail address, know whether it will be displayed or used. Then use a public email address when necessary.
10) Use an
e-mail filter
to help eliminate unwanted e-mail.
201
L I F E S T Y L E C H A N G E S
L O O K - A L I K E E - M A I L S C A M S
As mentioned before, one of the ways ID thieves get your information is by “pretexting” or simply giving up your information to someone who is pretending to be someone important. This can happen easily over the phone (“Hi, I’m calling from Verizon with some questions about your account because there seems to be a problem…”) but it can also come in the form of an e-mail that looks real in the sense that it
contains company logos
and links back to the legitimate company’s site.
You might get an e-mail from “eBay” that asks you
to click on a link to verify your account information,
which then takes you to a criminal’s Web page…and
a few clicks later, your personal data is in the hands
of an identity thief.
This is called “phishing,” and it involves
stealing a
company’s identity
to use in a scam for victimizing consumers, then stealing their credit identities. These e-mails usually contain a threat designed to trick consumers into entering their information (e.g., “We regret to inform you that your eBay account will be suspended. According to our site policy, you will have to confirm that you are the real owner of the eBay account by completing the following form or else your account will be deleted.”) Another that went around the Internet came from Microsoft Network (MSN):
We regret to inform you that technical difficulties arose with our July 2003 updates. Un-2 0 2
C H A P T E R 9
fortunately, part of our customer database, and back-up system became inactive. We will require you to enter your information in our online billing center at your convenience. Or by calling our customer support team. The average hold time is 45 minutes.
Never reply to such e-mails. Legitimate companies don’t usually ask for this kind of personal financial data over e-mail. Be wary of e-mails that urge you to click on a link to a Web page that asks for financial information. Links appearing in
HTML-based emails
cannot be trusted because programmers can easily make a link to a criminal’s page look like a harmless link to a site like
eBay.com
or
PayPal.com
.
Tips for avoiding scams of this kind: •
If you get an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you re-confirm your billing information, do not reply or click on the link in the e-mail.
Instead,
contact the company
cited in the e-mail using a telephone number or Web site address you know to be genuine.
•
Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.
•
Review credit card and bank account statements as soon as you get them and
203
L I F E S T Y L E C H A N G E S
look for unauthorized charges. Know when all of your
closing dates on your
cards
are, and if your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
•
Report all suspicious activity to the FTC.
Visit www.ftc.gov/spam to learn other ways to
avoid e-mail scams and deal with deceptive spam.
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the
marketplace and to provide information to help consumers spot, stop and avoid them.
A W O R D A B O U T P A S S W O R D S
If you were to tally up
how many passwords
and PINs you currently have, you probably have more than one. You
should
have many more than one. Between the codes you need to access your bank accounts, you have ones for your computers, e-mail accounts, voice mailboxes, cell phones, debit card, credit cards, online subscriptions, online Web sites, online banking, online financial accounts (e.g., invest-ing), various memberships to clubs, frequent flyer programs, merchants,
etc.
The list goes on and on.
Because everything we sign up for today often requires a password or code, it’s no surprise that many of us use the
same old password
for multiple purposes. The one we use at the ATM is the same one we use to log into the New York
Times
or
msn.com
.
204
C H A P T E R 9
Having the same password across the board is not the safest thing to do. Someone can probably figure out that password if he or she worked hard enough.
The goal: Use a system of passwords. Do not use the
same old password for everything. Get crafty.
Place
different
passwords on your credit card, bank and phone accounts. Avoid using easily available information like your mother’s maiden name, your birth date, the last four digits of your Social Security number, or your phone number or a series of consecutive numbers. When opening new accounts, you may find that many businesses still have a line on their applications for your
mother’s maiden name
. Use a password instead.
Tips to Creating a Good,
Secure Password
•
The trick: creating a word you can remember, but someone else can’t guess.
•
Use at least seven characters, including upper and lower case letters, numbers and symbols.
•
Use at least one symbol character in the second through sixth position.
•
Use at least four different characters in your password (no repeats).
205
L I F E S T Y L E C H A N G E S
•
Use a sequence of random letters and numbers.
•
Avoid any part of your name, business logo, birth date, mother’s maiden name,
etc.
•
Avoid any actual word or name in any language.
•
Avoid using numbers in place of letters.
•
Avoid reusing any portion of an old password.
•
Avoid using consecutive letters (i.e., abcdefg) or numbers (i.e., 4567).
•
Avoid using adjacent keys on the key-board (i.e., asdfjkl).
The trick is to create a word you can remember, but that someone else can’t guess. Fun note: the most popular password is “PASSWORD” so avoid that word at all costs.
Other notes about passwords: •
Create
tricky passwords
for protecting very important information or for any online transaction where you credit is at stake (i.e., shopping, banking, mutual funds, brokerage, investment retirement accounts, money management software, tax preparation software, auctions, insurance, etc.).
206
C H A P T E R 9
•
Create
simple passwords
for accessing less critical information like online magazines, newspapers, chat rooms, etc.).
•
Avoid the “Remember my password”
feature on most sites, unless you know those sites are secure.
•
Avoid sharing your password or writing it down (and sticking it to your monitor!).
•
Change passwords
every six months
.
Monitoring Your Online Accounts
•
Review your accounts online frequently to spot transactions you didn’t authorize, such as online credit card charges, mutual fund transfers, bank account withdrawals,
etc.
•
Review
monthly statements
you receive in the mail for unauthorized activity.
•
Call an account if you don’t receive a monthly statement in the mail.
•
Get a credit check annually to see if anyone has opened a new account in your name.
How would you know if someone stole your password and began using it to pretend to be you for various reasons on-and offline?
2 0 7
L I F E S T Y L E C H A N G E S
You’ll only know for sure if you spot unusual activity in your accounts or if you don’t receive a monthly bill or bank statement. If an identity thief changes the mailing address for your accounts, you may not know you have a problem until you get a phone call from a collections agency…or you apply for a mortgage and get denied.
Think of your password as a
key to your home
and everything you own—including your credit and ultimately, your reputation.
Things to Consider When Making
Online Purchases
•
Check
seals of approval links
to verify merchants’ authenticity (e.g., TrustE, BBBOnline, BizRate, etc.); •
Call companies on the phone to judge their legitimacy; •
Read privacy policies; •
Verify electronic security protocols; •
Know what a merchant will do with your personal information; •
Know how to tell when a transaction gets encrypted (i.e., before you enter a credit card or personal information, look for “
https
” instead of “http” in the address bar and for the “lock” icon at the bottom of your browser; and •
Check you monthly statements for transactions that don’t look familiar.
2 0 8
C H A P T E R 9
Online Activities to Avoid
•
Auctions;
•
Financial transactions (trading, banking, applying for loans, including mortgages, obtaining insurance quotes or other information that requires personal information); •
Chat rooms; and •
Online retail or other purchasing.
If you or someone in your family uses
Instant Messaging (IM)
, understand that you pay a price for the convenience of this service: it’s not private or protected. Let your family know that if anyone wants to send an e-mail containing private information, that it’s best to use a regular e-mail account and encrypt the message.
Chat rooms are another place where personal information can get out.
Online chats
provide an arena for a countless number of listeners.
Caution any IM or chat room users in your family to
avoid sending any messages that contain private or
personally sensitive information.
Resisting all forms of online commerce is the safest way to go…but probably an impractical one today.
If you cannot resist purchasing online, consider using
209
L I F E S T Y L E C H A N G E S
online cash equivalents like PayPal instead of using a credit card.
O T H E R P O I N T S O F A C C E S S
There are two other vulnerable spots when it comes to your personal information:
online job boards
and
mortgages
.
If you use the major job boards, you should know that those who get access to résumés may also include people bent on identity theft and fraud. And corporate job sites, which are considered safe by many, may not be much safer. Don’t forget to safeguard your most private information when filling out those online job forms and
posting your résumé
.
Create a résumé you use for online posting, and one
for person-to-person contact. When you create your
“e-résumé,” be as vague as possible. Avoid using
your SSN, date of birth, full name of current employers, past employers or their actual titles.
You can still get a potential employer interested in you without revealing too much personal information.
Mortgage applications, like résumés, can also contain the raw materials for opening false accounts and obtaining fake identity cards. Few documents contain as much personal information as a loan application— names, addresses, phone numbers, birth dates, SSNs, bank account records, employment histories and per-210