Avoid these online pitfalls to beat the identity theft scammers: Internet ScamBusters #272
Identity theft scammers are waiting to jump if you make one false step on the Internet. Today, we highlight 7 simple mistakes you could make unknowingly, and we tell you how to avoid them. Be sure to check out the last two paragraphs of this ScamBusters' issue for a grassroots, timely program you should know about.
Let's check out today's...
7 Common Mistakes People Unknowingly Make When Using the Internet that Can Lead to Identity Theft
Identity theft was a little known crime even ten years ago. Today, it's one of the fastest growing evils, has topped our list of the worst scams each year, and is the topic subscribers are most interested in us writing about.
Unfortunately, it's very easy to become a victim of identity theft, especially on the Internet. So, we've put together a list of the seven most common mistakes people make that can lead to identity theft.
Mistake #1: Hand over personal details to a phisher.
Phishing -- grabbing your personal details by taking you to a phony website that often looks genuine -- is perhaps the biggest online cause of identity theft.
It usually starts with an email seemingly from an organization or someone you know, inviting you to click on a link that takes you to a site you'd expect to see. Here you'll be asked to enter sensitive information about yourself, often supposedly to "confirm" your details.
Instead, you're really giving them away to a thief.
A recent study by the IBM Internet Security Systems X-Force found that in 2007, 19 of the top 20 companies that were the supposed senders of phishing emails were in the banking industry.
What to do: Don't click on any link in an email. Instead, visit the real website via your browser, or email or call your friend and confirm the contact. Be especially wary of emails that supposedly come from your bank.
You can find more about phishing scams at Phishing Scams: How You Can Protect Yourself.
Mistake #2: Give yourself away -- post personal information online.
Great. Now you're on Facebook, MySpace, and half a dozen other places where you can meet and interact with others. Unfortunately, so are the criminals intent on identity theft, and they'll scour your listing for anything they can use for crime.
Remember, identity theft isn't always about getting financial details. Fraudsters may be able to piece together enough to pass themselves off as you and commit another crime. They can screen-grab your photo too.
What to do: Use a nickname where possible. When you must use your name, such as on a school reunion site, never provide any other personal details. And resist the temptation to post your photo.
Mistake #3: Click on a pop-up and download spyware.
Ever been surfing when a pop-up message warns that your Internet security is at risk? Very often it's the first step to downloading and installing a program on your PC aimed at identity theft or spying. It may even download a keylogger that records every key you press and sends details to the scammer.
Some 'free' anti-spyware programs on the Internet actually include harmful spyware. Or you can pick up spyware by using shady music downloading sites or clicking on an email link that tells you a friend has sent an e-card greeting.
What to do: Don't click on any unexpected pop-up -- in fact, disable pop-ups in your browser if you can. Never just click on an e-card link if you don't know the sender -- and email any friend who supposedly sent you an e-card first for confirmation.
Mistake #4: Email your confidential information to thieves.
Did you know that, in its basic form, email is often not secure? Scammers bent on Internet theft can and do intercept emails. They can also find out your email address, and often, they can make a good guess at your online email password. They can even hack into email servers and, if they are successful, read your email.
What to do: Never put personal or financial information in an email. Use the phone. Use a service where all your email is stored on your PC, and make sure addresses and passwords are hard to guess.
Finally, if you are at a site that requires an email address and you don't really want to give them yours, consider using one-time email addresses available at 10minutemail.com or an email address you can always turn off from SneakEmail.com.
Mistake #5: Reveal yourself on insecure websites.
By definition, a site that is not secure is accessible by hackers and scammers. Even if it's perfectly legit, if you enter personal details here, you could be an easy target for identity theft.
What to do: If you're asked to key in personal info, check that the details in the address bar of your browser begin with 'https' or 'shttp' (the 's' stands for 'secure'). There may also be a lock icon in the address or status bar. You can read more about this at our friend Leo Notenboom's excellent site, Ask-Leo.com.
Mistake #6: Leave information on a public computer.
Whenever you walk away from a computer, you may leave part of your identity behind. If it's a public computer, or any computer someone else can access, they can use it for identity theft.
If you visited a secure site and didn't log out, you're likely still logged in. Even if you logged out, details of your activities are still stored on the PC.
What to do: Ideally, avoid using public computers for confidential purposes. They may even have key loggers installed to capture passwords. Always click the 'log out' button and frequently clean up the trail of your activities by using the options/security menu in your browser.
Mistake #7: Use easy-to-guess or easy-to-grab passwords.
Passwords -- the very things that are supposed to give us Internet security -- are often the weakest link in our Internet armor, leaving us wide open to identity theft. Using any single word, whether it's your pet's name or a random word from the dictionary, makes it easy. Using insecure password savers or storing them somewhere is also a giveaway.
What to do: Use mixtures of letters, numbers and even punctuation for your passwords; change them frequently and don't use programs that fill in your passwords unless they too are protected by a master password.
We've written a lot about creating secure passwords -- here is one article that will get you going: Creating Computer Passwords.
Follow these tips and you'll go a long way towards beating identity theft. Also, please check out some of the previous ScamBusters articles on identity theft in our Identity Theft Information Center.
Enjoy using the Internet and avoid identity theft -- make sure the only people who really know you are your friends!
That's all for today -- we'll see you next week.