Identity theft isn't going away. That's why I like to post regularly on the topic -- to remind people to be careful and offer suggestions for keeping yourself safe.
Here's a post from Kiplinger's that detail five ways to avoid becoming an identity theft victim. First, let's start with the statistics:
Becoming the victim of online identity theft is like playing the lottery. The odds are long, but if your number's up, there's a lot of money involved. A recent study by Javelin Strategy & Research says that although there were as many as 9.3 million identity-fraud victims in the U.S. in 2004, fewer than 2% of them were victimized by phishing. Javelin estimates losses to phishing last year totaled $367 million.
Here's a definition of phishing for those of you not aware of it:
Phishers are pirates who try to steal your personal information by casting millions of phony e-mails out on the Web that purport to be from well-known institutions (two of the most commonly used are online-payment vendor PayPal and auction site eBay). Embedded in the message is a link to a fake Web site that looks like that of the real company. Often the e-mail reports a problem with your account and instructs you to click the link to fix it. Once you're at the fake site, you're instructed to enter your user name, password, identification number and other personal data. As soon as you do, the phishers can drain your accounts or make unauthorized purchases.
Unfortunately, these guys are getting better at being bad:
These schemes are becoming more sophisticated. The latest phishing ploys use the simple act of opening an e-mail to get their hooks in you. Once you click on the message, pernicious software is installed on your computer, such as a keystroke logger that monitors your online activity. As soon as you log on to a bank site, for instance, it records your keystrokes -- and so grabs your user name and password.
Another slick trick: personalized phishing. The bad guys hack into a merchant's database and copy e-mail addresses with names and account numbers. They then send you personalized messages that appear legitimate because they include your name and account number. The e-mail directs you to a Web site to fill in forms for "security reasons," says Amir Orad, of Cyota, which sells anti-fraud systems to financial institutions.
Here's what Kiplinger's says you can do about it to protect yourself:
- Don't click the link. Even if an e-mail looks official, don't respond to it. Close the e-mail and log on to the merchant's or bank's site to contact customer support. Or phone the institution and ask about the e-mail query.
- Load anti-virus, anti-spyware and firewall software on your PC. This simple step will help prevent criminals from installing keystroke loggers and other harmful programs on your computer.
- Vary your passwords. Many of us use the same password for multiple sites, including those with poor security. If a less secure site, such as a local mom-and-pop retailer, is hacked, the crooks can gain access to your other accounts. To avoid the hassle of remembering a host of different passwords, consider Pass2Go ($40; www.roboform.com), a product that will remember them all for you and input them with the click of a button on your browser. Pass2Go saves your passwords to a USB flash drive (for an extra $10, the company will sell you the drive). It's simple to unplug the gum-pack-size drive and drop it in your pocket, keeping the passwords stored on it out of hackers' reach.
- Protect your social security number. Never use your SSN as your login ID. Phishers can cause all kinds of mayhem if they get your number.
- Wipe the disk. Before tossing an old computer, overwrite all the files on the hard disk, which may contain plenty of personal information. (With the right software, deleted files are easy to recover.) Many software utilities overwrite disks, including Eraser, a free program available at www.heidi.ie.
Good advice -- tips we should all follow.
For more on identity theft, see these posts:
Comments