Be Safer Online
In May 2005, the privacy software company Webroot revealed a startling statistic: At any given time, said the company's State of Spyware Report, two of every three personal computers in the United States are infected with spyware that raises your risk of identity theft.
When it comes to identity theft, fraud expert Sid Kirchheimer says the primary purpose of spyware is to capture sensitive online data: user names, passwords and account numbers.
How does spyware infiltrate your computer? It can piggyback on other applications, hiding inside the "install" commands of Internet software, such as music download programs.
How to Protect Yourself
The first rule of preventing spyware is to be careful about what you download on your computer, says Doug Tygar, Phd, a computer science professor at the University of California, Berkeley. Think twice about installing freebie software, no matter how enticing it appears. Forbidden landing zones should include any website offering sexy photos of your favorite starlet. And never open unsolicited e-mails promising discount products.
The second rule is to scan your computer once a week or more with a good anti-spyware program. "My recommendation is to use Ad-Aware," suggests Dr. Tygar. "It's free—and, based on my experience, it's among the best anti-spyware programs available." For a free Ad-Aware download, visit www.lavasoftusa.com/software/adaware.
When it comes to identity theft, fraud expert Sid Kirchheimer says the primary purpose of spyware is to capture sensitive online data: user names, passwords and account numbers.
How does spyware infiltrate your computer? It can piggyback on other applications, hiding inside the "install" commands of Internet software, such as music download programs.
How to Protect Yourself
The first rule of preventing spyware is to be careful about what you download on your computer, says Doug Tygar, Phd, a computer science professor at the University of California, Berkeley. Think twice about installing freebie software, no matter how enticing it appears. Forbidden landing zones should include any website offering sexy photos of your favorite starlet. And never open unsolicited e-mails promising discount products.
The second rule is to scan your computer once a week or more with a good anti-spyware program. "My recommendation is to use Ad-Aware," suggests Dr. Tygar. "It's free—and, based on my experience, it's among the best anti-spyware programs available." For a free Ad-Aware download, visit www.lavasoftusa.com/software/adaware.
Consider a Different Browser
The most popular browser is Internet Explorer, which comes pre-installed on most personal computers. Small wonder, then, that most viruses and spyware programs target Windows-based PCs rather than Macintosh computers.
Dr. Tygar recommends using alternative browsers such as Firefox or Opera to address identity theft or online privacy concerns. These alternative browsers can be downloaded free of charge. To learn more, visit www.getfirefox.com or www.opera.com.
Although Macintosh computers are generally safer, Dr. Tygar recommends that Mac users download the browser named Safari on their machines. For more information about Safari, visit www.apple.com/macosx/features/safari.
The most popular browser is Internet Explorer, which comes pre-installed on most personal computers. Small wonder, then, that most viruses and spyware programs target Windows-based PCs rather than Macintosh computers.
Dr. Tygar recommends using alternative browsers such as Firefox or Opera to address identity theft or online privacy concerns. These alternative browsers can be downloaded free of charge. To learn more, visit www.getfirefox.com or www.opera.com.
Although Macintosh computers are generally safer, Dr. Tygar recommends that Mac users download the browser named Safari on their machines. For more information about Safari, visit www.apple.com/macosx/features/safari.
Get a Second (or Third) E-Mail Account
Never use your real e-mail address in online chat rooms. Never use it when shopping online, and never use it to register at any website. "If you have ever done business online," says John Hambrick, an FBI supervisory special agent with the Internet Crime Complaint Center, "you have to expect that your e-mail address will be compromised; there is [then] the potential for that account to be stolen or sold."
So do what the G-man does: Establish a separate e-mail account—free on MSN's Hotmail, Yahoo!'s Mail or Google's Gmail—and use it specifically and exclusively for online purchases. The Hambrick trick should make your private accounts less vulnerable.
How to Protect Yourself
When choosing a free e-mail address for online shopping, some people opt for a pseudonym or non-identifier. As long as you have valid payment information, most retailers won't care whether or not it matches your real name. But which free service is best? "Currently, Gmail probably gets the edge," says Dr. Tygar. "It is excellent at detecting spam and phishing, though Hotmail and Yahoo are improving quickly."
Never use your real e-mail address in online chat rooms. Never use it when shopping online, and never use it to register at any website. "If you have ever done business online," says John Hambrick, an FBI supervisory special agent with the Internet Crime Complaint Center, "you have to expect that your e-mail address will be compromised; there is [then] the potential for that account to be stolen or sold."
So do what the G-man does: Establish a separate e-mail account—free on MSN's Hotmail, Yahoo!'s Mail or Google's Gmail—and use it specifically and exclusively for online purchases. The Hambrick trick should make your private accounts less vulnerable.
How to Protect Yourself
When choosing a free e-mail address for online shopping, some people opt for a pseudonym or non-identifier. As long as you have valid payment information, most retailers won't care whether or not it matches your real name. But which free service is best? "Currently, Gmail probably gets the edge," says Dr. Tygar. "It is excellent at detecting spam and phishing, though Hotmail and Yahoo are improving quickly."
Watch Your E's for Cues
Be wary of any incoming e-mails, to any of your accounts, from unrecognized names—especially strange-sounding ones. Spammers often send e-mails using first names only, misspelled ones, or the simply absurd.
If you read just the names and subject lines of incoming messages, you can often tell they're counterfeit because they are riddled with misspellings and grammatical errors. Of course, sophisticated phishers now take the time to proofread their messages.
How to Protect Yourself
Assuming you don't really know Dai, Petter Parrker, or Hudson Fabergé, why bother opening e-mail from them? At the very least, strangely titled or misspelled e-mails are likely to be spam pitches. Yet the mere fact of clicking such an e-mail open can alert the sender that your e-mail address is active—and therefore ripe for attack or sale. Worse, opening unknown e-mail may automatically admit spyware or viruses into your computer.
Be wary of any incoming e-mails, to any of your accounts, from unrecognized names—especially strange-sounding ones. Spammers often send e-mails using first names only, misspelled ones, or the simply absurd.
If you read just the names and subject lines of incoming messages, you can often tell they're counterfeit because they are riddled with misspellings and grammatical errors. Of course, sophisticated phishers now take the time to proofread their messages.
How to Protect Yourself
Assuming you don't really know Dai, Petter Parrker, or Hudson Fabergé, why bother opening e-mail from them? At the very least, strangely titled or misspelled e-mails are likely to be spam pitches. Yet the mere fact of clicking such an e-mail open can alert the sender that your e-mail address is active—and therefore ripe for attack or sale. Worse, opening unknown e-mail may automatically admit spyware or viruses into your computer.
Look for Signs of Security
The real dangers in online identity theft typically result from two scams:
Phishing
Fraudulent bulk e-mail messages guide naïve users to legitimate-looking but fake websites—where they are prompted to reveal personal information such as account numbers or passwords. Phishing attempts are such dead-on mimics—hard for even Internet security experts to detect—that scrutinizing the Web address itself may be the best way to spot them. Most banks can offer customers additional information on how to avoid phishing.
Pharming
The domain name server is tampered with to reroute legitimate website traffic to a bogus site. (You have no clue you've arrived at a sham site because its URL appears to be correct in the Web address field.) Pharming scams are more difficult to detect. One clue is to look for valid certificates of authority, such as a locked padlock icon or the VeriSign indicator that matches the site's name.
How to Protect Yourself
Assume that most e-mails requesting sensitive information are bogus; the keepers of your credit-card and bank-account numbers never request e-mail "updates" of your customer information. If they do, they'll provide a phone number that can be easily cross-checked.
Even if such a number is provided, look up the company's number independently, then call it yourself. "Verification" numbers given by phishers and pharmers will simply be answered by a party to the scheme. Except for a few isolated incidences, such as FAFSA forms to apply for student aid, it's the rare government agency that will ask you to supply your Social Security number via e-mail. If you receive an e-mail that requests your SSN and claims to originate inside a government agency, don't respond until you have called that agency directly and received both verbal and written confirmation that the e-mail is authentic.
The real dangers in online identity theft typically result from two scams:
Phishing
Fraudulent bulk e-mail messages guide naïve users to legitimate-looking but fake websites—where they are prompted to reveal personal information such as account numbers or passwords. Phishing attempts are such dead-on mimics—hard for even Internet security experts to detect—that scrutinizing the Web address itself may be the best way to spot them. Most banks can offer customers additional information on how to avoid phishing.
Pharming
The domain name server is tampered with to reroute legitimate website traffic to a bogus site. (You have no clue you've arrived at a sham site because its URL appears to be correct in the Web address field.) Pharming scams are more difficult to detect. One clue is to look for valid certificates of authority, such as a locked padlock icon or the VeriSign indicator that matches the site's name.
How to Protect Yourself
Assume that most e-mails requesting sensitive information are bogus; the keepers of your credit-card and bank-account numbers never request e-mail "updates" of your customer information. If they do, they'll provide a phone number that can be easily cross-checked.
Even if such a number is provided, look up the company's number independently, then call it yourself. "Verification" numbers given by phishers and pharmers will simply be answered by a party to the scheme. Except for a few isolated incidences, such as FAFSA forms to apply for student aid, it's the rare government agency that will ask you to supply your Social Security number via e-mail. If you receive an e-mail that requests your SSN and claims to originate inside a government agency, don't respond until you have called that agency directly and received both verbal and written confirmation that the e-mail is authentic.
Trash Files on Old Computers
If you're buying a new computer and plan to discard or donate your old one, consider this: As many as 150 million computers are trashed each year, often without having their hard drives erased. You might as well do the identity thief's job for him. Scammers routinely retrieve old machines from curbside trash or buy them for less than $50 at thrift stores, salvage yards or auctions. In one experiment, MIT students retrieved sensitive information from up to half of the discarded computers they tested.
How to Protect Yourself
Deleted files are easily retrievable by anyone with a larcenous streak and a modicum of tech savvy. To wipe your hard drive clean for good, purchase special hard drive shredding software from a computer supply store. Better yet, physically remove—or have a techie friend do it for you—the hard drive from inside the machine, then use a hammer to destroy it. Or, if you prefer, simply contact a local shredding agency and have them shred the hard drive for you.
If you're buying a new computer and plan to discard or donate your old one, consider this: As many as 150 million computers are trashed each year, often without having their hard drives erased. You might as well do the identity thief's job for him. Scammers routinely retrieve old machines from curbside trash or buy them for less than $50 at thrift stores, salvage yards or auctions. In one experiment, MIT students retrieved sensitive information from up to half of the discarded computers they tested.
How to Protect Yourself
Deleted files are easily retrievable by anyone with a larcenous streak and a modicum of tech savvy. To wipe your hard drive clean for good, purchase special hard drive shredding software from a computer supply store. Better yet, physically remove—or have a techie friend do it for you—the hard drive from inside the machine, then use a hammer to destroy it. Or, if you prefer, simply contact a local shredding agency and have them shred the hard drive for you.
Password Dos and Don'ts
Need another reason to guard your computer passwords? It's possible they could be cracked by eagle-eared identity thieves using a high-tech microphone that detects sound through glass.
To keep your passwords unknown—and unknowable—follow these pointers:
Do combine parts of two unusual unrelated words, such as gastrocumulus or cytoplasticity. The longer and stranger the better.
Do mix capital and lowercase characters, as well as symbols and numbers, in the middle of the password: f2reeDoMeYe#wTness, not freedomeyewitness.
Do use words from a foreign language in combo with an English word. Many hackers try to crack passwords with common words, or with those pooled from the dictionary database of a single language.
Don't use anything that can be easily guessed by neighbors, co-workers or strangers who get their hands on your wallet—a nickname, child's name, pet's name, or your favorite sports team or hobby.
Don't use slightly different versions of the same password on different websites, such as ABCebay, ABCmortgage or and ABCvisa.
Don't pair a common word or your name with a different character at the beginning or end, such as $user or johnsmith7.
Don't use the same password from one application to another. "It's fine to have a simple, short password on a news website," says Dr. Tygar. "But use a different, longer, more complicated password on a site with sensitive information."
Get more tips of Sid's tips on how to protect your credit.
Need another reason to guard your computer passwords? It's possible they could be cracked by eagle-eared identity thieves using a high-tech microphone that detects sound through glass.
To keep your passwords unknown—and unknowable—follow these pointers:
Do combine parts of two unusual unrelated words, such as gastrocumulus or cytoplasticity. The longer and stranger the better.
Do mix capital and lowercase characters, as well as symbols and numbers, in the middle of the password: f2reeDoMeYe#wTness, not freedomeyewitness.
Do use words from a foreign language in combo with an English word. Many hackers try to crack passwords with common words, or with those pooled from the dictionary database of a single language.
Don't use anything that can be easily guessed by neighbors, co-workers or strangers who get their hands on your wallet—a nickname, child's name, pet's name, or your favorite sports team or hobby.
Don't use slightly different versions of the same password on different websites, such as ABCebay, ABCmortgage or and ABCvisa.
Don't pair a common word or your name with a different character at the beginning or end, such as $user or johnsmith7.
Don't use the same password from one application to another. "It's fine to have a simple, short password on a news website," says Dr. Tygar. "But use a different, longer, more complicated password on a site with sensitive information."
Get more tips of Sid's tips on how to protect your credit.
Please note: This is general information and is not intended to be legal advice. You should consult with your own financial advisor before making any major financial decisions, including investments or changes to your portfolio, and a qualified legal professional before executing any legal documents or taking any legal action. Harpo Productions, Inc., OWN: Oprah Winfrey Network, Discovery Communications LLC and their affiliated companies and entities are not responsible for any losses, damages or claims that may result from your financial or legal decisions.
NEXT STORY
