High-tech thieves can use the Internet to gather the account numbers and other personal data they need to steal your identity. You could be at risk if you shop, pay bills or access your bank accounts online — or even if you store personal data, such as your Social Security number or credit card numbers, on your own computer.
Here’s how to steer clear of the Internet missteps that can lead to identity theft. These include…
Mistake: Sending e-mail that contains confidential information.
Even if the recipient of your e-mail is reliable enough to be trusted with your sensitive information (Social Security number, driver’s license number, credit card number, date of birth, mother’s maiden name), others could gain access to your message as well. E-mail does not transfer instantly from our computer to our recipient’s computer. The message makes stops at several points along the way, where they could be read.
Alternately, if a criminal gained access to your computer or the message recipient’s computer, he/she could find your e-mail stored in memory.
Self-defense: Convey sensitive information over the phone, not the Internet. If you must e-mail sensitive information, use the encryption program WinZip e-mail Companion ($19.95, www.winzip.com).
Mistake: Providing personal details on social networking Web sites or chat groups.
The Internet is a great place to converse with people who share your interests, but sharing too much information could put you in danger. A criminal might decide that you make a good target for identity theft — or worse.
Self-defense: Keep personal details to a minimum when online. Never mention your address, phone number or financial institutions with which you have accounts. Use a nickname. Withhold personal information even in private e-mail exchanges with people you meet through the Internet. These people might not be what they seem.
Mistake: Downloading free programs from the Internet or clicking on pop-ups. When you download a program from the Internet, you could unknowingly load spyware onto your computer in the process. This spyware could give a scammer access to any information you type into or save on your computer. Clicking on a pop-up could create similar problems. (There often is no way to tell the safe pop-ups from the unsafe ones, so the best policy is to skip them all.)
Self-defense: Download software from the Internet only if you’re confident in the integrity of the site providing the program.
Internet security programs can help prevent spyware from reaching your computer and remove it if it does. ZoneAlarm Internet Security Suite is the most reliable and comprehensive ($49.95, www.zonealarm.com). However, ZoneAlarm has been experiencing problems with Microsoft’s latest operating system, Windows Vista. Another good choice is Microsoft Windows Live OneCare that includes virus control, firewall and automatic backup software ($49.95 per year, www.onecare.live.com). Free spyware protection programs are available as well, and can do a reasonable job. The best of these include Ad-Aware Free (www.lavasoftusa.com) and Spybot Search & Destroy (www.safer-networking.org). Best: Ask your Internet service provider if access to an Internet security program is included in your monthly fee.
If you have only one spyware program, download another one and run it every few weeks as a backup — no single security program catches every problem.
Mistake: Assuming e-mail messages are from who they seem to be from.
Scammers can make e-mail messages appear to have been sent by anyone, including people and businesses you know.
Examples: You receive an e-mail that appears to be from your bank. It asks whether you made a particular transaction and warns that you must respond immediately if you did not. Or, you receive an e-mail that appears to come from the IRS. It says you will be audited if you do not reply to the message quickly, then asks for your Social Security number or other personal information.
Self-defense: Be very suspicious of e-mail claiming to be from a financial institution or the IRS, particularly if you’re asked to enter passwords, account numbers or Social Security numbers (or it steers you to Web sites that ask for any of these things). These messages are likely to be from scammers. Instead, look up the phone number of the company or agency that the e-mail claims to be from (do not trust the phone number that might be included in the e-mail) and call to confirm the validity of the message.
If you receive an e-mail message that seems to be from a friend featuring an Internet link or picture and a simple message such as “you have to see this,” it might have been sent by a scammer. If you click the link, it could load spyware onto your computer, opening the door to identity theft. Do not click the link or open the picture until you have contacted your friend and confirmed that he sent the note.
Mistake: Entering important data or passwords into a public computer.
The public computers in libraries and coffeehouses are often contaminated with spyware.
Self-defense: Assume that everything you type on these computers is being recorded. Never use public computers to make online purchases or to do online banking. Do not even check your e-mail — a scammer could learn your user name and password and gain access to personal information stored in your e-mail files.
Mistake: Trusting Web sites that have weak security.
Most Internet companies that accept credit card numbers or other sensitive data work very hard to keep this information secure. Unfortunately, some sites’ security measures fall short, increasing the odds that a criminal could be monitoring your transaction and stealing your information.
Self-defense: Do not enter your credit card number or any other important data into a Web site unless its Web address begins “https,” not just “http.” The “s” indicates an added level of security. A small picture of a closed lock should appear on the Web address line as well. Note: Never enter confidential information onto a site if you clicked on it from an e-mail, even if it has “https.” Always type in a URL.
Mistake: Picking obvious passwords.
Scammers have software that can help them guess common passwords. If your password is a date, a name, a word or a repeating or progressive series of letters or numbers, such as “zzzz” or “2468,” it could be cracked if a high-tech criminal targets you. If you use the same password for many accounts, this could give the criminal wide access to your personal and financial information.
Self-defense: The most secure passwords are multiple-word phrases. If the site permits, these should include numbers or symbols, such as “my2dogsareyellow” or “Ilikeham$alad.”
Select phrases that are memorable to you. Use different ones for each account, and don’t write them down near your computer. A program called RoboForm (www.roboform.com) provides an encrypted computer “password safe” that can remember up to 10 passwords for you for free. RoboForm Pro, which costs $29.95, can remember more than 10 passwords.
