Seemingly harmless Internet habits make a scammer's job easy. Here's how to protect your credit cards, your bank account and your identity.
Truth be told, if someone is really out to deceive you, he probably can.
Online, it's already difficult to get a feel for whether you're dealing with credible businesses. But that doesn't mean you should roll over and make a scammer's job any easier.
The first thing to do: Take a hard look at your computer habits. If you're committing any of the following online security faux pas, you may want to reform your ways -- before someone else takes advantage of your lapses.
Giving out personal information
The number of so-called phishing scams has taken off. It boils down to being lured into giving your personal information by official-looking fake e-mails and Web sites. Here's where the damage is done: Thieves can use your info to steal your identity and empty your checking account, charge up your credit cards or open new accounts in your name.
Here's how to avoid phishing scams:
- Legitimate companies do not ask for sensitive personal information via e-mail. Do not respond to the phishing e-mails, fill out any forms asking for personal information or click on the links contained in the e-mails. The links can direct you to fake Web sites or force you to download a key-logger program that spies on everything you type -- even into legitimate sites.
- If you're going to enter personal or financial information on any site, check that it is a "secure" site. Look at the address for the Web page where you enter your payment information. The URL should start with https:// and you should see an icon for a padlock at the bottom of your browser.
- Be skeptical. Phishing e-mails often look like they are from well-known companies such as Citibank, eBay and PayPal. Scammers use scare tactics to try to get you to "verify" or secure your account. If you have any doubts about whether the e-mail is real, go to the company's real Web site by typing its URL into your Internet browser's address bar or by calling the company.
Paying with cash, check or money order
Paying with cash -- by using a check, money order or the like -- leaves you little hope of getting your money back should anything go wrong. When you pay with a credit card, however, federal law limits your liability to $50 for unauthorized purchases. Also, some credit cards have protection policies that limit your liability to $0.
If you're not comfortable revealing your credit card number to an online merchant, consider using PayPal or another payment service that shields your account number from view. You'll want to check with your credit card issuer, however, to make sure their fraud-protection policies cover the transactions you make with a PayPal account and not just the funding of that account.
Debit cards are a little better than cashier's checks and money orders, but if you don't catch the fraud within a couple of days, your liability under federal law is $500, not $50 as with credit cards. If you don't catch the fraud within 60 days, you could be out the whole amount.
Letting retailers store your credit card data
Sure, it's a pain to retype your credit card number and address into Web site after Web site. But hackers are becoming more sophisticated in their attacks. Two monster attacks on consumer information took place in June when:
- MasterCard International reported that some 40 million credit card accounts of all brands may have been exposed to fraud when hackers struck a company that processes credit card transactions.
- Citigroup said that personal information on 3.9 million consumer lending customers of its CitiFinancial subsidiary was lost by UPS while the information was being shipped to a credit bureau.
Using 'soft' passwords or storing them where others can find them
Your eBay account password may not seem like top secret information, but consider what access to it would provide someone else -- needed personal information such as your address or the ability to make bids in your name, for starters.
Internet security company Verisign recommends the following password strategies:
- Have a different password for every account.
- Make sure your passwords are not any publicly available information such as phone numbers or birthdates.
- Make sure your passwords are at least six characters long, with mixtures of letters, numbers and punctuation.
- Finally, don't undo all your creative password efforts by writing them on Post-its or storing them on lists saved onto your computer.
Failing to keep up with computer security
Security isn't something you can attend to only when first setting up a new computer. It needs ongoing diligence. At least use the following:
- A firewall: This is either hardware or software that will protect your computer from others gaining access to it via the Internet.
- Virus protection software: This can monitor both incoming and outgoing files for your computer, alerting you if you've received a known virus (and killing it). You'll need to update it frequently to protect against the latest viruses.
- Security patches for your computer's operating system: Hackers are continually finding new ways to exploit vulnerabilities in computer operating systems. According to the Internet Storm Center, an "unpatched" PC that's connected to the Internet would only make it about 20 minutes before being compromised by malicious programs. Downloading the latest security patches can help protect you against these threats.
Failing to keep records of your transactions
Buying and selling things online isn't new. Most retailers routinely e-mail you your receipt. But if you're dealing with a less-than-honest individual, or you simply enter the wrong e-mail address, that receipt may never hit your inbox.
It's best to print a copy of the transaction confirmation page or save a copy onto your computer, so long as it doesn't contain your credit card number.
Failing to do your homework
There's nothing like a cheap price on a hot toy to get you to lower your security standards. Don't. Like anywhere else, most too-good-to-be-true deals are just that. Before you buy from a retailer, check them out at the Better Business Bureau or with a company such as TRUSTe. These agencies' logos on a Web site indicate that the retailer follows recommended security and privacy practices.
But some sites can trick you and appear legit by posting logos without adhering to the standards. Make sure that when you click on the logos you're taken to the appropriate site and then look up the company. TRUSTe's member list is here.
It may be worth it to go with a well-known retailer that provides many ways to contact them. Even if you're dealing with a legitimate smaller retailer, they may not have the money to adequately protect your sensitive data.
Ignoring your financial statements
Unauthorized withdrawals or charges can be the first tip-off that something's awry. Check any monthly bank and credit card statements that arrive in the mail, but increase your vigilance by signing into your account online and reviewing transactions on a regular basis.
You should also regularly review your credit report. It can alert you to suspicious activity, such as accounts someone else has opened in your name. Credit-reporting agencies such as Experian, Equifax and TransUnion are now required to provide you with one free report a year. And remember, if you've been denied credit within the last 60 days based on your credit report, you're already entitled to a free copy of that report now.