8 mistakes that expose you to online fraud
[size=9px]Seemingly harmless Internet habits make a scammer's job easy. Here's how to protect your credit cards, your bank account and your identity.[/size]
[size=9px]By Jennifer Mulrean[/size]
Truth be told, if someone is really out to deceive you, he probably can.
Online, it’s already difficult to get a feel for whether you’re dealing with credible businesses. But that doesn’t mean you should roll over and make a scammer’s job any easier.
The first thing to do: Take a hard look at your computer habits. If you’re committing any of the following online security faux pas, you may want to reform your ways -- before someone else takes advantage of your lapses.
Giving out personal information
The number of so-called phishing scams has taken off in recent months. You can read more about the scam
here, but it boils down to being lured into giving your personal information by official-looking fake e-mails and Web sites. Here's where the damage is done: Thieves can use your info to steal your identity and empty your checking account, charge up your credit cards or open new accounts in your name.
Here's how to avoid phishing scams:
1. Legitimate companies do not ask for sensitive personal information via e-mail. Do not respond to the phishing e-mails, fill out any forms asking for personal information or click on the links contained in the e-mails. The links can direct you to fake Web sites or force you to download a key-logger program that spies on everything you type -- even into legitimate sites.
2. If you’re going to enter personal or financial information on any site, check that it is a "secure" site. Look at the address for the Web page where you enter your payment information. The URL should start with https:// and you should see an icon for a padlock at the bottom of your browser.
3. Be skeptical. Phishing e-mails often look like they are from well-known companies such as Citibank, eBay and PayPal. Scammers use scare tactics to try to get you to “verify” or secure your account. If you have any doubts about whether the e-mail is real, go to the company’s real Web site by typing its URL into your Internet browser’s address bar or by calling the company.
Paying with cash, check or money order
Paying with cash -- by using a check, money order or the like -- leaves you little hope of getting your money back should anything go wrong. When you pay with a credit card, however, federal law limits your liability to $50 for unauthorized purchases. Also, some credit cards have protection policies that limit your liability to $0.
If you’re not comfortable revealing your credit card number to an online merchant, consider using PayPal or another payment service that shields your account number from view. You’ll want to check with your credit card issuer, however, to make sure their fraud-protection policies cover the transactions you make with a PayPal account and not just the funding of that account.
Debit cards are a little better than cashier’s checks and money orders, but if you don’t catch the fraud within a couple of days, your liability under federal law is $500, not $50 as with credit cards. If you don’t catch the fraud within 60 days, you could be out the whole amount.
Letting retailers store your credit card data
Sure, it’s a pain to retype your credit card number and address into Web site after Web site. But hackers are becoming more sophisticated in their attacks. Some recent cases:
1. BJ’s Wholesale Club announced in spring of 2004 that its database had been hacked, compromising some 40,000 credit cards.
2. In late August, a 21-year-old Pennsylvania man was arrested for stealing up to 2,000 credit card numbers from computers he’d hacked.
3. Most recently, scammers made news by using simple Google searches to turn up credit card numbers.
You get the message. Don’t let retailers store your account information.
Using ‘soft’ passwords or storing them where others can find them
Your eBay account password may not seem like top secret information, but consider what access to it would provide someone else -- needed personal information such as your address or the ability to make bids in your name, for starters.
Internet security company Verisign recommends the following password strategies:
1. Have a different password for every account.
2. Make sure your passwords are not any publicly available information such as phone numbers or birthdates.
3. Make sure your passwords are at least six characters long, with mixtures of letters, numbers and punctuation.
4. Finally, don’t undo all your creative password efforts by writing them on Post-its or storing them on lists saved onto your computer.
Failing to keep up with computer security
Security isn’t something you can attend to only when first setting up a new computer. It needs ongoing diligence. At least use the following:
1. A firewall: This is either hardware or software that will protect your computer from others gaining access to it via the Internet.
2. Virus protection software: This can monitor both incoming and outgoing files for your computer, alerting you if you’ve received a known virus (and killing it). You’ll need to update it frequently to protect against the latest viruses.
3. Security patches for your computer’s operating system: Hackers are continually finding new ways to exploit vulnerabilities in computer operating systems. According to the Internet Storm Center, an “unpatched” PC that’s connected to the Internet would only make it about 20 minutes before being compromised by malicious programs. Downloading the latest security patches can help protect you against these threats.
Failing to keep records of your transactions
Buying and selling things online isn’t new. Most retailers routinely e-mail you your receipt. But if you’re dealing with a less-than-honest individual, or you simply enter the wrong e-mail address, that receipt may never hit your inbox. It’s best to print a copy of the transaction confirmation page or save a copy onto your computer, so long as it doesn’t contain your credit card number.
Failing to do your homework
There’s nothing like a cheap price on a hot toy to get you to lower your security standards. Don’t. Like anywhere else, most too-good-to-be-true deals are just that. Before you buy from a retailer, check them out at the
Better Business Bureau or with a company such as
TRUSTe. These agencies’ logos on a Web site indicate that the retailer follows recommended security and privacy practices.
But some sites can trick you and appear legit by posting logos without adhering to the standards. Make sure that when you click on the logos you’re taken to the appropriate site and then look up the company. TRUSTe’s member list is
here.
It may be worth it to go with a well-known retailer that provides many ways to contact them. Even if you’re dealing with a legitimate smaller retailer, they may not have the money to adequately protect your sensitive data.
Ignoring your financial statements
Unauthorized withdrawals or charges can be the first tip-off that something’s awry. Check any monthly bank and credit card statements that arrive in the mail, but increase your vigilance by signing into your account online and reviewing transactions on a regular basis.
You should also regularly review your credit report. It can alert you to suspicious activity, such as accounts someone else has opened in your name. Credit-reporting agencies such as
Experian,
Equifax and
TransUnion are now required to provide you with one free report a year. West Coast states can start taking advantage of the rule in early December, with the rest of the country following suit by next summer. And remember, if you’ve been denied credit within the last 60 days based on your credit report, you’re already entitled to a free copy of that report now.
8 mistakes that expose you to online fraud
Originally Posted by arnoldsa
Posting Permissions
