Would you give up your bank account and credit card numbers to a stranger on the street after he approaches and asks for them? Of course not. But that’s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers.
One of the most common ways this is done is through phishing.
- The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait.
- The bait may be a notice you’ve won a prize; a warning that your bank account has been compromised or that you owe back taxes; an alert that something went wrong with your UPS delivery; or something about your medical insurance.
- These subject lines are designed to get you to open the e-mail and then follow its instructions to remedy the problem—instructions to the tune of typing out your personal information including passwords.
- Sometimes the fraudster has already gained information from a victim and will use that to make the victim think that the phishing e-mail is legitimate.
- These e-mails contain links; never click on them. They’re designed to entice people into giving up personal information, or, the site they take you to will download a virus to your computer.
- Sometime the e-mail will contain an attachment. Opening it can download a virus.
- What if the e-mail appears to be legitimate, complete with company logo, colors, design and details about you? Contact the company first, by phone, to see if they sent out such an e-mail. Don’t click any link to get on the company’s site; instead go there via typing into the URL field.
- You may have heard that hovering over the link will show its true destination, but this isn’t always the case.
- Remind yourself that you are not special: Why would YOU inherit money from some strange prince in a foreign country?
- Passwords should never contain words or names that can be found in a dictionary. I know you so desperately want to include the name of your favorite football team in it, but don’t. Such passwords are easier for hackers to crack.
- Never use keyboard sequences; again, a hacker’s tool can find these.
- Make a password almost impossible to crack by making it at least 12 characters, a mix of upper and lower case letters, and include numbers and other symbols.
- Use a different password for every account.
- You should have a complete system that’s regularly updated.
- Have a firewall too.
Virtual Private Network
- Download Hotspot Shield to encrypt your data on public WiFi hotspots.
- Shield your IP address from webtracking companies who desire your information to sell you stuff or from search engines who hand that data over to the government.
- Whenever possible, visit only sites that have https rather than http, because the “s” means it’s a secure site.
A padlock icon before the https means the site is secure.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.