Armed with your private information, phishers can wreak havoc on your financial well-being – applying for credit cards and loans, enjoying shopping sprees at Internet merchants, and draining bank accounts at the speed of light faster than you can say “identity theft.” Just because something looks and sounds legitimate doesn’t mean that it is, and you’re not alone; even the most Internet-savvy users face the dangers of identity theft if they’re not careful.
According to a joint report issued by the US Department of Homeland Security and the Anti-Phishing Working Group, online thievery is a billion dollar industry and growing in sophistication as technology advances. Between March and April 2007 alone, Antiphishing.org reported a substantial increase (55,643 in April compared to 20,871 in March) of unique phishing expeditions targeting email, social networking sites and voice-over-IP (VOIP) applications.
The best protection against Internet piracy is not disclosing any information. If you don’t know the person, don’t say anything, and don’t click on any links within an email message without first verifying the request with the legitimate entity the messenger purports to represent. A quick search for the company in Google or Yahoo will give you the relevant information. If the alleged entity is your bank or credit card institution, use the contact number listed on your statements. As a general rule, reputable companies will not collect personal information over the Internet because of lax security. If the emails are indeed spam, the government encourages you to forward them to firstname.lastname@example.org, email@example.com and to the company being impersonated.
Before entering usernames and passwords, verify that websites are secure by looking for the https:// in the URL and the logo of a closed yellow lock in the lower right corner of the browser window (or just to the right of to the URL field in IE7.) One caveat does hold, however: Hackers hover like hawks over new technologies, and they will resort to forgery of these same digital security measures in the pursuit of wealth. Online job seekers make themselves especially vulnerable to attack by leaving contact information and personal histories on bulletin boards. Always verify the validity of a source before uploading personal information.
Thwarting unauthorized access to your desktop or notebook computer should be a top priority as well as creating a barrier between you and the pirates. Use antivirus, firewall, and anti-spyware software on your system, and update these programs regularly. Internet Explorer and Firefox provide excellent tools to monitor fraudulent sites. The phishing filter bundled in Internet Explorer 7 (located under the Tools menu) warns users of potentially threatening phishing sites by comparing the website against a confirmed list of suspect sites. Firefox’s anti-phishing feature functions in much the same way as the IE7 filter (access this feature by going to Tools à Options à Security). For an extra layer of protection, download Earthlink’s free Scamblocker tool-bar add-on application, which also warns users of the security risks associated with a website. Finally, change the default password of your broadband router and/or Wireless Access Point (WAP), remove access to unnecessary services like FTP and Telnet on servers, and block unused ports to prevent tampering or scanning by hackers. If your wireless network hardware supports it, enable WPA or WPA2 protection, even if you are currently using WEP which has been inadequate since 2003.
Careful and frequent review of your financial statements will alert you to any unauthorized charges against your accounts. Contact your bank or credit card company and alert them immediately to any suspicious activity. You are not liable for credit card charges you do not authorize. Remember – unless you initiate the contact, reject all requests for personal information.
If you suspect yourself to be a victim of identity theft, you can take the following measures to minimize damage to your financial reputation:
Change your passwords. Select passwords that do not disclose identifying details and cannot be associated with you (e.g., your birthday.)
Contact your financial institution immediately, and close any accounts that have been tampered with.
If you’ve disclosed any personal identifying information, contact one of the three credit bureaus to determine whether a fraud alert should be placed.
Contact the Social Security Administration to report fraudulent activity.
Report thefts to the local police.
File a complaint with the Federal Trade Commission (www.ftc.org) and the FTC’s Fraud and IDTheft Division (www.consumer.gov/idtheft).
If your bills do not arrive on time, receive denials of credit for any unknown reason or find purchases you did not make, call your financial institution immediately.