Protect Your Online Information and Avoid Being Scammed
OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. The Federal Trade Commission (FTC) maintains OnGuardOnline.gov. Much of the following information in this section came from the OnGuardOnline.gov website.
I. Protect your personal information.
To an identity thief, your personal information can provide instant access to your financial accounts, your credit record, and other assets. Anyone can be a victim of identity theft. There are almost 10 million victims every year. Some cases start when online data is stolen. You can go to www.ftc.gov/idtheft to learn what to do if your identity is stolen.
When it comes to crimes like identity theft, you can’t entirely control whether you will become a victim. But following these tips can help minimize your risk while you’re online:
A. If you’re asked for your personal information (e.g., your name, email or home address, phone number, account numbers, or Social Security number) find out how it’s going to be used and how it will be protected before you share it. If you have children, teach them to not give out your last name, your home address, or your phone number on the Internet.
B. If you get an email or pop-up message asking for personal information, do not reply or click on the link in the message. The safest course of action is not to respond to requests for your personal or financial information. If you believe there may be a need for such information by a company with whom you have an account or placed an order, contact that company directly in a way you know to be genuine. In any case, do not send your personal information via email because email is not a secure transmission method.
C. If you are shopping online, do not provide your personal or financial information through a company’s website until you have checked for indicators that the site is secure, like a lock icon on the browser’s status bar or a website URL that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some scammers have forged security icons.
II. Know with whom you’re dealing.
It is remarkably simple for online scammers to impersonate a legitimate business, so you need to know whom you’re dealing with. If you’re shopping online, check out the seller before you buy. A legitimate business or individual seller should give you a physical address and a working telephone number at which they can be contacted in case you have problems.
Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
For example, in 2003 there was a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
Phishers send spam or pop-up messages claiming to be from a business or organization that you might deal with, for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. Again, the message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you do not respond. The message directs you to a website that looks just like a legitimate organization’s, but is not. The purpose of the bogus site is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name. Do not take the bait. Never reply to or click on links in email or pop-ups that ask for personal information. Legitimate companies do not ask for this information via email. If you are directed to a website to update your information, verify that the site is legitimate by calling the company directly, using contact information from your account statements.
Every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often the software is free and easily accessible. But file-sharing can have a number of risks. If you do not check the proper settings, you could allow access not just to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents. If you decide to use file-sharing software, set it up very carefully. Take the time to read the End User Licensing Agreement to be sure you understand and are willing to tolerate the side effects of any free downloads.
Many free downloads come with potentially undesirable side effects. Spyware is software installed without your knowledge or consent that adversely affects your ability to use your computer, sometimes by monitoring or controlling how you use it. To avoid spyware, resist the urge to install any software unless you know exactly what it is. Your anti-virus software may include anti-spyware capability that you can activate, but if it does not, you can install separate anti-spyware software, and then use it regularly to scan for and delete any spyware programs that may sneak onto your computer.
III. Use anti-spyware software, as well as a firewall, and update them all regularly.
Firewalls help keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don’t permit. Some operating systems and hardware devices come with a built-in firewall that may be shipped in the “off” mode. Make sure you turn it on. For your firewall to be effective, it needs to be set up properly and updated regularly.
If your operating system does not include a firewall, get a separate software firewall that runs in the background while you work, or install a hardware firewall — an external device that includes firewall software.
IV. Be sure to set up your operating system and Web browser software properly, and update them regularly.
Hackers also take advantage of Web browsers (like Internet Explorer or Netscape) and operating system software (like Windows or Linux) that are unsecured. Lessen your risk by changing the settings in your browser or operating system and increasing your online security. Check the “Tools” or “Options” menus for built-in security features. If you need help understanding your choices, use your “Help” function.
Your operating system also may offer free software patches that close holes in the system that hackers could exploit. In fact, some common operating systems can be set to automatically retrieve and install patches for you. If your system does not do this, bookmark the website for your system’s manufacturer so you can regularly visit and update your system with defenses against the latest attacks. Updating can be as simple as one click. Your email software may help you avoid viruses by giving you the ability to filter certain types of spam.
If you are not using your computer for an extended period, turn it off or unplug it from the phone or cable line. When it’s off, the computer doesn’t send or receive information from the Internet and isn’t vulnerable to hackers.
V. Protect your passwords.
Keep your passwords in a secure place, and out of plain view. Don’t share your passwords on the Internet, over email, or on the phone. Your Internet Service Provider (ISP) should never ask for your password. In addition, hackers may try to figure out your passwords to gain access to your computer. You can make it tougher for them by:
A. Using passwords that have at least eight characters and include numbers or symbols.
B. Avoiding common words: some hackers use programs that can try every word in the dictionary.
C. Not using your personal information, your login name, or adjacent keys on the keyboard as passwords.
D. Changing your passwords regularly (at a minimum, every 90 days).
E. Not using the same password for each online account you access.
VI. Internet fraud
If a scammer takes advantage of you through an Internet auction, when you’re shopping online, or in any other way, report it to the Federal Trade Commission, at ftc.gov. The FTC enters Internet, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
VI. Deceptive Spam
If you get deceptive spam, including email phishing for your information, forward it to firstname.lastname@example.org. Be sure to include the full header of the email, including all routing information. You also may report phishing email to email@example.com. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
VII. Divulged Personal Information
If you believe you have mistakenly given your personal information to a fraudster, file a complaint at ftc.gov, and then visit the Federal Trade Commission’s Identity Theft website at www.ftc.gov/idtheft to learn how to minimize your risk of damage from a potential theft of your identity.