| |
|
|
|
|
| DollarWise | 8 mistakes that expose you to online fraud
|
Seemingly harmless Internet habits make a scammer's job easy. Here's how to protect your credit cards, your bank account and your identity.
By Jennifer Mulrean
Truth be told, if someone is really out to deceive you, he probably can.
Online, its already difficult to get a feel for whether youre dealing with credible businesses. But that doesnt mean you should roll over and make a scammers job any easier.
The first thing to do: Take a hard look at your computer habits. If youre committing any of the following online security faux pas, you may want to reform your ways -- before someone else takes advantage of your lapses.
Giving out personal information
The number of so-called phishing scams has taken off. You can read more about the scam here, but it boils down to being lured into giving your personal information by official-looking fake e-mails and Web sites. Here's where the damage is done: Thieves can use your info to steal your identity and empty your checking account, charge up your credit cards or open new accounts in your name.
Here's how to avoid phishing scams:
- Legitimate companies do not ask for sensitive personal information via e-mail. Do not respond to the phishing e-mails, fill out any forms asking for personal information or click on the links contained in the e-mails. The links can direct you to fake Web sites or force you to download a key-logger program that spies on everything you type -- even into legitimate sites.
- If youre going to enter personal or financial information on any site, check that it is a "secure" site. Look at the address for the Web page where you enter your payment information. The URL should start with https:// and you should see an icon for a padlock at the bottom of your browser.
- Be skeptical. Phishing e-mails often look like they are from well-known companies such as Citibank, eBay and PayPal. Scammers use scare tactics to try to get you to verify or secure your account. If you have any doubts about whether the e-mail is real, go to the companys real Web site by typing its URL into your Internet browsers address bar or by calling the company.
Paying with cash, check or money order
Paying with cash -- by using a check, money order or the like -- leaves you little hope of getting your money back should anything go wrong. When you pay with a credit card, however, federal law limits your liability to $50 for unauthorized purchases. Also, some credit cards have protection policies that limit your liability to $0.
If youre not comfortable revealing your credit card number to an online merchant, consider using PayPal or another payment service that shields your account number from view. Youll want to check with your credit card issuer, however, to make sure their fraud-protection policies cover the transactions you make with a PayPal account and not just the funding of that account.
Debit cards are a little better than cashiers checks and money orders, but if you dont catch the fraud within a couple of days, your liability under federal law is $500, not $50 as with credit cards. If you dont catch the fraud within 60 days, you could be out the whole amount.
Letting retailers store your credit card data
Sure, its a pain to retype your credit card number and address into Web site after Web site. But hackers are becoming more sophisticated in their attacks. Two monster attacks on consumer information took place in June when:- MasterCard International reported that some 40 million credit card accounts of all brands may have been exposed to fraud when hackers struck a company that processes credit card transactions.
- Citigroup said that personal information on 3.9 million consumer lending customers of its CitiFinancial subsidiary was lost by UPS while the information was being shipped to a credit bureau.
Using soft passwords or storing them where others can find them
Your eBay account password may not seem like top secret information, but consider what access to it would provide someone else -- needed personal information such as your address or the ability to make bids in your name, for starters.
Internet security company Verisign recommends the following password strategies:- Have a different password for every account.
- Make sure your passwords are not any publicly available information such as phone numbers or birthdates.
- Make sure your passwords are at least six characters long, with mixtures of letters, numbers and punctuation.
- Finally, dont undo all your creative password efforts by writing them on Post-its or storing them on lists saved onto your computer.
Failing to keep up with computer security
Security isnt something you can attend to only when first setting up a new computer. It needs ongoing diligence. At least use the following:
- A firewall: This is either hardware or software that will protect your computer from others gaining access to it via the Internet.
- Virus protection software: This can monitor both incoming and outgoing files for your computer, alerting you if youve received a known virus (and killing it). Youll need to update it frequently to protect against the latest viruses.
- Security patches for your computers operating system: Hackers are continually finding new ways to exploit vulnerabilities in computer operating systems. According to the Internet Storm Center, an unpatched PC thats connected to the Internet would only make it about 20 minutes before being compromised by malicious programs. Downloading the latest security patches can help protect you against these threats.
Failing to keep records of your transactions
Buying and selling things online isnt new. Most retailers routinely e-mail you your receipt. But if youre dealing with a less-than-honest individual, or you simply enter the wrong e-mail address, that receipt may never hit your inbox. Its best to print a copy of the transaction confirmation page or save a copy onto your computer, so long as it doesnt contain your credit card number.
Failing to do your homework
Theres nothing like a cheap price on a hot toy to get you to lower your security standards. Dont. Like anywhere else, most too-good-to-be-true deals are just that. Before you buy from a retailer, check them out at the Better Business Bureau or with a company such as TRUSTe. These agencies logos on a Web site indicate that the retailer follows recommended security and privacy practices.
But some sites can trick you and appear legit by posting logos without adhering to the standards. Make sure that when you click on the logos youre taken to the appropriate site and then look up the company. TRUSTes member list is here.
It may be worth it to go with a well-known retailer that provides many ways to contact them. Even if youre dealing with a legitimate smaller retailer, they may not have the money to adequately protect your sensitive data.
Ignoring your financial statements
Unauthorized withdrawals or charges can be the first tip-off that somethings awry. Check any monthly bank and credit card statements that arrive in the mail, but increase your vigilance by signing into your account online and reviewing transactions on a regular basis.
You should also regularly review your credit report. It can alert you to suspicious activity, such as accounts someone else has opened in your name. Credit-reporting agencies such as Experian, Equifax and TransUnion are now required to provide you with one free report a year. Residents of the Midwestern, Southern and Western United States can take advantage of the rule now. Those in the East, Puerto Rico and U.S. Territories can get free reports starting Sept. 1. And remember, if youve been denied credit within the last 60 days based on your credit report, youre already entitled to a free copy of that report now.
|
|
|
|
|
|
MSN Money's editorial goal is to provide a forum for personal finance and investment ideas. Our articles, columns, message board posts and other features should not be construed as investment advice, nor does their appearance imply an endorsement by Microsoft of any specific security or trading strategy. An investor's best course of action must be based on individual circumstances.
|
|
