High-tech thieves can use the Internet to gather the account numbers and
other personal data they need to steal your identity. You could be at
risk if you shop, pay bills or access your bank accounts online -- or
even if you store personal data, such as your Social Security number or
credit card numbers, on your own computer.
Here's how to steer clear of the Internet missteps that can lead to
identity theft. These include...
Mistake: Sending e-mail that contains confidential information.
Even if the recipient of your e-mail is reliable enough to be trusted
with your sensitive information (Social Security number, driver's
license number, credit card number, date of birth, mother's maiden
name), others could gain access to your message as well. E-mail does not
transfer instantly from our computer to our recipient's computer. The
message makes stops at several points along the way, where they could be
Alternately, if a criminal gained access to your computer or the message
recipient's computer, he/she could find your e-mail stored in memory.
Self-defense: Convey sensitive information over the phone, not the
Mistake: Providing personal details on social networking Web sites or
The Internet is a great place to converse with people who share your
interests, but sharing too much information could put you in danger. A
criminal might decide that you make a good target for identity theft --
Self-defense: Keep personal details to a minimum when online. Never
mention your address, phone number or financial institutions with which
you have accounts. Use a nickname. Withhold personal information even in
private e-mail exchanges with people you meet through the Internet.
These people might not be what they seem.
Mistake: Downloading free programs from the Internet or clicking on
pop-ups. When you download a program from the Internet, you could
unknowingly load spyware onto your computer in the process. This spyware
could give a scammer access to any information you type into or save on
your computer. Clicking on a pop-up could create similar problems.
(There often is no way to tell the safe pop-ups from the unsafe ones, so
the best policy is to skip them all.)
Self-defense: Download software from the Internet only if you're
confident in the integrity of the site providing the program.
Internet security programs can help prevent spyware from reaching your
computer and remove it if it does.
If you have only one spyware program, download another one and run it
every few weeks as a backup -- no single security program catches every
Mistake: Assuming e-mail messages are from who they seem to be from.
Scammers can make e-mail messages appear to have been sent by anyone,
including people and businesses you know.
Examples: You receive an e-mail that appears to be from your bank. It
asks whether you made a particular transaction and warns that you must
respond immediately if you did not. Or, you receive an e-mail that
appears to come from the IRS. It says you will be audited if you do not
reply to the message quickly, then asks for your Social Security number
or other personal information.
Self-defense: Be very suspicious of e-mail claiming to be from a
financial institution or the IRS, particularly if you're asked to enter
passwords, account numbers or Social Security numbers (or it steers you
to Web sites that ask for any of these things). These messages are
likely to be from scammers. Instead, look up the phone number of the
company or agency that the e-mail claims to be from (do not trust the
phone number that might be included in the e-mail) and call to confirm
the validity of the message.
If you receive an e-mail message that seems to be from a friend
featuring an Internet link or picture and a simple message such as "you
have to see this," it might have been sent by a scammer. If you click
the link, it could load spyware onto your computer, opening the door to
identity theft. Do not click the link or open the picture until you have
contacted your friend and confirmed that he sent the note.
Mistake: Entering important data or passwords into a public computer.
The public computers in libraries and coffeehouses are often
contaminated with spyware.
Self-defense: Assume that everything you type on these computers is
being recorded. Never use public computers to make online purchases or
to do online banking. Do not even check your e-mail -- a scammer could
learn your user name and password and gain access to personal
information stored in your e-mail files.
Mistake: Trusting Web sites that have weak security.
Most Internet companies that accept credit card numbers or other
sensitive data work very hard to keep this information secure.
Unfortunately, some sites' security measures fall short, increasing the
odds that a criminal could be monitoring your transaction and stealing
Self-defense: Do not enter your credit card number or any other
important data into a Web site unless its Web address begins "https,"
not just "http." The "s" indicates an added level of security. A small
picture of a closed lock should appear on the Web address line as well.
Note: Never enter confidential information onto a site if you clicked on
it from an e-mail, even if it has "https." Always type in a URL.
Mistake: Picking obvious passwords.
Scammers have software that can help them guess common passwords. If
your password is a date, a name, a word or a repeating or progressive
series of letters or numbers, such as "zzzz" or "2468," it could be
cracked if a high-tech criminal targets you. If you use the same
password for many accounts, this could give the criminal wide access to
your personal and financial information.
Self-defense: The most secure passwords are multiple-word phrases. If
the site permits, these should include numbers or symbols, such as
"my2dogsareyellow" or "Ilikeham$alad."