By Jessica Walker
This months interview is packed full of so many helpful tips that I
have decided to feed it to you in a five-part series to make it easily
digestible. Each new segment will be posted every Tuesday and Thursday
over the next couple weeks, so be sure to subscribe to the blog to get
an email alert every time a new segment is posted. There will also be
a chance to win a prize after each segment, but you will have to visit my column on our blog to learn how to win.
Unfortunately, the inspiration for this interview came from several
instances where my personal information and credit card information
were stolen. After cleaning up each occurrence, I printed a free
credit report from all three credit agency’s through www.annualcreditreport.com,
to check for unauthorized charges. I also had each agency place a
fraud alert on my credit. The fraud alert is free and lasts for 90
days.
Until a couple years ago, I never knew anyone that was affected by
online fraud. Now I am amazed at how many people I talk to that have
had similar experiences. So this month I am on a mission to save as
many of you as possible from becoming a victim to online fraud. And
how do I plan to do that you ask? Well, I have an expert up my sleeve
that has superhero credentials. This crusader spent 13 years at
Microsoft where she was a pioneer in online safety for mobile devices
and PC’s for the MSN division.
I’d like to introduce everyone to Linda Criddle, currently the
founder and President of LOOKBOTHWAYS, Inc., a company that develops
internet safety technologies and products while providing product
design, safety reviews, and other consulting services to leading
technology companies, regulatory bodies, and law enforcement, as well
as offering practical assistance to consumers navigating the online
world through a consumer internet safety site, iLOOKBOTHWAYS.com
Linda is also president of the Safe Internet Alliance,
devoted to promoting a safe Internet and better educating and
protecting all users, especially children, teens and the elderly, from
Internet corruption, crime, and abuse by driving initiatives through
industry, education, government, and non-profit entities.
Through the above mentioned entities, Linda collaborates with local,
state, national and international law enforcement agencies, teaching
how to understand and track predators online. Linda also works with
government organizations in the U.S. and around the world to advise on,
and prepare, internet safety regulations and legislation.
In addition, Linda is an author of the award-winning consumer-oriented books, “Look Both Ways: Help Protect Your Family on the Internet,” and “Using the Internet Safely for Seniors For Dummies.” She has also written “Internet Safety for Educators”, a distance-learning course offered through Universities.
Until next time, here’s to keeping you Safer in the City!
- Jessica
Segment One
Jessica: What should our members do to prevent
their identity and or financial information (i.e. credit cards, account
numbers) from being stolen on or offline?
Linda: A few key steps can make a real difference in protecting your identity and financial information.
Consider what information about you is online - Search to find the
total set of information that you - and others - have shared about you
online. What have you posted, friends posted, family members,
employers, schools, groups, associations, clubs, teams, and church
groups, posted? If you donate to charities, do their sites place your
name and amount of donation on their sites? Have you ever posted a
resume? (There is nothing wrong in posting resumes, but restrict
contact and address information until you’re actually interviewing, and
TAKE IT DOWN when you’ve landed the job!). Check online county records;
if you own property find out how much information is available on you
and your property - I’ve seen cases where in addition to the basic
information, the registrar’s office also displays information about
floor plans, and loan papers - which include the name of the lending
institution, the loan number, and people’s SSN’s and signatures. Look
to see if they show power of attorney documents, what information is
available on your birth certificate, and of any children’s birth
certificates. If previously married and divorced what information can
be gleaned from these records? Once you have a firm understanding of
your footprint of possible exposure, work to remove, or have removed,
any information that you don’t feel is appropriate. Discuss with others
where your privacy boundaries are so that they do not over-share about
you, and ask others for their boundaries so you can be respectful of
their safety and privacy needs as well.
Secure your computer. If your computer isn’t protected from viruses
and other malware your financial information, your passwords, and
everything else you store on your computer or do online will be abused.
This concept is so basic, yet only 20% of the US population adequately
protects their computers. If the cost of security software is
prohibitive, use one of the excellent free services.
Use strong passwords. Passwords do not have to be hard to remember,
just hard to guess. Never use information about yourself as a password.
They need to be long (8 or more characters) and use uppercase,
lowercase, numbers and symbols. This isn’t hard to do. For example text
messaging short-codes can really help make this easy - 2BorNot2B? (To
be or not to be, that is the question) or MaybeL8r (maybe later).
Check your credit history and freeze your credit. I’d guess that
less than 10% of people consistently check their credit histories to
ensure nothing is damaging their credit scores. By law, you have the
right to three FREE reports each year. You may choose to pay to have a
company monitor your credit for you, but unless you’ve had real trouble
with ID theft in the past this is probably not a necessary expense. If
you are not actively seeking a line of credit now or in the next month,
freeze your credit. This is one of the simplest things you can do, but
a step that few actually take. This blocks anyone from taking out a
loan or opening a new credit card in your name. It’s easy to do -
contact one of the credit bureaus - and is either free or low cost
depending on their criteria.
Only purchase from reputable online stores. The price may be cheaper
at a store with no reputation, but you don’t want to gamble with your
financial information. To find out if a store has a good reputation,
the Better Business Bureau has an online site where you should be able
to look up this information. Keep all purchase confirmation emails in
case you need to dispute something.
Beware of scams. Far too many people ‘give’ away their information
to criminals by falling for scams in email and on the web. NEVER use a
link provided to you to get to a site, find the URL yourself. You want
to be in the drivers seat when going to sites online – that way you end
up where you intended to, not on a clever fake site.
Physical world requirements. In addition to the safety steps above,
physical items need additional protections. Shred financial documents;
far too many people are careless with financial materials yet more ID
theft is still carried out the good old dumpster diving way. Protect
your possessions like your wallet and purse because a significant
amount of ID theft is done by someone the victim knows, including
parents, siblings, children and close friends.
Segment 2
Jessica: What are the steps that someone should take if their identity or financial information is stolen?
Linda: If you or someone close to you has been a victim of Identity theft, go to the U.S. Federal Trade Commission Identity Theft site to find out what steps to take and how to report it. In addition, consider:
Report the crime to your local law enforcement agency. This may be a necessary first step to freezing your accounts to prevent further attacks.
Inform family members and friends that their risk
could be heightened if the information was stolen from a computer or
mobile phone where your address book may have been compromised.
Notify your health insurance company as medical fraud using stolen information is on the rise.
If you know the Website from which your information was stolen, contact the company (if it is reputable) or contact the Better Business Bureau and file a complaint.
Get support. Depending on the circumstances ID
theft can be very emotionally draining – your sense of security has
been violated. It may leave you suspecting everyone around you, and
unsure who you can trust. Recognize that this is a case of broken
trust, not just financial loss and a real pain to clean up. Often
people are sympathetic when it first occurs, but aren’t as supportive
throughout the process. Feelings of abuse or betrayal may come in waves
as each step in the process triggers new frustrations (often aggravated
by the lack of helpfulness of government agencies and companies).
Jessica: How can the local police help with
identity theft or when a credit card or debit card number is stolen
online? Does online fraud fall under the local authorities
jurisdiction or a federal agency?
Linda: Online ID theft may fall under both local
and federal (possibly even international) jurisdiction. You should
always report crimes against you to your local law enforcement agency.
They will determine what other agencies need to be involved. Often you
need to show you have filed a police report in order for companies to
begin removing charges from your account.
Jessica: Your book really opened my eyes to the
fraud associated with an individuals medical information. Please give
our members examples of medical identity theft and ways that they can
safeguard against it.
Linda: Thank you. Medical identity theft is a very
lucrative form of crime. With medical costs skyrocketing, criminals are
quick to leverage the opportunities this enables. With a stolen medical
identity, criminals can alter the records to show that the person needs
prescription drugs – and have them sent to another address. They can
indicate the patient needs hip replacement (for example) and ‘resell’
that operation to someone who needs the replacement but can’t afford
the full price, pocketing the under-the-counter payment, and so on.
While the point is to scam the insurance company, the consequences to
you of having your medical records altered may be serious – even fatal
– to you in an emergency medical situation.
Segment 3
Jessica: More and more people are using the online
banking tools offered by their banks. While these tools are
convenient, how safe are they really? Is it safer to pay your bills
online or through the mail?
Linda: It depends, you can be safe banking and bill
paying online if you know how; failing to act appropriately can
significantly increase your risks when banking online. Many of the
precautions needed here are the same as we’ve already discussed. Learn
to minimize your two risk areas – your personal computing environment,
and gaps in your internet safety skills – to use online transaction
services safely.
Remove risks in your computing environment. Ask yourself:
Is the computer you are using secure? You must have up-to-date
security software, which means antivirus and anti-spyware protection.
Is your connection secure? Make sure the firewall is on. If you use
a wireless network, it needs to be encrypted so someone outside the
house can’t collect your information.
Do you have a secure password? Weak passwords are bypassed in a
matter of minutes. You might as well use a strip of scotch tape to lock
your front door.
Your biggest threat, once you have secured your computer, is through
your own actions online. Cyber-criminals are masters in fooling
unsuspecting consumers into exposing themselves to risks. Financial
criminals use a thousand ploys, but each ploy has the same key
elements. They need to know who you are, where you transact business,
and how to access your account(s). So don’t give them this information.
Don’t assume, require proof. A classic method for
swindling is to use what appears to be one piece of information to
collect more. For example, a scammer sends out a fake email pretending
its from a bank notifying recipients that they need to re-enter their
account information. Some percentage of recipients will make one or
more of the following assumptions.
That the sender knows them
That the sender knows where they bank
That the sender is the bank
That there is in fact a problem with their account
None of these statements is true. But criminals count on a certain
percentage of recipients to assume these inferred connections are
true. Those that fall for the assumptions in reality provide the
criminal with all three critical pieces of data. By responding, they
confirm who they are, where they transact business, and provide their
credentials to ‘fix’ the problem.
Don’t misplace trust. Identifying the trustworthiness - or lack of
trustworthiness – of the people, email, Websites, content, and
businesses you interact with is a critical life skill in any
environment – trust the wrong entity and you can loose your life
savings.
Steer don’t be pulled. Stay in the driver’s seat and get to websites
on your own by searching, don’t be pulled by links that may or may not
be legitimate.
Protect personal information. Though it is relatively rare that
email is intercepted, never share passwords, social security numbers,
credit card information, and the like. What you post online is another
potential ‘leak-point’, protect personal and financial information
everywhere.
Learn to spot scams. Don’t respond to any e-mail requesting that
personal or account information. That “urgent” message may look like
it’s from your bank, but it’s bogus. A financial institution would
never send you an e-mail asking for your personal information, PIN or
password. Never!
If you do all of the above, you have a reasonably strong chance of
having only positive experiences. For the record, I use online banking
services.
Segment 4
Jessica: Please give our members examples of the
information that should be withheld from a dating profile or a social
networking profile, information that a criminal could use against them.
Linda: When you are first meeting and getting to
know someone online you want to share what you care about, and not much
about who or where you are.
Maintain anonymity to protect your identity. Don’t include your full
name, phone number, where you work, financial status, or detailed
location information in your profile or during early communications
with potential dates. Stop communicating with anyone who presses you
for this type of information.
Use the e-mail system provided by the dating service rather than your own e-mail address to maintain your privacy.
Be smart about choosing profile pictures and learn how to share photos safely. Make
sure your photos reflect what you want to say about yourself.
Provocative pictures may attract the wrong people. Make sure that your
images do not contain identifying information.
Set your search criteria to filter out anyone with behaviors you may
not want to deal with, and check to see if a potential date has a good
reputation among other daters on the service.
Be cautious about sharing emotional vulnerabilities. It is very easy
for criminals to play to emotions to gain undeserved trust, or to tell
a sad story to gain your sympathies. Use a friend as a sanity check –
if the story sounds like a stretch to them it probably is.
Note any inconsistencies in what they say about themselves.
Periodically reviewing exchanges you’ve had with a critical eye is
healthy. This is a real advantage with the Internet, because it IS
written down, not something fuzzy in your memory.
Jessica: Safer Dates recently partnered with your company ReputationShare and added a gauge to our member profiles that track online behaviors. How can our members get the most out of this feature?
Linda: You deserve to experience the Web, and the
people you meet through the Web, on your own terms. I was super pleased
to learn how much Safer Dates is dedicated to providing as safe an
environment as they can, AND how much they respect their users. ReputationShare does two key things for Safer Dates users.
First, it helps the service identify and manage rogue users because, like credit bureaus, ReputationShare
literally shares people’s online reputations across participating
sites. If someone has been abusing other Dating sites or their
members, Safer Dates can see that information even as the person is
registering and take appropriate steps. That said, unlike credit
bureaus, the ReputationShare service does not receive or
store any information about who the user is. Consumers privacy is
extremely important to us. Users stay entirely anonymous, but both
positive and negative behaviors associated with their email alias are
collected. Of course, we have advanced algorithms to identify email
accounts being gamed. Learn more about ReputationShare on www.reputationshare.net.
Second, it gives users the ability to make more informed choices about who they choose to interact with.
Segment 5
Jessica: The majority of us receive emails from
friends and family with a request to send the message to a certain
number of people and something extraordinary will happen within
minutes. Is there a chance that malware could be added to your
computer or the next persons computer if you pass the email on?
Linda: The email messages themselves aren’t going
to hurt you – but if they have attachments, downloads, or links
included, and you click or download these your chances of getting
malware are very high. Never click on the attachments or links in chain
mails. Period. And don’t forward them to others. Forwarding these
emails at a minimum clogs email servers (an estimated 93% of all email
is spam), worst case you are placing others at significant risk for
malware.
Jessica: Is it safe to unsubscribe from an emailed
advertisement? Could malware be added to your computer when you
unsubscribe? Is there a national “do not email” list similar to the
“do not call” list?
Linda: If you are currently subscribed to the
company that (purportedly) sent the email advertisement and you want to
unsubscribe, do not use the link in the email. Use a search engine to
find the company’s website - so you know you are really on the
legitimate site – and then use the unsubscribe option there.
If the email is not legitimate and you click on the unsubscribe
link, you will surely have malware trying to get onto your computer.
If you suspect the email is fraudulent, you may want to report it to
the company – larger sites usually have a unique “report spam” email
address for this purpose.
There is no national ‘do not send spam email to this account’ list; if there was, it would surely be used to send spam.
Jessica: You worked for Microsoft for 13 years and
your book naturally addresses Windows and information pertaining to
PC’s. But, I would like to offer advice to our members that have
Macintosh computers. Macs have built in virus protection but that
doesn’t mean they are impervious to criminals. With that said, what
tools do you recommend for our members that have Macs?
Linda: Mac users have traditionally felt safe from
malware attacks and they were largely safe in doing so because
criminals always go for the biggest opportunity and with Windows
dominating over 90% of computers, Apple machines were an edge case. As
Apple’s market share increases, so have the threats to Mac computers,
and iPhones. Unfortunately, the smugness that some Mac users have felt
when watching attacks against the Windows OS has led to very poor
adoption rates of security software. This is a real mistake. The
security and safety advice I have given remains true regardless of the
Operating System you run.
