How to Avoid Getting
Phished"> For the eSeminar, Norman prepared the following list of things users should do to prevent becoming a victim of online crime. Ive added a few of my own items to Normans list, reproduced here:
Be wary of e-mail! Never click on any link to a bank, eBay, or other merchants. Instead, open a browser (not just a new window) and type in the URL yourself. When in doubt, call the institution using the number listed in the phone book, not one provided in the e-mail or link.
Nobody needs to verify your passwords. Ever.
Practice good computer hygiene. Dont click on attachments. Run both anti-virus and anti-spyware applications. Firewall and privacy protection software are also a good idea. Update this software, as well as your operating system, on a regular basis.
If asked to call someone, use the listed telephone number and ask for that persons extension. Criminals often give scam telephone numbers to intended victims.
Consider the single-use credit cards available from Visa, American Express and other institutions.
Only provide personal information when you initiate the transaction and never when someone requests it, whether online or over the telephone.
If a resident of Texas or California, consider a credit freeze.
Order credit reports yearly and review them carefully. (These are often available for free. Visit www.privacy.ca.gov for information.)
Watch credit card and bank statements for small withdrawals. These are sometimes used to take small amounts of money that customers dont consider to be worth reporting. But 10 cents a month from 100,000 accounts really adds up.
Encrypt it or shred it. Use a cross-cut shredder (makes confetti, not long strips which are too easily reassembled) or burn documents containing personal information. Do not store PINs on your computer; lock them up or encrypt them.
Dont provide (or offer) unnecessary information. Ask yourself, "Why do these people need my information?"
Lying is OK. At least, in some circumstances, such as questionnaires which require an answer. Make something up. (A friend of mine has both a real birthday and a fake one that she usually gives out.)
If you follow these tips, you will avoid many of the scams and traps that criminals create to gather personal information which they then turn into cash. You will also help protect yourself against the accidental release of information, as well as against unscrupulous marketers and other lower life forms.
To read about AOLs attempts to combat phishing, click here.
In thinking about online crime, its useful to remember the Internets Cold War roots. Designed to survive a nuclear attack that took out portions of the network infrastructure, the Internet was not designed to prevent hacking and identity theft. When access to the Internet was limited, crime wasnt a problem. But when the network was opened to literally the entire world, it also took on the worlds problems, including criminal activities which the network was ill-prepared to thwart.
Meanwhile, the criminals are becoming ever more sophisticated. And this is where it may be that no amount of user education will help.
In a "worst nightmare" scenario, criminals hijack the Internets name servers or users desktops and redirect users to faked sites when they type in correct Internet addresses for banks or other institutions. Such attacks could be difficult or impossible for victims to recognize and will require technological solutions, both at the Internet-client and infrastructure level.
If this type of undetectableuntil too lateattack were to become widespread, the potential damage to electronic commerce might mirror what the attacks of September 11 did to other parts of the world economy. This potential damage is whats driving the global search for Internet weaknesses that can be fixed before its too late.
Here are some links you may find useful:
Federal Trade Commission Identity Theft Web site: www.consumer.gov/idtheft/index.html
Credit freeze and ID theft information for California (most states have similar sites run by the state attorney general): www.privacy.ca.gov
Our eSeminar on Phishing and Identity Theft can be found at http://www.eseminarslive.com/article2/0,2290,1788725,00.asp There are many other security-related Web seminars on our site as well. Visit www.eseminarslive.com to sign up or view previous eSeminars.
Contributing editor David Coursey has spent two decades writing about hardware, software and communications for business customers.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.