Eight Ways to Defend Against Pretexting
1. FTC advice: Dont give out personal information on the phone, through the mail or over the Internet unless youve initiated the contact or know who youre dealing with. Pretexters may pose as representatives of survey firms, banks, ISPs and even government agencies to get you to reveal your SSN, mothers maiden name, financial account numbers and other identifying information. Legitimate organizations with which you do business have the information they need and will not ask you for it.
My advice: Think in reverse, like a pretexter. How much information would you need to get into one of your accounts? It probably takes only four or five pieces of information. Make sure those pieces dont include easily discoverable information like your Social Security number. Dont do business with organizations that dont allow you to use something other than your SSN to identify yourself.
2. FTC advice: Be informed. Ask your financial institutions for their policies about sharing your information. Ask them specifically about their policies designed to prevent pretexting.
My advice: This isnt very helpful. Be specific and ask them why they need each piece of information that is asked for, and whether you can use a substitute for your SSN or other such information.
3. FTC advice: Alert family members to the dangers of pretexting. Explain that only you, or someone you authorize, should provide personal information to others.
My advice: This makes some modest sense. Keeping your personal information and that of your family on paper in a safe place is safer than keeping it on the computer in your living room.
4. FTC advice: Keep items with personal information in a safe place. Tear or shred your charge receipts, copies of credit applications, insurance forms, bank checks and other financial statements that youre discarding, expired charge cards and credit offers you get in the mail.
My advice: Refuse to do business with institutions that send credit offers in the mail. Invest in a shredder and have a shredding party once a week. Good job for the kids: They like the whir and crunch of shredders.
5. FTC advice: Add passwords to your credit card, bank and phone accounts. Avoid using easily available information like your mothers maiden name, your birth date, the last four digits of your SSN, your phone number or a series of consecutive numbers.
My advice: The SSN was never meant to be a universal identifier. Join the chorus of voices pushing to eradicate the SSN as a commonly requested means of identification.
6. FTC advice: Be mindful about where you leave personal information in your home, especially if you have roommates or are having work done in your home by others.
My advice: OK, have that shredding party more frequently than once a week. Shred when you sort the mail.
7. FTC advice: Find out who has access to your personal information at work and verify that the records are kept in a secure location.
My advice: This one will become a bigger issue this year. Your company has lots of personal information about you. This is your turn to ask the company exactly why they need that information, how they keep it secure and what happens to it if you leave the company.
8. FTC advice: Order a copy of your credit report from the three nationwide consumer reporting companies every year.
My advice: This makes sense; just be sure not to leave the report lying around. You can get more information on credit reports from this Web site.
eWEEK magazine editor in chief Eric Lundquist can be reached at firstname.lastname@example.org.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.