Eight Ways to Defend Against Pretexting

Opinion: The FTC offers useful advice on how to protect your personal information from dishonest queries, but don't stop there.

Note: These steps are drawn from the Federal Trade Commissions advice on avoiding being caught by "pretexting," or acquiring personal information under false pretenses. Ive presented the FTCs advice and added a comment of my own along with each point.

1. FTC advice: Dont give out personal information on the phone, through the mail or over the Internet unless youve initiated the contact or know who youre dealing with. Pretexters may pose as representatives of survey firms, banks, ISPs and even government agencies to get you to reveal your SSN, mothers maiden name, financial account numbers and other identifying information. Legitimate organizations with which you do business have the information they need and will not ask you for it.

My advice: Think in reverse, like a pretexter. How much information would you need to get into one of your accounts? It probably takes only four or five pieces of information. Make sure those pieces dont include easily discoverable information like your Social Security number. Dont do business with organizations that dont allow you to use something other than your SSN to identify yourself.

2. FTC advice: Be informed. Ask your financial institutions for their policies about sharing your information. Ask them specifically about their policies designed to prevent pretexting.

My advice: This isnt very helpful. Be specific and ask them why they need each piece of information that is asked for, and whether you can use a substitute for your SSN or other such information.

3. FTC advice: Alert family members to the dangers of pretexting. Explain that only you, or someone you authorize, should provide personal information to others.

My advice: This makes some modest sense. Keeping your personal information and that of your family on paper in a safe place is safer than keeping it on the computer in your living room.

4. FTC advice: Keep items with personal information in a safe place. Tear or shred your charge receipts, copies of credit applications, insurance forms, bank checks and other financial statements that youre discarding, expired charge cards and credit offers you get in the mail.

/zimages/3/28571.gifHP chairman could fall in boardroom scandal. Click here to read more.

My advice: Refuse to do business with institutions that send credit offers in the mail. Invest in a shredder and have a shredding party once a week. Good job for the kids: They like the whir and crunch of shredders.

/zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

5. FTC advice: Add passwords to your credit card, bank and phone accounts. Avoid using easily available information like your mothers maiden name, your birth date, the last four digits of your SSN, your phone number or a series of consecutive numbers.

My advice: The SSN was never meant to be a universal identifier. Join the chorus of voices pushing to eradicate the SSN as a commonly requested means of identification.

6. FTC advice: Be mindful about where you leave personal information in your home, especially if you have roommates or are having work done in your home by others. /zimages/3/146520.jpg

My advice: OK, have that shredding party more frequently than once a week. Shred when you sort the mail.

7. FTC advice: Find out who has access to your personal information at work and verify that the records are kept in a secure location.

My advice: This one will become a bigger issue this year. Your company has lots of personal information about you. This is your turn to ask the company exactly why they need that information, how they keep it secure and what happens to it if you leave the company.

8. FTC advice: Order a copy of your credit report from the three nationwide consumer reporting companies every year.

My advice: This makes sense; just be sure not to leave the report lying around. You can get more information on credit reports from this Web site.

eWEEK magazine editor in chief Eric Lundquist can be reached at eric_lundquist@ziffdavis.com.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.