Protect your most valuable financial asset
In this digital world, your good name is the ticket to doing business. Your identity is also the tool for thieves to get what they want-and their methods have become more creative and technically advanced.
The Federal Trade Commission (FTC) reports that 27.3 million Americans have fallen victim to identity theft since 1998. These crimes have cost businesses $48 billion and consumers another $5 billion.(1) Moreover, the FTC’s Bureau of Consumer Protection claims that identity theft is the primary complaint the organization receives, accounting for 43% of incoming calls.(2)
The “phishing” threat
“Phishing” is one of the latest and most prevalent identity theft scams to infect the Internet. Also known as “spoofing”, it uses email to deceive you into disclosing information about your credit card, bank accounts, access passwords, Social Security or other information.
Here’s how phishing works: The crook sends an email or pop-up message that appears to be from your Internet service provider, commercial bank, online merchant, government agency or other trusted entity. The email claims that your personal information has been lost, stolen or compromised in their computer system and that you must resubmit or verify your account data at their website. You may be warned that failure to respond will result in a canceled account. If you click the embedded link in the email, you are taken to a page that appears to be maintained by the legitimate entity. The site may display the corporate logo and colors, professional layout, similar web address and other elements to enhance credibility.
If you provide the requested information, the operators use it to make unauthorized online purchases, apply for other credit, sell your identity to other schemers and commit crimes in your name.(3)
The Internet offers a rich environment for crime. For one, setting up a bogus website is simple, fast and cheap. Many scammers are computer-savvy students and low-end criminals who exploit the anonymous nature of the web and get support from an extensive network of professional Internet criminals in Russia, eastern Europe and other places outside the reach of U.S. laws. To make matters worse, some offshore Internet web hosting firms require no identification from customers and will happily build anonymous Websites that have criminal intent.(4)
On the other end, credit card issuers, online merchants and other retailers won’t establish tighter standards or more scrutiny to help reduce identity theft, claiming that the higher barriers would make electronic commerce less convenient for consumers while reducing their total sales. So, rather than concentrate on business cooperation and more aggressive law enforcement, the companies absorb most of the losses and focus on prevention and consumer education. This has stifled the government’s efforts to track down individual thieves and crime networks.
Follow these basic rules to keep your identity and financial information secure when doing business online:
- Don’t reply to any email requesting personal or financial information. Legitimate companies don’t operate this way. If in doubt, call them or go directly to their Internet home page.
- Use caution if you must send private data over the Internet. Verify that the site belongs to the real business and is secure.
- Don’t store sensitive information on your laptop. If you must carry the data, establish a more secure login process. And before discarding an old computer, either remove and destroy the hard drive or run a utility to reformat it.
- Review credit card and bank statements as soon as you receive them. If your statement is late, contact the issuer and review latest transactions. You may be held responsible for unauthorized charges if more than a few days pass between your receipt of the statement and notification of suspected activity.
- Use anti-virus software and firewall protection on your computer.(5) Don’t open email attachments from an unfamiliar or unsolicited sender.
- Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to firstname.lastname@example.org.
- Act quickly. If your identity has been compromised, do the following: (1) File a fraud alert with the major credit bureaus (6) and obtain a credit report from them, (2) Contact your credit card issuers, bank and other institutions to close at risk accounts, (3) File a report with police if the theft occurred locally, and (4) File a complaint with the FTC at www.ftc.gov. Visit www.consumer.gov/idtheft to learn how to minimize your risk of damage from identity theft.
- Stay informed and wary. The FTC has an extensive section dealing with conventional and electronic identity theft. Visit www.ftc.gov/spam to learn other ways to avoid Internet scams and deal with deceptive email.
And, of course, keep alert to the conventional tools of identity theft. Criminals will continue to use telemarketing, mail theft, trash diving and other nonelectronic methods to snatch your financial information and abuse it.
(1) “Cybercon”, Forbes, 4 Oct. 2004, pp 89-98.
(2) “Phishing”, Computer World, 19 Jan 2004, www.computerworld.com, Quicklink #43834.
(3) Phishing accounts for an estimated $1.2 billion in stolen property each year and causes even more collateral damage to companies and consumers. Although businesses and legal authorities know about phishing and may closely monitor the emails, it’s nearly impossible to locate the offending websites before they close and reopen elsewhere. The average life span of a phishing website is two days.
(4) “New Services Are Making It Easier to Hide Who Is Behind Web Sites”, The Wall Street Journal, 30 Sept. 2004, A1.
(5) A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. A firewall is essential if you have a broadband connection.
(6) These are Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289).