Some information in this article comes courtesy of the Federal Trade Commission
The Internet is an incredible resource, delivering news, entertainment, shopping and a variety of services from around the world. It lets you play a friendly game of Scrabble with an opponent across the ocean; review and rate movies or clothing; get expert advice on all sorts of topics instantaneously; or work from home.
But the Internet — and the anonymity it affords — also can give online scammers, hackers, and identity thieves access to your computer, personal information, finances and more.
Minimize your chances of becoming a victim of an Internet-based crime. When you're online, be on guard to protect your information, your computer, and your money. A start is to make these seven practices part of your online routine.
In this Story
To an identity thief, your personal information can provide instant access to your financial accounts, your credit record and other assets they need to rob you blind. If you think no one would be interested in YOUR personal information, think again. ANYONE can be a victim of identity theft. In fact, according to the Federal Trade Commission, millions of people become victims every year.
How do criminals get your personal information online? One way is by lying about who they are, to convince you to share your account numbers, passwords and other information so they can get your money or buy things in your name. The scam is called "phishing": criminals send email, text, or pop-up messages that appear to come from your bank, a government agency, an online seller or another organization with which you do business. The message asks you to click to a website or call a phone number to update your account information or claim a prize or benefit. It might suggest something bad will happen if you don't respond quickly with your personal information. In reality, legitimate businesses almost never use email, pop-ups or text messages to ask for your personal information.
- Don't reply to an email, text or pop-up message that asks for personal or financial information, and don't click on links in the message. If you want to go to a bank or business's website, type the web address into your browser yourself.
- Don't respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If you need to reach an organization with which you do business, call the number on your financial statement, the back of your credit card or by looking up the contact information on the company's official website.
While you can't enjoy the benefits of the Internet without sharing some personal information, you can take steps to share only with organizations you know and trust. Don't give out your personal information unless you first find out how it's going to be used and how it will be protected.
If you are shopping online, don't provide your personal or financial information through a company's website until you have checked for indicators that the site is secure, like a lock icon on the browser's status bar or a website URL that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some scammers have forged security icons. And some hackers have managed to breach sites that took appropriate security precautions.
There are dishonest people in the bricks and mortar world and on the Internet. But online, you can't judge an operator's trustworthiness with a gut-affirming look in the eye. It's remarkably simple for online scammers to impersonate a legitimate business, so you need to know who you're dealing with. If you're thinking about shopping on a site with which you're not familiar, do some independent research before you buy.
- If it's your first time on an unfamiliar site, call the seller's phone number, so you know you can reach them if you need to. If you can't find a working phone number, take your business elsewhere.
- Type the site's name into a search engine: if you find unfavorable reviews posted, you may be better off doing business with a different seller. Or check out one of the merchant rating sites, such as PriceGrabber.com, Yahoo! Shopping or Shopping.com. Also, the most recent versions of Internet Explorer (IE 8.0), Safari (Safari 4) and Firefox (Firefox 3) can alert you if a website is a known phishing site or is used to distribute spyware. Or check out Yahoo! Toolbar with Anti Spyware or Earthlink Toolbar for use with older browsers.
Every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often, the software is free and easy to access.
But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not only to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos or other personal documents. In addition, many cyber criminals intentionally hide malware in files that appear to be legitimate. When you download and open the file, you could be in for a nasty surprise.
Your computer should have anti-virus and anti-spyware software, as well as a firewall, and they should be kept active and current at all times. Also, set your software to update automatically, so you always have the latest threat protection. Trial versions of security software that come pre-installed on a computer generally work for a short time unless you pay a subscription fee to receive the latest updates.
Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, follow the steps it recommends to fix it.
Some crafty scam artists distribute malware disguised as anti-spyware software. If you're browsing the Internet and you see a pop-up message on a website or ad that claims to have scanned your computer and detected malware, do not click on it. In all likelihood, it's a scam. Of course, if you have security software installed and you get a pop-up from your own security software about a threat when visiting a site, take it very seriously. Close your browser and do not return to that site again.
Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then blocking the viruses from entering your system.
Installed on your computer without your knowledge, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing or even record your keystrokes (including usernames, passwords or credit card information), which, in turn, could lead to the theft of your personal information.
A computer may be infected with spyware if it:
- Slows down, malfunctions or displays repeated error messages
- Won't shut down or restart
- Serves up a lot of pop-up ads, or displays them when you're not surfing the web
- Displays web pages or programs you didn't intend to use, or sends emails you didn't write.
A firewall helps keep hackers from gaining access to your computer throughyour Internet connection. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit. Apple and Microsoft’s operating systems have built-in firewalls.
Spammers love unprotected computers. They are constanty probing and setting traps for unprotected computers they can control and use anonymously to send spam, turning them into a robot network, known as a "botnet" or a "zombie army." These botnets are made up of thousands of computers sending emails by the millions. Most spam is sent remotely this way, making it difficult to stop or to determine the originator.
Malware may be hidden in free software applications, like games, file-sharing programs, customized toolbars or screensavers. But sometimes just visiting a website or downloading files may cause a "drive-by download," which could turn your computer into a "bot." If you get pop-up messages that appear suspicious when browsing the Internet, don't click on them, even to close them. It is usually safest just to close your browser and avoid that site in the future.
Another way spammers take over your computer is by sending you an email with attachments, links or images which, if you click on or open them, install hidden software. Be cautious about opening any attachments or downloading files from emails you receive — even if it looks like it's from a friend or coworker — unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.
Hackers take advantage of Web browsers (like Firefox or Internet Explorer) and operating system software (like Windows or Mac's OS) that don't have the latest security updates. Operating system companies issue security patches for flaws that they find in their systems, so it's important to set your operating system and Web browser software to download and install security patches automatically.
Keep your passwords in a secure place, and out of plain sight, or consider using password management software (See “Password Management Programs Keep You Safer Online.”). Don't share them on the Internet, over email or on the phone. Your Internet Service Provider (ISP), your bank nor any other site should ever ask you for your online password. In addition, hackers may try to figure out your passwords to gain access to your computer. In fact, there are even automated programs that allow hackers to try millions of passwords, using combinations of every word in the dictionary, along with common numerical substituions for letters. So, to make it tougher for them:
- Use passwords that have at least eight characters and include numbers or symbols. The longer the password, the tougher it is to crack. A 12-character password is stronger than one with eight characters.
- Avoid using real words, to protect against automated dictionary guessing programs.
- Don't use your personal information, your login name , or adjacent keys on the keyboard as passwords.
- Change your passwords regularly (at a minimum, every 90 days).
- Don't use the same password for each online account you access.
If you follow these tips, you're more likely to be free of interference from hackers, viruses and spammers. But no system is completely secure. If you have important files stored on your computer, copy them onto a removable disc or an external hard drive, and store it in a safe place in case your computer becomes unusable de to a virus. Or upload your files to a secure online backup service, such as My Dropbox, Carbonite or SugarSync.
If you suspect malware is lurking on your computer, stop shopping, banking and other online activities that involve user names, passwords or other sensitive information. Malware could be sending your personal information to identity thieves.
Confirm that your security software is up-to-date, then use it to scan your computer. Fix everything the program identifies as a problem. You may have to restart your computer for the changes to take effect.
If the problem persists after you exhaust your ability to diagnose and treat it, you might want to call for professional help. If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed and a short description of the problem. Note that not all warranties cover virus related issues.
If your machine isn't covered by a warranty, or if your security software isn't able to remove the threat, you may need to pay for technical support (See “How to Find Online Tech Support.”)
Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future.
Also, talk about safe computing with anyone else who uses the computer. Tell them that some online activity can put a computer at risk, and share the seven practices for safer computing.
Alert the appropriate authorities by contacting:
- Your Internet Service Provider. You can usually find an ISP's email address on its website. Include information on the incident from your firewall's log file. By alerting the ISP to the problem on its system, you can help it prevent similar problems in the future.
- The FBI at www.ic3.gov. To fight computer criminals, they need to hear from you.
If a scammer takes advantage of you through an Internet auction, when you're shopping online or in any other way, report it to the Federal Trade Commission. The FTC enters Internet, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
If you get deceptive spam, including email phishing for your information, forward it to firstname.lastname@example.org. Be sure to include the full header of the email, including all routing information. You also may report phishing email to email@example.com. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
If you believe you have mistakenly given your personal information to a fraudster, file a complaint at ftc.gov, and then visit the Federal Trade Commission's Identity Theft website to learn how to minimize your risk of damage from a potential theft of your identity.