How can I prevent identity theft from happening to me?
As with any crime,you can't guarantee that you will never be a victim, but you can minimize your risk. By managing your personal information wisely, cautiously and with an awareness of the issue, you can help guard against identity theft.
Don't give out personal information on the phone, through the mail or over the Internet (through email or online forms, or any other manner) unless you have initiated the contact or are sure you know who you're dealing with. Identity thieves may pose as representatives of banks, Internet service providers (ISPs) and even government agencies to get you to reveal your SSN, mother's maiden name, account numbers and other identifying information.
Before you share any personal information, confirm that you are dealing with a legitimate organization. You can check the organization's website as many companies post scam alerts when their name is used improperly, or you can call customer service using the number listed on your account statement or in the telephone book.
Before revealing any personally identifying information (for example, on an application), find out how it will be used and secured, and whether it will be shared with others. Ask if you have a choice about the use of your information. Can you choose to have it kept confidential?
- Practice good home security —Secure personal information in your home, especially if you have roommates, employ outside help, or are having service work done in your home. Securely store extra checks, credit cards, documents that list your Social Security number, and similar valuable items.
Don't advertise to burglars that you're away from home. Put lights on timers, temporarily stop delivery of your newspaper, and ask a neighbor to pick up any items that may arrive unexpectedly at your home.
- Guard your mail and trash from theft:
- Protect your garbage. Believe it or not, identity thieves rummage through trash looking for personal information—and you are at risk whether or not you are wealthy and famous. Don't make it easy for thieves to assume your identity with original documents.
To thwart identity thieves, who may pick through your trash or recycling bins to capture your personal information, tear or shred your...
- charge receipts,
- copies of credit applications,
- insurance forms,
- physician statements,
- checks and bank statements,
- credit card statements,
- expired charge cards that you're discarding,
- pre-approved credit card offers you get in the mail, and
- any documents that contain your social security number
- If you do not use the pre-screened credit card offers you receive in the mail, you can "opt out" by calling 1-888-5-OPTOUT (1-888-567- 8688). Please note that you will be asked for your Social Security number in order for the credit bureaus to identify your file so that they can remove you from their lists and you still may receive some credit offers because some companies use different lists from the credit bureaus' lists.
(If you do accept a credit card offer, be aware that some credit card companies, when sending out credit cards, have recently adopted security measures that allow a card recipient to activate the card only from his/her home phone number, but this is not yet a universal practice.)
- Consider purchasing a home/personal shredder, which can be found online or in local stores as low as $20.
"I recommend that people buy and use a shredder," says Vincent Filippini, an FDIC Washington-based fraud investigator."Any paper you don't need to keep that contains private information should be shredded."
- Protect your mail!
Going on Vacation? Give your MAILBOX a vacation, too!
The "Vacation Hold"...
If you're planning to be away from home and can't pick up your mail (or are called away on an unexpected business trip or family emergency), call the U.S. Postal Service at 1-800-275-8777.
Once completed, you can drop it in any mail deposit box (it's postage-free) or hand it back across the counter. (Don't leave it in your mailbox, as it lists the dates during which you'll be gone.) The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.
Online "Mail Hold" Services —For many areas nationwide, you can now even put your mail "on-hold" online. The new online service will electronically notify your local Post Office to hold your mail.
In a hurry? For same day service, online requests must be submitted by 2AM CST, Monday—Saturday. Mail can be held from 3 to 30 days.(If you need mail held longer than 30 days, contact your local Post Office).
The post office will resume normal delivery of your mail on the date you specify. To get your accumulated mail, you can either pick up your mail at your local Post Office, or your Letter Carrier can deliver your mail on the ending date you specify. ("Online" hold requests currently limited to certain ZIP Codes.)
- If you are expecting a credit card, loan information, or confidential financial information through the mail, watch the calendar. If your correspondence doesn't arrive within the expected period of time, contact the sender to confirm if and when it was sent.
- Deposit outgoing mail in postal collection boxes or at your local post office, rather than in an unsecured mailbox (such as your own home mailbox!) Raising the red "pickup" flag on a rural mailbox really IS a "red flag" to any identity thief driving by that there may be something useful inside. Promptly remove delivered mail from your mailbox. When you're away from home, have the postal service hold your mail. You don't want to leave identity thieves a buffet right there in your mailbox.
- Limit, protect, and be aware of the type and amount of personal data you carry around...
Keep your purse/wallet and organizer/briefcase - as well as any copies you may retain of administrative forms that contain your sensitive personal information - in a safe place at work.
- Carry only the identification information and the number of credit and debit cards that you'll actually need. Don't carry any critical identification documents in your wallet, like your birth certificate or passport, unless absolutely necessary for a specific immediate task/purpose.
Don't make your wallet a long-term financial file-cabinet of bank receipts, invoices, etc. —Take time to remove such items from your wallet each day.
Use care and consider what sensitive personal information you carry around in a paper/loose-leaf or electronic organizer, briefcase, or other device/container/method.
If you lose it, what personal information might get into the hands of an identity thief?
Coping with lost or stolen wallets
Always assume your wallet has been stolen if you can't locate it after a reasonable search - far better to report a theft and have to cancel the report than to assume the wallet is misplaced and have to deal with the use and misuse of your identity and credit...
Coping with a lost/stolen wallet will be easier if you have previously photocopied both sides of everything in your wallet (driver license, credit cards, membership cards, etc.)
Keep the copies in a safe but readily accessible place. You can also download/print our "Lost/Stolen Wallet Inventory & Emergency Checklist
" to record the key information from your wallet contents, then store the list a safe place.
File a police report where the wallet was stolen. It establishes a record to combat fraud.
While you should never carry your original Social Security card or even just the number in your wallet, consider reporting the theft of your wallet to the Social Security Administration fraud line: 1-800-269-0271. This will prevent or greatly impede the thief from obtaining a replacement card using the identity information from your wallet.
Don't ONLY contact the credit-card providers of the credit cards you had in your wallet; also notify the three major credit agencies to put a fraud alert on your credit report. By doing this, purchases made in your name usually won't hurt your credit rating, and the thief might not be issued credit without you being contacted.
- Place passwords on your credit card, bank, brokerage and phone accounts. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your SSN or your phone number, or a series of consecutive numbers. When opening new accounts, you may find that many businesses still have a line on their applications for your mother's maiden name. Use a password instead.
- Ask about information security procedures in your workplace or at businesses, doctor's offices or other institutions that collect personally identifying information from you. Find out who can access to your personal information and verify that it is handled and stored securely. Ask about the disposal procedures for those records as well. Find out if your information will be shared with anyone else. If so, ask if you can keep your information confidential.
- Keep your purse or wallet in a safe place at work.
- Protect your social security number. Don't give it out too freely, and don't carry your social security card on your person; leave it in a secure place (at home or in a bank safety deposit box).
If thieves steal your purse or wallet, you don't want them to also steal your identity.
Give your SSN only when absolutely necessary. Ask to use other types of identifiers when possible. If your state uses your SSN as your driver's license number, ask to substitute another number. Do the same if your health insurance company uses your SSN as your account number.
- Pay attention to your billing cycles. Follow up with creditors if your bills don't arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.
- Cancel all unused credit accounts, and report lost/stolen cards immediately to the credit company's fraud unit.
Some credit card companies like VISA and MasterCard have voluntarily agreed to limit consumers' liability for unauthorized use of their credit cards — in most instances $50 per card — no matter how much time has elapsed since the discovery of the loss or theft of the card.
Many new cards include "zero responsibility" fraud protection, implying there's little or no risk of credit fraud. Beware! Even if you only have a "$50-limit" or "zero-responsibility" credit cards, identity thieves can still use your personal information to take over your credit accounts and open new ones. They may even use your good credit to get a job, take out a car loan, or rent an apartment.
Remember, even with some type of card "fraud protection", your losses may include not only some out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore your credit and reputation in the community and correcting erroneous information for which the thief is responsible.
- Some issuers of bank and/or credit cards offer the option of adding the PHOTO of the named customer on the face of the card. If your issuer(s) offer this option, TAKE ADVANTAGE. It's certainly more difficult for someone else to use a card with your photo on it.
- When ordering new checks, pick them up at the bank, rather than having them sent to your home mailbox. Consider using only your first initial(s) rather than your full name so a thief won't know what to sign.
To save time, many people have their bank print every bit of personal info they can fit on personal checks to speed up check approval in the check-out line (and minimize what they have to write-in by hand). Resist the urge.
Don't put any information other than your name and address on your checks.
Also, keep a close watch on your checkbook both when you're writing checks and when it is lying around. A "shoulder-surfing" identity thief can memorize your name, address and phone number during the short time it takes you to write a check. Also, in many public places "shoulder surfing" criminals can stand nearby and watch you punch in your phone-card number, debit-card PIN, credit card number, or even listen in on your conversation if you give your credit-card number over the phone for a hotel room or rental-car. Don't carry more checks that you need. Keep extra checks in a secure place.
Some thieves even use cleaning solvent to remove what is already written on a check, making it payable to themselves. Write checks using a pen with thick, dark ink. Draw lines to fill in gaps in the spaces where you designate to whom a check is payable and the amount.John Brugger, a U.S. Postal Inspector in Washington, adds that consumers should "insist that their checks have built-in security features that help make them tamper-resistant to check washing or counterfeiting".
If your checks have been stolen or misused, immediately notify your bank, place a stop payment order, and close your checking account. Also, immediately report to your bank any irregularities in your bank statements. Report mail theft or tampering to the U.S. Postal Inspection Service, which is listed in your phone book.
GUARD deposit slips as closely as you do checks. Not only do they have your name, address and account number printed on them, but they can also be used to withdraw money from your account. All a thief has to do is write a bad check, deposit it into your account and use the "less cash received" line to withdraw your money.
- ID theft already is covered under some homeowners' policies; others will add it for as little as $25 a year. A stand-alone policy costs from $60 to $200.
- Online recruiting business giants like Monster.com, CareerBuilder.com and HotJobs.com caution users about false online job listings that are sometimes posted by identity thieves to illegally collect personal information from unsuspecting job seekers.
- According to the FTC, over fifty percent of identity-theft victims first detected the fraud by monitoring their own accounts. The sooner you detect the fraud, the better your chances of recovering your money and good name/credit.
Check your bills/statements carefully and call companies if you do not receive regular bills in a timely manner. Make it your habit to review your bank and credit card statements as soon as you receive them and report any unauthorized transactions promptly so the accounts can be closed.
- Order a copy of your credit report from each of the three major credit reporting agencies (see list, above) every year. Make sure it is accurate and includes only those activities you've authorized. The law allows credit bureaus to charge you up to $9.00 for a copy of your credit report. By checking your report on a regular basis you can catch mistakes and fraud before they wreak havoc on your personal finances.
Don't underestimate the importance of this step. One of the most common ways that consumers find out that they're victims of identity theft is when they try to make a major purchase, like a house or a car. The deal can be lost or delayed while the credit report mess is straightened out. Knowing what's in your credit report allows you to fix problems before they jeopardize a major financial transaction.
If an identity thief is opening new credit accounts in your name, these accounts are likely to show up on your credit report. If you do find any inaccurate information, you should check your reports from the other two credit bureaus. Look for inquiries you didn't initiate, accounts you didn't open and unexplained debts on your legitimate accounts.
Check that information like your SSN; address(es); name and any variations, including initials, Jr., Sr., etc.; and employers is correct.
Inaccuracies in this information may also be due to typographical errors. Nevertheless, whether the inaccuracies are due to fraud or error, notify the credit bureau as soon as possible by telephone and in writing. Note: If your personal information has been lost or stolen, you should check all of your reports more frequently for the first year.
- Ask about information security procedures in your workplace. Find out who has access to your personal information and verify that records are kept in a secure location. Ask about the disposal procedures for those records as well.
- Identity thieves can establish new cellular telephone service in your name, make unauthorized calls that seem to come from (and are billed to) your cellular phone, and/or make unauthorized charges by using your calling card and PIN. If this occurs, contact your service provider to close your existing account, and establish another one with a new PIN.
- When paying at stores, restaurants, and other businesses,be methodical at the payment counter, ensuring you retrieve your driver's license or other ID, credit card and your credit slip copy after your purchase.
- Keep good "backup information" about your accounts, just in case your wallet is lost or stolen. You'll want account numbers and phone numbers that can be used to report your losses or request new cards or emergency cash. You can photocopy your credit, debit, and ATM cards, as well as your driver's license, passport and other "wallet-borne" information —or, simply list key numbers on a handy sheet of paper. Click HERE for a downloadable/printable version of our "Lost/Stolen Wallet Inventory & Emergency Checklist".
"Keep these numbers in safekeeping or else they can become tools for someone with criminal intent" —says Deirdre Foley, of the FDIC's Division of Compliance and Consumer Affairs in Washington D.C. You'll also want ready access to these papers, too. That's why a safe deposit box or other restricted area might not be a good storage place for these numbers in case you need immediate access at night or on a weekend or holiday.
For more information on dealing with lost wallets, jump to the FDIC's publication, "Your Wallet: A Loser's Manual".
Shoulder surfers" aren't limited to checkout stands and lines. Near ATMs, some sophisticated thieves will watch the victim use the card (perhaps using high-powered binoculars, or even hidden cameras) and learn the victim's personal identification number (PIN) and even the card number. Later, they'll steal the card or make their own and use ATMs to withdraw cash from your account. Watch for one or more persons loitering around an ATM, often in a car, behind bushes or otherwise nearby.
Safety When Using an ATM
- Criminals tend to pick ATMs without security cameras. Whenever possible, seek out ATMs with security cameras.(including ATMs located inside businesses, and at branch banks during business-hours), and try to plan your ATM visits to limit your after-hours ATM use.
- Be aware of your surroundings and use common sense, particularly at night. If you observe or sense suspicious persons or circumstances, don't use the ATM at that time.
- Have your ATM card ready and in your hand as you approach the ATM. Don't wait to get to the ATM to take your card out of your pocket, wallet or purse.
- Be careful that no one can see you enter your PIN at the ATM. Use your body, or cup your other hand over the keypad, to "shield" it as you enter your PIN into the ATM. Do this wherever you key in your PIN —at ATMs, gas pumps, and inside stores. Particularly at outdoor locations, remember that not all shoulder surfers need to be right behind you to spy.
- Treat your ATM card like cash. Memorize your PIN and keep it a secret. When selecting your PIN, don't use any number/ word that appears in your wallet (birthdate, phone number, address, etc.) Never tell your code to anyone, or allow anyone to enter your code. No one needs to know your PIN, not even the bank. Don't give out any information about your ATM card over the telephone.
If your ATM card is lost or stolen, or your secret PIN compromised, report it immediately to your bank (using their 24-hour customer service number, if possible)
Never write your PIN on the back of your card; you could lose it, and some ATM scams involve a scammer "distracting" the victim and grabbing the card before running away.
- To help keep your account information confidential, always take your receipts or transaction records with you. You don't want a potential criminal to know how much you withdrew, or how much money you have in your account.
- Keep cash, checks, or money bags out of sight until you are ready for your transaction; it's also best not to count or visually display money you receive from the ATM while at the machine (if there's a discrepancy, you can't address it at the ATM anyway). Immediately put your money in your pocket or wallet/purse; count it later at home, in your car or another secure place.
- If you are using a drive-up ATM, keep your engine running and be sure your passenger windows are rolled up and all doors are locked. Before you roll down your window to use the ATM, observe the entire surrounding area; if anyone or anything appears to be suspicious, drive away at once. When possible, leave enough room between cars when you're in the ATM drive-up queue to allow for a quick exit, should it become necessary.
- If you're using a walk-up ATM, park close to the ATM, in a well-lighted area. If there are other people at the walk-up ATM you want to use, remain in your car with the doors locked and widows up until they leave, or go to another ATM.
Before leaving the safety of your car, look around for any suspicious persons or circumstances. Be prepared; have your ATM card ready, and fill out all forms before you approach an ATM. Lock your car; don't leave your car running, or the keys in the ignition, as you walk up to an ATM.
Look around before entering a secured ATM area, and never hold the door for someone else. When you've finished your transaction, put away your card, money, and receipt before leaving, and don't linger at the ATM. When returning to your car from your transaction, have your car keys ready and stay alert.
- If anyone follows you after making your ATM transaction, go immediately to a crowded, well-lit area and call the police.
- Last, but not least, watch for unauthorized ATM withdrawals on your monthly statement, and keep an eye on your balance during the month; promptly report any problems to your bank. Check your receipts against your monthly statements to guard against ATM fraud. Shred or tear up your ATM receipts when you no longer need them.
Using an ATM at Night
- Choose an ATM in a public, well-lighted location.
- Avoid isolated or street ATMs. For late night use, the best choice is an ATM inside a supermarket, convenience store, gas station or other occupied location. Use only ATMs in well-lighted busy areas where unusual activity is visible to others.
- There's safety in numbers; take another person with you, if at all possible.
- If the lights at the ATM are not working, don't use it.
- If shrubbery has overgrown or a tree blocks the view, select another ATM and notify your bank. Also notify your bank of any other safety issues, such as non-working lights.
When in doubt about a particular location, go on to another ATM where you'd feel safer.
Watch out for any tampering or anything out of the ordinary about the ATM/cash point you're about to use. While not the most common type of ATM crime, thieves have been known to rig ATMs to capture credit/debit cards using "card-trapping" or "skimming" devices.
Some thieves have run a card-trapping scam by attaching a false card slot over an ATM, with a very thin loop of magnetic tape or plastic(AKA a "Lebanese Loop"*) attached inside, to prevent the card being returned. The thief shoulder-surfs the victim for the victim's PIN as he/she loses a card to the rigged ATM. Often, the scammer will pose as a "helpful" stranger, say the same thing happened to him/her, and suggest that the victim enter his/her PIN, even if there is no "prompt" on the ATM screen. (This is done by the scammer to shoulder-surf the PIN, or capture it on a video camera hidden near the ATM.)
TIPS: Do NOT enter your PIN unless you get a prompt, on the screen, to do so. Never allow a stranger to assist you with using an ATM. Don't re-enter your PIN if the ATM eats your card —contact your bank immediately.
The victim eventually leaves, once the realization sinks in that he/she will not be getting the card back, leaving the thief to quickly move to the ATM and retrieve the card-trap (and the captured card). The thief, now with the victim's card AND his/her PIN, can loot the account.
(* "The technique is widely called the "Lebanese Loop" because Lebanese criminals, working in London, were the first to be arrested for using it.)
Another ATM card-trap involves the insertion of a very thin, clear rigid plastic "sleeve" into the card slot. As with the so-called "Lebanese Loop", the ATM can't read the strip when the card is inserted and the watching thief spots the PIN while the card user enters it repeatedly (often at the scammer's helpful prompting), trying to make the ATM work, or at least retrieve the card. When the victim card user gives up and leaves, the thief moves in to remove the sleeve (with the trapped card).
The "Lebanese Loop" and some "ghost" overlay scams are usually run outside regular bank hours. The scammers frequently work around midnight, so that they can withdraw the card's allowed cash maximum for two days rather, than only one. Try to use familiar ATMs so any changes (like a false front)will be more apparent. Don't use an ATM that appears unusual looking, or offers unfamiliar options that make you suspicious or uncertain. Cancel your transaction if you feel uncomfortable in any way.
Beyond any obvious tampering, or anything otherwise "out of the ordinary" about an ATM/cash point, look for tip-offs to shoulder-surfing, card-trapping scams like decals on the ATM/cash point advising customers to re-enter their PIN number (or enter their PIN multiple times) should their card get stuck, and "helpful" strangers appearing, pretending to offer advice/assistance, when a card becomes mysteriously "stuck".
If you are distracted by anyone while using an ATM, cancel the transaction and try to recover the card. If the machine does not return your card, report it immediately to your card issuer. There is often a 24-hour toll-free contact number posted on the face of the ATM. Do NOT remain at the ATM to place this call - return to your vehicle (and lock it while on the phone), or proceed to some other secure location. If you've completed a Lost/Stolen Wallet Inventory & Emergency Checklist, you can use it to quickly find the card-issuer's phone number and other important card details.
Another factor to consider when choosing an ATM: "Non-bank" stand-alone ATMs often lack built-in surveillance cameras, are placed at locations that aren't closely monitored, and may be owned by independent operators who won't know that trapping or skimming devices are being added/removed from their cash dispensers. On the other hand, criminals will exploit the customer's trust in their "bank" ATM by attacking "branch-located" ATMs, after the bank branch is closed. The ATM looks different, but it's at the bank, so it must be OK, right?
In recent years, ATM thieves have used everything from false fronts on ATM machines (AKA "ghost" overlays or "parasite" devices), containing relatively low-tech physical "traps" to trap the users card, or higher-tech data "skimmer" to trap a user's card data, to putting ordinary "superglue" in the slot to trap an inserted card. Lately they're employing one or more hidden cameras in some ATM card scams.
One way to avoid most card-trapping schemes — when possible — is to use "bank" ATMs inside other retail establishments, where it's unlikely a thief can easily run a card trapping or skimming scam; they prefer unattended locations, without other people nearby that might notice them, as they usually need to loiter near the ATM for these scams to work. Also, many scammers like to target ATMs in the better parts of town or in people who carry larger account balances.
Some cash-machine manufacturers have redesigned their new card-readers to detect the insertion of foreign devices, and other hardware/procedures to defeat older card-trapping tactics —but, the card-thieves are hard at work, too, so card trapping/skimming devices will probably be a threat for some time to come.
Credit Card "Skimming"
Sometimes identity thieves can defeat even your best efforts to protect your credit card information by a hi-tech method called skimming, using a tiny data-collection device (known as a "skimmer"). These skimmers are easy to carry, easy to hide and easy to buy over the Internet.
A typical skimming device is about the size of a pager*, connected in the phone-line between the phone-jack and credit card machine. A modern "skimmer" costs about $300, compared to the $5,000-$10,000 in equipment needed to make a counterfeit credit card.
(* —Pager-sized skimmers have been available for several years; skimmers are getting smaller and more concealable every year!)
When customers make a purchase, their cards are swiped through the business's credit-card machine, where the card data is read from the magnetic strip and phoned in for approval. During this normal approval process, the "skimmer" captures the data and either duplicates it onto the mag-strip of plastic credit-card "blank", or stores it within the skimming device to be downloaded later .
(* —The magnetic stripe on credit cards is a "passive media", allowing creation of perfect copies of the digital credit card content.)
Credit card skimming can also occur any time that your card leaves your direct possession. Another common skimmer-scam involves locating a portable skimmer card-swipe device near the business's own card-scanner, or even a portable device carried in the pocket of a server.
Example: Your server brings your bill on the tip-tray at the end of your meal. You place your credit card on the tip-tray and the server returns to take your card/bill to the register for you. When your card is swiped through the business's card-reader to approve your "authorized" purchase, it's also secretly swiped through a "skimmer" to steal your card's data, then the server returns your card to you.
In both these methods, the restaurant employee is a thief — either later using your card data fraudulently, or simply paid a flat rate (per card) by a thief for obtaining card data.
Many skimmers are even equipped with a panic button to instantly erase all collected data, eliminating all evidence in case of discovery.
An example: In the summer of 1999, two New York City restaurant servers were charged with skimming more than $300,000 from unsuspecting patrons.
Another type of high-tech skimmer can be secreted inside a business's normal credit cardreader, and includes a wireless transmitter that allows skimmed numbers to be secretly recorded on a laptop computer anywhere within about 300 feet. (With this device, a thief can sit outside the restaurant in a car, skimming numbers, and no one may ever connect him with the crime.) Unless the restaurant staff notices someone has tampered with their cardreader, the crime may not be discovered for quite some time!
A new and potentially far more dangerous form of point-of-sale terminal skimming involves implanting sophisticated software "skimmer bugs" into cardreader terminals (and tiny "hardware" bugs for older terminals), allowing stolen information to be sent over the phone lines of legitimate swiping machines. These "skimmer bugs"" can store numbers within the circuitry in the device and simply use the cardreader's modem to dial out to a computer where the thief thief-system uploads the numbers. A few days later, the thief can even remove the bug, leaving virtually no sign there has ever been any tampering.
Skimming is growing in most major cities in the U.S. and around the world and ranks behind only lost/stolen credit-cards in fraud losses. The average skimmed credit card can generate $2,000 in fraudulent charges before being detected/stopped.
Annual U.S. skimmer-related losses exceed $100 million, and have grown from 3 percent just a few years ago to presently accounting for over 25% of all fraud involving high-tech devices.
"Skimming is the biggest problem in bank fraud today," says Gregory Regan, head of the U.S. Secret Service Financial Crimes Division. "It's the bank robbery of the future. It's technically simple, point-and-click technology. And the equipment is cheap. If you skim 15 or 20 accounts, you can generate $50,000 to $60,000 worth of fraud, and nobody is going to know about it until the victims get their bills, 30 to 60 days after the crime. So the odds of getting caught are reduced."
Skimming in the future —
At least for now, the newest credit card terminals supposedly can't be bugged and portable terminals, which allow a server to swipe the card at a customer's table (and thereby never leaving the customer's view with the card), are becoming more wide-spread. The U.S. card industry is also slowly adopting more sophisticated "smart" cards on which customer data is encrypted. And, the U.S. Secret Service now maintains databases on credit card skimming information and locations to assist in tracking down skimmer rings.
Use special care
with Social Security numbers
Your employer and financial institution will need your SSN for wage and tax reporting purposes. Other businesses may ask you for your SSN to do a credit check, like when you apply for a loan, rent an apartment, or sign up for utilities. Sometimes, however, they simply want your SSN for general record keeping. You don't have to give a business your SSN just because they ask for it. If someone asks for your SSN, ask the following questions:
- Why do you need my SSN?
- How will my SSN be used?
- What law requires me to give you my SSN?
- What will happen if I don't give you my SSN?
Be aware that a business may not provide you with the service or benefit you're seeking if you don't provide your SSN. Getting answers to these questions will help you decide whether you want to share your SSN with the business. Remember — the decision is YOURS.
You may diligently lock your car, the doors/windows of your home, and even keep your personal papers in very secure place —BUT, an identity thief won't need to set a foot in your house to steal your key personal information if you're lax with your personal computer security.
SSNs, birthdays, financial account information, tax records and more may be stored in your computer — a veritable treasure-chest to an identity thief.
These computer-security tips can help you keep your computer(s) (and any personal information on it) safe—
- Update your virus protection software regularly, or when a new virus alert is announced. With more than 500 new computer viruses discovered each month, it's critical that you keep your anti-virus software up-to-date.
Computer viruses can have a variety of damaging effects, including introducing program code that causes your computer to send out files or other stored information.
Note: University of Oklahoma (Norman Campus) students, faculty, and staff home/office computer users can download the latest version of McAfee VirusScan (PC) or Virex (Mac) anti-virus software, free, at the OU Information Technology website. Click HERE to jump to that download site. Click HERE for anti-virus software downloads for OU Health Sciences Center users.
Also, be on the alert for security repairs and patches that you can download from your operating system's (OS) website. Some anti-virus software (and updates) won't function properly without also having the latest OS updates installed.
- Keep your Operating System (OS) software updated.
There's a constant, ongoing security-battle between hackers and OS vendors. Every time a new exploit/vulnerability is discovered, your system OS vendor makes a "patch" available to fix the potential security hole. To do YOU any good, you need to know about these patches, and install them as soon as they are available.
The most recent versions of both the Microsoft and Apple operating systems have an "automatic update" feature for their security upgrades. Make sure your system is set to auto-update security upgrades, or you will need to make a special effort to take time, frequently, and manually check the OS websites for the availability of new security patches.
- Run anti-virus software (and install OS updates) on all your computers —even those you don't use to surf/access the Internet.
Even computers on a home/office network that aren't ever used to access the Internet can become infected with some types of computer "viruses". Computer "worms" can move/multiply across network "shares" of write-enabled, shared directories that contain executables or crucial system documents. Avoid write-enabling any directory that contains anything but your user documents.
- Install, keep up-to-date, and run spyware-monitoring software. You might be surprised how many people what to know about you and what you do on your computer, and use legal or illegal means to get that information.
- Do not download files sent to you by strangers or click on hyperlinks from people you don't know. Opening a file could expose your system to a computer virus or a program that could hijack your modem.
- Use a firewall program, especially if you're using a high-speed Internet connection like satellite, cable-modem, DSL, or T1, which leaves your computer connected to the Internet 24 hours a day.
A firewall program will allow you to stop hackers/thieves from accessing your computer. Without it, hackers can take over your computer and steal all of your key personal information stored on it. For even better protection, consider complementing your firewall software by installing a hardware firewall.
When providing credit card information online, use a secure browser – software that encrypts or scrambles information you send over the Internet – to guard the security of your online transactions. In the address-bar window of your browser, check to see that the first part of the company's Web address changes from "http:// " to https:// ".
Be sure your browser has the most up-to-date encryption capabilities by using the latest version available from the manufacturer. You also can download some browsers for free over the Internet.
When submitting information, also look for the "lock" or "key" icon on the browser's status bar, in the lower right corner of the browser window, to be sure your information is secure during transmission. Using a secure browser will help ensure your personal data's security when it is being transmitted to a vendor's computers.
IMPORTANT NOTE: Internet scammers have developed methods to make your browser's address bar "claim" that you're viewing a "legitimate" website address — when actually you're visiting the scammer's malicious site instead! These new scam techniques affect Microsoft's Internet Explorer (IE) browser, the Netscape browser, and possibly others as well.
Tipoffs that you're being scammed by a phony address-bar address...
- You may get a short glimpse of the real Web address. — Particularly with slow dial-up connections, the real website address (the scam site) you're visiting is displayed in the actual address-bar for an instant before it's hidden and replaced with the fake address bar (and its faked "official" address).
- There's no "lock" icon. — The phony address-bar indicates that a secure HTTP session is taking place (the address line starts with "https://"). —BUT, the scammer's code isn't able to make an SSL "lock" icon appear on the browser's status bar (which usually indicates a secure session).
This tipoff (no lock icon) may change as phishers become more sophisticated, as the small lock/key icon (that appears to indicate a secure session in the status bar of all modern browsers) can't be trusted 100% either, according to computer security experts. The lock itself can be faked.
- The browser's default color scheme is used for the address-bar. — Currently, the code used by scammers employs browser-detection techniques to display an address bar that's appropriate for IE, Netscape, etc., —BUT, the fake address-bar uses only the default Windows colors. If you've configured Windows to use a different color scheme, the fake address bar will LOOK fake.
You can use the Windows Control Panel's "Display" applet to change your Windows' color scheme. Click on the Appearance tab, then select a Scheme in which the menus of applications have a color other than the "standard" background color.
How to block this type of attack: This type of address-bar faking scam is based on a pop-up window (lacking menus or scroll bars) that shows up where you expect a normal address bar to be. Most pop-up blockers can stop this type of attack.
- Try not to store financial information on your laptop unless absolutely necessary. If you do, use a strong password — a combination of letters (upper and lower case), numbers and symbols. Don't use an automatic log-in feature that saves your user name and password so you don't have to enter them each time you log-in or enter a site. And always log off when you're finished. That way, if your laptop gets stolen, it's harder for the thief to access your personal information.
- Change passwords regularly. At a minimum, twice each year, when you reset your clocks (Spring forward, and Fall back), replace your smoke detector batteries, and check/replace batteries in home/auto emergency kit flashlights and radios, also change your passwords.
- Remember Passwords; Don't Write Them Down. Multiple passwords are hard to remember, and everyone is tempted to write down passwords, however, since people want their "written" passwords nearby if they forget them, many people tape them to the underside of keyboards or mousepad, on a note in a laptop case, in a wallet/purse. Most thieves aren't complete idiots -- these are the first places they will look.
- Use unique passwords whenever you can. Don't use the same password on all your devices, programs, and network logins, —thus preventing thieves who manage to obtain a password from one program/device/system from having the keys to your kingdom - ALL your passwords.
- Always USE passwords wherever you can, on all your devices and within any programs that contain your personal information. It's not only your PC that contains sensitive information, but also your laptop, PDA and cell phone; all these electronic devices allow you to set password protection. While passwords won't necessarily thwart a knowledgeable and determined thief, most thieves don't fit that description.
- Make regular backups of any important data on your computer. Backup software can be set up to do your backups automatically, but you should periodically check to make sure the backups are being properly made. Plus, if you're using removable media for your backups, you'll need to remove/change the media on a regular schedule. How often should you make a backup? How much of the data you're backing up are you willing to lose? The more frequently you make a backup, the less you're likely to lose.
Try and use a reliable backup media. If all you have are 3.5" diskettes for your backups, take care of them! Don't store them near magnetic sources such as speakers. Likewise, don't store backup "tapes" near a magnetic source.
- Before you dispose of a computer, delete personal information. Deleting files using the keyboard or mouse commands may not be enough because the files may stay on the computer's hard drive, where they may be easily retrieved. Use a "wipe" utility program to overwrite the entire hard drive. It makes the files unrecoverable.
- Look for digital certificates that authenticate the site/vendor. Independent certificate services like VeriSign (http://www.verisign.com) and Thawte (http://www.thawte.com) will authenticate the identity of the Web site you are visiting. Web sites that use VeriSign (usually vendors who sell products/services online) will have the VeriSign logo, which you can click on to be assured that the vendor site is not just a dummy company set up to collect your personal and financial information.
- Look for website privacy policies for information about how the company assures...
- actual use of personal information collected by the site,
as well as...
- whether or not your information may/will be shared/sold to third parties, and
- whether you can "opt out" of being added to the company's mailing list or having the company share your personal information with a third party.
Computer Security Information Resources
For more information regarding computer security, visit these websites: