Basics of Identity Theft and Fraud: How Passwords Help Protect You from Phishing
The easiest way to protect yourself from online identity theft and fraud is never tell anybody anything, especially about your passwords. A pair of glasses and a cape might be helpful as well. Seriously, though, you’re going to have to share some information if you wish to interact on the Internet at all.
So you’re not looking for a secret identity as much as you are a trusted and limited identity. You want to share only the necessary information with only those who really need it.
So maybe you’re okay with giving your full name to a social network, but not to a site you’ve never heard of before. And you’re okay with putting a PIN into a banking website, but you certainly wouldn’t post it on that social network.
Give only the minimum information necessary to any online source, and make sure you know who’s receiving the information.
How to avoid phishermen
The U.S. Federal Trade Commission offers this advice to prevent identity theft: First, look out for phishing, or e-mails that claim to come from a bank or another online account, such as eBay, and claims that your account has a problem that you can clean up by clicking a link in the message. These messages are never real, but they’re extremely dangerous.
If your bank thinks that a security problem exists, it doesn’t tell you by e-mail. If you aren’t sure, contact the company by phone or type its web address (for example, www.yourbank.com) into your browser by hand and look for the customer service section.
Make sure that your family knows this rule well: Never, never, never enter passwords, credit card numbers, or other personal information at a web page you opened by clicking a link in an e-mail.
Phishers have gotten a lot more skillful since the earliest phishes a decade ago, and now often have good editors and use a spell checker, so you can’t rely on spelling and grammar mistakes, although they’re dead giveaways when you spot them. Here are a few additional tips:
Assume that every e-mail that leads you to a page seeking passwords or credit card numbers or other personal information is a phishing expedition.
If the e-mail purports to be from a company you’ve never heard of, ignore it.
If the message says that it’s from a company with whom you have an account, go to the company’s website by typing the company’s URL into your browser, not by clicking a link in the e-mail. When you get to the company’s website, look for the my Account link.
If there’s a problem, when you log in, you should see a notice. If there’s no way to log in and you’re still concerned, forward a copy of the e-mail to the customer service department or pick up the phone and call the number on your card or monthly statement.
Basics of website spoofing
One trick phishers use to fool Internet users is website spoofing — tricking your browser into displaying one address when you’re actually at another site. Some browsers allow a website to show only its main address so that it doesn’t look so geeky. Phishers take advantage of this capability. Better web browsers offer protection against website spoofing — they always show the actual web address of the page you’re on.