- CyberCrime Center
April 4, 2014
Because reading our blogs is a clear indication of your high intelligence, this piece is not for you. However, you might want to pass it along to somebody you know who may not quite “measure up,” but who could definitely use this information. In any case, please don’t tell them why you decided to send it.
Personal finance editor and writer Kathryn Tuggle checked with a number of experts to discover ways people put themselves at risk of having their identities stolen. In her story on thestreet.com, she identifies the top ten dumbest ways. (The following has been edited to fit our format.)
1. Using the same password for everything
If you’re using the same password for everything, you’re setting yourself up for disaster, says Bill Carey, vice president of marketing for Siber Systems, creators of password management tool RoboForm. “You have to use a unique password for every website you log into. If you think about all the stuff that has gone on lately with hacking attacks at major companies, it seems inevitable that one of the companies you do business with is eventually going to get hacked,” he explains. Unfortunately, if you use the same password for every site, once hackers get one of your passwords, they’ve got them all.
2. Giving out personal information over the phone
“A lot of people have this thing where when someone calls them on the phone and represents to them that they are an official with the government or a credit card company or a broker’s firm, they believe it’s real,” says Adam Levin, chairman and co-founder of Credit.com. The truth is, the IRS, your bank or any other official organization is never going to call you and ask for your Social Security number, Levin says. Your bank might call to alert you to suspicious activity on your credit card, but they will never ask you to confirm such sensitive personal information.
“If you get a call like this, hang up the phone and find the official number of the organization. Then you make the call to them,” Levin says.
3. Not using a password on your smartphone
“Your smartphone isn’t just a phone anymore. It’s a personal computer, and if it’s not password protected people can gain access to your email, your bank account, everything,” Carey says.
If you lose your device and you’re still logged in to apps such as PayPal or eBay, you could be in for a world of trouble.
“The more people know about you, the more likely they can hack in and steal your identity on other sites,” he says.
4. Logging into financial accounts from an Internet cafe or unsecured connection
Internet cafes are great for browsing the Web and may be fine for doing less sensitive things such as printing tickets or boarding passes, but they’re not secure enough for managing your stock portfolio or savings account, Carey says.
“You can check email, Facebook or sports scores, but you don’t want to leave yourself open to someone picking off your banking passwords,” Carey says. “Internet cafes are super convenient, but you don’t want to be doing any sensitive financial transacting.”
5. Not having a private profile on social media
“It still surprises me the number of people who don’t keep their profiles private,” says Stacey Vogler, managing director of ProtectYourBubble.com, a company that insures smartphones, laptops and other communication devices. When you have your birth date, your phone number or your address on your profile, it’s an invitation for hackers to come in and use it in a malicious way, she says.
“It’s an entry into your life and who you are,” she says. “It would be easy to figure things out after following a few posts from you on a non-private profile.”
6. Following a phishing email — even if you’re “just curious”
If you get an email letting you know you’ve won $1 million for a contest you never entered, you shouldn’t follow the link or provide any information. Many people know emails like this are a scam, but they still follow along for a bit. This is a huge mistake. “Some people are curious, so they start a correspondence with the person to see if there’s something there or to see what kind of a scam it is,” Vogler says. “Unfortunately, any entry into who you are or where you live opens the door. It suddenly becomes really easy for them to hack into your life.”
7. Failing to monitor your bank statements and credit card statements
It’s surprising the amount of people who don’t monitor their credit card statements or banking statements to check for fraudulent activity, Vogler says. If you keep an eye on your statements, you can catch fraud early on.
“Check all your transactions to make sure they’re ones you have made. The dates and times, the merchants should all be ones you’re familiar with,” she says. “Look for anything that doesn’t seem typical to your normal behavior and notify your bank or credit card company immediately if something doesn’t check out.”
8. Carrying your Social Security card or Medicare card in your purse or wallet
“You don’t need to do it. It’s unnecessary,” Levin says. “You’re totally exposed.”
The elderly are already prime targets for identity thieves, and since your Medicare ID is your Social Security number, you’re leaving yourself at risk by carrying either.
“You never want to have something in your purse or wallet that has your Social Security number on it,” he says. “If you need to present it to a doctor or other agency one day, then carry it to the appointment and go straight home. Don’t leave it in your wallet for weeks or months on end.”
9. Putting too much information on social media
“Don’t take a selfie with your address in the background,” Levin says.
It may sound ridiculous, but some people will take a picture of their first drivers’ license that displays their full name and address. Others might take a photo of their final credit card statement announcing that they’ve just paid off their bills — unintentionally displaying their account number and other personal details.
“You don’t take a picture saying, ‘Look at my incredibly valuable new car in my front yard,’ and show everyone your address,” Levin says. “Your Facebook friends are not all looking out for you. Identity theft and property theft occurs even with family and friends. Why open yourself up to pain?”
10. Storing confidential info on your smartphone
Don’t keep passwords, PINs or your Social Security number stored on your smartphone — even in your email account. In other words, don’t save an email called “Passwords” or “Social.” This applies to your personal information as well as the personal information of your children or family members. “There are people out there with all good intentions who are helping their children or parents deal with a financial issue, so they store all this personal information on their phone so they’ll have it handy,” Levin says. “Your phone is a communication device — not a storage device.”
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Building Trust on the Internet, CNP fraud, Context-Based Authentication, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Data Breach, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix, ThreatMetrix Cybercrime Defender Platform, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, Trust Tags, Web Fraud