 |
 |
 |
 |
 |
 |
 |
All that activity increases the risk that someone in your office will be the victim of online identity fraud, and that’s difficult to undo no matter where it takes place, at work or at home. The heightened risk at the office is the likelihood that a co-worker will ask you a question as you conduct the transaction, or that a patient will arrive to check in, or that some other far more important issue will arise to distract you—perhaps keeping you from being as diligent as you otherwise would be about checking the website out and following all the steps you need to follow to keep your identity information safe.
Here are ten things you need to know about online ID fraud.
1. The stakes are higher than you probably realize. Recent data suggest that about 3.5 million adults in the United States lost money through “phishing” e-mail scams alone in 2007, up dramatically from the 2.3 million who lost money to that scam the year before. Total estimated loss: about $3 billion.
2. Phony e-mail is a growing threat to your online identity’s security. One of the ways it threatens you is with enticing attachments that turn out to be full of viruses. Open the attached file to see a photograph, for example, or find out what you won, or see product details—and welcome a virus into your system as well, a virus that may be able to record your keystrokes, memorizing the confidential information you type in later. And the “response” forms some fraudulent e-mails ask for may simply be phishing nets designed to capture as much information about you as possible—right away, before you catch on.
There are simple steps you can take to even the odds. First, get ruthless about deleting e-mail that doesn’t look like it’s from a familiar source. And after it’s opened, be wary—an e-mail may even be designed to look like it’s from a company you routinely do business with. Finally, be especially suspicious of e-mails that ask for account information, no matter how authentic they look. Think about it: Isn’t, say, your bank the last place that should need to ask you for your credit card account number?
3. Pop-up ads aren’t just annoying—or entertaining, depending on your perspective. They can be dangerous to your online ID security, because some of them contain Trojan horse programs that may look for pieces of your identity or your practice’s in your system. You can pretty easily implement a “no pop-ups” rule in your office, but it’s hard to enforce and probably unnecessary. There are a number of pop-up-blocking software products available, for one thing. But pop-ups are tricky, and many of them may sneak past. Rather, remind office staffers not to download files from any unknown sources, including those that pop-ups lead them to.
And be especially suspicious of software programs offered for free through on the Internet. Check out software very carefully before you download it. Make sure you use the most technologically advanced operating system and Web browser you can afford, and make sure it comes with the latest security patches. Always keep your Web browser security set on at least medium, but preferably high, so you can minimize the likelihood of a site downloading something onto your system that you’re not aware of being there.
4. The most interesting-looking websites—whether professional interest sites or those you visit as break-time just-for-funs—can be the riskiest. But some simple observations can keep your ID safer. A phony site may look legit; often, it will look intentionally like something similar that is legit, something your Web-surfing patterns indicate you might be interested in or have looked at before. Fake business and commercial sites are often remarkably realistic looking, and can be surprisingly well-targeted to your specific professional interests. But professional sites can be vehicles for committing ID fraud, too. You can sidestep the worst offenders by avoiding clicking on links provided in e-mails. Rather, open a new window with your browser and type in the site’s URL by hand. Also, you can save some worry by bookmarking sites you’ve safely used before and accessing them in the future only through that link. That URL holds a wealth of information, by the way, information you can use to steer clear of some of the more dangerous landmines.
Look for an asterisk, the @ symbol, in Web addresses. It may mean that a company other than the one you’re interested in actually controls the site.
Keep an extra eye out for websites that show a numerical “IP” address—something like 123.321.1.2—in the address bar your browser uses. You should see a domain name there.
Only give out ID information over a secure server, which means the information is being encrypted as it’s being transmitted so hackers can’t read it, even if they can get at it. An unsecured URL contains these parts: http://www.###.com. A secure URL will look like this: https://www.###.com or shttp://www.###.com.
5. Don't trust your chat room buds with your sensitive business information, and not with your own information, either. You can’t be sure people are who they claim to be online, and anyone asking for ID information in a chat room could be a scammer posing as a colleague and offering to do an ordering favor or otherwise get involved with you personally just to get at your data.
6. Telecommuting is awesome, but be careful when office staffers work from public terminals, such as those in a library, airport kiosk or Internet café. Be extra-careful about entering passwords or other sensitive information because hackers can often steal it by recording someone’s keystrokes. Wi-Fi networks, the kind you use in a coffee shop, also offer ID thieves an opportunity. Use your best judgment about office policies regarding remote computer use that involves ID information.
7. Computer viruses continue to be your biggest online worry overall, when it comes to ID fraud and just about every other kind of Internet unpleasantness. But you can protect yourself. Just make sure you have antivirus protection that’s as current and as complete as possible. “They” say it takes from just a few minutes up to about half an hour for an unprotected personal computer to become infected with a virus or overtaken by malware. You need to have protection ready. There are a number of free systems and services available online. Make sure you check it out before you download it, though, or you could just make things worse.
8. If you think someone has swiped your ID, it’s critical that you act fast. Document what happened and contact the proper authorities. Here are some numbers:
Federal Trade Commission Identify Theft Hotline: 877-ID-THEFT
FTC website: www.consumer.gov/idtheft
Social Security Administration Fraud Hotline: 800-269-0271
SSA website: www.ssa.gov/oig
Equifax: 800-685-1 1 1 1
Experian: 888-397-3742
TransUnion: 800-888-4213
9. It's worth the effort to report ID fraud, because the federal Department of Justice, among other agencies, pretty aggressively prosecutes cases of identity theft and fraud under a variety of federal statutes. About a decade ago, the U.S. Congress passed the Identity Theft and Assumption Deterrence Act, creating the offense called “identity theft,” which prohibits “knowingly transferring or using, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable State or local law” (18 U.S.C. § 1028(a)(7)). If a scammer is busted, he or she faces a maximum term of 15 years’ imprisonment, a fine and criminal forfeiture of any personal property used or intended to be used to commit the offense. Also, schemes to commit identity theft or fraud run afoul of statutes covering identification fraud (18 U.S.C. § 1028), credit card fraud (18 U.S.C. § 1029), computer fraud (18 U.S.C. § 1030), mail fraud (18 U.S.C. § 1341), wire fraud (18 U.S.C. § 1343) or financial institution fraud (18 U.S.C. § 1344). The feds work with the Federal Bureau of Investigation, the US Secret Service and the US Postal Inspection Service to prosecute cases; penalties can include up to 30 years in the jug.
10. If acronyms work for you as a memory tool, use this one, the DOJ suggests: SCAM. S is for being “stiny” about giving out your ID information unless you have a pretty good reason to trust the party receiving it. Also, switch it up as often as possible. Changing passwords frequently will help keep you one step ahead of potential fraudsters. Always make them as complicated as possible, too, including resisting the urge to use numbers or words that may be easily linked to you. “B-A-B-Y-D-O-C” is a bad password for a pediatrician. And if making passwords secure makes them practically impossible for you to remember, that’s the point. It means an ID thief might not be able to remember them, either. When possible, use a random mix of letters and numbers, capital and lowercase characters and symbols. The C is S-C-A-M is for “checking” your financial information regularly, because that’s usually how you find out your ID has been stolen. Few ID thieves will use your information to apply to college. They want money. You’ll often learn your ID’s been pinched when charges start showing up where they shouldn’t—including in your bank accounts. The A is for “asking” periodically for a copy of your credit report, for the same reason. And the M is for “maintaining” careful records of your banking and financial accounts.
