15
Jun
Posted in scams, security by Roger, the Amateur Financier |
It’s becoming almost a monthly event: there was a security breach last week, allowing hackers to access people’s personal information. I mentioned a few months ago about how the Playstation Network was hacked (and subsequently shut down), certainly a dark day for most online gamers.
Now, though, it’s a major bank, specifically Citibank, that has been hacked. To add insult to injury, the method used by the hackers sounds like something I could do, and since I am barely tech savvy enough to keep this blog up and running, that’s something. By opening their own accounts, signing in, and replacing their account numbers with the account numbers of other bank customers in the web address line, the hackers were able to acquire personal information from a number of Citibank customers. It is almost scary how easy it sounds to do that.
It's amazing how easy it has apparently become to get credit data from online sources.
Now, with such high profile break-ins in the news, you might be a little worried about your online security. Unfortunately, much of the ability to protect your secure information is out of your hands; you can do everything right, but if your bank (or credit card company, or any number of places where you have some personal finance information stored) ends up being hacked or otherwise has its security compromised, your personal information could still fall into the wrong hands.
Still, that’s no reason to make it easier for hackers to get to your personal data. While there are some things that are outside of your control (how your bank formats their account web addresses and the ability to leap from one to the other, for example), but there’s still plenty you can do to help keep your financial information to yourself. For example, you can:
1. Be Careful When Contacted By Email: In our increasingly wired society, there is a good chance that you receive some (or even all) of your correspondence with your bank(s) via email. Unfortunately, the same advantages of email for your bank (cheap, quick, easy to automate) also make it advantageous for those who want to gain access to your account illicitly. The best thing to do: treat every email like it may be fraudulent, and use the appropriate caution. If you are contacted by one of your banks and told that you need to log in to deal with some issue online, got to the bank’s website directly, sign in to your account, and deal with the issue (if there is an issue) that way. That way, you won’t accidentally give your personal information to inappropriate sources. On that note:
2. Don’t Give Out Financial Information UNLESS You Initiate Contact: If you want to engage in all the advantages of online commerce, you’re going to have to provide your financial information to someone. But only do so when you started the transaction. If you receive an email or other contact that wants your personal information, just say no. Instead, as above, make sure that you, personally, enter in the appropriate website and ONLY provide your information when you are sure about the company you are dealing with.
3. Be Careful About Social Networks: It’s very tempting to drop your guard when you are on Facebook, Twitter, Linkedin, and the numerous other social networking sites out there. After all, you are surrounded by ‘friends’ and ‘followers’; why would they want to hurt you? Unfortunately, social networks are an attractive target for hackers; from sending out emails posing as the social network operators to creating fake profiles to worm their way into your list of friends, those who mean you harm have lots of ways to take advantage of social networks. A good guideline to follow: don’t share any information on social networking sites (whether on a public ‘wall’ or in a private message) that you would not want to be shouted out loud on a crowded street corner. (On a similar note: Be cautious about what you share on social networking sites, period; sure, now you have no problem with pictures of you chugging beer and flashing the camera, but ten, twenty, thirty years from now, do you really want your children, friends, or coworkers to have pictorial proof of your wild-child days?)
4. Keep An Eye On Your Accounts: Just in case you are getting the feeling that computers cause nothing but trouble, let me put your mind at ease: computers can be a great asset in preventing illicit activity. If you make sure to monitor your accounts on a regular basis, you can be sure to catch any fraud before it gets too far, allowing you to prevent the worst of the damage. If you do notice anything is wrong, be sure to contact your bank or other financial institution so they can work with you to prevent further theft (and hopefully reverse the theft that has already happened).
5. Make Your Passwords Hard to Guess, and Change Them Regularly: I’ve discussed the importance of changing your passwords at least twice a year before, but it bears repeating. (Of course, you can (and if you fear you’ve been hacked, should) consider changing them more often, but I understand that it’s hard enough to keep track of all the passwords you need nowadays without changing them every two weeks.) You’ll be less likely to have your accounts hacked if your passwords are complex (with letters (both capitalized and lower case), numbers, and symbols, if possible) and difficult for someone else to guess. A password like ‘Abc123′ is just begging to be guessed, while something like ‘Meh27nE19%’ is unlikely to guessed by random chance. Make sure you write down your passwords somewhere safe (encode them if you want an added layer of security), don’t share with anyone, and change them regularly (and not just by shifting one letter at the end), and your accounts will be much more secure.
There you have it, several ways to make sure that your banking is as safe and secure as possible. Here’s hoping that when the next story about financial data being stolen breaks (as seems to be nearly inevitable), your data won’t be among the data that is lost.
Related Websites
27
Apr
Posted in scams, security by Roger, the Amateur Financier |
You might have heard by now, but there was a major hacking event over the past week. The PlayStation Network, where thousands of gamers congregate to play online, has been hacked. Yes, the ‘hackactivist’ group (that is, a group that using hacking to avenge perceived wrongs) ‘Anonymous’ hacked into the PlayStation Network, and apparently has stolen information about its users.
While Sony, the company that runs the PlayStation Network, does not believe that credit card data from its customers has been stolen, it is still cautioning its members to take appropriate cautions with their data, as “out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained”.
Pretty harrowing stuff, hunh? There’s something about identity theft that gets the blood pumping in this modern age. Luckily, if you feel that you may have been a victim of identity theft, you don’t have to sit back and wait for something to happen before you can act. Here are a few things you can do if you suspect you might be a victim of identity theft:
1. Put a Fraud Alert on Your Credit Reports: A fraud alert is when you alert the three credit bureaus (TransUnion, Experian, and Equifax) that your information may have been stolen, and that creditors should be concerned about requests for new sources of credit made in your name. Having fraud alerts in place will make it harder for any would-be identity thieves to use your information to open new accounts and otherwise use your identity to make a profit. It will last for 90 days, so if you are still afraid that your identity is at risk three months from now, you will need to renew the alert. It’s not a sure thing, as creditors can ignore the presence of an alert and provide an identity thief with credit in your name; but it will limit the number of options that an identity thief has for getting credit in your name. And if they do…
2. Get Copies of Your Credit Reports: Placing a fraud alert will allow you to obtain a free copy of your credit report from each of the credit bureaus. If you order your credit reports and notice any fraudulent information, particularly any accounts or charges you don’t recognize, you’ll need to resolve them, and make sure that you check your credit report to make sure that it has been resolved.
3. Close Compromised Accounts: If you find that one or more of your accounts has been hacked (or that you have open accounts that you don’t remember opening), you’ll need to close them. Contact the companies in question, first by phone, but also by mail (using copies, NOT originals, of documents to support your claims), and explain the situation. Depending on the company’s specific policy, you should be able to close the accountant (and reopen it, if you so desire, with new Personal Identification Numbers and passwords) without too much trouble, although you may have to put some more effort into the process.
4. Report the identity theft to the local police and FTC: You need to notify the appropriate authorities to let them know about the identity theft incident. By alerting the local police (or the police in the area where the theft occurred) and the Federal Trade Commission (FTC), you can let them know more about the situation and get the ball rolling on resolving the issue.
Hopefully, you won’t find yourself in a position where you need to deal with identity theft, but if you do, there are ways you can limit the damage done and regain control of your life. Good luck!
Related Websites
22
Jun
Posted in security by Roger, the Amateur Financier |
While watching a local news station, I came across a pretty interesting concept: an ID Score, which attempts to quantify your risk of having your identity stolen or your personal information misused. The goal, as noted on the main site, is to give you an idea of how much you have to worry about having your identity stolen. It’s a laudable goal, and the information provided about how to protect your identity is helpful and proper (although, the link provided to the FTC’s identity theft guide is probably the most helpful of all).
I do have a problem with My ID Score, though: when I attempted to get my ID score, I discovered that they would need my Social Security number to verify my identity. Although the first page I came to claimed that giving my Social Security number was optional, attempting to get a score without giving it led to a page saying that my identity could not be verified with the information given, and that providing my SSN would help with identification.
This set off some pretty big warning signals in my head; one of the first pieces of advice on protecting your identity given out by almost every source is to not give out your Social Security number to any person or organization you don’t fully understand, especially online. Given this, it seems rather ironic that a group promising to help you protect your security would want you to give out this sensitive info. Add in the fact that this ID Score is still a new concept (unlike, say, a credit score) and not currently used by any groups to determine whether to give you money or hire you for a job, and the risk did not seem worth it.
As a result, I didn’t go through with getting my ID Score; instead, I’m simply going to go about protecting my credit on my own. In addition to not giving out my Social Security number or other sensitive information in most cases, I’m always sure to check my credit reports regularly (I actually signed up to get my credit score monitored at MyFICO.com, but that’s something rather different), shred all my important personal documents, and closely watch my credit card statements for unusual activity. I’ve considered getting a credit freeze, as well, although I’m not sure if that will provide a good level of protection for the inconvenience it would cause over the next few years as I potentially go back to school or buy a house.
So, I have to ask, has anyone tried to get their ID scores yet? Do you have any good alternatives to this service that don’t require giving out personal information? Are there any big ways to protect yourself from identity theft that I’ve missed?
Related Websites
