Go to the mobile version of this Web site.

Login | Contact Us | Site Map | Paid archives | Electronic edition | Subscription Questions | Extras

Safety first, even online

Rebecca Jones, Special to The Rocky

Published October 1, 2007 at midnight

Text size  

More Tech & Telecom

More stories »

Recent headlines about online security breaches are enough to give anyone the shivers who has ever so much as opened an e-mail. Consider:

A San Francisco man was indicted last month on charges he stole credit card and identity information from tens of thousands of people by hacking into bank and credit card processing computers. Witnesses say Max Ray Butler used a high-powered antenna to intercept wireless communications. He's also accused of selling some 100 credit card numbers and running an online forum for credit card thieves to "share ideas."

A report released Sept. 17 by Symantec, a security software maker, found that online thieves are getting more sophisticated, selling software "tool kits" that can infect millions of computers for $1,000 per program. Symantec also reported the number of threats caused by such malicious code had skyrocketed 185 percent during the first six months of 2007, compared with the last six months of 2006.

On Sept. 14, TD Ameritrade Holding Corp. reported that one of its databases was hacked and contact information for 6.3 million customers was stolen.

It may be of some comfort to know that identity theft is actually on the decline and that most victims still get stung the old-fashioned way: Someone stole their wallet or lifted something from their mailbox or they were betrayed by a friend or family member.

"It's a little counterintuitive, but in fact, the Internet is NOT delivering most of our fraud to us," said Scott Mackelprang, a security expert with Digital Insight, the Southern California-based company that offers Internet-based financial products and services such as Quicken. "Fraud trends have gone down every year, and 84 percent of fraud is from off-line sources."

Indeed, a survey taken in February by Javelin Strategy and Research found the number of adult victims of identity fraud in the U.S. declined from 10.1 million in 2003 to 8.4 million in 2006, and the total losses to fraud had declined from $55.7 billion in 2005 to $49.3 billion last year.

Those numbers can continue to fall if consumers will just be more proactive and take steps to protect themselves, say security experts.

Let's be careful out there . . .

10 steps everyone who ventures online should consider taking:

1 Put up a firewall.

It's a scary name, but a firewall is just a way to seal off the private parts of your computer system to prevent outsiders from digitally peeking into places they have no business peeking into.

"Over the last few years, vendors have made this easy," Mackelprang said. "It used to be a daunting task, but at this point, it's just a matter of clicking 'Go ahead and do it,' when the system asks you if you want to turn the firewall on." Lots of companies offer firewall software, with prices typically around $40.

2 Install anti-spyware.

This is not the same thing as anti-virus software, but you need that, too. Here's the difference: Anti-virus software lives in the memory of your computer, watching what's going on as you go about your business. It's designed to identify and block viruses from invading and replicating, which might lead to gummed-up works and an inoperable computer.

Viruses are bad, but spyware can be worse. Spyware is installed on your computer without your knowledge for the purpose of monitoring what you do. "It was written initially for monitoring programs, to see where you browsed, to sell you things," Mackelprang said. "But it's a short step to go from there to what you type on the keyboard."

By monitoring your keystrokes, thieves can figure out your credit card numbers, your passwords, not to mention reading your e-mail or other documents you create.

3 Turn on the "Automatic Update" function of your computer's operating system.

It's tempting to ignore the little messages anyone running Windows gets so frequently, asking if we'd like to update this or that. While it only takes a few seconds, it seems to eat up time that we don't have. But this is a short-sighted view.

Malicious programs are out there, worms able to attack deficiencies within a given software program. The manufacturers of these programs constantly test and update their programs to remove the deficiencies. "Automatic Update" is a program built into a computer's operating system that instructs it to periodically check in with the software vendors' Web sites to see if any new deficiencies have been discovered, and if so, whether a fix, or "patch," has been created.

"If you have Automatic Update turned on, you'll be much more resistant to these worms that sweep across the Internet," Mackelprang said.

4 Be careful where you surf.

Some Web sites contain programs that will transfer themselves to your computer without your knowledge. One recent study found that about 4 percent of Web sites contain such "hostile" software, Mackelprang said. "The software might be just spyware, but it could be something much more sinister than that," he said.

Pornographic sites are infamous for containing harmful software. Gambling sites also are dangerous for such things.

5 Never interact with spam. And if you order online, stick to stores you're familiar with.

"If somebody is reaching out to you by e-mail, trying to directly solicit you, be just as suspicious as you'd be with any direct solicitation," said Rob Douglas, a security consultant based in Steamboat Springs and CEO of PrivacyToday.com. Don't respond to any links that come imbedded in an unsolicited e-mail.

"If an item catches your eye, do a Google (search), find the link for that site and go to it directly yourself," Douglas said. "Don't use the link because that's how a lot of phishing attempts get started."

6 Purchase with a credit card rather than a debit card.

In fact, Douglas advises using one card solely for online purchases. "That's so if you do get burned, if there is a breach, you won't put multiple cards at risk," he said. And if the card is used fraudulently, at least a breach of your credit card account won't put your whole checking account at risk, the way a debit card breach could.

7 Don't allow retailers to store credit-card information for you.

Yes, it's handy. Retailers will ask if you'd like to store the information on the site so you don't have to re-enter it each time you shop there. That saves a lot of keystrokes. "But I always say no," Douglas said. "If it's not in their database, then if their database is breached, you're less likely to have your information stolen."

8 Use a credit watch program.

Services such as Lifelock or Equifax monitor your credit accounts and alert you whenever someone tries to open a credit account in your name, and keep you apprised whenever there is significant activity on one of your accounts. Most such programs also offer you coverage for any expenses you incur if you are victimized by fraud. Costs are typically $10 to $12 a month.

9 Consider a credit freeze.

"This is the best protection of all," Douglas said. Changes in Colorado law last year gave consumers the option of requesting that consumer reporting agencies put a freeze on their file. Once such a freeze is in place, the reporting agency isn't able to release that individual's credit report - or any information contained in it - without prior authorization.

"In essence, it locks your ability to open a new credit account," Douglas said. "The merchants are all opposed to this, and argue with some validity that it makes it difficult to open new store accounts if you've frozen your credit account. But I think Coloradans should know that this exists, then make a balancing decision for themselves whether they want to use it."

10 Be smart about passwords.

"You can't write your password on a Post-it note and stick it to your computer and not expect your son's girlfriend or someone else not to see it," Mackelprang warned. Likewise, "PASSWORD" is the world's most common password, and if it's yours, you ought to change it. The world's second-most-common password is "PASSWORD1." Don't use that one either. Family names, pet names, birth dates - these are all pretty easy passwords for a thief to figure out.