ONLINE FRAUD,,,,,WHAT YOU NEED TO KNOW

                        ONLINE FRAUD,,,,,,PROTECT YOUR IDENTITY

   

What You Should Know About
Protecting Yourself From
Identity Theft Online

   
   

   

chukutem Idise   2012,,,

 


 


    The contents of this publication are available under the Creative Commons Attribution-Share Alike 3.0 Unported license.
 

 
   

Mozilla is publishing this guide as a public service.  No approach to
security can guarantee 100% security, and nothing in this publication is meant to provide any warranty or guarantee of the security of your private information.


 


    Please visit the Consumer Education page on the Mozilla Wiki to comment on this publication.  You will also find links there to versions in other formats.
 



Keep Your Identity Safe


One of the biggest fears some people have when using the Internet is identity theft. Identity theft occurs when someone uses your private personal information to commit fraud or other crimes.  Personal information such as names, birthdates and birthplaces, government identity numbers such as SSN in the US and SIN in Canada, and credit card numbers are the most common pieces of personal information targeted by identity thieves.


According to government estimates, there are more than 10 million cases of identity theft in North America each year, and many more worldwide. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make.


Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend large amounts of time and money repairing damage to their good name and credit record.  Victims of identity theft may lose job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, some have even been arrested for crimes they did not commit.


But you shouldn't let fear of identity theft keep you from taking advantage of all that the open web has to offer.  If you're consistently careful about a few key things, you can dramatically reduce your chances of becoming a victim of an identity theft online.
 



Be Careful How You Recycle

A significant number of identity thefts occur when thieves recover personal data from discarded computer equipment and storage media including PCs, servers, PDAs, mobile phones, USB memory sticks and hard drives that have been disposed of carelessly at public dump sites, given away or resold without having been properly sanitized.


If you're discarding a hard drive, PC, or server that contains a hard drive or a USB stick, don't rely on the "quick format" option in disk formatting utilities.  These simply rewrite the disk directory structure, and leave the data on the disk.  Much of that data can be recovered using disk repair utilities.  Utilities are available which securely erase a disk.  They do this by writing random ones and zeros over the entire disk surface.


USB sticks can be a security threat both coming and going.  Identity thieves often infect computers with viruses that can log keystrokes and give the thieves control of your machine remotely by putting viruses on USB sticks and leaving them in public places.  Because of this, attempting to use a "found" USB stick is extraordinarily dangerous.






Use Social Media Carefully


The recent explosion of social media means that many of us are sharing much more information about ourselves online than ever before.  Use caution to avoid publishing information about yourself that would be helpful to identity thieves.  Controlling access to your personal profile is an important first step. You can limit access of most items in your profile to just yourself, or share it it only with friends and friends of friends, instead of leaving it visible to everyone.  Restricting access to items such as your birth date and family information will give identity thieves less access to useful information about you.  Your phone number and address are items you probably don't need to enter into your profile at all.  If they aren't there, then they can't be accidentally leaked by a less than secure privacy setting.

   

Review your privacy settings frequently.  Social media sites make changes to their privacy rules and procedures from time to time.  You want to be sure that any changes they make to default settings don't compromise the security of your profile information. And don't forget to check the privacy controls on all the groups and apps you've added to your page.



Use Secure Passwords

  
   

The rise of social media makes it important than ever to avoid using personal information to create passwords.  Mentioning the name of your cat or your favorite restaurant on Facebook doesn't present a security risk in and of itself.  But if you use either of those as the basis for an online password, you've given identity thieves a helping hand. Be sure you are using secure passwords, and don't reuse passwords between different websites.  To learn how how to create a strong password that's easy to remember see Choosing Secure Passwords on Mozilla's support website.

   
   

Many websites require you to select a "secret question and answer" to allow you to reset or recover your password.  Often these sites require you to select from a limited set of questions, and frequently these questions are the exactly the sorts of information that you're encouraged to include in your social media profile.  Choosing a question such as "In what city were you born?" or "Who is your favorite author?" presents an obvious security hole.  Knowing where you were born gives anyone access to your password.  If the site doesn't let you write your own question, and many don't, you're better off tricking the system into being secure.  Here's how: Create a password you will use for password recovery using the method described in Choosing Secure Passwords article mentioned above.. Then, no matter which "secret question" you select, use your new password as the "secret answer". The answer doesn't make sense in the context of the question, but the password recovery system doesn't know this. It only checks that the answer you give when you ask to recover or reset your password matches the answer you supplied when you set up the account. This trick will ensure that even a website that chooses insecure "secret" questions won't compromise the security of your account.

   
Don't Reuse Passwords Between Sites
   

Even if you use a secure password, it's at risk if the website where you use it is compromised because of lax security on the part of the site operator.  That can be a big problem if you've used that same password on other sites as well.  The easy way to minimize that risk is to use a different password on every site you visit.  The article mentioned above has tricks that make it easy to have a unique password for each site while only having to remember one simple phrase and a rule.



Shoulder Surfing

Know who's watching when you're entering passwords. Some of the most effective tricks to steal your sensitive personal information are completely non-technical.    "Shoulder surfing" is simply using direct observation, such as looking over someone's shoulder, to steal information.  In crowded public places it's easy to watch people enter PINs into automated teller machines, calling card numbers into public pay phones and passwords into computers at cybercafes, libraries and airport kiosks.   With a pair of binoculars, thieves can shoulder surf from considerable distances.


   
Phishing
   
   

Phishing is the process of attempting to acquire sensitive information, such as your username, password and credit card details by masquerading as a trustworthy entity in an electronic communication.  Phishing is most often carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users into disclosing sensitive information.

   

E-mail that appears to be from social media sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting recipients.


Spotting Phishing Attempts

Many phishing attempts can be spotted by carefully looking at the links in email and on websites. When you place your mouse pointer over the link your browser or email client will show you the url to which it actually links.  In phishing attempts this is often a url designed to look legitimate to the casual observer.  Some are easy to spot, poorly formatted e-mails with painful misspellings.  But some look dangerously similar to real communications from trusted organizations, such as this one from fictional TrustedBank, Inc. We'll show you how to spot a fraud in seconds. It's as easy as knowing the difference between a period and a slash!