Minimizing Risk of Credit Card and Identity Theft

  • 3 Replies
  • 2684 Views
*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Minimizing Risk of Credit Card and Identity Theft
« on: January 26, 2014, 03:16:09 PM »
KEEP YOUR CREDIT CARDS AND IDENTITY SAFE
   Credit card and identity theft has become a common occurrence in out digital world.  If you aren't concerned about this happening to you, you should be.  It happened to me in a most unexpected way.
   I subscribed to an online news service.  The news service was hacked and the hacker stole all the data on their secure server.  My name, address, phone number, email address, user name, password and credit card number were stolen.  And to top it off, all of this information was posted online.
   Like many folks I used only a couple of user names and email addresses for all of my online accounts.  The one they hacked and posted was the one I used most frequently.
   I spent about 150 hours changing email accounts and notifying all who needed to contact me by email, cancelling my credit card and getting a new one, changing all my online recurring charges to that card and changing passwords and user names on all my online accounts.  This was made more difficult because I did not have a good system listing all the online accounts, their passwords and all my recurrent billing accounts.
   The good news is that the perpetrator of the hack was just sentenced to a long prison term.  Furthermore what I learned from that experience has changed my security awareness and behavior.  Here is what I learned and what I have done to make it harder for a hacker to victimize me in the future.
   It is very difficult to have truly safe passwords.  They must be long and random and hence they are difficult to remember, especially since you should have many so you don't wind up using the same one on many sites.  What I have done to resolve that issue is to implement a password manager application.  It is important that this application is secure, will generate long random passwords and store them for you to use.  There are a number of good applications for you to choose from:

Last Pass
Password Genie
SplashID
Roboform
Dashlane
KeePass
Identity Safe

The last two are free.

   Be sure to pick a password for your password manager that is secure.  That means it should be at least 20 characters long and contain letters, capital letters, numbers and symbols (?,!, etc.).  This is the only one you will have to remember.  Be sure to backup the contents of your password manager because if your PC becomes unusable and this data is lost, you will be in a world of hurt.
   Use the long randomly generated passwords even on your "throw away" sites.  By that I mean sites that contain no financial or credit card information.  These sites still contain lots of information on you and your identity.
   Never open an email that looks suspicious.  Suspicious emails often have no titles or have misspelled words or are from unknown people.  Just delete them.  Yes you may lose a message that was legit every once in a great while but you will avoid phishing or virus dropping emails much more frequently.
   Never click on a link in an email, unless you are ABSOLUTELY sure where the email came from.  When I get an email from a bank or online business asking me to click on a link because I have a message or statement, I log onto their website to get the message.  I NEVER click on links in emails.  Phishers can create very legitimate looking emails with links that have legitimate looking addresses.
   Have one credit card for use in brick and mortar establishments and one credit card for use online.  If one gets compromised you can still use the other.
   Be sure that any site you give credit card information to has a secure system for handling that data.  If it is secure, they will note the service they are using on the check out page.
   NEVER have a website store your credit card information.  When they get hacked and have 10 million credit cards stolen, yours will not be among them.
   Check your credit card's online site at least once a week.  If you see charges you don't recognize call the credit card company for further information on those charges.  Many false charges are for small amounts of money.  Criminals will make a charge for a few dollars to verify the card is still in use and then go hog wild on it.  Even though you are not responsible for fraudulent charges, the dozens of hours it takes to straighten out the mess can be quite depressing.
   Get set up now.  It might take a couple of hours to do, but with the increasing prevalence of credit card and identity theft, the probability you will get hacked is very high.  This will save you a lot of time and grief in the long run.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10632
Re: Minimizing Risk of Credit Card and Identity Theft
« Reply #1 on: January 28, 2014, 12:47:18 PM »

Additional resource: If you're the victim of cybercrime, you need to know what to do and respond quickly.
http://staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-

*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Re: Minimizing Risk of Credit Card and Identity Theft
« Reply #2 on: January 28, 2014, 01:22:36 PM »
Just to make a point:   I know of some people who refuse to shop online, because of all the talk of cyber-theft.   But it's critical to realize that Identity-theft can take place "offline" as well.   I have many colleagues who were victimized over a decade ago when --- as best as we can determine --- the Human Resources office discarded a box of payroll information without shredding it!   [It was too much of a coincidence for so many colleagues at work to have all been victimized simultaneously.]

My parents were victimized by a bad head-teller at a bank.   I was victimized when someone, internal to a bank, re-opened a credit card account that I had closed years earlier.

Being paranoid... and having easy access to the internet... I monitor all my credit cards daily, looking for any suspicious charges.   But even that's not enough:   I can only check on my legitimate accounts, of which I have knowledge.   The problem is that thieves can use your information to open new accounts, in your name, but at someone else's address... and as such, you won't know about it until --- months or years later, when the account is overdrawn and long-unpaid --- the company decides to seek you out at your "old" address!   So what can/should you do?  Check your credit reports regularly, to look for even UNknown abuse of your credit:

"Under federal law you are entitled to a copy of your credit report annually from all three credit reporting agencies - Experian®, Equifax® and TransUnion® - once every 12 months. Every consumer should check their credit reports from each of the 3 bureaus annually. Doing so will make sure your credit is up-to-date and accurate. Each reporting agency collects and records information in different ways and may not have the same information about your credit history."

https://www.annualcreditreport.com/index.action

My suggestion is to stagger your requests for these reports:   Order any one, then wait 4 months to order a second (from a different bureau), and another 4 months to order from the remaining bureau.   4 months later, you can re-start this process contacting the first bureau again.   This way, you're never more than 4 months out-of-date.   While not a perfect solution, I believe it's the best you can do for free.

*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10632
Re: Minimizing Risk of Credit Card and Identity Theft
« Reply #3 on: January 31, 2014, 09:30:14 AM »
The power of two - All you need to know about two-factor authentication

This article covers the major aspects of two-factor authentication, including what it is, how it works and where you can use it.

http://nakedsecurity.sophos.com/2014/01/31/the-power-of-two-all-you-need-to-know-about-2fa/

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-