As we move away from brick and mortar to online operators, protecting yourself from online fraud becomes vital. More and more people access their banks online.
Yet the only thing standing between you and your money is a 4 to 6 digit number or a word or combination of words. And to make it easier, if you can’t remember your password, you can setup a few pre-determined facts about yourself and get to it.
Helps you access your account. So can anyone else who knows the answers. With the proliferation of Facebook, that is no longer a problem!
Technically, they weren’t hacked. The user simply used the password reset hints to guess the password. And the answers to the hints were available to anyone who bothered to google. You may not be a celebrity, but your personal information is not personal anymore.
How can you protect yourself online? I’ve outlined a series of steps with specific recommendations on what to use. It is easy to make a generalized comment like ‘Use a good anti-virus software’, but then what is a good anti-virus software? I’m going to try to do better than that. Every step has a specific action towards protecting yourself from online fraud.
TIP 1. Know what they know
Ever googled yourself? Do it again, but this time with the specific goal of finding out how much of your personal information is out there. The goal is not to use any of the information you find while creating password or a password hint
There are tools better than Google that’ll reveal more about you. It is amazing how much personal information is out there. Companies sell your personal info all the time. And there is nothing you can do about it. With just your first and last name, anyone can pinpoint where you live. Scary! Try the second link in my actions list. You’ll see what I mean.
TIP 2. Guard your email id
Your primary email id should be known only to a select few. Don’t use the same id for Facebook, to register for freebies and to access your bank account. Have an id for friends, one to access sensitive information like banks and throwaway account for everything else. Here’s a cool tip. I use a free service which lets me create an id on the fly which I use all the time as throw away accounts.
For example, say I try to access New York Times and it wants me to register. If I registered as user joe, I create an id on the fly – firstname.lastname@example.org. This will forward 3 emails from NYT to my primary account and everything else will be junked. Wonderful for outing companies that sell your info. Seriously, create an account here.
For best spam protection, nothing beats Gmail.
TIP 3. Use a Mac
Not everyone will like this one! Is Mac more secure than a PC? I don’t know, what do the numbers say? How many Mac viruses have been documented? Maybe virus writers don’t bother writing viruses for the Mac and that’s why it looks secure. Maybe so, and that’s a good thing for me. It is not about which is better or superior, it is about protecting you, your privacy and your money. And statistically, Mac is been shown less prone to malware than a PC by a huge margin. If you are using Linux or Solaris, more power to you! But for the average joe, the battle is still between the Mac and the PC. I’ll stick to just those for this discussion.
TRY IT OUT!
Hello, I’m a Mac!
TIP 4. Protect your PC
Ok, I realize not everyone’s going to ditch their PCs and buy a Mac! If you are using a PC, the first thing you should do is protect it using a solid anti-virus software. Contrary to what most believe, the best anti-virus software for most users is free and is available from Microsoft. Make sure you’ve turned on automatic updates. I’ve provided the relevant link in my recommendation list.
TRY IT OUT!
Microsoft Security Essentials
TIP 5. Use a safe browser
I will not try to be politically correct here. If you are using IE, that is the wrong answer. IE has more holes than a block of swiss cheese. Safari doesn’t fare well either, but then IE is targeted more than Safari due to its user base. As of this post, the safest browser is Google’s Chrome. Use it at least while accessing sensitive information.
TRY IT OUT!
The safest browser there is
TIP 6. Secure your wireless connection
Most people use a wireless router at home. If a technician set it up for you, in most likelihood, he left it unsecured with the default access point ‘linksys’. Why is an unsecured wifi a problem? First anyone with a wifi device can get in on your network, perform illegal activities like pirating songs and you would be held responsible. One can sniff passwords within a network. In cities like Bombay, authorities are going home to home to make sure their routers are secure. The threat is real and serious. Do not leave your wifi connection open.
How do I know if my wifi connection is open?
When you try to access your network for the first time and it didn’t require a password, your network is open. To be sure, goto your router’s admin page – most likely at http://192.168.1.1/. Under wireless security look for ‘none’, WEP or something else. If it says none or ‘disabled’, your network is open.
Don’t use WEP
WEP is better than and open network, but is very easy to crack for someone so inclined. Use WPA (or higher).
TRY IT OUT!
TIP 7. Don’t access sensitive information from public computers
There is no way of telling how secure a public computer is. Is it free from viruses and malware? What if it has a keylogger? A keylogger stores every keystroke you type. And that includes the sites you access and the passwords. Ever wonder why some banks don’t let you type the pin but allows your to click on numbers? This is why. Keyloggers can’t log if your pin wasn’t typed.
TRY IT OUT!
The tip is not to try this out! So don’t!
TIP 8. Login only to secure sites from public networks
If you are in a coffeeshop or an airport, if you must access sensitive information, use only sites that start with https and not http. When you use https, the information is transmitted encrypted. Even if someone where to sniff what you were typing, he’d get garbage.
If you are browsing an online paper, that is fine. But if you must login to a site, be aware that what you are typing in can be sniffed. See next tip.
TIP 9. Have a password policy
Do you use the same password to access Facebook and your bank accounts? DON’T! Have a sane password policy. Have different sets of passwords for different types of accounts.
Even when accessing banks, the password to access one bank shouldn’t be the same as another. Use a variation of password by interspersing with a number if this is too hard.
Have a separate sets of passwords for Social networking, email and for throwaway accounts.
- Come up with 4 sets of passwords that are not easy to guess and has at least a number and a special character
- Create variations of each
- Make a list of accounts you’ll have to apply this to
- Make the change
Use a password manager to manage different passwords. (next tip)
TIP 10. Invest in a password manager
You must have different passwords for different types of accounts. But it can get overwhelming and that’s when a password manager can be of great help. I’ll recommend two password managers that work very well. One is free(any OS) and other is a payware(Mac only). Both are excellent and highly recommended.
TIP 11. Make your Facebook profile private
Facebook can be a very entertaining site, but due to the way Facebook is designed, there is a good chance that your private information is not really private. Make sure you’ve secured your facebook profile. Only friends should be able to see personal information about you.
TRY IT OUT!
Protect your personal information on Facebook
TIP 12. Miscellaneous tips
- Avoid storing your credit card information on merchants sites. Especially if this is an unknown or foreign site
- Use disposable credit card numbers. Some cards like Discover allow you to create one time credit card numbers. Use these when you shop online.
- A stranger is not your friend in Facebook. If you get an invite from a person you do not recognize, do not make him your friend. All he needs is one peek at your personal pages to glean information about you.
- Lie on password hint questions. When you set up accounts, some sites prompt you to set up additional security hints. Lie on these questions. There was a bank that actually had this question: What’s your favorite soft drink? Come on! Chances are it is either going to be Coke or Pepsi!
We live in a different age, cyber criminals are getting smarter and smarter. And if the hacker is outside the US, there really is nothing law enforcement can do. Being a victim of identity theft is a very harrowing experience. Ask anyone who’s been through this ordeal! Take all measures to protect yourself. If the above seems daunting, attempt one tip each week.
Be safe, not sorry.