When it comes to online identity theft, it’s a minefield out there. Every day, some cyber crook is devising new ways to sneak into our online accounts and pilfer money, or just our sanity.
And computer hackers are getting better at it, becoming increasingly sophisticated in their methods and targets.
“In the last five years, the bad guys have gotten as good as or better than the good guys,” said Robert Siciliano, security expert with McAfee, the Santa Clara, Calif.-based online security company.
Since 2005, about 560 million consumer medical, financial and personal records have been breached by hackers who broke into databases of numerous government agencies, hospitals and companies, from General Motors to Twitter. That’s according to the San Diego-based Privacy Rights Clearinghouse.
“Based on the massive amount of information that people give away (online) and the staggering number of security breaches that occur each year, it’s inevitable you’re going to become a victim,” said Adam Levin, founder of IdentityTheft911, a security breach consulting firm.
But there are ways to toughen up our defenses against online identity theft. Here’s some advice:
• Beef up passwords: Too many of us use the same, wimpy passwords, whether it’s for banking, shopping or socializing. If just one account gets hacked, they’re instantly all vulnerable.
Passwords should never be: a word in the dictionary, a sequence of numbers or letters (i.e. 45678 or abcdef), or anything that’s personal (your kid’s name, dog’s name, anniversary).
Instead, they should be: at least 8 characters, a mix of uppercase and lowercase letters, and a combination of letters and symbols (#, &, $, etc.)
Try to make it something you can easily remember. Use the first letter of each word in a favorite phrase or song title, for instance. If you’re on a site like Amazon.com, suggests Levin, include the letters AZ.
• Answer with caution: When signing up for online accounts, we’re often required to answer selected security questions: your first pet, favorite color, mother’s maiden name, high school mascot. But if someone wants to break into your online accounts, every answer they need could already be out there via social media.
Instead, use fake answers that you’ll remember or repeat the same answer to every question: “Dog,” for instance.
• Don’t click: You get an email from a friend who wants to share a link to a cute video, political commentary or intriguing story.
Problem is: It might not really be your friend, but an impostor. Or your friend may unwittingly be sharing an infected link that could worm its way into your computer.
If it’s a work colleague who said she’s sending a link or if a company you’ve signed up for is sending a confirmation link, it’s probably OK, McAfee’s Siciliano said. For everything else, “just hit ‘Delete.’ ”
• Be social media savvy: There are ways to reduce your risks while still enjoying online socializing, said Joanne McNabb, chief of California’s privacy protection office.
Among them: Never post your email address or your full birth date (especially the year). Lock down your account so it’s viewable to “friends only.” Don’t accept friend requests from people you don’t know.
• Palm of your hand: Your mobile phone can be a source of cyber intrusions, either by downloading apps infected with viruses or clicking on texts or links that try to con you into disclosing financial or personal information.
McNabb said everyone should use a password on mobile phones.
And don’t click on the “Save my Password” feature, Levin said. If your mobile device lands in the wrong hands, that feature could provide instant access to everything stored on your phone.
• Check your accounts: Although he freely uses his credit card online, Siciliano said he carefully scrutinizes his monthly credit card statements. “If you’re not looking at your statement frequently, the next thing you know you’re paying for dinner of a cyber-thief.”
Same for your credit reports. Every adult is entitled to a free, annual credit report from each of the three credit reporting bureaus, Experian, TransUnion and Equifax. Check yours to ensure that no fraudulent accounts have been set up in your name.
“Monitor what’s going on; either pay for a monitoring service or look (online) at your bank and credit card accounts every day for fraudulent activity,” Levin said.