Sneaky New Tricks from Identity Thieves
How to protect yourself from hotel Wi-Fi, Smartphone hackers and more
1 May 2013
Identity thieves have developed new ways to gain access to our credit card accounts, bank accounts, Social Security numbers and other sensitive data. Here, the sneakiest threats and ways to protect yourself…
HOTEL WI-FI
In decades past, criminals who targeted hotel guests typically broke into rooms and stole valuables from luggage. These days, identity thieves can steal from hotel guests without ever setting foot in their rooms. They do this by setting up Wi-Fi networks that appear to be official hotel Wi-Fi networks, then stealing private data from hotel guests who log on. All public Wi-Fi networks should be treated with caution, but hotel Wi-Fi is particularly dangerous because guests tend to feel secure in the privacy of their rooms, making them more likely to access financial accounts, enter credit card details or reveal other super-sensitive information. To protect yourself…
Update your laptop, tablet or smartphone security software immediately before staying at a hotel (see below under “Smartphones”). This maximizes the odds that the security software will identify threats.
Never use hotel Wi-Fi for online banking, credit card account management or investment management. Don’t use a hotel lobby computer for such things, either. “Keyloggers” that track every keystroke and report things such as passwords to identity thieves often are loaded onto public computers. Consider using your smartphone’s network instead for these functions, because it is somewhat safer. Or at least check with the hotel to confirm that you are logging in to the authentic hotel Wi-Fi.
If you’re prompted to update software or download a program while accessing the Internet through a hotel Wi-Fi system, decline to do so. Downloading this “update” actually might load malware (malicious software) onto your computer. If you feel that you must update your software as directed, at least don’t click a link in a pop-up window to do so. Instead, visit the software provider’s official Web site, and download the update from there.
Don’t call the phone number provided on a restaurant menu slipped under your hotel room door. In one new scam, identity thieves print phony delivery menus, then slip them under hotel room doors. When guests call to place orders, they’re asked for credit card information, which then is used for fraudulent purchases. If you wish to order from such a menu, look up the restaurant’s number on your own.
SMARTPHONES
Smartphones essentially are portable computers, yet many people don’t take smartphone security as seriously as they do home computer security. To protect yourself…
Load antivirus software onto your smartphone, and keep this software updated. Options for phones that use the Android operating system include Kaspersky Mobile Security, $14.95…ESET Mobile Security, $19.95…BullGuard Mobile Security, $29.95…and AVG AntiVirus FREE, free. They are available at the Web sites and at app stores.
For iPhones, iPads and iPods, quality antivirus software is harder to find and less of a necessity because hackers have not gone after them yet, although they probably will before long. Still, Apple smartphone, iPad and iPod users should consider downloading AVG Safe Browser, a free Web browser that will warn them away from unsafe sites (download it through iTunes or the App Store on your device). While Apple smartphones currently are at low risk for computer viruses, that eventually will change. Apple computers once were very safe from viruses, too, but now are essentially as vulnerable as Windows PCs.
Download apps only from usually reliable sources. If you download an app from the wrong site, you might unknowingly load malicious software onto your phone as well. Trustworthy app sources for iPhones include Apple’s App Store.
Trustworthy sources for Android include Google Play and Appstore for Android on Amazon.com (select “Appstore for Android” from the “Shop by Department” menu).
Set a pass code on your smartphone. A simple four-digit PIN (or longer pass code) will make it much more difficult for a thief who steals your smartphone to access the data you have stored in it…or for someone who has access to your home or office to load malware onto your phone when you’re not watching. The procedure for setting a pass code varies from phone to phone.
CREDIT CARDS
The merchant you buy from might not properly protect your credit card data or the merchant himself could be a thief. Many card issuers now offer two smart ways to reduce this danger. Contact your card issuers for details and availability…
Ask the issuer to supply a single-use authorization number. This number is tied to your credit card account but is valid only for a single transaction and would be provided to an Internet merchant in place of the actual credit card number. It’s worth considering when buying from Internet merchants that you are not sure you can trust. Even if a crook obtained it, he couldn’t use it for additional purchases.
Set up a password for online card use through the card issuer. A box will pop up requesting the password whenever the card is used online. Even online merchants never see this password.
SOCIAL NETWORKS
It isn’t news that identity thieves prey upon Facebook users, pretending to be online friends in order to gather personal data. But many users of Facebook and other social networks don’t realize that this is not the only way that identity thieves might target them. To stay safe…
Don’t provide any details about yourself on your Facebook page that could be used to answer the personal security questions you’ve set up for accounts. If you forget the password for one of your accounts—anything from an e-mail account to a financial account that can be accessed online—that account provider’s Web site likely will ask you a personal question to confirm your identity before providing access. The personal question might involve your mother’s maiden name, the name of your childhood best friend or some other personal detail that strangers are unlikely to know. Trouble is, people often supply these personal details on their Facebook pages or elsewhere.
Much better: Choose personal security questions that cannot be answered using information available on your Facebook page or elsewhere online. Or adjust your answers to personal security questions in a way that you can remember but that no one else is likely to guess. You could tack your favorite number or color onto each response, typing “Larryblue” rather than “Larry” when asked your childhood best friend’s name, for example.
Don’t click links in messages you receive through social networks—even when those messages come from close friends. When an identity thief breaks into a victim’s Facebook account, he/she often will send messages to all of that person’s Facebook friends pretending to be this person. These messages typically include a link that, when clicked, secretly loads malware onto the friends’ computers, allowing the thief to steal their identities, too.
Source: Steve Weisman, an attorney and a member of the National Academy of Elder Law Attorneys. He is a senior lecturer at Bentley College in Waltham, Massachusetts, and host of the syndicated radio program A Touch of Grey. He is author of 50 Ways to Protect Your Identity in a Digital Age: New Financial Threats You Need to Know and How to Avoid Them (Financial Times). www.Scamicide.com