Though many news stories about Internet safety today focus on children and teens, the fact is that adults have several risks when they go online. Crimes such as sexual predation don't just happen to young people; criminals don't only hang out in teen social networking sites; and an adult's personal and financial information and buying habits are of great value in the Internet's underground economy.
If you understand how to behave and protect yourself online, you can stay safe and enjoy all the benefits the Internet has to offer.
Bullying has been around forever, but when you add e-mail, blogs, instant messaging, mobile phones and other electronic methods, bullying takes on an entirely new dimension. Cyberbullying, online harassment, and cyber stalking are all terms for ways in which those who wish to hurt others, for whatever reason, use online tools to do so.
Cyberbullies can deliver an onslaught of accusations and threats through instant and text messages, e-mail, or cell phones at any time of the day or night. Bullies can steal and alter photos in damaging ways or add derogatory comments; they can then post them on social networking sites (such as MySpace) or send them to the victim's friends and family. Sometimes, pretending to be the victim, they create fake blogs to create trouble with the victim's friends or post embarrassing videos. Because cyberbullies can remain anonymous, they don't have to be bigger or stronger to harass others.
Though the focus in the press is on cyberbullying among children and teens, cyberbullying affects people of all ages. Cyberbullying of co-workers, managers, seniors, and exes are unfortunately common problems.
The full scope of cyberbullying is difficult to measure because of under-reporting. However, we do know that nearly one in six U.S. children grades six to ten (that's 3.2 million students) are victims of online bullying every year.
Read more about cyberbullying awareness here
What to do if you or your child is cyberbullied
Often young victims of bullying are told they should "just ignore it" or "toughen up." Instead of dismissing them, they need your support when they speak up about online abuse.
Make sure your child understands that it is a myth that "weaklings tattle." In reality, those who tell are the ones who are not willing to be bullied. Speaking out and getting help are positive declarations that they deserve to be treated better.
Cyberbullying directly affects the emotional well-being of both victims and bullies. Every effort should be made to find the bully to hold them accountable for their actions and to help them change their behavior.
Five safety tips to avoid or deal with online bullying
Follow these steps to avoid or cope with cyberbullying:
- Keep personal information (address, phone number, etc.), feelings, or personal photos private so a bully can't abuse them.
- Use technology tools to block anyone whose behavior is inappropriate or threatening in any way.
- Do not answer phone calls or read messages, e-mail, or comments from cyberbullies, but do set them aside in case they are needed by authorities as evidence or to take action. Instruct your kids to do the same.
- Check in with your children periodically to ask whether they are being bullied on the computer, their cell phones or through online games. Encourage your children to report bullying to you and take action on their behalf. Don't dismiss their problems or blame them for not being tough enough.
- Make sure your children know why they should never bully others, and make it clear what the consequences will be if they do. Some parents of bullies tend to minimize or dismiss the behavior of their child. They consider such behavior as being "just a phase," or say "kids will be kids." Not only does this point of view utterly disregard the tremendous damage done to victims, it also fails to recognize the very dangerous path bullies themselves walk. Those who bully in school face higher rates of issues with alcoholism, imprisonment, failed relationships, and failure at work.
Sharing personal information online
Every detail you share online about your life and the extended group of people you interact with is stored somewhere. Understanding the way this information accumulates is critical.
People post resumes that include hobbies, past employers, past addresses, and professional associations. People post highly personal and identifiable information on blogs. On travel sites you may reveal your excitement about an upcoming trip. Perhaps you are exposing friends and family's e-mail addresses by forwarding e-mails.
- Employers need to consider the level of information they share about employees. Consider carefully how much information is appropriate to include in an employee bio that is posted on your company Web site. How much should be visible to other employees on your intranet? When you attend a conference is the attendee list shown in online conference documents? If your company encourages employees to leave out of office messages on their e-mail be aware that these may reveal when an employee will be away from home and make him or her a target for burglary. And you will probably never make the connection between the online information exposure and an offline crime.
- Schools should be cautious about exposing student information on their Web sites if those sites are viewable by the general public. Posting photos and identifying students by last name can place the student in harms way. Posting schedules of after school activities along with information about what activities a student participates in can give an online criminal a physical location and time where he can find that student.
Before you share any information online consider how sensitive the information may be if it is abused, and who you want to share the information with. If the information is general in nature or restricted to a site that is not available to the general public, there should be little risk in sharing it. However, if the information identifies you, your possessions, or someone else in some way you may want to limit access to that information or not post it at all
Here are some categories of information you may want to consider as you determine what you are comfortable sharing or having others share about you publicly. This list does not presume to be a definitive inventory of identifying information. It is intended only to get you thinking about what you share and where you share it.
- Your name and the names of family members and friends (mother's maiden name is often a password reminder or reset verification)
- Ages and genders of you, your parents, your children, or grandchildren.
- E-mail addresses, user IDs, nicknames, and domain names should not include information such as your name, age, birth year, birth date, social security number, city, state, hobbies, emotional state, zodiac sign, or other information someone might easily find out or guess.
- Address, including home, work, or any other place you will predictably be found such as at school, attending social clubs, visiting health clubs, and so on. If city and state information can be combined with a piece of secondary information such as a local sports team name, local newspaper article about you (including birth, wedding, graduation, or death announcements) you may be very findable.
- Locations of others close to you, including parents, children, and friends.
- Phone numbers. This includes home, mobile phone, work number, or friend's numbers.
- Keep in mind that with caller ID, your number is exposed when YOU call someone as well. It is no longer enough to tell children not to give their phone number out. They also shouldn't call or text message with people they don't know.
- Passwords. Choose strong passwords and don't use the same password for all of your online activities; if that password is ever compromised, everything is compromised.
- Personal numbers. Bank accounts, credit cards, debit cards, PIN's, phone calling card, SSN, passport, driver's license number, birth date, wedding date, insurance policy numbers, loan numbers, VIN numbers, license plate, locker combinations, student ID, and more can help to identify you or put you at risk.
- Photos that make you or other family members or friends identifiable, or show locations such as your home, school, or place of employment.
- Information about others. Don't place information about others online without first obtaining their express permission and ask your friends and family to do the same for you.
Sending and receiving e-mail
E-mail is short for electronic mail. People use e-mail to exchange messages and send and receive attachments such as photos, music, or videos. Unfortunately, e-mail's usefulness is undermined by spam (unsolicited messages trying to sell you something and spam scams that try to trick you out of your money (also known as phishing ).
Ten safety tips for sending and receiving e-mail
- Choose a safe e-mail address that doesn't give away personal information.
- Pick one that doesn't help identify or locate you. For example, SusieDoe_14_small_town@google.com.au reveals enough for someone to find Susie-her name, age, and small town in Australia.
- Avoid using flirtatious names like "2sexy4U" which may cause unwanted attention and expose you to greater risk.
- Make sure your full name is not exposed by your e-mail service by listing your full name on e-mail messages you send. Your real name displays by default on many of the major e-mail services, so whoever you e-mail can see your full name as well as your e-mail address. Because a last name and an online people directory may be all it takes to locate your family, look up your phone number, and have a sense of your income bracket based on the location of your home, you may want to avoid having your last name display in your e-mails. Check your e-mail help to find out how to do this.
- Don't share sensitive personal information in e-mail.
- Never share passwords, social security numbers, credit card information, and the like.
- Pay attention if you use an automatic e-mail signature. This is a handy feature because it typically provides your full name, address, and phone numbers. But if it's inserted automatically in all your e-mail responses, you might unwittingly reveal more information than you intended to people you don't know, especially if your e-mail is forwarded to others.
- Consider who you want to e-mail with. Remember: a friend of a friend is a stranger. Just because someone sends you an e-mail doesn't mean you need to read it or respond to it. You may choose to block messages from specific senders, or restrict your e-mail from anyone not specifically on your contact list. Find the instructions for how to do this in your e-mail service help. Think twice before you open attachments or click links in e-mail-even if you know the sender.
- If you don't know the sender, delete the message; if you do know the sender, double-check that an attachment or link is safe to open. If your friend doesn't remember sending you the attachment, delete the message.
- If anyone sends you inappropriate material, report it to your ISP (Internet service provider) or the police, if appropriate. Encourage your kids to tell you about anything they receive that upsets them.
- Don't be fooled by phishing. Be very skeptical if you receive an e-mail that looks like it is from your bank, broker, or other trusted company but asks you to verify or re-enter sensitive personal or financial information through e-mail, a Web site they direct you to, or a phone number they provide. It is quite likely a scam. Type in your own link to the bank or company or look up the phone number yourself.
- Avoid typing sensitive information into a public computer such as those found at the library or an Internet cafe. Sensitive information includes your name and phone numbers, account numbers and passwords, or home or e-mail addresses. An industrious thief might install a kind of spyware that records your every keystroke. Never select the feature that automatically logs you on to e-mail when you start the computer, or accept a "Remember My Password" option.
- Be cautious about meeting someone you know only through e-mail in person. Everything someone tells you about himself and his motivation for meeting you may be completely true - or completely false. If you decide to meet someone, never go alone, make sure others know where you're going, meet in a very public place, and keep your cell phone handy.
- Consider what you're saying and sharing in e-mail and how you would feel if the information was shared. Anything you say in e-mail can be forwarded to others or monitored by employers or other family members.
- Report e-mail harassment or bullying. As in real life, this is unacceptable behavior and in some cases, illegal. Report harassment or abuse to your service provider. (Every service should have a clearly visible Report Abuse function; if it doesn't, consider switching providers.) If you feel at physically threatened, report the abuse to your local law enforcement agency as well.
- Help protect children who are using e-mail.
- For younger children, use a service that enables you to limit your child's contacts to people you both know and allows you to monitor who they're talking to.
- Have a discussion with teens about who they communicate with and what they talk about. Set boundaries that match your family's values and your child's age, reassessing these boundaries periodically as your child matures. Caution them not to list their e-mail addresses publicly, or respond to e-mail from strangers.
Teach them that entering sweepstakes or filling out quizzes that require them to enter their e-mail address is one of the quickest ways to have an e-mail alias sold to spammers. They should always guard their e-mail account information.
Send e-mail to a group safely
Any time you send or forward e-mail to a group of people who don't know each other, you can protect everybody's identity by placing all the e-mail addresses on the Bcc (or Blind Carbon Copy) line of the message address feature. That way no recipient can see the other recipients' e-mail addresses and your friends' e-mail addresses are protected from spammers.
Every e-mail program has a Bcc: option on its e-mail form (the place where you address and enter the content of a message). Search in your e-mail program's Help if you can't find this feature readily.
Tip: You may also want to include a message like this at the bottom of your e-mail messages as a reminder:
Note: To protect my privacy, please do not expose my e-mail address to others. If you're sending e-mail to a group of people that includes me, please put my e-mail address on the Bcc: line only.
Creating safe e-mail aliases
The more pieces of information you provide in your online identity, the more clues you give predators of any kind - whether their intent is to cause financial, emotional, or physical harm. Your choice of an e-mail alias, such as JackS@Smith.com is one way you can expose your identity. The safest personal e-mail alias or nickname (versus your work e-mail over which you have little control) for users of any age does not provide identifiable information, such as:
- Names - first, middle, or last names
- Age - birth year, birth month, or day; or any astrological sign that can help provide this information such as 'Leo, born in the year of the Monkey.'
- Location information - city, town, country, or region such as Northwest. Don't give your school name or employer in your personal e-mail alias.
- Sexual or physical suggestion - Certain words such as 'hot' or 'sexy' let others know how you want to be perceived, while words like 'snuggly' or 'lonely' suggest an interest in intimacy that predators can take advantage of.
- Work descriptor - Teacher, engineer, dentist, or a description of your place of employment.
- Emotional vulnerability - words such as sad, grieving, lost, suicide, and lonely place you at risk; there is always a criminal waiting to be your 'best friend'.
- Risk behaviors - names that speak of drug use (littletokr), criminal activity (carjacker), or violence.
- Ethnic identifiers - may increase the risk of hate crimes, or may help identify you (Asiandoll, N8tive (native), and mixed, for example).
- Hobbies or sports - An unusual sport such as polo or barrel riding, or sports that imply a specific socio-economic bracket, or are only done in a few locations (skeet shooting or bull fighting, for example) are more identifying than baseball or soccer. Predators can use such interests to make a personal connection with a victim.
NOTE: Employers or schools may have defined domains (firstname.lastname@example.org) and assigned protocols for your name - even using your full name. It is important in these cases that you do not tie additional pieces of personal information to that account.
Using multiple e-mail accounts
It is a good idea to have additional e-mail accounts if you sign up for newsletters, sign up for services that require an e-mail account, or communicate with groups where you may not know some of the members personally.
Using different e-mail accounts helps you compartmentalize your privacy and safety. If one account is breached, the others are still safe. On some sites you can use the e-mail account provided by the site (reputable services that involve communicating with other members, such as dating sites, should provide this feature). Using a separate account, if you connect with the wrong type of person, you can abandon the account without having to change your main e-mail account
Spam is e-mail sent in bulk to recipients who have not requested it from senders they usually do not know. Spam can be transmitted over any Internet-connect device (such as a computer, cell phone, or PDA). Spam is a cheap way to market products or services, but it is illegal in many countries.
Nearly 70% of all e-mail traffic in the world is spam. In 2007 one study showed that there were 90 billion spam messages sent a day. While there are serious efforts by Internet service providers to block junk e-mail, determined spammers are making equally serious efforts to find ways to keep filling your inbox. They constantly evolve new methods of fooling the anti-spam filters.
Understand the anti-spamming capabilities of your e-mail provider and set up the service to flag spam or put it in a separate 'junk mail' folder. Review this folder periodically to make sure legitimate e-mail hasn't been placed there, and then delete the spam e-mails without opening them. Stay up to date on spam tactics and, when in doubt about the origin or intent of an e-mail, delete it. If you really want to eliminate all spam, consider using an e-mail service that requires senders to authenticate themselves, something automatically generated spam can't handle. There are several companies that offer this for a relatively low cost.
Always have strong anti-spam, anti-virus and anti-phishing tools installed and set to update automatically. Don't open links or attachments from someone you don't know (or even from someone you do know, if you weren't expecting the attachment. Many viruses take over users address books and spam all of their friends with malicious attachments knowing you will be more likely to open an attachment from a friend).
Forwarding chain e-mails
An online chain letter may be amusing, or it may be dangerous. Many urge you to take some action online that makes you the target of a scam or forward the message to your friends. By forwarding a chain mail you may be helping spammers collect new e-mail addresses to target and sell to. Anyone whose e-mail address includes their full name or other identifying information, or who uses an e-mail service such as Hotmail or Yahoo! that expose full names as well as e-mail addresses, may also be exposing themselves to other types of crime.
If you choose to forward an e-mail to a group, do so safely. It is better to copy the content and put it in a new e-mail and delete the names of everyone previously on the chain. Place your e-mail address on the 'To:' line and place everyone else's e-mail on the Bcc: line.
Sending and receiving instant messages (IM)
Instant messaging (IM) used to be referred to as real-time e-mail. It used to only be synchronous, meaning that two (or more) parties communicate in real time, without any delay. IM programs now let you create a message that is held until the recipient(s) next comes online.
Today you can use IM to text, talk as if you were on the phone, send photos, videos, and other files, see participants via webcams, and get and send e-mail. Some IM services also allow you to search the Web, find others using Global Positioning System (GPS) technology, listen to music, watch videos, play games, bid on auctions, and more.
IM can be sent from a computer to a mobile phone or from a mobile phone to another mobile phone. If you have included your mobile phone number as part of your IM profile, then anyone who can see your profile will be able to view it. This is valuable information for a predator, so it is important to consider whether you want your number exposed, especially if there are many people on your contact list you do not personally know. Teens often have a broader set of IM 'friends' they have never met, so it is important to discuss the safety of displaying their phone numbers with them.
Nine safety tips for instant messaging
- Choose a safe screen name that doesn't give away personal information.
- Understand that IM is not a secure communication channel so you should not share sensitive personal information when you use instant messaging.
- Never share passwords, social security number, credit card information, and the like.
- Be careful about the information you show in your status bar. Avoid showing emotional vulnerabilities to people you don't know well, or saying you're on vacation, etc. as these can be useful pieces of information to people who want to exploit or steal. Most services allow you to keep your online status private, so you simply appear to be offline.
- Consider who you want to use IM with. You create 'buddy lists' in instant messaging programs and enter the online addresses of people with whom you want to exchange instant messages. Most services allow you to block messages from anyone not on your buddy list. Most adults know everybody on their buddy list, but this isn't the case for teens who may be less selective. Often one-third of a teen's buddies may be people they've never met. Remember: a friend of a friend is often a stranger.
- Sending photos, documents, and links in IM is an easy and convenient way to share with others. However, you should think twice before you open attachments or click links in instant messages unless you know the sender and are communicating with that person at the time, or are expecting the material. Links or attachments sent out of context may indicate that the sender's IM has been infected with a virus.
- If anyone sends you inappropriate material, report it. If you need to document the material, don't shut down the computer; instead minimize the application or turn off the monitor and seek advice on how to report the occurrence. Inform your ISP and the police, if appropriate. NOTE: if the material is illegal content - like child pornography - downloading or continuing to view this for ANY reason is illegal.
- Be cautious about meeting someone you only know through IM in person. If you decide to meet someone, never go alone, meet in a busy public place, make sure others know where you're going and when to expect to hear from you. Always have your cell phone handy.
- Think about how to use the IM features safely. For example, some IM games may contain mature material, and you may want to limit voice and video interactions with people you haven't met. Kids should be advised to never give their online friends remote access to their computer via IM.
- Consider what you're saying and sharing in IM and how you would feel if the information was made public. Anything you say in IM can be forwarded to others. If you are at work it can be monitored by your employer.
- Report harassment or bullying to your service provider. As in real life, this is unacceptable behavior and in some cases can be illegal. Every service should have a clearly visible Report Abuse function; if it doesn't consider switching providers. If you feel physically threatened, contact your local law enforcement agency immediately.
Protect children using instant messaging
Here are some tips to help keep younger children and teens safer when they use instant messaging:
- For younger children, use a service that allows you to limit your child's contacts so they can only send IM to people you both know and monitor who they're talking to.
- Have a discussion with teens about who they communicate with and what they talk about. Set boundaries that match your family's values and their age, reassessing these boundaries periodically as they mature.
- Caution them not to list their IM names publicly, or respond to IM from someone they don't know personally. In your instant messaging program look for options to set your profile as private, and manage who is allowed to send you instant messages.
- 'Friends of friends', or social networking, is all about connecting people with common interests. Limiting access to your information is harder using this approach and tracking or stalking you is far easier. Approving someone to be a friend may give that person far-reaching access to information, one of the real concerns about adding strangers to your buddy list or social networking list.
It is very convenient to use a computer at the library or an Internet cafe, or to log onto your e-mail from your friend's house. However when you use someone else's computer, you are at the mercy of their security settings and any viruses or other malware that has been downloaded. There are also great benefits from mobile phones, but today they are essentially mini-computers and so carry their own set of risks. Using some simple precautions will make computing on the go a safer experience
Using public computers safely
Logging in to public computers at libraries, Internet cafés, a friend's home, or any other location is a very good way to check e-mail and stay connected. However, before you use a computer that isn't your own, consider taking four safety precautions:
- Find out if the computer is protected from viruses and various forms of malware. Is there a firewall in place? If the computer is not well protected, it's likely to be infected with malicious programs, some of which could grab your information including passwords, address book, or personally identifiable information. The safe choice is to assume the computer is infected and be cautious about the information you reveal.
- Erase your tracks. Here are some tips to foil thieves who may use the computer after you and try to follow your trail.
- Make sure your account doesn't automatically save your password and user ID. That way, the next person won't be able to sign in as you.
- Before you log in to any site—for example, your e-mail or instant messaging (IM account)—check to see if the program automatically saves your user name and password and whether there is a way to logout. Yahoo!, for example, keeps you signed in for two weeks by default.
- Erase any history of your presence on a public computer. Web browsers automatically track the sites you've visited and possibly the passwords used as well. In the browser delete temporary Internet files and the history of your activity on that computer.
- Guard against snoops:
- Make sure no one is watching as you type. People looking for passwords, user names, or other sensitive information can watch your fingers or the screen as you type. Look around before logging on to be sure no one is watching.
- Never walk away from the computer without logging off every program. Even if you will only be gone for a moment, it only takes that long for someone to grab your information. Log off every program that requires your login, password, or contains sensitive information. Simply closing the browser will not remove your information; neither will going to a different Web site.
- Some information is NEVER safe to enter on a public computer. To protect yourself, never pay bills, make purchases, check bank accounts, enter social security numbers, your address, or any other personally identifiable information into a public computer. This precaution is your best insurance against identify theft if the computer is compromised by keystroke loggers or other malicious software.
Using Mobile Phones
For most people it is hard to imagine how we managed before we had mobile phones. However, most cell phones today are small computers with rich feature sets. Before you buy a phone for yourself or your child, ask some questions:
What are the features on the phone, and what services do these features enable? Look at the answers from a safety perspective: what safeguards are in place along with all those cool features?
Here are some cell phone features you should consider before buying for yourself or your children:
- Does the phone or device have Internet access? Depending on the age and maturity of a minor, this may or may not be desirable.
- Does the phone offer filters that block content that could be harmful to children or offensive to you? Is the filter turned on? If the filter isn't on by default, ask the sales person to turn it on for you in the store and help you set appropriate filter levels.
- What services do the filters cover? 2007 was heralded as the year of mobile TV. If your phone has TV, find out if the service allows you to set ratings restrictions on shows. Find out how this feature treats unrated programs. Are there filters that apply to music services?
- Is the phone or device Bluetooth enabled? Bluetooth is a technology that allows a mobile phone to seek, discover and 'talk' to other Bluetooth-enabled devices in the area. This means that you may be contacted by others in close physical proximity, and the information on your phone could be accessed. It also means that information (even viruses) can be sent to your phone without your knowledge or consent. When Bluetooth functionality is turned off, other devices cannot detect the phone, pull information from it, or send information to it.
- Does the phone or device have location (GPS) capability? You should be able to block this capability or limit it so that you or your child cannot grant access to predators who are trying to track your location.
- Rising image quality in mobile phone cameras provides opportunity for bullies and voyeurs. Teens who at the spur of the moment allow someone to take inappropriate photos of them, or who take inappropriate photos of other minors are likely to regret this choice later, and may find that they face criminal charges for creating and distributing child pornography.
- Can the phone access chatrooms? If so, are the chatrooms monitored? If they are moderated, how are they moderated? Chatrooms, including game chatrooms, that are provided by mobile carriers and allow access to users less than 18 years of age should be moderated, or you should strongly consider blocking this functionality. Even if these chatrooms are moderated, check the method of moderation as moderation by humans is more effective than automated moderation (a filter looking for potentially offensive words, for example).
- Know how to report theft of the device. You may need to provide hardware information found within the device itself under the battery. If you don't have this information written down, you surely won't be able to find it once the phone is stolen.
- Know how to report harassment or bullying. The carrier should have a clear set of procedures you can use to report any malicious calls. It is best to know these in advance of harassment and to discuss these procedures and all other issues listed here with any child who will use a phone.
- Consider whether you should get a pre-paid account or an account that bills charges monthly. Some companies allow you to review incoming and outgoing calls made on pre-paid accounts, some don't. Parents should choose an option that allows them to review calls for a number of reasons:
- Seeing the monthly bill helps you understand who your child is communicating with. Explain to the child that this isn't intended as an invasion of privacy, but as a way to help keep him or her safe. Numbers from out of your area should be flagged, but it is useful to be aware of all of incoming and outgoing calls.
- Reviewing the monthly bill tells you what times of day calls are taking place. If a child is having difficulty getting up for school in the morning, or is sneaking out at night, look at the child's phone calling and texting history. Parents can 'manage' their children's phones after a certain time in the evening, setting a time that the family believes it is too late for accepting phone calls, and returning the phone in the morning. It is also useful to pay attention to calls made during school hours. Most schools prohibit use of cell phones during school except for emergencies. If a child or teen's phone record shows a lot of calls placed during school hours (especially to other students) this could indicate a problem.
- Adults should also sit down with their children to periodically check for other potential risks. What ringtones are they using? Are the photos they've taken and the photos sent to them appropriate? What other items have they downloaded? Does the device allow them to watch videos, and if so, what videos are they watching? What services have they purchased? There are some services, including interactive pornographic services, that you may not find appropriate.
There are several software products and settings you can make that will help alert you to or protect you from certain kinds of technology attacks such as malware, viruses, and so on. Use these programs and keep them up to date so they can defend you against the latest threats.
Operating system and other software updates
When software companies discover security gaps in their software, they make updates available to fix them. Download these updates (commonly referred to as patches) on a regular basis. If you use Microsoft Windows set up Windows Update (click Start/Control Panel/Check for Updates) to automatically check for and download the latest updates.
A firewall puts restrictions on what information can come through to your computer. Don't use the Internet without having a firewall turned on. Depending on the settings you choose, a firewall will reject unsolicited requests coming to your computer, or will verify with you whether a request should be blocked or allowed.
Microsoft Windows offers built in firewall protection, as do some other operating systems. Third party firewall programs include ZoneAlarm and Norton Personal Firewall.
Computer viruses are small programs that can be downloaded to your computer and cause damage to your data or operating system. People are coming up with new viruses every day, so it's important that you use software that is up to date with the latest virus definitions and protects your computer from them.
It's critical that you install an antivirus program, such as those from McAfee, Symantec, or Trend Micro. You must frequently update the virus definitions to deal with the latest viruses. Also, be sure to run a scan of your computer on a regular basis. For conveniences you can use settings in the software to set up automatic updates and scans.
Spyware and adware cause pop-up ads to appear on your screen or track your online activities. With the amount of spyware and adware attempting to download to your computer an anti-spyware/adware program is a must-have security tool. If you don't guard against these those annoying pop-ups will be the least of your problem. Eventually these programs will slow your computer performance down to a crawl.
There are several good free programs available, or use your operating system's tools (such as Windows Defender). You may need to purchase a subscription to get automatic updates. As with antivirus software, you can set up anti-spyware/adware to run scans automatically at a present time increment.
Browser settings and filtering software
Your browser should help you monitor your browsing experience, but you have to make certain settings to get the level of monitoring you prefer. For example, in Internet Explorer you can click Tools, Internet Options to set security and privacy preferences. Browser settings provide a small measure of content filtering. To comprehensively filter content so you don't see unwanted materials or sites, you may want to purchase filtering software. This helps you set boundaries for the types of sites, text, and images you and your family are exposed to.
Parental controls and family safety
Many ISPs and Web portals provide safety settings, often called parental controls. You can set these up to filter out content that you don't wish to see based on keywords or categories of content (such as sexually explicit or violent content). You can also use these programs to limit or monitor your child's online activities.
If you don't find your ISP's tools adequate, you can search online for products that provide various levels of content monitoring.
How to protect your wireless network
If you set up a wireless router but did not set up security passwords or activate encryption, then chances are good that your network and your computer are not protected. But you can correct that fairly easily by following the instructions provided by Microsoft or Apple.
(Note: Once you secure your network, friends and guests who want to access your wireless network will have to get the password or key from you before they can go online.)
Once your wireless network is secure, check to be sure you have the latest antivirus, firewall, anti-spyware, and other security programs running and up to date.
Creating strong passwords
Safe passwords don't have to be hard to create; they just have to be hard to guess.
The prospect of creating a strong password, changing a password or using multiple passwords makes many people anxious because they believe it requires memorizing multiple complex passwords such as Wts4e_79PBa13^_qnS.
The result is that people find the task so daunting that they continue to use one simple password. This just isn't safe particularly if the password is a simple one. If that one password gets compromised, all of your Web information is compromised.
Some people use several passwords, but these passwords are short, simple words or include numbers that relate to their personal information (such as birth date or address) and so are easy to guess.
If you made hard-to-remember passwords you probably did so because your business or a Web site forced you. In this case, you are likely to have a list of the passwords next to your computer - even though you know this also compromises your safety.
What makes a strong password
There are some very easy rules of thumb you can use to make sure your passwords aren't weak.
- Password - The word "Password" is the most commonly used password and it is pathetically weak - as are 'default' and 'blank'. These are simple words and easily guessed or broken with a dictionary assault on the password.
- Smith1968 - Though this uses 9 characters and includes letters and numbers, names that are associated with you or your family, or uses other identifying information such as birth year, are easily hacked.
- F1avoR - Though it mixes up capitols and numbers, it is too short and substituting the number 1 for the letter l is easy to guess.
Strong passwords. It's easy and can actually be fun to create strong passwords - you just have to know how - and the payoff in increased safety is huge. There are 5 principles when protecting passwords:
- Length - use at least 10 characters
- Strength - mix it up with capitals, characters, and numbers
- Obscure - use nothing that is associated with you, your family, your company, etc.
- Protect - do not place paper reminders near your computer
- Change - the more sensitive the information, the more frequently you should change your password
Look at these examples of password patterns that are safe but also easy to remember.
|A familiar phrase typed with variation of capitalization and numbers instead of words (text message shorthand)
||LL8r_L8rNot2Day = Later, later, not today
2BorNot2B_ThatIsThe? = To be or not to be, that is the question
|Incorporate short codes or acronyms
||CSThnknAU2day = Can't Stop Thinking About You today
2Hot2Handle = too hot to handle
|A password that is an easy to remember phrase because it describes what you're doing, with key letters replaced by a number or symbol
||1mlook1ngatyahoo = I'm looking at Yahoo (the "I"s have been replaced with "1"s)
|A word spelled backwards with at least one letter represented by a character or number
||$lidoffaD = Daffodils (the "$" replaces the "s")
y1frettuB = Butterfly (the "1" replaces the "1")
|Patterns from your keyboard. Make your keyboard a palette and make any shape you want.
||QWERTY7654321 - This is the 5 letters from left to right in the top row of your keyboard, plus the numbers from right to left across the top going backwards.
1QAZSDRFVGY7 - is really just making a W on your keyboard (see the image below)
Beware of simple password hints
Often, you are given a choice of password 'hints' when setting up a membership or an account. Security questions that someone can easily discover the answer to expose you to theft on the site involved, and allow the criminal to collect additional information about you. When given a choice, never pick a hint whose answer is easily discoverable.
When all the choices - as in this example - are easily discoverable, feel free to ignore the question and use an answer that means something to you; for example, sunshine. The site isn't actually validating this information for accuracy; they just want you to provide the same answer that you used to establish the account. Enter whatever you want, but make it memorable.
Browsing and searching
On the surface browsing and searching are fairly straightforward. You open a search engine (such as Google, MSN, AOL, Ask, or Yahoo!) and you type in a search word or phrase. You click a link contained in one of the results that appear to go to a Web site. You can use browsers to look up information on weather to know what to wear, follow politics, research financial decisions, and so on.
However, despite the obvious benefits that search tools provide, there are some safety and ethical considerations that every person browsing online must consider.
Before browsing, learn about the data retention and data resell policies of the search engine you are using. If the policies don't match your comfort level for safety and privacy, consider a different search company.
Ads on search engines and sponsored search results
Major search engines may still offer some of the more blatantly disreputable banner advertising. Clicking these may put you at risk by downloading spyware, adware, or other malware, or asking for private information that will be resold to spammers, telemarketers, snail-mail marketers, and the like.
However, there are other ways in which advertising on search engines or Web sites can place you at risk. The most concerning of these are sponsored ad links. Most users believe that sponsored ads have somehow been vouchsafed for by the hosting company - whether by a search engine company or a Web site owner. This is incorrect. Sponsored ads are placed by companies that have paid the search engine to get top placement. According to McAfee, clicking on sponsored advertising is more likely to deliver malware to your computer than clicking on other links.
Choosing certain search terms, especially those search terms that many teens may be inclined to use, can also place you at risk. For searches that included the word 'free', 14 percent of the results led to disreputable or fraudulent sites, according to a McAfee study. The problems people encounter range from hidden fees; misleading billing practices; charges for software that would be free from other sources; changes to your Windows registry settings; the delivery of spyware, adware, and so on; and misuse of your e-mail information to send hundreds of spam e-mails to unsuspecting users who think the e-mail is coming from you.
The illusion of anonymity when browsing
The level of information any site learns about you when you browse (even if you don't 'log in' to a browser) may be considerably more than you realize. As you surf, sites learn more and more about you - your likes/dislikes, your habits, and your purchasing history. Even when a site does not download malware of any kind it still can collect a great deal of information that can be resold or used in other ways. The safest choice is to only go to reputable sites with clear privacy policies.
Download theft and plagiarism
Copying material to claim it as your original work is plagiarism. Plagiarism in term papers, reports, or business presentations is a serious problem. The Internet makes it easy to plagiarize; you don't even have to retype the information, just copy and paste it. Discuss plagiarism with your children and don't practice it yourself: it is illegal.
Consider whether content on a website is copyrighted. Legitimate sites have rights to the material or services it offers for download. File sharing programs that allow users to illegally download music and videos are still being commonly used in spite of some much publicized arrests. Young people (and many adults) don't seem to realize that stealing online is the same as stealing from the video or music store in your town.
Note: File sharing programs are also notorious for infecting machines with spyware, viruses, and other forms of malware. Be very cautious if you download programs from these sites!
Music and video download theft represent only one part of the problem. Two other aspects to consider are whether you have the right to copy anyone else's material for any reason without their permission - including their thoughts in text, their photos and art in online images, and so on. You may be committing deliberate plagiarism.
What constitutes online plagiarism depends on several factors. First you have to assess the type of site: is it an educational site, government site, commercial site, or a personal site? Government information is free to use, but commercial or personal content is not.
If the information on the site represents the thoughts and creative output of an individual you are not free to copy it. If the site is commercial, review their terms to see whether it offers some material that is free and some that has restrictions.
Identifying secure/trusted Web sites
You are much safer online if you deal only with sites you trust.
There are several things you can look for to help you identify trusted Web sites.
Check before you click. Use a tool that lets you know before you click a Web site if it is likely to download malware or spam. Such tools place a rating next to sites returned in a search to indicate how safe they are to visit.
Visit our Spending and Saving Online section for more about identifying safe sites when shopping online.
Understand the risks in sharing information
Sharing personal information with the wrong people is one of your biggest risks online. Be sure you are comfortable with how this information will be handled BEFORE you provide it:
- Address and phone number
Risks include: Making the user a target for home break-ins as well as providing a stronger persona in identity theft cases.
- Names of husband/wife, father, and mother (including mother's maiden name)
Risks include: Gaining access to even more confidential information as this data is often used for password or "secret question" answers, but also exposes additional family members to ID theft, fraud, and personal harm.
- Information about your car including license plate numbers, VIN (vehicle identification number), registration information, make, model, and title number of car, insurance carrier, coverage limits, loan information, and driver's license number.
Risks include: Car theft , insurance fraud, and access to more of your confidential information.
- Information about work history and credit status
Risks include: Building a stronger fake persona and gaining more access to your financial records; ID theft.
- Social Security Numbers
Risks include: ID theft, fraud, and access to additional information about you.
Browser settings and filtering software
Your browser should help you monitor your browsing experience, but you have to make certain settings to get the level of monitoring you prefer. For example, in Internet Explorer you can click Tools, Internet Options to set security and privacy preferences. Browser settings provide a small measure of content filtering. To comprehensively filter content so you don't see unwanted materials or sites, you may want to purchase filtering software. This helps you set boundaries for the types of sites, text, and images you and your family are exposed to.
As in the offline world, the Internet has a criminal element. These cybercriminals are using Internet tools to commit the same crimes they have always committed, from robbing you to misusing your good name and financial information. Learn to spot the types of scams that occur online and you will go a long way towards steering clear of Internet crime.
The warning signs of fraud
BEFORE you click on a link that comes in a forwarded e-mail message or forward a message to others, ask yourself:
Is the information legitimate? Sites such as TruthorFiction, Snopes.com, or Urban Legends can help you learn if the e-mail is a scam.
Does a message ask you to click links in e-mail or instant messages? If you're unsure whether a message is genuine, call the company using the number from a past statement or the phone book. To visit the Web site, type the address if you know it or use your own bookmark rather than clicking a link. If the Web site is new to you, search for the company using your browser and use that link to visit their site.
Does the e-mail have a photo or video to download? If so, exercise caution. If you know the person who sent the photo, it is probably fine to download, but if the photo has been forwarded several times and you do not know the person who sent it originally, be careful. It may deliver a virus or other type of malware to your computer.
Think before you click, and save yourself and others from scams, fraud, hoaxes, and malware.
Common e-mail scams
Besides phishing scams, which use e-mail to try to get your financial account information to steal from you, there are other kinds of e-mail scams. Many of these are engineered to try to get you to click on a link or open an attachment which will then cause malware (spyware, keystroke tracking programs and the like) to be downloaded to your computer. Some e-mail scams also convince you to forward the e-mail to others, thereby spreading the dangerous link and malware.
Here are some of the e-mail scams in circulation:
A 'timely' warning. These almost always want you to do something—for example, keep your cell phone number off of telemarketer lists, forward the e-mail on to help even more people (like a warning about a new virus that is circulating and destroying computers), or stop (or start) taking a wonder remedy.
Desperate requests for help. These types of e-mail scams are particularly common after disasters. Since there is always a disaster somewhere in the world, these scams are always in circulation. They may also take the form of an individual disaster, usually involving someone with a terminal illness who can't afford a lifesaving treatment. These will probably lead you to a Web site where you can donate to the cause. Not only is the e-mail a con job, people who give money through the Web site have almost certainly "donated" their credit card information to identity thieves.
Offers of free money. No stranger is going to give you free money. Yet a remarkable number of people hope they will. These scams, luring you into clicking a dangerous link, come in a few flavors, such as:
- Unclaimed money owed to you. These e-mails lead you to a Web site or phone number where you'll be asked to give information about yourself to claim all the money owed to you.
- A rich person or company wants to give you money or prizes. They don't, and they certainly wouldn't notify you through a random email.
An intriguing picture or video or a link to an interesting Web site. These links in e-mail messages may be entirely benign, or very dangerous. Clicking on them may download viruses or other malicious software to your computer. If you know and trust the sender, you may decide to click a link, but if you're unsure of the source, don't click any links in a message.
How to dissect an e-mail scam
E-mail scams are typically low value, high volume crimes where the cost to a given consumer is comparatively low, but the high number of victims makes the money quickly add up for the criminals behind the scam.
Scammers and other criminals study human behavior and motivations. They know people are much more likely to fall for a scam related to a topic of interest, holiday, event, or worry already on their minds. Things like last minute sales before a holiday; bank loans in credit crunches, or cheaper loans at any time; official looking notices such as tax notices in tax season; or discount drugs for seniors are popular as topics for scam.
View our 5 Common E-mail Scams section for more information.
Phishing scams are an attempt to trick you into divulging sensitive personal information that allows somebody to steal your identity or empty your bank account.
These scams can come in many guises—for example a message may state that you've won the lottery or you've been selected to receive something free.
Be very skeptical if you receive an e-mail that looks like it is from your bank, broker, or other trusted company but asks you to verify or re-enter sensitive personal or financial information through e-mail, a Web site they direct you to, or a phone number they provide. Contact the institution using a phone number from a statement or type in a company Web site address in your browser to go to their site and ask about the communication.
Look for these telltale signs to spot a phishing e-mail.
- The sender is unknown to you.
- The e-mail is illiterate with grammar, punctuation, and spelling errors.
- You are asked to provide information such as an account number, phone number, or social security number.
- The e-mail address is odd or doesn't include the business name. Legitimate businesses have their own domain names (such as aol.com or amazon.com).
- A message contains words like URGENT or SECRET, or includes lots of exclamation marks.
Scams that prey on emotions
The Internet, and particularly blogs and social networking sites, can provide wonderful outlets for emotional sharing, but when you find yourself experiencing extremes of joy or grief, consider carefully what you share online. Just as there are offline criminals who read birth, graduation, wedding, and obituary announcements in newspapers to find vulnerable people to target, there are online criminals watching as you post information about your feelings and significant life events.
The joy of a wedding or the arrival of a new baby may inspire individuals to share information on wedding sites and baby registries that they would otherwise keep private. People may post pictures, full names, locations, dates, and a great deal more. This kind of sharing may help a criminal to identify homes to rob or perform ID theft or financial scams.
Guidelines for sharing grief and joy
Four simple guidelines for sharing strong emotions, from grief to joy, make you much safer: Always:
- Learn whether the Web site allows you to make some (or all) information private.
- Review the information fields and a few sample pages to see what material is typically displayed. Look for risks that others may have inadvertently exposed themselves to.
- Make a conscious choice about whether you want the site to have restricted (only those whom you allow) or public access, and then decide what information you want to provide.
- Let others know your safety boundaries so they can share with you in a way that respects your wishes, and take the time to learn other's restrictions so that you are respectful of their safety and privacy.
In grieving, this family exposed a great deal of information - including full family details, location and time of service, how to contact the family, and the family genealogy.
Sweepstakes, lotteries, and prizes
If you have spent any time online, you have seen ads claiming 'You are already a winner, click here', or 'Click to enter our sweepstakes and win fabulous prizes'. You have probably also received spam informing you that 'you've won the lottery'.
These offers have only one purpose - to make the sender or advertiser money. At best they will have all kinds of hoops for you to jump through to get the 'free' prize so you end up spending more than if you'd bought an item directly. It's much more likely however that along the way they will collect as much information as they can from you to resell to spammers, scammers, and ID thieves.
Typically these prize awards will require all sorts of information from you for 'authorization' and for 'transferring the funds to your bank' - which is scammer language for we're going to steal your identity and empty your bank account. They may also try convincing you to send money to cover 'handling costs' that somehow need to be paid before they can send you what you 'won'. Even going to the Web site these scammers direct you to is taking a risk; this is highly likely to download malware onto your computer if you don't have the antivirus or antispyware software in place.
This isn't to say there aren't some legitimate sweepstakes and lotteries, there are. And these legitimate companies can be identified through the Better Business Bureau. Never trust the claims an unknown company or entity makes about themselves or others. Legitimate sweepstakes, lottery, and prize-giveaway companies will not advertise or contact you via unsolicited e-mail nor advertise in flashing animation displayed on unrelated websites. These indicators are clear red flags.
Though there are a thousand flavors of e-mail scams, the methods of detection are fairly straightforward. Here are five common types of scams and the clues you can use to spot them.
After reviewing these, you will have learned the skills you need to identify most e-mail scams on your own.
1. The Imitator
Many scams imitate legitimate companies in an effort to fool consumers. The simplest way to avoid these fakes is to never click on a link sent in an unsolicited email. Find the company link on your own using a search engine or, if you know the company address, type it in yourself.
In this example you receive a security advisory. No legitimate company is ever going to send you a Security Center Advisory in e-mail; That alone is enough to tell you it's fake. But read on to spot more red flags.
Spot the Flaws:
- The sender is bogus. By hovering your mouse over the sender's address (in this case they claim to be PayPal Security Center) you can see the real address in the lower left corner of the email. These scammers tried to make the address look like it belongs to PayPal, but the inclusion of intl. (short for international) before the PayPal is a dead giveaway. Why would an international division send you email? The second giveaway is the .inc (instead of .com).
- The sender would not know your name. "Dear valued member" is a dead giveaway that this is not a company you do business with.
- You won't be notified of maintenance work. Sites manage maintenance seamlessly; at worst you will see a site is down when you try to go there. Sites do not randomly select who gets maintenance. You will never be asked to go through Identity verification in an e-mail.
- Hovering over "Click Here" shows the URL's destination. As with issue #1, they attempt to look legitimate with www.paypal.com.row/pref-NOTI.
- Threats. The scam goes from apologizing for any inconvenience to threatening the recipient in an effort to scare you into responding. Companies are not going to threaten you and certainly won't send threats in an e-mail that randomly selected you for maintenance.
- More embedded links. The scammer's experience tells them that if there are many links you will be more likely to click on one of them. Another favorite ploy is for there to be a link to 'unsubscribe' from the email. While legitimate companies do have unsubscribe features, if you get this message in a scam, clicking the link will likely deliver malware to your computer.
2. The Urgent Offer
Look at this offer for refinancing:
Spot the flaws:
- The offer is from a company you've never heard of. This is really the only identifier needed to know that this is fake. Legitimate companies don't randomly spam consumers offering loans. The second clue is their e-mail address - with two @'s it does not match typical e-mail address format.
- The name of recipient isn't yours. If the name on the To: line isn't yours, then you're one of the thousands (maybe millions) of names hidden on the Bcc: line.
- The email is urging you to make a financial transaction under time pressure. If you feel you have to act quickly, you are more likely to react without thoroughly investigating.
- You are singled out for an 'exclusive' opportunity. Ask yourself: why would a company you don't know single you out?
- You are asked to enter financial information. They want you to enter financial information so they can instantly show you your adjusted mortgage rate. In fact, entering personal financial information on sites you aren't absolutely sure are safe is almost sure to result in someone stealing from you.
- Increased urgency, more time pressure is applied. Notice that they can only guarantee this great rate 'for three more days', but no actual dates are given.
- Big lures on the page. In this case the big red button is designed to compel you to click. Who doesn't want to calculate their savings? See #5.
- Hovering over "Click Here" shows the URL's destination. When the scam is pretending to be a legitimate source - such as the IRS - the URL may look very similar to the legitimate site, but it actually is not the same. When scammers create a fictitious company, creating a URL to match is easy, but if a scammer is pretending to be from a company you do business with and the URL given doesn't match the company name you know, it's fake. In this case the URL is "http://besthome.de/index.htm". The 'de' extension is for Germany - it is unlikely that an American company would have a German URL.
Warning: Hover (Don't click) or you will land on the malicious site.
- The phone number is listed to make you feel comfortable. Many people who are wary enough to not click on links, are fooled into calling the phone number listed. Scammers don't care how they catch you: someone who sounds legitimate will be happy to scam you over the phone.
- False address and phone numbers. Enter the listed address into a search engine rather than clicking the link and you will find there is no bank there. The phone number doesn't list the area code, and it is not a toll-free number.
3. The 'Official Notice'
These scams attempt to fool consumers into believing they've received an e-mail that requires them to take some action. Often purporting to be from government agencies, these e-mails notify you of a problem. This example was sent in May, a time when people are more likely to believe an announcement is from the IRS. Here you're supposed to be relieved that the IRS is acknowledging they received your payment, and then be anxious that there is a problem, and click without thinking.
Spot the flaws:
- The IRS does not send official notices via e-mail. This is really the only information you need to know this is fake, but there are several others as well…
- The sender address is service.irs.gov. The real IRS address is www.irs.gov
- The IRS would identify the recipient. This e-mail calls you a member. There are no members of the IRS.
- The IRS doesn't send Security Messages.
Hovering over "Click Here" shows the URL's destination. This URL, "http://www.vwu.at/Editor/assets", is definitely not an IRS site. Warning: Hover (don't click) or you will land on the malicious site.
4. The Lottery
Foreign lottery scams are rampant. If you did not enter a lottery, you did not win a lottery. If you did enter the lottery, you still are very unlikely to win, and you would not be notified via e-mail. This is a straightforward scam to get your information.
Spot the flaws:
- The sender is a person. No organization is going to send a notice from a personal e-mail, and they will use their organization's e-mail, not a free e-mail service.
- No one is listed as the recipient. If your name isn't on the To: line, it's a scam. Also, no legitimate company will send you an e-mail with an incomprehensible subject line.
- The message is illiterate.
- The sender does not know your name.
- There is no such lottery. A simple Web search on the lottery name shows that it does not exist - and several results that say it is a scam. In addition, the idea that you are on an 'exclusive list of 21,000 email addresses' is absurd.
- If no tickets were sold, how does the lottery make money?
- Random jumbles of numbers designed to look impressive.
- You will never be asked to respond to an individual. If the organization is legitimate it will have its own e-mail address and you will be directed to customer support or another department, not a person.
- The information request. Collecting your information to sell to other criminals is the first goal. But if you respond with this information you will surely be asked for bank account and bank routing numbers as well so they can 'deposit' the money.
5. The Survey
These scams rely on people's desire to weigh in on issues and be heard on the issues of the day. In an election year one flavor is the voting survey, but any hot topic will do: global warming, attitudes towards war, the handling of the latest natural disaster, and so on.
Spot the flaws:
- If your e-mail service provider flags the e-mail as questionable, it probably is.
- The sender sounds official, until you look at the e-mail address. No legitimate organization is going to spam people with surveys - or send any e-mail from an address like email@example.com.
- The sender does not know your name.
- The e-mail asks you to 'click here' to download images. Simply clicking may result in the download of spyware or other malicious software to your computer.
Online gaming is fun, and can provide entertainment or allow you to connect with others. It covers a broad range of entertainment; from simple games you play against the service (such as Solitaire), to two person games such as chess and checkers that you play with a friend or against the service, and to highly interactive games that you can play with thousands of people at a time in enormous fantasy worlds. Being alert to potential risks of online gaming helps you keep the fun in the games.
Before you dive into the world of online gaming there are some basic safety issues to consider:
- Understand the game's rating, and review the site's Terms and Conditions to understand what types of behavior they allow as well as their policies and practices for monitoring behavior and responding to abuse.
- Create safe nicknames, usernames, and gamer tags. These should not include any personally identifiable information.
- For children, establish family rules for game playing. These may include how much time they can spend gaming, the types of games that are allowed to play, who they are allowed to game with (just friends, or anyone online), as well as the information that may and may not be shared if they don't know the other players - including name, photos, location, e-mail address, and so on.
- If young children play with strangers the device should be placed somewhere that allows you to periodically monitor their interactions.
- For younger kids, keep an eye on chats and messages they receive and encourage them to let you know if anything inappropriate occurs, including requests for their real names or location.
- Report any abuse and, where possible, block the abuser from further contact.
- Be particularly cautious of voice interaction - especially for younger children. Many services provide voice altering technologies which may allow criminals to mask their identity.
- Be very cautious about meeting or allowing your child to meet someone you have only met through online gaming. Keep first meetings short and insist the meeting occur in a public place during a busy time of day with people present. Let people know where you are going and when to expect a call from you. Always bring a cell phone.
- Understand that some gamers are very poor sports when they lose, and some are cyberbullies. If you experience anyone who is insulting or abusive block further contact and notify the service.
Console games and mobile games
Console games come in two forms: those that are handheld (Gameboy, PS2, and so on), and those that sit in your home and plug into a TV or other display (Xbox, Wii, Playstation, and so on). In the last few years, connectivity with the Internet has allowed games and game demos to be downloaded directly from the Internet. If a handheld device is Bluetooth enabled (can interact with other devices around it) it will make contact with other devices in the vicinity. This may put you or your child in contact with strangers, so you may need to take precautions.
Mobile games that come preinstalled on mobile phones or are downloaded for a fee are mostly single player so the risk of encountering a stranger is low, but be sure you are downloading from a reputable site, as mobile viruses are an increasing threat.
Massively Multiplayer Online Games (MMOG's)
Massively Multiplayer Online Games (MMOG's) often place huge numbers of gamers in a single environment (popular games have thousands of users online at any time). Some MMOGs are not games as much as virtual worlds. MMOG's are usually subscription services and offer a consistent virtual 'universe' where the game continues whether or not any specific gamer is playing. Though many conversations are monitored by others in the game, profanity, harassment and bullying, grooming, other predatory interactions, and exposure to adult content may occur.
Be careful about what personal information you expose to other gamers, just as with any online interaction. Many sites offer points, tokens, extra lives, gifts, and currency you can trade or give to others. Gift giving in any of these forms can be a fun way to interact with friends and strangers, however this is also a tactic used by predators to befriend and groom victims. Pedophiles begin by 'helping' a child or teen with the game, giving tips on how to succeed, chatting and frequently giving gifts to gain their trust. Then the predator tries to engage in that next level of contact that takes them from the cyber world to the physical world, where the first physical world contact is typically via cell phone.
It is critical to teach young people how to appropriately interact and protect their personal information while gaming.
We are living in a society where legalized gambling is not only socially acceptable, but it is widely promoted and highly visible. However online gambling is illegal in the United States. Still, more than a million young people and millions of adults are gambling online on a regular basis.
To help identify when gambling has become an addiction, whether online or offline, review the following list of questions:
PROBLEM GAMBLING WARNING SIGNS
Is gambling the most exciting activity in your life?
Do you miss school, work, activities, or other events due to gambling?
Has anyone expressed concern about your gambling?
Do you lie to your friends or family about your gambling?
Do you borrow money to gamble?
Have you sold personal belongings to get money to gamble?
Have you stolen from your family, friends, or employer to gamble or to pay back gambling debts?
After losing, do you try to win your money back by gambling?
Are you preoccupied with thoughts of gambling?
Have you tried to stop gambling but can't?
Parents should have frank conversations to help children understand the risks associated with online gambling, and gambling in general. There needs to be clear discussions about the potential gambling has for addiction - including all the costs, financial and otherwise, that addiction can entail.
Identity theft is a serious crime that occurs when your personal information is stolen. That information can be used without your knowledge to commit fraud or other crimes that have an impact on your financial security. Thieves can also use your information to ruin your good name, steal your medical history, take away your sense of safety, or misuse images of you.
The good news is that the number of identity fraud cases has gradually decreased in recent years. Still, the total cost of identity theft to society is enormous. In 2006, the total cost was $49 billion dollars, with victims losing about $ 4.5 billion, and companies and banks paying the rest. The business loss drives up business costs, causing consumers to pay again, indirectly.
The average victim spends about 600 hours trying to restore his or her identity. Though most victims are discovering the abuse earlier, it now takes longer on average to eliminate fraudulent transactions from credit reports and other sources than ever before. Having your identity stolen may also be very difficult emotionally: feelings of violation, powerlessness, and frustration may feel overwhelming. You can find help in coping with ID theft from the Identity Theft Resource Center.
Risk of identity theft by age
Eighteen to twenty-nine year-olds are particularly at risk because they are less likely to check their credit and are more likely to apply for credit cards without reading the fine print or considering the source.
The prevailing attitude among teens and college students is that if they don't have money in their bank account, there's nothing to steal. Unfortunately, what matters isn't just how much you have in your bank account; it's how far in debt the thief can place you by using your information to apply for loans or purchase expensive items. In fact, a criminal is likely to leave the money in your checking account so you aren't alerted to what's taking place when you check your bank balance.
Victims of identity theft are vulnerable to future attacks
Even when you have gone through all the steps to restore your identity and financial standing you will remain at increased risk of a recurrence because much of your 'identity' doesn't change. You can change your credit card account, close your bank account, or fix a manipulated credit history, but your birth date, birth place, mother's maiden name, your past employers, and other personal information never changes. This information is likely to remain in criminal databases and be reused many times. Once a victim you will need to be extra diligent in monitoring your identity forever.
Reduce the risk of identity theft
There are many significant steps you can take to protect yourself, but there is no silver bullet or magic solution, especially as you may not be the one exposing your information. Publically-available property tax records, court records, and housing records all make finding information about you easier.
Follow these steps to keep yourself safe from ID thieves:
- Everyone above the age of 14 needs to actively monitor his or her credit history. You have the right to one FREE credit disclosure in a twelve-month period from each of the three national credit reporting companies: TransUnion, Experian and Equifax. The easiest way to get these reports is through AnnualCreditReport.com, a service created by these three credit institutions specifically to help consumers get free annual reports. You can also pay credit monitoring services to watch your account for you.
- Consider if you want all, part, or none of your information viewable in online directory searches. It usually costs money to keep your information private (often referred to as a privacy tax) but the few dollars it costs may be well worth it to you.
- If your identity has been stolen, contact your bank(s) and other financial institutions immediately. Contact local law enforcement and file a report, as well as your insurance company. Freeze your credit with the three credit reporting companies listed above.
- If you are a victim of identity theft, go to the FTC's Identity Theft Web site to get information about additional steps you may need to take.
- If your reputation or images have been stolen, contact the Web site where the abuse occurred and where the material is displayed. They should work with you to take it down and discipline the offender.
- Identity theft victims should alert their friends and family. Your identity theft means friends and family may also be affected, depending on the information stolen or abused.
What is the Montana Law regarding Identity Theft and Security Breaches?
Montana's Identity Theft Act (HB 732) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties if that breach causes or is reasonably believed to cause loss or injury to a Montana resident. The Act specifies the notification steps businesses must follow in the event of a security breach. Additionally, the Act specifies that Montana businesses must take reasonable steps to destroy customer records no longer needed that contain personal information by "shredding, erasing, or otherwise modifying the personal information". The Act came into full effect March 1, 2006.
Who is affected?
This Act affects all businesses that conduct business in Montana and that store personal information of state residents. Personal information is defined as the first name or initial and last name in combination with one or more of the following nonpublic, unencrypted pieces of information: a social security number, a driver's license number or state identification card number, a financial account number, credit card or debit card number accompanied by the applicable passwords or security codes.
What does the Identity Theft Act have to do with information management?
According to the Act, Montana businesses are responsible for the security of their computerized and non-computerized customer records. If companies experience a security breach and disclose personal information to unauthorized parties, and if the breach has caused loss or injury or is reasonably believed to cause loss or injury to a Montana resident, companies are responsible for notifying the affected individuals. By monitoring and controlling the amount of customer data held on site in computerized form, businesses can reduce the risk of losing or otherwise releasing data to unauthorized parties. Computer backups containing personal information that are no longer needed should be disposed of securely. Similarly, other computerized mediums containing personal information, such as CDs, computer disks, and hard drives, should be destroyed once no longer needed. Additionally, all non-computerized customer records containing personal information should also be destroyed completely once no longer needed.
What do companies have to do to comply with the Act?
Businesses must alert affected Montana residents when computerized personal information which is not publicly available is acquired, or is reasonably believed to have been acquired, by unauthorized parties and loss or injury has occurred or is reasonably believed to occur. Methods for notifying affected individuals are outlined in the Act. If the cost of notifying affected individuals is more than $250,000, or if the number of affected individuals exceeds 500,000, or if there is insufficient contact information for the affected individuals, substitute notification methods may be followed. According to the Act, businesses must also securely dispose of non-computerized customer records containing personal information that is no longer necessary to be retained by the business by "shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable." Additionally, if a business discloses a security breach to any individual and gives a notice to that individual that suggests, indicates, or implies that the individual may obtain a copy of the file on the individual from a consumer credit reporting agency, then the business must coordinate with the consumer reporting agency as to the timing, content, and distribution of the notice to the affected individuals. Monetary penalties of up to $10,000 for each violation may be imposed on businesses that violate this Act.
How can we help?
Safeguard your customer's confidential information with Shred-it's document destruction services. Shred-it securely destroys all of your confidential materials including computerized data such as CD-ROMs/CD-Rs/DVDs and computer back-up. Upon completion of the shredding service, Shred-it provides a Certificate of Destruction - your record of the secure destruction process. For peace of mind, contact Shred-it today at 1 800 69-Shred.
For more information:
Montana State Legislature - https://leg.mt.gov/bills/mca/title_0450/chapter_0060/part_0030/section_0320/0450-0060-0030-0320.html
This does not constitute a legal opinion or legal advice. Do not rely on any of the information in this document without first obtaining legal advice.
Montana's Identity Theft Passport Program
An Identity Theft Passport is designed to help victims prove to creditors and law enforcement officers that someone has used their identity to commit fraud.
Through no fault of their own, victims of identity theft are forced to spend a considerable amount of time and money undoing the damage done to their good names and credit records. The wallet-sized passport is designed to help victims prove who they are and limit the cost and stress they experience.
To qualify for a passport, identity theft victims must file a police report with a Montana law enforcement agency and present a completed Identity Theft Passport application with a photo ID to the investigating agency. Once the complaint has been verified by law enforcement, the agency faxes or mails to Montana's Office of Consumer Protection and Victim Services:
- a copy of the completed investigation report
- the Identity Theft Passport application, signed by the victim and the officer
- a copy of the victim's driver license or other official form of photo identification
Once the victim and law enforcement have provided all of the necessary information, the passport should be issued within 10 working days. Passports expire after three years.
The passport application and supporting documentation is confidential criminal justice information. Law enforcement agencies and creditors have discretion in accepting an identity theft passport. The passport simply indicates that the agency or company should take into consideration that the individual is a victim of identity theft.
Contact the Identity Theft Passport Program
Office of Consumer Protection
2225 11th Avenue
P.O. Box 200151
Helena, MT 59620-0151
Phone: (800) 481-6896 or (406) 444-4500 Fax: (406) 444-9680 E-mail: firstname.lastname@example.org
The combination of text with images provides a powerful tool for communication and expression. However, when you share images you are sharing information about yourself with others. It's important that you learn how to share photos and video online so that you can remain safe and avoid having your personal images stolen and used in inappropriate or even illegal ways.
Sharing Photos Safely
With digital cameras and camera phones we've entered a wonderful new age of sharing and documenting everyday life and events as they occur. Cell phones with cameras are with many of us all the time and the quality of the cameras is rapidly improving. With the explosion of blogs; mobile blogs (called moblogs); photo sharing sites; personal Web sites; and image sharing in e-mails and IM, sharing photos and videos has never been easier.
Managing who sees your digital images, from photos to videos, is critical to avoiding the potential exposure of private or personal information to people outside your trusted friends and family. The same pictures and videos you want to share with friends and family may contain information that also has value to criminals.
Only use reputable sites, and only share photos that contain identifiable information with people you trust.
To make photos with identifiable information safer to share publicly:
- Use a photo editing tool such as Windows Photo Gallery to cover up or crop out information that could put you at risk -- for example, your house number, street sign, and so on. You may also choose to blur small sections.
- Strip metadata from the photo. Some sites allow viewers to see the settings used to take the photo, the time and date when the photo was taken, and even show the geographical coordinates of the place where the photo was taken if the camera or camera phone documents this information. This means a photo taken in your backyard may provide others with information they can use to locate your home.
- Reduce the resolution of the photo - lower resolution makes it less likely that others will copy the photo.
Image copyright infringement
Any artwork in a 'fixed' tangible form automatically has copyright protection. Any use of a photo, video or other artwork without express permission of the creator is an infringement of copyright. Consumers have to avoid violating copyrights and committing plagiarism, but they also should be aware that anything they post online may be misused in illegal ways.
On the Internet, copyrights are frequently disregarded and photos posted publicly are likely to be stolen or repurposed. Images may be used to humiliate, bully, or harass, probably the most frequent abuse of photos among teens and spurned partners. Photos are also stolen to sell or trade for a variety of unsavory uses. Once a photo is posted publicly, it may be very difficult, if not impossible, to locate and remove all copies of it.
Consider your reputation before sharing a risqué photo or one that shows you exercising poor judgment (for example, drinking heavily). If the photo is taken by or of a minor, the image may be child pornography which is illegal.
Sharing videos online
Video sharing online has exploded in the last couple of years with content ranging from harmless personal videos and educational content, to videos that promote hate, sex and violence.
While most Web sites have policies against pornography, violence, posting copyrighted material, and so on, they primarily rely on users to report abuse they've already been exposed to, rather than filtering the content before it is uploaded. This means that you or your children may come across a great deal of inappropriate material.
Video content can be particularly compelling for criminals. Videos generally provide more visual information than a photo, plus they may allow the predator to hear a person's voice and watch mannerisms. There are often clues in the background of videos that provide additional personal or location information for the person who knows how to look for it. Videos of children or provocative women are especially interesting to sexual predators.
Tips for staying safe when you post videos
Check these tips when posting videos online:
- Select a reputable service and understand the site's Terms and Conditions. If you do not retain full control of your content, consider selecting a different site.
- Before posting video content, consider all the potential information it contains. If it includes personally identifiable information, consider making the video private. Also, listen to what is said; words can also give away identity and location.
- If the video shows friends or family members, you may be putting them at risk, too. You should obtain permission from everyone shown in the video before posting it.
- Remember that once you post information publicly, it can stay around forever and may pop up when you least expect it.
- If you see inappropriate content or comments on your content report it. The service should review the report and take appropriate action.
Webcams are relatively inexpensive, and many laptops now come with webcams embedded in the lid. Webcams can be a great way to communicate with friends and family, but quickly become risky when used for conversations with strangers.
Teens in particular struggle to use good judgment when using webcams. Normal inhibitions seem to fall away when they are not physically present with the person they are speaking to and many expose themselves figuratively and literally. In addition to having a conversation about appropriate webcam use with children and teens, it may be wise to limit access to webcams.
Note that webcams can also be high-jacked and turned on remotely. This allows predators to view and listen to individuals without their knowledge. When you aren't using them, consider turning your webcam off or disconnect it if it is not a built-in model.
The Internet provides rich opportunities for making new friends, finding romance, and sharing interests with others. This online socializing, just like it's offline counterpart, can present some danger. When you first meet somebody offline you have visual clues as to their age, gender, and general demeanor. Online, you have to find new ways to assess social contacts, and you have to be cautious about how much you expose about yourself.
Overview of collaborative and social networking
There are several types of sites where people collaborate or communicate socially. The following definitions may be useful:
- A wiki is a Web site that allows anyone visiting to contribute (add, edit, or remove) content. Wikipedia, for example, is a virtual encyclopedia built by user's providing information in their areas of expertise. Because of the ease of collaboration, wikis are often used when developing group projects, or sharing information collaboratively.
- A Blog is an online journal (short for weB LOG) that may be entirely private, may be open to select friends or family, or available to the general public. You can usually make settings so that visitors to your blog may or may not be allowed to comment on your entries.
- A social networking site allows people to build and maintain an online Web page and create networks of people they are somehow connected to -their friends, work associates, other members with similar interests, and so on. Most social networking sites also host blogs and have social networking functions that people allow people to view information about others and contact friends.
Millions of people of all ages have tried Internet dating services as a way to meet new friends and possibly find a lifelong partner. It's a great way to get acquainted with people you would never have met otherwise. When done with caution, online dating may even be safer than meeting people in the "real" world because you have more time to get to know someone before meeting him or her in person.
Dating online requires you take steps to protect yourself. The first rule of thumb is to trust your instincts when interacting with a potential date. Select your online dating service carefully. Look for an established, popular site with plenty of members and a philosophy that matches your own.
Here are some other safety tips.
- Maintain anonymity to protect your identity. Don't include your full name, phone number, where you work, or detailed location information in your profile or during early communications with potential dates. Stop communicating with anyone who presses you for this type of information.
- Use the e-mail system provided by the dating service rather than your own e-mail address to maintain your privacy.
- Be smart about choosing profile pictures. Make sure your photos reflect what you want to say about yourself. Provocative pictures may attract the wrong people. Make sure that your images do not contain identifying information such as nearby landmarks or a T-shirt with your school or company logo.
- Check to see if a potential date has a good reputation among other daters on the service.
- Be realistic. Read the profiles of others with skepticism. As you correspond or talk on the phone, ask questions, seek direct answers, and note any inconsistencies. Look for danger signs such as a display of anger, an attempt to control you, disrespectful comments, or any physically threatening or otherwise unwelcome behavior.
- If a person becomes abusive, report it and block that person from contacting you again using the dating site settings.
- When you decide to meet, create a safe environment. Keep first dates short, and agree to meet in a public place during a busy time of day, Make sure somebody knows where you're going. If your date doesn't look like his or her photo, walk away and report that person to the dating service.
- If a date asks you for a loan or any financial information, no matter how sad the hard luck story, it is virtually always a scam and you should report it.
Formal dating sites are not the only places that people meet, and teaching online dating safety is particularly critical to protecting teens. Teens are becoming active online daters from as early as 14 years of age.
Simply put, blogs (short for WeB LOGS) are online journals. Just as with any journal, the blog owner (or blogger) can hold forth on any subject he or she want to in words or drawings. But unlike traditional journals, entries can also include videos, links to Web sites, search tools, quizzes, and so on.
Each blog entry usually contains a title, a date stamp, and the poster's comments. They may also include a profile of the author and a photo or videos.
Eleven safety tips for blogging
- Make sure the blogging site you use has clear privacy and security policies, and outlines how the site will respond to reports of abuse. The site should also offer site monitors and tools to help protect your safety, such as a way to control who has permission to see your blog, the ability to block harassing users and to turn on or off comments.
- Read the Terms and Conditions of the blog site. Even some of the most popular blog and social networking sites have clauses that give the service the right to use anything you post in any way they choose. Choose a service that respects your right to your own content and your privacy.
- If a blog is not set to be private, anyone can visit and comment on what the blogger is saying or posting. Most blog sites default blog posts to being publicly viewable and you have to change the setting to make your blog private. Think carefully about how public you want your blog to be. The more personal or identifiable the information you share, the fewer people you should share it with. If you choose to make your blog public, only disclose what you want anyone on the Internet to know.
- Periodically review who has access to your site and make changes if necessary. Friends change over time and once trusted people may become less trusted.
- Keep identifying details to yourself and close friends.
- Don't use your real name on your site (or anyone else's real name, either). Create a nickname or screen name that doesn't attract the wrong kind of attention or allow someone to find you.
- Don't give information that puts you on the map. Don't mention such details as your address, school, where you work, even your town name (especially if it's a small town).
- Don't reveal any information that gives away your age such as your birth date or year of graduation.
- On blogs that are set to be viewable by the general public be smart about the photos you post. Consider
- What's in the background? Does the photo show your house number, a street sign, a license plate, or landmark?
- Did you caption your photos with full names or other identifying details?
- What's printed on your shirt? Don't post photos that show the name of your school, sports team, or club.
- Who's in the picture? If it shows friends or family members, you may be putting them at risk, too.
- Can someone tell your economic status from the photo? This may be an enticement for offline crime.
- Be careful about sharing your feelings if your blog is public. You can express feelings in your blog in various ways. The poems you select, the music you list, the pictures you post all tell a lot about who you are and how you feel. This allows a predator who's on the hunt to find opportunities to prey on your vulnerability. Whether what you reveal is greed, sadness, or anger there is always a scam or exploit that can be tailored to take advantage of it.
- Check out what your friends write about you in their blogs. They may be giving out your address or real name, indicate the school you both go to or perhaps they have a photo of you on their site with a caption indicating who you are. Any of these actions may enable someone to find you. Check the comments friends leave on your blog to make sure they don't give away personal details.
- Be very cautious about meeting someone you only know through blogging in person. Keep first meetings short, and agree to meet in a public place during a busy time of day. Make sure somebody knows where you're going and bring a cell phone. If the person you are to meet doesn't look like his or her photo or is different from what they claimed to be (for example older or of a different gender), walk away.
- If there's a problem on your blog or on a blog that includes information about you, report it immediately. No one has the right to threaten or upset you. If anyone (even someone you know) behaves threateningly or asks lots of personal questions, report the problem. If you're a minor, talk to an adult you trust. Every service should make it easy to report abuse; if your blogging service doesn't, consider switching providers.
- Talk to your family about the kinds of information they are willing to make public and what they'd rather keep private. Posting information about others is not okay—in comments, photos, and so on—unless they agree to share that information. When asking permission to share, make clear who can see your site.
- Before changing your settings to be more public, it is your obligation to again seek permission from anyone you may expose. If they are not comfortable with additional exposure, remove any content about them from your site.
Internet Safety Videos
These videos are excellent overall safety videos. You can find more videos on the Ad Council's site and on the Missingkids.org site. Both sites also have Spanish language versions.
For Young People
Social networking sites allow people to build and maintain online networks of friends and others with common interests. They open up great new opportunities to share, communicate, and meet new people. However, social networking products and services have widely different levels of protections for consumers and it is important that you understand the safety and privacy protection of any service you choose to use.
Some social networking sites exist for very specific purposes - like creating business contacts - but most of the popular sites offer a wide variety of functionality. These sites are likely to include hosting blogs, photo and video albums, classified ads, forums, e-mail, instant messaging, and entertainment.
Though teens make up a huge percentage of social networking as well.
Use caution when signing up on a social networking service
Consider carefully the "questions" that sites themselves ask users to complete in the registration process. Accepting the services defaults may expose more information than you intended. Understand what is required information, and what is optional. You should clearly understand why a Web service needs any of your personally identifiable information and how they may use that information before providing it. Sometimes this information is used to provide you with a much more customized experience that suits your needs and sometimes the information isn't needed for the service they are providing you at all - they simply want it for marketing purposes, to show to other members, or to sell.
It is often very difficult to remove information from sites if you later regret the amount of information you have shared. It's best to be conservative in the information you share during sign up process; you can always add more later.
Spam and other malware on social networks
Advertisers understand the value of blogs. Legitimate advertisers pay to have their ads posted on the sites; disreputable advertisers often create fake user profiles and blog sites for their marketing campaigns. These run the gamut of legal to entirely illegal 'offers'. Called splogs (spam+blog) these blogs used for selling are an annoying and potentially harmful form of spam.
Some splog ads appear as 'comments' that get spammed onto social networking sites. These typically include links to sites that may place malware on your computer, or may contain content that is offensive to you.
Chat, discussion boards, and forums
What makes chat rooms, discussion boards and forums unique is the focus on a topic or geographical area. Groups are created by common interest rather than friendships. Though much attention is paid to sex chatrooms, there are thousands of chat topics to pick from, and you can often create new chat rooms on topics at any time. These can be a great way to share ideas and hobbies or chat with people with similar interests that you would otherwise never meet.
Like any site where users share information, these chats, discussions, and forums can be abused for a full range of crime including data mining for criminal intent, social engineering ploys, scams, and so forth.
If you are comfortable with the safety offered, create an account that does not identify you, avoid providing personal information, and have fun.
Online quizzes and surveys
Quizzes and surveys you find online, including those on social networking sites, are usually entertaining and may seem like a harmless pastime. But quiz and survey companies are for-profit businesses. Because consumer information is a commodity, you should assume that information you enter in quizzes and surveys is being sold. Some sites allow users to create their own quizzes and surveys but in most cases they are still making money from the answers.
Just by reviewing the types of surveys or quizzes you take, a criminal may learn a great deal. Answering if you're Hot or Not, a Fashion Disaster or Diva provides not only businesses in the fashion or teen magazine industries with information, it also provides information to a potential predator about topics that interest you. Some quizzes and your answers get displayed on your social networking sites, which is something to consider carefully if your site is publicly viewable as your answers may expose personal information to a criminal.
Quizzes and surveys on senior social networking sites are typically more financially or medically invasive. For example, the information from a medical quiz may be passed directly to pharmaceutical companies, online drugstores, or insurance companies. After answering a quiz you may find you receive spam targeted to your medical conditions or financial interests.
- Why did the company create this quiz?
- What will they do with the information?
- Who will see my answers?
The convenience of managing the financial side of your life online is wonderful. You can buy things, deal with your banking chores, and even manage investments all from your home. But whenever your money is involved, whether offline or online, you should be cautious to avoid scams or theft.
Online shopping is incredibly convenient because you can find the lowest prices and best deals for products and services. However, you need to learn that getting a great deal online involves considerably more than getting the lowest price. You should be sure that the product arrives on time, it is of the quality you expected, it includes a proper warranty, and that there is a way for you to return the product or get support with any questions or issues you have.
The fundamental safety consideration when shopping and performing transactions online is the same issue Internet users have to consider when sharing personal information: trust. Learning how to determine which companies, institutions, and individuals are worthy of your trust when it comes to your financial information is a critical life skill. Click this link to learn how to identify secure/trusted Web sites.
Before buying anything online consider these questions:
- Do you know the store from the brick-and-mortar world? If the Web site is owned by a store you already do business with and where you can physically return any item, or you have experience with their level of service and trustworthiness, you are probably in good hands.
- What is the site's reputation? If you know others who have had consistently positive experiences with the online store, you can be reassured of the site's quality. If you do not know others who have used the site, do your own background check by looking at sites dedicated to reviewing e-stores (for example, Epinions, BizRate, Better Business Bureau). Another Web site to consider is The National Fraud Information Center which watches out for shady Internet dealings and offers consumer tips on its Web site.
- Is the Web site secure? Legitimate online merchants offer secure transactions. Look for two assurances to see if you are on a secure site. The URL should show Https: when you are making a purchase and there should be a lock symbol in the lower left corner of your screen.
- Is the offer 'too-good-to-be-true? Avoid buying from any e-store that promises too much at too low a price. If the price is low, you have to consider whether the merchant came by the items legally, whether you will ever receive the items, whether the items will work, if you will be able to return damaged goods, or if the merchant is also generating revenue by selling your financial information. Disreputable stores frequently run an absurdly low price offer and then, claiming the item is out of stock, try to sell you something else; this is a classic "bait and switch" technique.
- Does the merchant collect more information than is necessary to complete the sale? You will need to provide some method of payment, address, and telephone number. If a merchant requests your bank account information, social security information, or driver's license number, NEVER provide it. Some reputable companies ask additional questions about your interests. This should always be optional. Remember, your information is a commodity and you should feel you are getting appropriate value - and control - before providing your information.
- Use a payment service or credit card for payment rather than a debit/ATM card, check, or cashiers check, wire transfer, or money order. Click here for more on payment services. Payment services (such as PayPal) allow you to register with them and then pay companies through them without ever exposing your credit card number. Credit card purchases limit your liability to no more than $50 of unauthorized charges if your financial information is stolen. It is wise to have a dedicated e-mail account for online shopping and transactions, and to use one credit card exclusively for online purchasing and transactions. If that card gets compromised, you can quickly shut it down.
- Review the company's shipping methods. Understand what carriers they use, their shipping rates, and if they provide tracking and insurance.
How to stay safer when banking and paying bills
Banking and paying bills online is convenient and can be safer than banking and bill paying in the physical world where you have to worry about lost and stolen mail and having discarded statements stolen from your trash. Banks go to great lengths to protect your information when you perform transactions online, and there are protections in place to shield consumers in the event of banking fraud.
In most cases, the weakest link in online banking is the consumer. This is good news, because it means that you can control your online experience by educating yourself.
Follow these steps to stay safer when banking online:
- Make sure your computer has up-to-date versions of anti-virus and anti-spyware software and install all updates.
- If you open an account with a new bank, confirm that it is legitimate and your deposits are insured.
- Keep personal information private and secure: don't share pass codes, passwords, or ID's with anyone.
- Never conduct financial transactions from a public computer because you don't know what tracking tools may be capturing information.
- Create strong passwords for accessing your account.
- Be alert to e-mail scams asking for your account number or password.
- Ensure that you are actually dealing with your bank and not with a phishing site. NEVER believe an e-mail, no matter how convincing it looks, that notifies you that there is an issue with your account and asks you to click a link or call a number provided in the e-mail to fix the problem, re-authenticate your account, or provide your credentials.
- Always type in your bank's URL yourself; if you click a provided link, you may land on a site that looks legitimate, but isn't. Store your bank's URL in your online favorites in your browser so you can return to it quickly and with confidence.
- Monitor your account activity to detect potential fraud by requesting online credit reports. You have the right to one FREE credit disclosure in a twelve-month period from EACH of the three national credit reporting companies—TransUnion, Experian, and Equifax. The easiest way to get these reports is through AnnualCreditReport.com, a service created by these three credit institutions specifically to help consumers get free annual reports. You can also pay for credit monitoring services to watch your credit for you.
Online investing and investment tracking is fast, efficient, and often less expensive than using a personal broker. Still, you should do your research carefully.
The types of investment fraud seen online mirror the fraud perpetrated over the phone or through the mail. Hundreds of online investment newsletters offer seemingly unbiased information free of charge about featured companies or recommended "stock picks." While legitimate online newsletters can help investors gather valuable information, many online newsletters are tools for fraud. If an investment newsletter comes unsolicited to you, consider that it may be a scam.
Keep in mind that fraudsters may use a combination of Internet tools to spread false information, including bulletin boards, online newsletters, spam, or chat. They can build glitzy, sophisticated Web pages for very little money. They may reference several of these fraudulent sites and urge you to visit them as a way of verifying that you have checked several sources. However, these sources are phony.
To invest wisely and steer clear of frauds, you can get the facts from the U.S. Securities and Exchange Commission's Web site.
Classified ads and auctions
Online auctions continue to increase in popularity as consumers participate from computers and mobile phones. These sites are a great way to pick up good deals and unusual items, but it is critical that you stay alert and cautious.
Auction fraud is the most reported form of online fraud. Auction schemes tempt victims to send money for promised items, but then deliver nothing or an item far less valuable than the item that was promised. Another ploy is for the criminal to purchase an item at an auction with a check for a larger amount than the item's value and ask the seller to reimburse the difference. It is only after you've shipped the goods and refunded the 'difference' that you discover the check bounced and the criminal got away with your property AND your cash.
Be particularly careful with international sellers. If something goes wrong in one of these transactions there is very little that can be done to help you get your funds or goods back.
Classified ads are another useful tool for selling and purchasing items if you do so carefully. Before buying or selling anything on a classified site read the site's Terms and Conditions, their abuse reporting procedures, and any safety tips the site provides.
When creating an account on a classified ad site, create a safe profile that does not include any identifying information. Use a separate e-mail account. Many sites provide one for you, but if the site you choose to use does not, create a new e-mail account for yourself for classified transactions. Don't ever include a personal phone number in your profile or ad.
Safe tips for online classified site sellers
When selling an item through an online classified site, follow this safety advice:
- When describing the item for sale, limit the personal information you give. For example, don't include in photos identifiers such as a house number, your child, other possessions, or identifying information that isn't relevant to the item being sold.
- Only give a general location, not a specific address, in your ad.
- Only deal with local people who you can meet face to face. The further away a buyer or seller is, the higher your risk of fraud.
- Never accept payment in the form of a cashiers check, wire transfer, money order, money transfers, or through escrow services. You want cash at the time of the transaction or through a reputable payment service. Check out the safety and privacy of any payment service before you use it.
- If someone offers to pay more than the asking price, they are committing fraud. If someone asks for your checking account information so they can transfer funds, the transaction is not legitimate.
- Never send an item before it has been paid for.
- Scammers often use hard-luck stories to get you to give them the item for free. No matter how desperate the story sounds, it is likely to be a scam.
- Unless the item is too big to easily transport, always bring the item to a public place rather than delivering it to the buyer at your home. Do not invite trouble to your doorstep.
- Never meet buyers alone. Always have someone with you, even if you are meeting the buyer in a public place.
- If you are selling a device such as an iPod or PDA through a classified or auction site, consider what content is on the device. Strip off all personal information and make sure that it doesn't contain copyrighted content that is not yours to sell.
Safe tips for online classified site buyers
Advice for buyers is similar to that for sellers, but from a buyer's unique perspective:
- Only deal with local people who you can meet face to face. The further away a buyer or seller is, the higher your risk of fraud.
- Research the item carefully before purchasing and be wary if the asking price is unrealistically low.
- Check the item carefully before releasing payment. For example, if it's electronic plug it in or turn it on to be sure it works.
- The best way to pay for items is with cash or with a secure payment service. If the seller asks you to pay more, and will offer to give you a check for the difference, say NO; it's a scam. Do not pay with checks as they show your address, full name, and sometimes phone number along with your bank account information.
- Avoid going to someone's house to view an item unless it is too large to transport. Ask to meet in a busy public place and always bring someone with you.
- Report any abuse to the classified service provider, and law enforcement if necessary.
- If you are the victim of a scam, report it though the Internet Crime Complaint Center.
Payment services: Moving towards cashless transactions
Payment services such as PayPal, eBay Payments, Amazon Payments, Yahoo!, or PayDirect offer buyers an increased level of protection from a fraudulent seller, but cannot guarantee that the buyer will not lose out. Proprietary payment systems may increase a buyer's protection by providing another avenue for complaints and may also screen out fraudulent sellers because of the reduced anonymity of the transaction. However, the degree of protection for a defrauded buyer may be limited depending on the particular features of the payment system.