August 3, 2010 > Shield yourself from cyber crime
Shield yourself from cyber crime
By Meenu Gupta
"Eternal vigilance is the price of liberty." Caution should always be the watchword to be better equipped against internet scams. The ease and comfort of using ATM cash machines, online banking and phone banking brings in its wake the opportunity for cyber criminals. "The first thing is to become educated on how criminals get your information and the next step is to protect yourself'," said Mike Prusinski, a Certified Identity Theft Risk Management Specialist with Life Lock, Inc.
To target victims, hackers create a website closely resembling that of a bank and host it at a URL, which also resembles the bank. A series of e-mails are then sent at random as "bait," asking the recipient to verify or update account details by logging in, presumably for security reasons. A click on a link supplied in the e-mail takes the user to a fraudulent website, a look-alike of the bank. In this method called "phishing," as soon as the account details and password are entered on the fake website, the fraudster is successful in hacking the account information. "Ask yourself this question, would my bank be sending me the e-mail asking me to click on a link that's leading me to another website, and the answer is no," said Prusinski.
"Pharming" is another form of online fraud. Like phishing, pharming relies upon the fake websites to steal confidential information, but the latter is more difficult to detect in many ways because they are not reliant upon the victim accepting a "bait" message. Instead, pharming re-directs victims to the bogus website even if they type the right web address of their bank or other online service into their web browser.
In another method commonly used by cyber criminals, a fake call center is set up using Voice Over Internet Provider (VOIP). An e-mail requests information to confirm banking details as a security check at the phone number provided. If a person falls into this trap and calls the number believing it to be a bank phone number, the victim ends up giving his/her account information at the Interactive Voice Response (IVR) phone number. An impersonator who gets his hands on someone's private information may call the bank and by proving the correct identity based on personal information, perform the transactions via phone banking. Personal details such as bank account number and routing number can be used by hackers to issue checks at websites that accept online checks leading to online check fraud.
To avoid becoming a victim of online banking fraud, keep your personal documentation private. It should not be left at places where it can either be picked up or viewed by anyone who does not need to see it. People should avoid logging in to their online account from an insecure computer network. When accessing the bank's website, always make sure that the URL is correct. For instance, the URL should read like www.bankofamerica.com. A URL such as www.bankofamerica.xyz.com is fraudulent created to trap phishing victims. The safest approach is not to key in the online banking account login details at a website which appears doubtful, and to look for the lock at the bottom or HTTPS in the address field of the browser. The URL should either be typed every time or bookmarked rather than follow links to a banking website from another website or e-mail.
When available, use alternative methods to enter account login details. For example, click on an on-screen keyboard when logging in and avoid key presses altogether. "People are told to put SSN on checks to get it cashed easily," said Prusinski. Social Security Number should never be printed on checks. "People are told not to carry SSN card around with them. Senior citizens have their Medicare cards that have their SSN on them which they have to take around, say, for a doctor's visit. Consumers need to be aware of the problems, we shouldn't have to live in fear," he said.
Scanning a personal computer periodically to ensure that no spy ware or key logger is installed, and regularly updating anti virus software is good prevention. Windows users should turn on the automatic updates and regularly download security patches. E-mails that ask for bank account details and other personal information should never be answered. Unless a person initiates a call to a bank service center by dialing the number listed on the bank's website, account details should never be given over the phone. Monitor accounts and credit reports to make sure your identity has not been stolen.
Victims of identity theft should first contact the bank and make sure to put a stop on all transactions.
Filing a police report is the next step so law enforcement agencies can begin an investigation with the bank. Paperwork should then be filed with federal trade commission online at www.ftc.gov. "The reason for filing the paperwork is to show that you have been victimized. In case of identity theft a 'person is guilty until he can prove himself innocent' unlike other crimes," said Prusinski. Armed with a little knowledge and alertness, many attacks from the crime-ware arsenal can be avoided.