Guest post by Melissa from Mom’s Plans and Dining Out Challenge
One morning I tried to log into my eBay account but couldn’t. I contacted eBay and once I was able to get in, what I saw was over $1,000 in purchases. My heart dropped, my cheeks flushed, my chest tightened and I felt like I couldn’t breathe. Anyone who has had their account compromised knows this feeling well.
What followed was a two day fast-course on protecting my identity online. Here is what I learned:
1. Change Passwords Frequently
I heard someone on NPR say that “passwords are like underwear. Change them frequently and don’t share them with anyone.” Try to change passwords every 30 to 60 days.
2. Make Passwords Difficult to Guess
You should have a combination of letters and numbers such as M7*dr36!aLd. Is it a pain to have more complicated passwords? Absolutely, but it is worth it to protect my identity.
3. Use A Different Password for Each Account
If thieves can hack into one account, they can hack into other accounts with the same password.
4. Use One Credit Card Solely For Online Purchases
If you use credit cards, have one that you use solely for online purchases and one that you use solely for all other purchases. If one credit card account is taken over — say the one you do NOT use for online purchases and suddenly online purchases begin showing up — the credit card company is much more likely to catch the theft because the charges will be outside your normal purchasing pattern.
5. Link Your Debit Card to a Special Bank Account
If you have an account only for debit card use and the card is compromised, the thieves will not be able to clean out your regular checking account that is used to pay bills. Worse case scenario they would only clean out the checking account specifically used for the debit card.
6. Link Your PayPal Account to a Special Account
Only use your designated credit card for on-line purchases or your designated bank account for your debit card. Do not use your regular credit card or checking account in case the account is compromised.
7. Order Your Free Credit Report Every Four Months
You can go to AnnualCreditReport.com and get your credit report for free from each of the three credit reporting agencies (Experian, TransUnion and Equifax) once a year. Order one every four months. For instance, one from Experian in January, one from TransUnion in May and one from Equifax in September.
8. Put a Fraud Alert on Your Credit Report If You Think Your Account Was Compromised
If you call one of the credit reporting agencies to authorize a fraud alert, they will call the other two agencies and convey the information for you. (These are the numbers for the fraud departments: EQUIFAX: 800-525-6285, EXPERIAN: 888-397-3742, TRANSUNION: 800-680-7289.)
9. Put a Security Freeze on Your Credit Report
This is a radical step, but it will completely protect your identity. When you use a security freeze, you essentially lock down your credit. If you want to open a line of credit, you must first unfreeze your accounts. However, if your information is stolen and the thief tries to open up an account, they will be thwarted.
You must pay $10 to the credit reporting agency to freeze your credit. They will give you a special number as confirmation. Keep this number in a very safe place as you need it to unlock your credit.
10. Make Sure to Have a Firewall, Virus Scan, Spy Ware and Ad Ware Software
Many of these programs can be downloaded for free and offer the initial step of protection.
Identity theft on the Internet is a growing business and the damage can be done quickly. In less than 24 hours, someone used my account to purchase 3 cell phones at a cost of $1000. Imagine if I hadn’t caught it so quickly. Luckily eBay was wonderful and took care of the sales and the $1000.
I hope that my bad experience can help you protect yourself online.
Melissa blogs at Mom’s Plans and Dining Out Challenge. She’s a stay-at-home mom to a boy and two girls.
Do you have an idea for a guest post? I am always looking for high-quality, original (i.e. not published anywhere else online) content with tips and ideas Money Saving Mom® readers can use. If you would like to submit a guest post, please follow the Guest Posting Guidelines.
photo by Ed Yourdon
Elyssa says
Honestly, paying $10-20 bucks a month for legal service and id protection is another option. And a worthy one.
Joy says
I just wanted to say that in NJ it is free to freeze your credit, as my family has done. It does cost $5 to unfreeze accounts though.
Jill says
Someone recently hacked into my Aunt’s email account and stole all of her email addresses. They then sent an email to everyone on the list stating that she was in Europe and had run out of money and that she was in desperate need for money. Of coure my Aunt was in the comfort of her own home at the time this was happening. Somebody that she does not correspond with much could of thought this was true. Once you send an email back then of course they now have all of your email addresses I would guess. It is scarry what people can do.
Christine says
The cost to “freeze” or “unfreeze” your credit with each credit bureau depends on which state you live in. The cost is usually in the range of $3 to $ 10. And, some states don’t charge anything for “seniors” over a certain age.
Thanks MSM for such a great post that we can all benefit from, and thanks to everyone for the additional comments!
Julie M says
One from experience…don’t set up your computer to automatically remember passwords on your email, banking account, etc. It is a bit of a pain to type them in every time but worth the little bit of extra protection.
Brenda says
I love my Discover credit card’s single use feature for using anytime that I’m not actually swiping my card. It’s called a single use number, but it should really be called a single user number. For example, I can ask Discover to generate a credit card number that one user may use repeatedly, like for renewing a newspaper subscription, but nobody else may use it. One may access this feature by clicking on Secure Online Account Numbers near the bottom of the page of Discover Card’s web site.
gino says
Some credit card companies have a feature that allows you to generate “one time use” numbers to use when you buy online. That keeps your “real” number from being compromised.
Never use your debit card for pay at the pump. It may be impossible to spot a skimmer as they can be installed on the inside of a gas pump. See this story discussed by Clark Howard at http://clarkhoward.com/liveweb/shownotes/2010/08/19/19105/.
If possible, avoid using a credit card [and definitely not a debit card] if you must physically hand the card to someone for processing. My credit card was compromised after I handed it over to an attendant at a hotel chain who claimed it was required in case of charges for “incidentals”. The hotel room itself was covered by my employer’s credit card. Three weeks after my stay, I received a call from my card’s fraud unit. Two attempts had been made to charge my card for some nominal amounts under $10, presumably online, one for a “resume” service for less than $5. The crooks’ MO is to test the card number on small purchases and if they go through, then on to the big stuff. Fortunately, my credit card company caught the fraud in time, my card number was canceled and a new one issued. Still, there was inconvenience as I had to scramble to put an automatic charge for utility service that was due to be charged to the compromised one on a different credit card.
Never let down your guard!
The Frugal Bug says
Wow..thanks William. I never thought about the SS# that way. And I totally agree about Internet Explorer!! I also have Firefox’s AdOn call WOT ..it helps with determining what sites are known for malware, spam, adware etc.. based on their rating system. Thanks MSM for valuable guest post.
Lori says
I had someone get into my Paypal account. They sent me an official looking email saying someone had made a purchase with my account that they suspected as fraudulent. The email said VISIT YOUR PAYPAL ACCOUNT NOW TO VERIFY THIS PURCHASE, and they had a Paypal link for me to click. Or so I thought.
The email looked totally legit and the site looked exactly like Paypal. Only it wasn’t. In my panic to check on my account, I didn’t notice that the URL was not http://www.paypal.com. They had taken me to a site set up to look like Paypal and designed to make me input my username and password. I figured it out immediately after I had done it, but it was still too late. Even though I hurried over to the REAL Paypal site and changed my password, they had already taken $250 out. I did some digging and learned that it was going to a Western Union type place in South America. I contacted Paypal, they recognized the fraud and refunded my money right away. They were wonderful about it.
Lesson learned. If you ever get an email from Paypal, don’t click on any links. Instead, just manually type in http://www.paypal.com if you want to check your account =)
WilliamB says
@Lori, good point and not just about PayPal.
If you get an email from someone you pay, don’t click on anything in that email or use any contact info in that email. If you think it might be legit, contact the company in a different way: go to their website (do NOT click on the website in the email, it could go to a fraudulent spoof site instead), call them yourself, send an email to an address you find yourself (again, not via the possible fake email). Ask the company if there’s a problem; if there isn’t, tell them about the fake email.
Same thing for phone calls. If you get a phone call from a company you way, do not give out any information. Ask what the problem is, write down whatever they tell you, then say you’ll get back to them. Then call the company via a number you find yourself (don’t take the phone caller’s word for it) and see if there’s really a problem.
Which reminds me, not giving out info on the phone applies when you’re at a hotel as well. I almost fell for this one. It was earlyish in the morning and I was preparing to give a presentation. I got a call from the front desk saying there was a problem with my credit card number and would I please give it to them again. If I hadn’t been annoyed with the hotel for a rough check-in I would have given the number. As it was I told them I’d give it to them at my convenience, thank you very much; I got suspicious when the guy was pushy about getting it now. He knew my name, when I checked in, and obviously my room number. Later I asked at the front desk if there really was a problem. There wasn’t.
The bad news is that this particular scam was almost certainly an inside job.
Thanks, Lori, for reminding me to share this.
WilliamB says
More ideas:
– Two other ways to protect yourself re online purchases one, get a prepaid gift card from Visa/MC/AmEx or two, get a one-time use credit card for a purchase.
– Don’t use your real name if you don’t have to. Don’t fill out more of a form than you have to. If a store asks for your phone number, ask if it’s really necessary to complete the transaction. You never have to give personal information for a cash transaction, unless it’s something big such as a motor vehicle. Do not let anyone tell you otherwise (a pet peeve of mine).
– Get a photo ID that does not use your social security number. Don’t write your SSN on checks – it is illegal to require SSNs on checks. Avoid giving out the last 4 numbers if you possibly can: it’s not hard to figure out someone’s first 3 (it’s tagged to where you were born) so that leaves only 2 digits to guess.
– Use multiple email accounts; for example, one for friends and family, another for business, another for online buying, one you never check for forms which demand an email addy but don’t send you anything useful online.
– Don’t post personal information online. This information can be used directly (your mother’s maiden name) or indirectly. (to convince your credit card company that the scammer is you). Avoid using your real name, address, where you work, your family members, your address, where you went to school or when, your pets’ names (“What was your first pet’s name?” is a common verification question).
– Beware of Facebook in particular! I can’t emphasize enough what a rich datamine Facebook is. If you do use Facebook, know that the founder’s default assumption is anything you put on Facebook, the company can share or sell unless you tell it otherwise. Telling it otherwise is quite time consuming and is a moving target. The Electronic Frontier Foundation is an excellent source for learning how to disable the automatic sharing of data to the extent possible. Be aware that joining Facebook groups can give out information, especially alumni groups.
– My understanding is that the freeze is free and unfreezing (temporarily or permanently) is $10. As someone who doesn’t need additional debt and has the right number of credit cards, I do not consider freezing to be a radical step. I bet Crystal’s readership includes a lot of people in the same position.
– Using a credit card gives you a lot more consumer protection than using a debit card.
– Avoid Internet Explorer. It is full of exploitable holes and bugs, and as the most common browser it is the biggest target for malware.