More Than WE Know

If you’re still debating on resolutions for the New Year, here’s one you might want to consider:

• avoid identity theft

I’ve written before about the risks of online phishing schemes. But don’t overlook the offline opportunities that thieves have of obtaining your personal information:

• stealing your mail
• digging in your garbage
• skimming your credit card magnetic stripe
• overhearing your account information

I recently took a quiz at LifeLock.com and discovered I was at medium risk (59%) for identity theft. There are several things I need to do to improve my personal security practices to make it more difficult for thieves to get my information.

If they do get my information, I am also considering protecting myself with LifeLock.

LifeLock is America’s #1 Identity Theft Prevention Program. Their service:

• puts a fraud alert on my account at each of the three credit bureaus
• orders an annual copy of my credit report from each bureau
• keeps track of all my credit card information in case they are lost or stolen

With an alert on my account, I should be notified any time someone tries to get credit in my name. If it isn’t me, I can refuse to authorize it.

LifeLock is so confident in their service that they back it with a $1 million guarantee.

In reviewing the services, I can see that there isn’t really anything that LifeLock is doing that I couldn’t do myself. I can order an annual credit report and put fraud alerts on my account every 90 days.

But the question is, would I?

And the answer if I’m being honest with myself is, no.

I have enough trouble remembering to balance my checkbook - I wouldn’t remember to renew a fraud alert every three months.

The next question is, is it worth it to me to pay LifeLock to do it for me?

Identity theft is not as common as the media would have you believe. On the other hand, when it does occur it can cause a lot of aggravation and frustration. Victims have had their credit scores damaged, their tax refunds withheld, their power turned off and even been arrested for outstanding warrants for crimes they didn’t commit. They’ve had to spend considerable time clearing their names and getting the mess all straightened out.

That’s definitely aggravation I would prefer to avoid.

LifeLock’s full price is $10 per month or $110 for the full year. Because children are also at risk of having their social security information stolen and mis-used, they also cover children for $2.50 per month. However, the links in this post provide you with a special promotional discount.

There are a few other companies that offer services similar to LifeLock’s. You can compare them side by side at this link: Lifelock Promotion Code

If identity theft is causing you to lose your peace of mind, then you may want to look into using the services at Lifelock.

At the least, take their informative quiz to find out your current risk.

(sponsored review)

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Trick or Treat???

Can you tell the difference??

As a followup to my article on phishing, I thought I’d share this recent example I encountered.

I received this email this week supposedly from services (at) paypal (dot) com which certainly looked like a legitimate email address and in fact got through my junk filter.

I was amazed at how brazen the email was in trying to intimidate the reader into providing debit/credit card information. Their reasoning makes no sense and their facts are incorrect - but they say it so authoritatively that you are tempted to comply!

I’ve copied the entire email below so you can see an example of how convincing some of these phishing emails can be. I have removed the links that were included in the email but as you can see there were two of them - both looking like they were pointing to PayPal but were in reality pointing to a Portuguese site!!

I sent this email to spoof (at) Paypal (dot) com and received confirmation that it was Phish and assurance that they would work to disable it.

If you want more info on how to spot a fish, you can take Paypal’s Fight Phishing Challenge at https://www.paypal.com/fightphishing to learn 5 things you should know about phishing. You’ll also see what Paypal is doing to help fight fraud every day.

Fraudulent email: (if you receive this - don’t respond!!)

Dear valued PayPal Customer,

Due to recent fraudulent transactions, we have issued the following security requirements.

It has come to our attention that 98% of all fraudulent transactions are caused by members using stolen credit cards to purchase or sell non existant items. Thus we require our members to add a Debit/Check card to their billing records as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. Your Debit/Check card will only be used to identify you. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the PayPal service. However, failure to confirm your records will result in your account suspension.

We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, PayPal will utilize services provided by various credit reporting agencies to verify the information you submit to us.

Once you have updated your account records your pending PayPal account transactions will not be interrupted and will continue as normal.

To update your billing records please proceed to our secure webform by clicking here.

Thank you for your time,
PayPal Billing Department.

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and choose the Help link located in the top right corner of any PayPal page.

To receive email notifications in plain text instead of HTML, update your preferences here

PayPal Email ID PP247—-end of fraudulent email———–So, what about you? Have you seen any phish lately? Been caught by any? Share your experiences and tips below:

Researchers and students at Carnegie Mellon University have created a new online game that teaches players how to recognize phish - fraudulent email that is trying to get password and account information.

The game is fun to play and I actually did improve my ability to spot fake urls and email addreses as a result of playing it. Plus if you take the survey now and then return a week later to take the survey again, you are entered into a drawing for a $100 raffle.

The potential reward could be much greater than the $100 prize, if it prevents you from being a victim of identity theft. I don’t know about you but it seems I have been getting a lot of phishing emails in my inbox lately.

Some are easy to spot as they are from banks I no longer even bank with. Even so, I get concerned when they threaten to “cut off my ATM usage” if I don’t click on their link and reset my password information. Instead, I forward them to the Federal Trade Commission: spam[at]uce.gov and delete them from my inbox as quickly as possible.

Others pretend to be from ebay and paypal, services I do use on a more regular basis. For these, I also forward them to the spam research site for these services ( spoof[at]ebay[dot]com and spoof[at]paypal[dot]com) . I know that it helps these services to shut down some of these fraudulent sites more quickly.

The following are some tips to follow to avoid being caught in a phishing scam:

• Respond rather than React; Don’t panic if you receive an email that threatens urgent consequences if you don’t provide account or other personal information. Instead:
  • Enter the company’s URL directly (don’t click on a link in the email)
  • Find a contact phone number or email
  • Initiate contact with the company yourself
  • Remember, legitimate businesses such as your bank or ebay are not going to send you a letter requesting personal information online

• Limit the amount of personal information you provide; this includes on forms and in social network sites; while not sharing your social security number might seem obvious, consider whether you really need to share your phone number, mailing address, date of birth, etc.

• Use a secure password; Use a different password for financial sites than for non-financial sites. Change your password every few months. Use a combination of letters and numbers; Don’t use your name or the name of a loved one; Avoid the most commonly used passwords:

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)

• Separate your email accounts; Use a separate email account exclusively for financial transactions - banks, online purchases, etc.

• Watch for signs of attack; Keep an eye on your credit card and bank card statements to ensure that all transactions are legitimate. If you suspect fraud, contact your bank or credit card company immediately.

As Women Entrepreneurs, we increasingly use online services to run our businesses - making purchases, selling services, and managing our finances. While online commerce is still very safe and the incident of identity theft is still low, it is wise for all of us to be aware and to protect ourselves and our hard-earned money.