The internet in our workplaces, in our homes, on our phones. It connects us to one another in a powerful way. It also has the potential to connect us to would-be criminals. We’ve outlined a few of the most common schemes here.
“We are doing our semi-annual account verification and we are unable to verify your data. Please click here to update your information.”
“Our records indicate there was recently an unauthorized transaction on your account. To maintain the safety of your account, please click on the link below and enter the requested information.”
Messages like these are parts of an e-mail scam called “phishing.” They try to lure personal information – credit card numbers, bank account information, Social Security numbers, passwords or other sensitive information – from unsuspecting victims.
- appear to come from companies and agencies – even government agencies and charities – with whom consumers may regularly conduct business
- frequently contain links to sites that look remarkably like a legitimate organization’s site
- may threaten a consequence – closing an account, terminating a service – unless consumers update their billing information
These messages and sites are bogus. They seek to trick consumers into divulging information to operators who can in turn steal their identities, get credit or run up bills in the consumer’s name.
Consumers should always be cautious of any unsolicited communication requesting personal information.
- Do not reply to an e-mail or pop-up message that asks for personal information and don’t click on the link in the message. Legitimate businesses don’t ask for these types of information via e-mail. Contact the company directly using a telephone number or a website address you know to be legitimate.
- Be suspicious of warnings that accounts will be shut down with little or no notice if you don’t reconfirm your billing information. Don’t be pressured into responding before you can contact the legitimate organization.
- Look at the “address bar” at the top of the browser, not just the graphics and logos on the web page. Fake sites often use a different domain name from the legitimate business site they are copying.
- Avoid sending personal and financial information via e-mail whenever possible.
If you think you have disclosed personal information through a phishing e-mail, take these steps to protect yourself:
- Contact the credit card company and cancel the account.
- Call the three credit bureaus and put fraud alerts on your accounts.
- If you do find illegal activity on your credit report, refer to the 10 Steps to Recover from Identity Theft.
Unsolicited commercial e-mails, often referred to as “spam,” are an irritating fact of life for consumers who use the Internet to communicate with friends, do research, or purchase goods and services online.
In 2003, the federal government passed an anti-spam law, called the CAN Spam Act. Among other regulations, the CAN Spam Act requires that unsolicited commercial e-mail be clearly identified as such and that consumers be able to opt-out of receiving more e-mails. The Federal Trade Commission is also charged with investigating the viability of a do-not-spam registry, similar to the do-not-call phone registry already in place.
While many unsolicited e-mail messages are annoying, only some fall into the illegal category. But even if a message does not violate federal anti-spam laws, it should still be viewed with caution.
Messages may contain advertisements for pornography, get-rich-quick schemes and other ploys that violate state law, or they may be offensive and inappropriate for children. Clicking on links contained in spam messages can also expose Internet users to computer viruses.
To reduce the amount of spam you get:
- Try not to display your e-mail address in public. This includes newsgroup postings, chat rooms or websites.
- Read and understand the entire form before you transmit personal information through a website. Many sites allow you to opt out of receiving additional information from their “partners,” but you may have to check a pre-selected box to opt out.
- Consider using two e-mail addresses, with one for personal messages and one for newsgroups and chat rooms.
- Try to make your e-mail address unique. Some spammers use “dictionary attacks” to sort through possible name combinations at large ISPs or e-mail services in search of an e-mail address. So, for example, “jdoe” gets more spam than “jd45x2oe.”
- Use an e-mail filter. Check your e-mail account to see if it provides a tool to filter out potential spam.
- Never reply to or even open e-mails you know to be spam.
Another increasingly annoying problem for many Internet users is unsolicited pop-up messages. Although pop-ups are annoying, they are not illegal.
To decrease the number of pop-ups on your computer, you can install:
- pop-up blocking software that is frequently low cost or even free. A properly patched version of Windows XP has a pop-up blocker you can turn on.
- a firewall that is designed to block hackers from accessing your computer and getting into your programs and files. A firewall is different from anti-virus protection.
While anti-virus software scans incoming communications and files for troublesome files, a firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources.
Some recently released operating system software (including Windows XP) comes with a built-in firewall. Because it may be shipped in the “off” mode, check your online “Help” feature for specifics on turning it on and setting it up properly.
If your operating system doesn’t include a firewall, you can install separate firewall software that runs in the background while you use your computer and use the Internet.
Several free firewall software programs are available on the Internet. (You can find one by typing “free firewall” into your favorite search engine.) You can also buy a hardware firewall, an external device that includes firewall software. Like anti-virus software, a firewall needs to be updated regularly to be effective.
Adware and Spyware is software installed on your computer without your consent. It can control and monitor your computer use. Clues that spyware might be on your computer include:
- a barrage of pop-up ads
- a browser that takes you to sites you don’t want
- unexpected toolbars or icons on your screen, or new or unexpected icons on the system tray at the bottom of your screen
- keys that don’t work
- random error messages
- sluggish performance when opening programs or saving files
To lower your risk of spyware or adware infections:
- Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.
- Download free software only from sites you know and trust. Some offers of free software can include other, unwanted software, including spyware. When downloading software, read the end-user license agreement (EULA) carefully.
- Don’t click on any links within pop-up windows.
- Don’t click on links in spam that claim to offer anti-spyware software. You may be unintentionally installing spyware.
Where to Complain
- Forward spam and phishing information to email@example.com.
- File an online complaint about deceptive spam emails or pop-ups with the Federal Trade Commission.