In a nutshell, the best protection against many dot cons is protecting your identity; that is,
protecting any identifying information about you that could be used in fraudulent activities
There are also specific precautions that can help protect against online theft, identity
theft, online auction fraud, and other types of dot cons, as discussed next. With any dot
con, it is important to act quickly if you think you have been a victim. For instance, you
should work with your local law enforcement agency, credit card companies, and the three
major consumer credit bureaus (Equifax, Experian, and TransUnion) to close any accessed
or fraudulent accounts, place fraud alerts on your credit report, and take other actions to
prevent additional fraudulent activity while the fraud is being investigated.
Arrests and prosecutions by law enforcement agencies may also help cut down on
cyber-crimes. Prosecution of online scammers has been increasing and sentences are not
light. For instance, two Romanian citizens were recently sentenced for their involvement
in a phishing scheme (the first time the United States has sentenced a foreigner for
phishing)—one received 80 months in federal prison; the other received 27 months.
When using a public computer,
always log out of your accounts at the
end of your session to make sure the
next user won’t have access to them.
Protecting Against Identity Theft, Phishing, Social Media Hacks, and Pharming
A PHISHING E-MAIL OFTEN . . .
Tries to scare you into responding by sounding urgent, including a warning that
your account will be cancelled if you do not respond, or telling you that you
have been a victim of fraud.
Asks you to provide personal information, such as your bank account number,
an account password, credit card number, PIN number, mother’s maiden name,
or Social Security number.
Contains links that do not go where the link text says it will go (point
to a hyperlink in the e-mail message to view the URL for that link to see
the actual domain being used—a phisher would have to use a URL like
Uses legitimate logos from the company the phisher is posing as.
Appears to come from a known organization, but one you may not have an
Appears to be text or text and images but is actually a single image; it has been
created that way to avoid being caught in a spam filter (a program that sorts
e-mail based on legitimate e-mail and suspected spam) because spam filters
cannot read text that is part of an image in an e-mail message.
Some precautions already discussed (such as disclosing your personal information only when
necessary and only via secure Web pages) can help reduce your risk of identity theft. So can using security software (and keeping it up to date) to guard against malware that can send information from your computer or about your activities (the Web site passwords that you type, for example) to a
In addition, to prevent someone from using the pre-approved credit card offers and other documents containing personal information that are mailed to you, shred them before throwing them in the trash.
To prevent the theft of outgoing mail containing sensitive information, don’t place it in your mailbox - mail it at the post office or in a USPS drop box.
TIPS FOR AVOIDING IDENTITY THEFT
Protect your Social Security number—give it out only when necessary.
Be careful with your physical mail and trash—shred all documents containing
Secure your computer—update your operating system and use up-to-date
security (antivirus, anti-spyware, firewall, etc.) software.
Be cautious—never click on a link in an e-mail message or respond to a
Use strong passwords for your computer and online accounts.
Verify sources before sharing sensitive information—never respond to e-mail
phone requests for sensitive information.
Be vigilant while on the go—safeguard your wallet, smartphone, and
Watch your bills and monitor your credit reports—react immediately if you
suspect fraudulent activity.
Use security software or browser features that warn you if you try to view a
known phishing site.
To avoid phishing schemes, never click a link in an e-mail message to go to a secure Web site
always type the URL for that site in your browser (not necessarily the URL shown in the e-mail
message) instead. Phishing e-mails typically sound urgent and often contain spelling and grammatical
Keeping a close eye on your credit card bills and credit history is also important to make
sure you catch any fraudulent charges or accounts opened by an identity thief as soon as possible.
Make sure your bills come in every month (some thieves will change your mailing address
to delay detection), and read credit card statements carefully to look for unauthorized charges.
Be sure to follow up on any calls you get from creditors, instead of assuming it is just a mistake.
Most security experts also recommend ordering a full credit history on yourself a few times
a year to check for accounts listed in your name that you did not open and any other problems.
The Fair and Accurate Credit Transactions Act (FACTA) enables all Americans to get a
free copy of their credit report, upon request, each year from the three major consumer credit
bureaus. Ideally, you should request a report from one of these bureaus every four months to
monitor your credit on a regular basis. These reports contain information about inquiries related
to new accounts requested in your name, as well as any delinquent balances or other negative
reports. For another tool that you can use to help detect identity theft—online financial alerts—
see the Technology and You box. You can also use browser-based anti-phishing tools and digital
certificates to help guard against identity theft and the phishing and pharming schemes used in
conjunction with identity theft.
Anti phishing Tools
Anti phishing tools are built into many e-mail programs and Web browsers to help notify
users of possible phishing Web sites. For instance, some e-mail programs will disable links
in e-mail messages identified as questionable, unless the user overrides them; most recent
browsers warn users when a Web page associated with a possible
phishing URL is requested; and anti phishing capabilities
are included in many recent security suites.
In addition, some secure Web sites are adding additional layers in
security to protect against identity thieves. For example, some online
banking sites analyze users’ habits to look for patterns that vary from
the norm, such as accessing accounts online at an hour unusual for that
individual or a higher than normal level of online purchases. If a bank
suspects the account may be compromised, it contacts the owner for verification.
Bank of America and some other financial institutions have also
added an additional step in their logon process— displaying an image or
word pre-selected by the user and stored on the bank’s server—to prove to the user that the site being viewed is the legitimate (not a phishing) site. In addition, if the
system does not recognize the computer that the user is using to log on to the system, the user
is required to go through an authentication process (typically by correctly answering cognitive
authentication questions) before being allowed to access the system via that computer. The
questions used are specifically designed to be “out of wallet” questions—easy for the individual
to answer but difficult for hackers to guess the correct answer or find in a stolen wallet.
Bank of America is also one bank offering customers the option of adding the use of one-time
passwords (auto-generated by a security token sent via text message to the individual’s mobile
phone, to their online banking logon procedure.
Digital Certificates and Digital Signatures
The purpose of a digital certificate (also called a digital ID) is to authenticate the identity
of an individual or organization. Digital certificates are granted by Certificate Authorities
and typically contain the name of the person, organization, or Web site being certified
along with a certificate serial number and an expiration date. Digital certificates also
include a public/private key pair. In addition to being used by the certificate holder to
encrypt files and e-mail messages (as discussed earlier in this chapter), these keys and the
digital certificate are used with secure Web pages to guarantee the Web pages are secure
and actually belong to the stated organization (so users can know for sure who their credit
card number or other sensitive data is really being sent to in order to protect against some online scams).
The keys included in a digital certificate can also be used to authenticate the identity
of a person sending an e-mail message or other document via a digital signature. To digitally
sign an e-mail message or other document, the sender’s private key is used and that
key, along with the contents of the document, generates a unique digital signature; consequently,
a digital signature is different with each signed document.
Online Financial Alerts
Many online banking services today allow users to set up
e-mail alerts for credit card and bank account activity over a certain
amount, low balances, and so forth.
Protecting Against Online Auction Fraud and Other Internet Scams
The best protection against many dot cons is common sense. Be extremely
cautious of any unsolicited e-mail messages you receive and realize that
if an offer sounds too good to be true, it probably is. You should also be
cautious when dealing with individuals online through auctions and other
person-to-person activities. Before bidding on an auction item, check out the
feedback rating of the seller to see comments written by other auction sellers
and buyers as well as the sellers’ return policy. Always pay for auctions
and other online purchases using a credit card or an online payment service
(such as PayPal) that accepts credit card payments so you can dispute the
transaction through your credit card company, if needed. Using an online payment service that
bills the charge to your credit card, instead of allowing the seller to charge your credit card,
has the extra advantage of keeping your credit card information private. In addition, some auction
sites and online payment services offer free buyer protection against undelivered items or
auction items that are significantly different from their description. For instance, most eBay
purchases paid for via PayPal have at least $200 of buyer protection coverage at no additional
cost. For expensive items, consider using a reputable escrow service, which allows you to
ensure that the merchandise is as specified before your payment is released to the seller.
PERSONAL SAFETY ISSUES
In addition to being expensive and inconvenient, cyber-crime can also be physically dangerous.
Although most of us may not ordinarily view using the Internet as a potentially
dangerous activity, cases of physical harm due to Internet activity do happen. For example,
children and teenagers have become the victims of pedophiles who arranged face-to-face
meetings by using information gathered via e-mail, online games, social networking sites,
or other online sources. There are also a growing number of incidents in which children
are threatened by classmates via e-mail, social media posts, or text messages. Adults have
fallen victim to unscrupulous or dangerous individuals who misrepresent themselves
online, and the availability of personal information online has made it more difficult for
individuals to hide from people who may want to do them harm, such as abused women
trying to hide from their abusive husbands. Two of the most common ways individuals are
harassed online—cyber-bullying and cyber-stalking.
Cyberbullying and Cyberstalking
Children and teenagers bullying other children or teenagers via the Internet—such as through
e-mail, a text message, a social networking site, a blog, or other online communications
method—is referred to as cyber-bullying. Unfortunately, cyber-bullying is common today—it
affects more than one-half of all U.S. teenagers, according to a recent report. Cyber-bullying
can take place via direct online communications (such as with an e-mail or a text message),
as well as via more subtle means. For instance, there have been cases of students posting
videos on YouTube of other students being bullied or shown in compromising situations, as
well as cases of individuals hacking into a student’s social networking account and changing
the content on the student’s pages to harass that student. Unfortunately, there are also
several instances where teenagers have committed suicide because of cyber-bullying, which
have prompted many states and schools to look at harassment statutes and bullying policies.
Several anti-bullying campaigns have been initiated by school districts and government organizations
and most states have implemented new laws or amended existing
harassment laws to address electronic harassment. And Web sites (along with the individuals
or companies responsible for them) that provide the means for the harassment may also be
at risk for prosecution. In Italy, three Google executives were given suspended jail terms for
ignoring a parent’s request to remove a video of a boy being bullied, and at the time of this
writing, Italian prosecutors were investigating whether to sue Facebook for not removing
harrassing messages that led to a teenage girl’s suicide.
While incidents of online harrassment between adults can be referred to as cyber-harassment,
repeated threats or other malicious behavior that poses a credible threat of
harm carried out online between adults is referred to as cyber-stalking. Cyber-stalkers
sometimes find their victims online;