BBB on Top Five Ways to Prevent ID Theft Online

The good news is that ID theft is on the decline.

The bad news is that ID theft still affected 8.1 million Americans last year, according to Javelin Strategy and Research – down 3.6 percent from 8.4 million in the previous year’s study.

The average amount lost per individual as a result of ID theft last year was about $5,500, for a total of $45 billion.

Despite the decline in reported ID theft, Better Business Bureau (BBB) warns that thieves and hackers still lurk online and is offering advice consumer can use to protect their personal and financial information.

“ID theft prevention should always be on an individual’s mind when they are online,” said Steve Abel, President of the Better Business Bureau.

“When it comes to protecting your identity, an ounce of prevention is worth far more than the amount of money, energy, and agony that goes into getting your life back to normal after your financial and personal information has been stolen."

BBB recommends consumers take the following fives steps to prevent ID theft whenever they are online:

1. Don’t fall for a phishing e-mail.

Phishing—using e-mail or phone calls to pose as a trustworthy organization in order to coerce sensitive information from victims—is on the rise.

According to a survey for Gartner, Inc., 3.6 million U.S. adults lost money in phishing attacks in the 12 months ending in August 2007, as compared with the 2.3 million who did so the year before.

The amount of money lost totaled $3.2 billion. Phishing e-mails can look legitimate with graphics and official logos of banks, government agencies, even the IRS, or credit card companies.

The e-mails usually include hyperlinks that direct the victim to a Web site designed to install viruses and malware or solicit bank account or Social Security numbers.

In order to prevent ID theft through phishing e-mails, computer users should completely delete unsolicited e-mails from banks, credit unions, investment firms and government agencies with which they do not already have an established relationship.

If the recipient does have an existing relationship with the supposed originator of the e-mail, BBB recommends calling the organization to confirm whether or not the e-mail is legitimate before taking any further action.

The IRS and other government agencies do not use e-mail to contact consumers about any issues or problems that require action on the part of the recipient, so e-mails purporting to be from government agencies should be deleted immediately.

2. Create strong passwords and protect them.

Developing a habit of regularly changing passwords makes it much more difficult for ID thieves to steal personal information.

Some passwords, however, are stronger than others.

Attributes of a secure password include a combination of numbers, capitalized letters and even symbols.

Consumers should never use sensitive information for a password such as their Social Security number, mother’s maiden name or birthday.

3. Be safe and secure when on the go.

Computer users on the go should be wary of entering passwords or sensitive information into a computer that isn’t theirs, such as at an Internet café, library, computer lab or airport kiosk.

Hackers can actually record their target’s keystrokes to learn passwords and other information.

Wi-Fi networks, either on the road or in the consumer’s own house, present even more opportunities for ID thieves.

The easiest way to protect a Wi-Fi network at home is to not broadcast the Service Set Identifier (more information on this topic is available at www.us.bbb.org ).

A safe rule of thumb is to avoid exchanging sensitive information through the Internet when using a public Wi-Fi connection and to simply wait until a trusted network can be used.

4. Guard personal computers with anti-virus, anti-spyware, and firewall protection.

Opinions vary, but the amount of time it takes for an unprotected personal computer to become infected with a virus or malware can range from four to thirty-four minutes.

That’s why a computer must have good anti-virus software, as well as anti-spyware and firewall protection.

Consumers can purchase protective software, but there are also a number of reputable, free programs available for download online.

BBB advises consumers to do their research into a company beforehand to make sure it provides legitimate, reliable software.

Also, many operating systems already provide firewall protection so users should always make sure this protection is enabled.

After acquiring security software, users must keep the programs updated.

Operating systems also require patches and other additional updates that computer users need to install in order to maintain security.

5. Only transfer information over a secure server.

When it comes to giving out personal information online, consumers should only do so on a secure server.

On a secure server, the information is encrypted as it is being transmitted; that way, others can't read it if they should intercept it.

BBB advises consumers to make sure they are on a secure server by checking the URL of the page when asked to give any personal information.

An unsecured URL will look like this:

http://www.###.com.

A secure server will have an "s" either in front of or following the "http", and it will look like this:

https://www.###.com or shttp://www.###.com.

For more trustworthy information on preventing ID theft, as well as BBB advice on what to do if your identity is stolen, go to www.bbb.org .