How to Avoid Online Identity Theft: 12 Tips From Information Security Experts
By Brianna Flavin on 07/06/2015
“The average American Internet user faces serious vulnerability to identity theft 4-5 times each day,” says Jen Martinson of internet security company Secure Thoughts.
With so many important interactions and transactions moving into an online forum, identity thieves are making the Internet their hunting ground. In the midst of all of this virtual interaction it’s easy to lose sight of the fact that there are strangers lurking behind the codes on the other side. Greg Scott of Infrasupport Corporation sees many people lulled into a false sense of security online.
“All the devices we have today—phones, tablets, computers—interact with the world, somehow,” Scott explains. “So with every interaction, no matter from what device, think about how a bad guy can use it to steal from you and guard yourself accordingly.”
We polled IT security experts to identify some tips and tricks to help you avoid online identity theft.
1. Lock down your social media
“Criminals don't need you to click on links in order to steal your identity,” says Ashley Schwartau of the Security Awareness Company. “There's plenty of information on many of our social network profiles they could use to answer security questions and guess their way into your financial accounts.”
"Criminals don't need you to click on links in order to steal your identity."
Schwartau warns social media users to steer clear of sharing common security information, including your mother’s maiden name, birthday and home address. She also advises regular privacy setting checks to ensure you aren’t sharing information accessible to everyone. Don’t accept friend requests from unknown individuals and never post a photo of a credit card, driver’s license or paycheck.
2. Take advantage of security software
It’s always a smart idea to add antivirus software to your web browser, according to Roberto Rodriguez of Human Firewalls. Many devices come with firewalls and other useful security measures, but if users disable or neglect to update protection on their computers, they make themselves vulnerable.
Scott urges users to consistently update computers and phones when updates become available. Cybercriminals detect security vulnerabilities often and software vendors react accordingly. If your device is prompting you to install a software update, there’s probably a reason for it!
3. Password like a pro
“Do not make the same mistake as 80 percent of Americans and use the same password for everything,” Martinson warns. She recommends creating unique passwords for each account and never incorporating generic information like a birthday or a pet’s name.
(Check out our Safe Password Checklist to see how your password habits rate!)
4. Limit online shopping to secure websites
Many financial transactions are taking place online these days, opening the door to virtual pickpocketing. Shopping on an unprotected website leaves your credit card information vulnerable to interception by cybercriminals. Martinson suggests looking for the padlock symbol next to your URL before making any transactions, which signifies that the site is secure.
5. Treat your inbox like a knock on your front door
“Most online identity theft occurs when victims are lured into clicking on links or downloading attachments in emails, text messages or on social media,” says Steven Weisman, lawyer, professor and author of Identity Theft Alert. In the same way anyone could walk up to your front door and ring the bell, anyone could be behind the emails entering your inbox. Use discretion when opening links sent in emails.
6. Check the website URL
Weisman says you should never send enter personal information to a website unless the URL begins with ‘https’ rather than just ‘http.’ The extra letter signifies that the data you are sending is encrypted, making it more difficult to intercept on its journey.
7. Beware of public & free Wi-Fi
“Just because you can connect to the internet doesn't mean your connection is secure,” Martinson says. She says the public Wi-Fi networks offered in hotels or coffee shops have become easy targets for identity thieves.
"Just because you can connect to the Internet, doesn't mean your connection is secure."
Because the networks are largely open, any information you send is at risk of ending up in the wrong hands. The especially-clever hackers can even use a shared network to access information stored on your device. While this doesn’t mean you should shun public Wi-Fi, it does mean that you shouldn’t do you online banking at Starbucks.
8. Think before you click
Most of the time malicious viruses are deployed upon clicking a link, pop up box or attachment, says Scott. It might be flashing or noisy, but take a second to think before reacting and clicking. Rodriguez suggest hovering over any links you’re skeptical about. This will allow you to see where the link is connecting to so you can determine if that’s a place you really want to go.
9. Check your credit card statements & credit reports
Good old fashioned financial awareness can also help protect you from online identity theft. Schwartau suggests keeping a close eye on your accounts regularly so you can act swiftly on any incongruities.
10. Beware of free apps
Sometimes the word free encourages us to let our guard down when it comes to apps and software. Weisman urges app users to verify the legitimacy of free apps before downloading, as they may come infected with malware.
11. Don’t forget about your kids
The unfortunate truth is that children are not immune to online identity theft. Cybercriminals can commit fraud or rack up debt under an adolescent’s name and it may not be detected until they turn 18, says Schwartau. She suggests calling your credit reporting agencies to freeze your child’s credit files.
12. Don’t drop your guard for tech help
Even reaching out for tech support, to get system advice or to fix a problem can be an opportunity for online identity theft. Scott describes a scenario that’s becoming increasingly popular among cybercriminals.
“The idea is, you submit a help question to a community chat service and maybe an answer comes back to call a tech support phone number. You call the toll free number and the person on the other end of the phone convinces you to give him remote access into your device. Game over. They now have access to everything you have inside that device.” Scott’s advice is to stay vigilant with your identity and device information—no matter who you’re dealing with.
Better safe than sorry
Now you have some expert tips and tricks to help you avoid falling victim to online identity theft. With so many important conversations and transactions happening online, you can never be too safe. Check out our Tech Tutorial Series for some helpful how-to video demonstrations on how to stay safe online.
Want to help combat the cybercriminals these tips are protecting you from? Learn about careers in information security!
