The holiday season is here and millions of Americans are heading out to tackle their last-minute shopping lists. Though doing the lions share of your shopping online can save you time, there are many dangers lurking out there on the Internet, especially where there are credit cards involved.
One recent Internet phishing scam involves Apple fans, and a so-called "Christmas Awards" program. This email-based scam sends you a message from a non-Apple email address (like rediffmail.com) asking you to download an attachment to learn more about the awards program. The attachment is a Word document, which is a red flag for downloading viruses and malware. While the download doesn't appear to host any viruses, it does say that you've won $250 million dollars and a commemorative iPhone 4S. All you need to do to claim the "prize" is hand over all of your personal and sensitive information. Don't! If you get this email, don't open it and be sure to report it to the FTC.
Stay safe while shopping this holiday — and beyond — by following these tips that will keep your personal info out of the hands of hackers.
- Don't be fooled by fake log-in screens: If you're already signed into Twitter, Facebook, or your email, you won't be asked to sign in again unless you've logged out. Even if the screen looks like the normal log-in, it probably isn't.
- Don't be fooled by emails: I've been asked to reply to my "banking institution" with my account log-in information before. The email is formatted to look legit, but if you check the sender's address, most likely it's from a third-party account like Gmail, Yahoo, or MSN. Be diligent and never reply to emails with your bank log-ins or passwords and always check where they are coming from first! When in doubt, call instead.
- Reset your passwords often: Too often, people have some pretty lame passwords, which allow their accounts to get hacked even without a phishing scam. Make sure your passwords are tough to guess, and try to change them every few months.
See the rest of the tips after the break.
- Get some password help: There are sites out there that can help you choose a hacker-proof password, but just don't go writing it down in an easy-to-find place soon after you settle on one!
- Never forget your password again: You can use a device like Roboform to store your passwords digitally, then all you have to do is insert it into your computer's USB port for access. Just keep that sucker under lock and key!
- Use https where you can — Connect to sites using a secure connection by typing "https://" before the website address. HTTP (which stands for "hyper text transfer protocol") signifies the transfer of information between web servers and clients whereas HTTPS signifies a secure connection (S for "secure") — your browser is talking to the server in a secure, encrypted connection. You'll notice it frequently on banking and other sites that contain personal information, and sport a green url.
- Scammers aren't afraid to call you: As if I need to tell you this, but giving away your passwords, log-in information, or social security number to a call that was unsolicited by you (meaning they called you, not the other way around) is asking for trouble. If you are asked to give your info out to a person who contacted you, get their name and/or employee ID number and call them back through the main 1-800 line, just to be safe.