Help protect yourself from identity theft online by asking yourself these six questions.
I feel safe in assuming that if you met a stranger on the street who wanted you to disclose your personal banking information, you would tell him to go take a long walk off a short pier or keep you would keep your mouth shut at least. Then why do so many otherwise intelligent business owners fall for scams online?
When I speak to my clients about phishing scams and protecting their identity online, they nod their heads and assure me they would never fall for a Nigerian banking scam or open an attachment from an unknown person. Yet, every month, successful business owners contact me to ask for help reclaiming their lives after cyber criminals steal their identities.
The hard truth is recovering from identity theft is a long, painful process. It is much easier and way less expensive to prevent identity crimes from occurring in the first place by protecting yourself from an identity scam.
Protecting Your Identity Online
Help keep your identity more secure online by asking yourself these six questions to help prevent yourself from becoming another victim of identity scammers.
Are you expecting to hear from the person or business contacting you? Unless you have an ongoing relationship with the sender of an email or message, any inquiry for personal information you receive is most likely an attempt to defraud you. Even if you have business with the company supposedly contacting you, is there a legitimate reason for the business to communicate with you now?
It is now common for a fraudster to choose the name of a large company like PayPal, Amazon or local utility company which most people use. So just because you are a customer of a company, doesn’t mean the email is real. If you are ever in doubt about whether a request from a company is legitimate or not, open a new web browser and visit the company’s website by typing the full domain name directly into the address bar. Never click on any links from the email which may take you to a copy of the company’s site.
Does the email look professional? Carefully examine any email you receive which asks for sensitive information. Compare the questionable email to other emails which you have received in the past from the same company and know are legitimate. Look at details like the logo, the salutation, and the way the email is written. The majority of phishing scams originate outside the United States in countries where English is not the official language. Many scam emails contain multiple spelling and grammar mistakes.
When an email contains language which encourages a quick response to prevent being locked out of your account or losing your benefits it is most often a red flag.
Do I really know who sent you that? Online scammers are great at making their emails and social messages appear to be coming from a friend or associate you know. Manipulating the source of a message, or the header is ‘spoofing.’ Spoofing causes US businesses to lose billions of dollars in fraud.
Before you respond to an unexpected message requesting by sending any form of personal information, always double check that the sender’s email matches the person or company you think sent the message. If the sender is using an email address which is different, don’t respond. The safest approach is calling and speaking with the sender by telephone to verify the legitimacy of the request.
Why is the person asking for that particular information from me? Many scammers use a spoof email to ask users to confirm personal information relating to the individual’s account. Most of the time, the information these scammers ask for is something which a real business would not need to confirm a user’s identity.
Banks and financial institutions never request users to confirm passwords or user names through email. A legitimate business won’t ask for you to send sensitive information over an unsecured server.
Is the payment page secure?The majority of purchases in the US are made online. But before you input your credit card information, you need to make sure you are not about to send your credit card information to a scammer. Help keep your bank account safe by always checking that the payment page is secure and authentic.
Never access a payment page directly from an off-site link. It is common for a cyber criminal to send a spoof email which contains an embedded link to a special offer. But when you click on the link, it redirects you to a copy of the site designed by the scammer to steal your credit card information. Never pay on a page which doesn’t have a “https://” before the domain name and look for an icon of a padlock in the address bar. If you are unsure about the security of a site’s payment page, don’t make a purchase.
Am I revealing too much personal information on social media? A profile on a social media service like Facebook, Instagram, LinkedIn, and Twitter is a treasure trove for identity thieves. Many users of these social media services do not understand just how much of the information they publicly share can help scammers to gain access to their accounts. Avoid sharing sensitive information such as birth dates, anniversary dates, names of children, pets, friends, and spouses. Don’t post pictures scammers can use to create fake accounts. Never reveal your home or work address.
Always use the highest level of privacy available from a social media service and never accept strangers as friends.
Regrettably, it is impossible to guarantee you will never be a victim of online identity theft, but when you remember to ask yourself these questions, you will lower the chances you will.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.