Consumer Tips

Internet Identity Fraud

TOP 10 PERSONAL SAFETY TIPS:

1. NEVER give out your phone number, address, credit card number, SIN number on the internet.

2. BE WARY before you fill out forms. Make up addresses or postal codes or phone numbers if you are unsure. Ask yourself, where is this information going, and how much information do I want to give out to this source? If you don't 100% trust the source, then "none" is a good answer!

3. DON'T post photos of yourself on your public profiles or on your website. These photos can be stolen and manipulated by other users.

4. DON'T put personal information on your own website: this includes phone numbers, email addresses, street addresses, photos, birthdays, etc. If you do want to build your own homepage, it is suggested that you NOT do an "Info about me" site - dedicate it to a hobby of yours instead.

5. ALWAYS use a pseudonym (a.k.a. a "handle" or "username") that does not indicate your gender, age, or location and a web-mail address which is not easy to trace if you are active online in chat rooms, games sites, Napster, newsgroups or any other public forums.

6. PROTECT your personal computer and files with a virus scanner and a firewall. Run programs like Shields Up! often to make sure you're still protected.

7. DON'T speed through registration processes online: make sure you de-select automatic check boxes that might have you listed on public access searches.

8. CHECK to be sure that your connection is secure before you buy anything (look for security sign), and always LOG OUT of secure connections such as internet banking, shopping services or personal file locations online before going anywhere else online.

9. MONITOR your bank statements to be sure no-one is making unauthorized purchases on a credit card number you have used online.

10. TALK to your children and other family members who use your account to develop Appropriate Use Guidelines for your household. Make sure they know and follow the rules of behaviour online (netiquette), confirm that they will keep your private information safe and private and never give out their real names, phone numbers or other information online.

11. Beware of "Phishing"

"Phishing" is a term coined by computer hackers, who use email to fish the Internet hoping to hook you into giving them your logins, passwords and/or credit card information. In all these scams, the phisher first impersonates a legitimate company such as your own internet service provider, or your auction site or a financial institution. In the typical scam, you'll get an email that appears to be from a reputable company. You'll be asked to go to a special site to update your account information. Please link on this link for more information: http://www.bbbonline.org/idtheft/phishing.asp.

INTERACTING ONLINE:

User Names:

Most systems will require you to choose a user name or "handle" to use while you are online. Make sure to choose a name that does not give out too much information about yourself, especially your age, sex and location (often abbreviated as a/s/1). This is the face you present to the world: those who choose a sexually suggestive screen name must be prepared to deal with the consequences, as they may be pursued or stalked by other users. Those who choose to use their real names online should be prepared to deal with the consequences, as they will be easy targets.

Netiquette:

Be aware of the rules of the road online. The fundamental rule is RESPECT: just because you can't see another user doesn't mean there isn't a human being on the other side of the computer, so stick to the same standards of behaviour you would expect were you face to face. For more information on this important topic, check out the following sites: www.cyberangels.org/internet101 (The CyberAngels' Guide, by Parry Aftab) ; www.fau.edu/netiquette/net/ (The Net: User Guidelines and Netiquette); and www.albion.com/netiquette/corerules.html (The 10 Core Rules, by Virginia Shea).

Email:

Have a telus address or an @home address? These services are great, but users may use your email headers to track you down or locate your computer's IP address.

In addition to your home email address, get a free web-based mail account to use when you participate in public chatrooms, Internet Relay Chat, instant message services, and when you sign up for things or have to fill out forms. I would suggest getting a couple of different email addresses for your different activities. Free email address sites include www.hotmail.com, mail.yahoo.com (or .ca), and www.excite.com (or .ca).

Although you may wish to have an address to use when you travel which actually looks more official, like msmith@hotmail.com, always use genderless and ageless and locationless name when you shop, fill out forms, chat, or interact online.

Some good examples for public use are Frogger888@hotmail.com, blah_blah@excite.com, einstein2001@yahoo.com, and lcr22@telus.net. Some bad examples for public use are Canadian_female18@hotmail.com, Michael_McGuinness@telus.net, cutesexyxxxfun@singlegirl.com, and queenofvancouver@excite.com.

PROTECT YOUR COMPUTER:

Viruses:

Usually spread by email, viruses range in severity from simple program errors to irreparably crashing your harddrive. Every internet user should have virus scanning software which updates itself regularly, and as there are many free versions there is no excuse. The most popular virus scanners are Norton (www.symantec.com), McAfee (www.mcafee.com), and the excellent (and free) InnoculateIT from antivirus.cai.com.

Trojan Horses and Back Door Software:

These programs search vulnerable computers on the internet for open and unguarded ports: they then insert a worm or small program into your computer. This way, a hacker can use their software to operate your computer from a remote location, a real and very serious threat. Trojan Defense Suite 3 is available at tds.diamondcs.com.au: this software will protect or rescue your computer from Trojan Horse viruses. A comprehensive firewall does help, but with increasing complexity in hacker programming it may not be enough.

File Encryption:

When you send personal files to another user on the internet, a hacker can intercept this file transfer and get a copy of your secret document. File Encryption software scrambles your files, only to be unlocked at the "other end" by a user with the key to the code. This feature would protect your documents, photos, websites, and personal information as they are sent as attachments or stored on the internet. Excellent free file encryption software is available for download from Hush (www.hush.com) or PGP (www.pgp.com).

Firewalls:

Protect your computer from external users via the internet. Firewalls are essentially blockades that keep unwanted users from tapping into your computer. Probably the best free firewall available is ZoneAlarm, which you can download at www.zonealarm.com, but you may also wish to check out sites like www.firewallguide.com for more information on other software.

Untraditional Folder Names:

Programs such as Napster or Hotline allow other users to access your files for sharing, which means that other users get to "see" some of your files on your computer. If you use programs like Napster, place your shared folder in a generic and secure location. Because the entire file location is listed along with the file name, a directory like C:/My Documents/Tony/Music/ lets a remote user will then know your name, subdirectory structure, what music you like, etc. Better to play it safe and go for a generic location like C:/MP3/.

Check your computer's security with the free Shields Up! at www.grc.com.

RESOURCES: WHO TO CONTACT FOR HELP:

Although the traditional definition of fraud is an action taken for personal gain, usually monetary, internet users will commit fraud as part of the hacker mentality: just because they can. There is often no reason behind the crime, and often users are not acting out of a need for money or even an understanding that what they are doing is harmful. The internet affords us all a place of anonymity, and it is often easy to forget that you are dealing with a real person behind the username - both as a perpetrator and as a victim.

If you suspect fraudulent use of your identity online, or that someone has stolen your credit card or personal information for their own use:

- Contact your police department right away to report the abuse.

- Contact abuse@server.com where the abuse is taking place. For example, abuse@yahoo.com, abuse@angelfire.ocm, and abuse@ubc.ca.

- Contact your bank or credit card company to cancel your credit card immediately.

- DO NOT contact the person(s) you feel are responsible for the abuse directly.

- Take whatever steps you feel are necessary to ensure your personal safety (ie. Buy a call display unit, change your email address, unlist your telephone number, install a firewall or virus scanner if you don't have one already, withdraw from public fora online, etc).

The best weapons against online Identity Theft are prevention, awareness, and safe behaviour while online. You may wish to check out some of the following recommended links in order to contact appropriate agencies, familiarize yourself with the law, protect your personal computer or business information, and build a repertoire of safe habits and behaviour online.

Internet Fraud and Identity Theft Resources:

Better Business Bureau - www.bbbvan.org
Domain name tracing - www.checkdomain.com
E-Magazine on Internet Fraud - www.scambusters.org
FBI's Internet Fraud Complaint Center (US) - www.ifccfbi.gov
Federal Trade Commission Homepage - www.ftc.gov
On credit card hacking - www.mindrape.org/media/sunday-age.rewt2.txt
Online resource for fraud info - includes ID theft section - www.verifyfraud.com
Privacy Rights: an excellent resource, including info on online fraud- www.privacyrights.org
Subscription service for e-Commerce business owners - www.antifraud.com
The Internet Fraud Watch - www.fraud.org/internet/inset.htm

Internet Security Resources:

Computer Incident Advisory Centre: viruses, hoaxes, trojans, worms, etc… - www.ciac.org/ciac
Free file encryption software - www.hush.com or www.pgp.com
Information Systems Security Association - www.issa.org
Software to monitor your children's internet use - www.protectyourfamily.net
Symantec's info: virus threats and hoaxes, searchable database - www.symantec.com/avcenter
Test your computer's security - www.grc.com
Updates and news clips on security software and practices online - www.net-security.org
Web Browser info - netsecurity.about.com/compute/netsecurity/library/weekly/aa032100a.htm
World Wide Web Security FAQ - www.w3.org/Security/Faq/wwwsf7.html
ZoneAlarm: free personal firewall - www.zonealarm.com

Personal and Family Internet Safety Resources:

** Cyberangels: the largest internet safety program since 1995 - www.cyberangels.org
Canada's Bill C-6: Personal Information Protection And Electronic Documents Act -
www.parl.gc.ca/36/2/parlbus/chambus/house/bills/summaries/c6-e.htm
Federal Trade Commission: how to protect your kids online - www.ftc.gov/bcp/conline/pubs/online/kidsprivacy.htm
Internet browser for children - www.safexplorer.com or www.surfmonkey.com
Lycos' "guide to not getting suckered by evil online scum" - hotwired.lycos.com/webmonkey/guides/net/security.html
Lycos' internet safety page for kids - kids.infoplease.lycos.com/ipka/A0775382.html
Netiquette information - www.fau.edu/netiquette/net
Network Abuse resources and reporting - www.abuse.net
One-time use or credit limited credit cards - www.orbiscom.com (Visa or MC) and
www.americanexpress.com/privatepayments (AmEx)
The Privacy Foundation: news and resources - www.privacyfoundation.org/
Safekids: all kinds of safety/privacy resources for kids and parents online - www.safekids.com
Safesurf: rating system for websites - www.safesurf.com
Yahoo! Information and WebZone for families - family.yahoo.com

The following excellent books by Parry Aftab, founder of Cyberangels, are highly recommended:

The Parent's Guide to Protecting Your Children in Cyberspace (Mcgraw Hill, 2000)
Chapters' (www.chapters.ca) price is $20.95, and they can ship this paperback within 24 hours.

Parry's first book, A Parent's Guide to the Internet…And How to Protect Your Children in Cyberspace (1997) is almost entirely online at www.cyberangels.org/parentsguide/intro.html.

Although both these texts deal specifically with the subject of childrens' safety online, any reader will glean important information that can be used in all aspects of online safety and privacy, whether as a parent, a child, a business owner, an employee or a webmaster. Parry's easy-to-read and fun style helps her to explain the world of the internet in an interesting way, without sacrificing any detail on important subjects such as net predators, online forms and data collection/distribution, chat and newsgroups, scams, shopping and auction services, internet law and regulations, and the use of computers at school (or work).