Cyber Monday Sales Skyrocket – Now Watch Those Credit Card Statements

December 3, 2011

It has been a profitable week for retailers. According to comScore, online sales rose 22% to reach a new all-time single day high of $1.25 billion. A separate report by IBM’s Benchmark research firm, reported a 33% Cyber Monday increase, but didn’t provide an actual dollar value.

The volume of internet sales highlights the comfort consumers have with online shopping, whether that is via computer, or increasingly, through mobile transactions. Last year 2.3% of Cyber Monday shopping occurred via mobile phone, this year that has increased to 6.6%[i].

Yet in spite of the convenience online shopping offers, too few consumers have adequately protected their devices or their information, too few carefully research the stores and store policies on sites they use, and during this busy season many will fail to closely monitor their credit card statements for signs of fraud. And the crooks are counting on these gaps.

To be safer when shopping see the blog I posted last week titled 6 Steps to Avoiding Black Friday Scams, but after you’ve shopped, stay alert. Watch your credit card statements. Check your credit scores. And act swiftly if something seems amiss.

Take 8 immediate steps if you discover that you have been the victim of identity theft:

  1. Contact the fraud departments of any one of the three consumer reporting companies:
    1. TransUnion: 1-800-680-7289;; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
    2. Equifax: 1-800-525-6285;; P.O. Box 740241, Atlanta, GA 30374-0241
    3. Experian: 1-888-EXPERIAN (397-3742);; P.O. Box 9554, Allen, TX 75013
  2. Close any account that you know or believe has been taken over, or been opened by, ID thieves.  Your credit card companies have 24 hour call service where you can report the theft or abuse of your card. Check the statements of any other credit cards you have to see if the thieves have also compromised those cards.  Ask your credit card company to send you any dispute forms you may need to fill out.
  3. Check your credit report to look for credit cards or loans you did not open. By law you have the right to three free credit reports per year; from Experian, Transunion, and Equifax. If you have already used these free reports, pay the few bucks to get your credit scores checked again.All three credit bureaus work together through a website called so you can quest one, or all three reports at once in one of the following ways:
    1. Go to the Web site. Through this highly secure site, you can instantly see and print your credit report.
    2. Call toll-free: (877) 322-8228. You’ll go through a simple verification process over the phone after which they’ll mail the reports to you.
    3. Request by mail. If you live in certain states, fill out the request form and mail it to the Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. (Get more details.)
  4. File a complaint with the FTC. A typical police report doesn’t contain the details about fraudulently opened accounts or accounts used by ID thieves. By reporting the ID theft to the FTC and filling out an ID Theft Complaint, you can add the supporting detail to a police report that is necessary to making it an Identity Theft Report.
    1. What should I know before filling out the FTC’s ID Theft Complaint Form?
    2. Instructions for completing the ID Theft Complaint Form
    3. What should I know once I’ve filled out and printed the FTC’s ID Theft Complaint Form?
  5. File a report with your local police. Filing a police report helps document that the crime occurred. Call your local law enforcement office and ask if you can come in and file the report in person or if this needs to be done online or by phone. Some jurisdictions are reluctant to let you file a report, so you may have to contact your state Attorney General’s office to learn whether the law requires the police to take your ID theft report. To find the contact information for the Attorney General in your state you can check
  6. Notify your health insurance carrier. Identity theft can also be used to commit medical fraud where someone poses as you to have medicines, checkups, even surgeries performed in your name. By contacting your insurance provider, you alert them to take extra precautions and can help prevent receiving a bill for someone else’s medical expenses.
  7. Set up a fraud alert. There are two kinds of fraud alerts, an ‘initial fraud alert’ that stays on your credit report for 90 days, and an ‘extended fraud alert’ that stays on your credit report for 7 years.You can set up an initial fraud alert the moment you suspect trouble – you can’t find your wallet, or you think you have been or will be a victim of ID theft (for example, you receive a notice from a company or bank you use notifying you that their data center has been breached and your information may be compromised).  With this initial alert in place, potential creditors have to take additional precautions to be sure that new credit isn’t given to the ID thieves by verifying your identity.

    To set up an extended fraud alert you have to have been a victim of ID theft and be able to prove this by showing one of the credit scoring companies your Identity Theft Report (see step #4). When an extended fraud alert is in place, creditors are required to contact you or meet you in person to verify your identity before they can extend credit.

  8. Stay alert. Watch for additional signs of identity theft like:
    1. False information on your credit reports, including your Social Security number, address(es), name or employer’s name.
    2. Missing bills or other mail. If your bills don’t arrive, or come late, contact your creditors. A missing bill may indicate that an ID thief has hijacked your account and changed your billing address to help hide the crime.
    3. Getting new credit cards sent to you that you didn’t apply for.
    4. Having a credit approval denied or being subjected to high interest rates for no apparent reason.
    5. Receiving calls or notices about past due bills for products or services you didn’t buy.

Once your identity has been stolen, you should also consider subscribing to a service that will constantly monitor your credit and alert you if something changes. Even though you change your credit card number, you aren’t likely to have changed companies, or changed your name, your social security number, your address, etc., and it is a stupid criminal who throws away such valuable information. In all likelihood, you will remain more vulnerable to future attacks and should monitor and protect accordingly.




Most Users with Free Android Antivirus Scanners aren’t Protected

November 30, 2011

Many free AV apps exist for the Android market but new comparisons by AV-TEST, a globally recognized security institute out of Germany, uncovered sobering security failures when they took the AV products through their paces.

The products to come out best were for-pay services from “Kaspersky and F-Secure, which detected at least 50% of all malware samples already in inactive state.”

Among the free options “Zoner AntiVirus Free was best with 32% detected malicious apps. All other scanners detected at best 10% of the apps; some didn’t detect anything at all.” Commenting on the results AV-Test said, ‘the circulation of obviously near to useless security apps endangers those, who trust them.’

AV-TEST’s test results are shocking, particularly as the advice given by security experts is that all smartphone users need anti-malware software in place. Yet those who diligently installed one of these free programs, has an entirely false sense of security.

The program with the lion’s share of installations is Antivirus Free by Creative Apps who, along with GuardX Antivirus and LabMSF Antivirus beta, failed to identify any malware in either the manual or real-time on installation scan.

Not only should these ineffectual products be purged from the Android market, there should be a howl of protest from consumers insisting that apps claiming to protect consumers actually do so – and be required to show how well they protect in their descriptions.

Below are two tables from the research, click here to read the entire report.


Estonians Charged For $14 Million in Click Fraud – Is Your Computer Infected?

November 22, 2011

In a particularly advanced two prong click fraud scheme, 7 men are charged with infecting 4 million computers worldwide – 500,000 in the U.S. alone. Once infected, the criminals would redirect users search results to websites that would pay the criminals a referral fee, so the more searches they redirected, the more money they made. The second method used was to replace legitimate ads on websites with ads from companies that paid for referring clicks.

In a statement by Janice Fedarcyk, assistant director in charge of the FBI New York office, “They victimized legitimate Website operators and advertisers who missed out on income through click hijacking and ad replacement fraud.”

Hijacked sites included The Wall Street Journal and ESPN. An article in the New York Times included the following illustration of how ESPN ads were swapped; the page shown on the left has a legitimate Dr. Pepper ad, while the ad on the right is for a timeshare company that paid for clicks.

Called the biggest cybercriminal takedown in history, the FBI worked with international law enforcement agencies, security companies, and security experts for over two years to crack the case.

This malware that infected both the Windows and Mac operating systems did not target consumer information; it was designed to defraud advertisers and website companies, but in order to avoid detection by antivirus software the malware blocked antivirus updates. This means that infected users were (and are) vulnerable to other malware.

What this means to you:

Although the FBI has replaced the malicious servers involved, infected users remain infected with the DNSChanger malware, and any other malware that was able to crawl into computers while security software updates were blocked. If you’ve seen unlikely ads or suspect your machine may be infected, the FBI has created a website that will help you detect the malware and get rid of it.


6 Steps to Avoiding Black Friday Scams

November 21, 2011

The onslaught of holiday advertisements is in full swing, flooding mailboxes, inboxes, TV, websites, and mobile phones, and these ads will continue increasing until all last minute shopping has been done as retailers try to squeeze out every possible dollar in holiday revenue. And then there will be the after-holiday sales…

Chances are you will be among the 90% of consumers who say they expect to shop for gifts online this year, a 1% increase over last year. You might even be among the 15% who are expected to purchase gifts through a mobile device [i].  In fact, 60% of smartphone or tablet owners plan to use their device for a range of holiday shopping purposes this year, according to a new report by Prosper Mobile Insights.

This report indicates that among respondents saying they will use their mobile device for shopping this season, 60% expect to use their device as a “mobile mall,” with 56.7% primarily using their device to plan and research purchases, and one-third will use them to make at least 50% of their holiday purchases.

Whether you are shopping for others or for yourself, knowing how to get a great deal takes a lot more than just looking at the price tag.

Fortunately, learning 6 basic precautions will turn you into a savvy and much safer online shopper.

  1. Start with a secure internet environment. If your computer, tablet or cell phone isn’t protected from viruses and other malware your financial information and passwords will be stolen as you make purchases (as will everything else you store on your computer or do online). This concept is so basic, yet far less than half of the US population adequately protects their computers – and only 4% have security protection on their tablets or smartphones[ii].
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. If the cost of security software is prohibitive, at least use one of the free services available – just search on ‘best free antivirus’, and ‘best free mobile antivirus’ to see your options. If you don’t think you need mobile security software consider this; BullGuard security identified 2,500 different types of mobile malware in 2010[iii].
    2. Secure your internet connection. Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, search for ‘best free firewall’. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
  2. Identify trustworthy companies. You need to either know the company – or know their reputation.
    1. If you already know the store, shopping their online store is very safe. If there’s a problem you can always walk into the local store for help. If you already know the online store’s reputation you will also be very safe.
    2. If you don’t know the store, it may still be the best option; you just need to take a few more steps. Search online for reviews from other users to see what their experiences were with the company, and conduct a background check by looking at sites that review e-stores (for example, Epinions, BizRate, Better Business Bureau). If the store isn’t listed as a legitimate site by one of these sources, or the store has a lot of negative reviews, DON’T SHOP THERE. It’s that easy.
  3. Know how to avoid scams. The holiday season is primetime for email and web scammers because they know millions of people will be spending billions of dollars online. To give you a sense of just how much money changes hands, last December (2010), $32.6 Billion dollars were spent on internet shopping sites[iv].  The best way to avoid scams is simple. NEVER, ever, click on a link in an email or on website advertisement no matter how reputable the host website or email sender may be. The website ad or email may be a really good fake, or the website or email account may have been hijacked by spammers. Instead, use a search engine and find the deal or store yourself – if you can’t find the deal on the legitimate store’s site you know that ‘offer’ was a scam. Click here to learn more about identifying scams.
  4. Protect personal information. Many ecommerce and mobile commerce sites encourage you to create a user account, but unless you truly plan to shop there often you’ll be better off not doing so. If you do choose to create a profile, do not let the store keep your financial information on file. All you really need to purchase something should be your name, mailing address, and your payment information.
    1. If the merchant asks for more information – like your bank account, social security, or driver’s license numbers, NEVER provide these. Some reputable companies will ask additional questions about your interests, but these should always be optional and you should be cautious about providing responses.
    2. Keep in mind that the company may not have strong security measures in place. The lack of strong security precautions in many companies is a real concern. Huge companies like Sony have been hacked multiple times and consumer’s passwords, names and financial information has been stolen. And unfortunately, many smaller businesses have even fewer safeguards in place to protect your data – so give them as little as possible! To learn more about these risks, see Small Business Owners Suffer from False Sense of Cyber Security.
  5. Make payments safely using a credit card or well respected payment service. Credit card purchases limit your liability to no more than $50 of unauthorized charges if your financial information is stolen, and the money in your bank account is untouched. Most debit cards do not offer this protection – and even when they do, you’re the one out of funds in the meantime. However, you probably don’t have a credit card, so striking a deal with a parent or guardian to put the charges on their card – with you handing them the cash – may be a good option.  Or, you can use a payment service like PayPal that hides your financial information from the online store and can be set up to take money out of your bank account. Do not use checks, cashier’s checks, wire transfers, or money orders as these carry high risks for fraud.
  6. Do your research. Just because a store claims to have the lowest price, doesn’t mean they actually have the best deal.
    1. Comparing the advertised price of an item doesn’t give you the full picture. You have to look at the final price – that includes any shipping, handling or taxes to see which deal may be really be the better bargain.  Some companies show lower prices, but make up the discount by charging high shipping fees.
    2. Check the company’s return policy. Some companies charge fairly steep return fees for shipping and restocking, so if you think the item may be returned factor this into the price as well.
    3. Look for online coupons or discounts. Lots of stores offer special deals if you just take the time to look for them. Typing the store’s name and ‘coupon’ is usually all it takes to discover whether extra discounts may apply.  
    4. No matter how great the ‘deal’ if you can’t afford it or it’s over your budget, it isn’t a deal. Learning financial responsibility now will set you up for financial security for the rest of your lives. And in spite of all the glittery ads, many of the best gifts don’t cost money.


Happy shopping!


47% of Consumers Are Underprotected when Banking Online

August 28, 2011

Consumers typically belong to one of three types of online banking behavior; and age plays a strong role in which type you belong to according to new research by McAfee that has been packaged up as a handy educational guide. Here’s how they break down the three types, and an overview of the advice McAfee gives to each group:

  1. “Competent But A Little Careless”: Ages 18-24This group is the most comfortable with technology but they tend to be overconfident, sometimes forgetting to put basic security practices into place.

    Advice: Smarten up; your confidence is not well placed. This group spends an average of 32 hours a week online, and because of their comfort level with technology, they confidently use new technologies – 44% prefer online banking. Yet 68% of users in this age bracket don’t even have a basic anti-virus program installed, and 41% have never heard of malicious software. Only 30% say they are actively protecting themselves. While this group is comfortable doing things online, they’re doing it without protection and are highly vulnerable to attack.

  2. “Confident But Casual”: Ages 25-45This group uses the Internet for both work and personal reasons and are the most frequent online banking users. However, they are sometimes casual about security.

    Advice: If you’re casual about security, you’re compromised. This group uses the internet heavily for work, entertainment, to make purchases…and to bank online. Those ages 31-44 do more online banking than any other demographic group, and they are more likely to get their financial information online. While this group is 5% more likely to use antivirus software than their younger counterparts, a 47% antivirus adoption rate is still shockingly poor. Unfortunately, this group’s faith in their security skills is likely to be a stumbling block as the majority believe they are doing enough to stay safe, with only 35% saying they needed more information.

  3. “Conservative But Cautious”: Over 45 years old This group is not as familiar as younger generations with technology, and a smaller portion use online banking. They tend to be more cautious when going online, and are in fact better protected than the other groups because research shows a higher percentage have security software.

    Advice: Though you are the best protected group, you need more security.  This group has a mixed track record in technology adoption as they don’t have as many connected devices, are less tech-savvy and spend less time online, but they are the group that spends the most on everything from their telecom fees to PC purchases. Younger boomers bank online, but those over 55 are far less likely to do so.  Fortunately though this group is the best protected by security software, it is also the group that knows they need more security information.

To learn the specific steps each target group should take, check out the full Online Banking Safety Guide, Graphics and Video on the McAfee blog.


Evolution of Parent’s Awareness of Internet Risks Infographic

June 26, 2011

A fun new infographic by McAfee titled What Do Pirates, Coffee Pots, and Smiley Faces Have to Do with Kids Online? provides a great overview of how far the internet has come in 40 years, and how each step has brought tremendous new potential along with a few real risks.  The biggest takeaway should be the question of how, knowing what we do, do we incorporate and evolve technologies in a way that integrates consumer safety, privacy, security, and education into the development process.

For all the quantum leaps forward in enabling technology, we have largely failed to stay apace in defending that same technology. The race to be first with cool features meant deprioritizing building safer tools. To show this tradeoff, look at this illustration showing Quality, Time, and Features:

  1. You can cut quality to put in more features faster.
  2. You can improve quality by either taking more time or adding fewer features.
  3. What you can’t do is go faster with more features of high quality.

Given these constraints, and knowing that consumers rant about safety but go with whichever company delivers the cool new features first, it is quality that suffers. Companies skip safety, security & privacy reviews, they cut the safety, security & privacy features, they fail to have employees dedicated to designing and testing for safety, security and privacy, and they shortchange the UI and other education that could have help overcome some of their safety gaps. Then, because support staff is expensive, they cut quality consumer support as well.

Add to this that for the most part we still have feature development in one part of a company, and ‘safety’ in another (often safety, security and privacy are three separate groups just to make matters worse). So the development teams create cool features in a relative vacuum where features and speed always win; and then once the feature is released and the furor starts the safety/security/privacy team’s jump in to push requirements to the development team attempting to retroactively solve/minimize/or create a great PR pitch that doesn’t do anything to actually resolve the problems.

Now, compound this with an understanding that the development teams have already moved on to building the next set of cool features they’re trying to bring to market faster (by cutting quality), and they don’t want to be hampered by security safety and privacy requirements that would make them go back and try to add a sloppy patches to their previous features (the solutions have to be patches because it wasn’t designed to work that way up front, and they’re sloppy because they don’t want to spend time on it) and the result is:

Programs and Services that are easily hacked and data stolen. (Oops, we cut test time for security issues, and those we found we either postponed or decided not to fix.) Policies for acceptable use that aren’t enforced. (Oops, that would have required building abuse tracking, reporting, and moderation tools, but in the need-for-speed those were cut). Safety, security, and privacy functions that are slapped together, building on the previous tier of slapped together functions because no one took time to design for these in the first place. And so on.

Research repeatedly highlights the need for consumers and businesses to trust the internet in order to sustain the continued growth of the internet economy, but that message largely falls on deaf ears.  Why? It’s not because big businesses don’t understand the need for consumer trust and confidence, it’s that these are long-term needs for an enormous industry, and they’re delivering right-now technologies for their own company’s competitive advantage. It’s called passing the buck to earn a buck. Grabbing market share before the confidence collapse requires all companies to take a safety, security and privacy investment. It’s a very poor way to do business, and it’s a very poor way to treat consumers.

This infographic does a good job of showing how one aspect of consumer trust in the internet – that of parents – is eroding.

It’s Internet Safety Month; what are companies going to do to turn this around? What will the meter on this infographic show next year?


Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware

June 7, 2011

With all the news about Mac malware making Apple devices more vulnerable, Microsoft has announced that Windows is getting safer – particularly if you’re using Windows 7.

There are some pretty interesting discoveries in Microsoft’s most recent Security Intelligence Report covering the second half of 2010, and it’s worth the full read if you’re at all technically inclined.  Here are a few points I found particularly interesting:

  1. It really pays to upgrade your Windows OS to increase your security. A Windows 7 64-bit system (their most recently released Windows client) has the lowest infection rates at 2.5 infections per thousand computers.
    In comparison:
    1. Windows 7 32-bit systems have infection rates of 3.8 per thousand computers.
    2. Windows Vista SP2 32-bit PCs have a rate of 7.5 infections per thousand computers.
    3. Windows XP SP3 32-bit machines have an infection rate of 15.9 for every thousand computers.
  2. Malware infections are a global scourge – but not all parts of the globe are equally plagued.  The US, Mexico and Central and South America, France, Spain, Parts of the Arab world and Russia are hardest hit. This map paints a clear picture of the problem areas.
  3. The prevalence of various types of malware threats changes based on country factors.  For example, the U.S., England and Russia have significant issues with Miscellaneous Trojans, but are less likely than other countries to struggle with password stealers and backdoors.
  4. Though most phish scams target financial sites, it’s the phishes through social networks that get most of the impressions – an impression is measured as a single instance of a user attempting to visit a known phishing site with Internet Explorer. Phishing impressions that targeted social networks increased from a just 8.3% of all impressions in January to a whopping 84.5% of impressions in December. This trend was especially stark in the last four months of the year.Also note the increased focus on targeting gaming sites early in the year, the report suggests that with the tremendous success of phishing via social networks, the focus on gaming declined, but they expect to see this increase again when social networkers become more savvy to the attacks and new methods of delivery need to be found.

  5. Adding to our understanding of the phishing threats covered in MSFT’s security report is an article on the IEBlog that talks about how the company’s SmartScreen technology in IE9 is helping to block social engineering attacks.  The following are excerpts from the blog:

For context, recent studies show that despite the headlines that exploits of software vulnerabilities get, people browsing the Web are more likely to face a socially engineered attack. Recent articles have compared different approaches to protecting people. Application Reputation is a natural extension of the current protections introduced in IE7 & IE8 that block phishing sites and sites that distribute malicious programs.

…User-downloaded malware is a huge problem and getting bigger.

…IE blocks between 2 and 5 million attacks a day for IE8 and IE9 customers. Since the release of IE8, SmartScreen has blocked more than 1.5 billion attempted malware attacks. From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware.

These reports paint a very sobering picture on the state of internet security, but there are clear steps you can take today to decrease your chances of malware infections – not matter which operating system, browser, or device type you are using.

Here’s a 12 point checklist to get you started on the road to Internet security and safety. If you want more detail, look to for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.

    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  3. Review the privacy terms and settings. This needs to be done for every social site you use. Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
  4. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here
  5. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  6. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  7. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  8. Periodically review your internet contacts, and online activities.   Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
  9. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax.
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  10. Block people you don’t want to interact with.   You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone.  YOU get to choose who, how, and when you are contacted.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. If you are exploited, it is not your fault.   Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal.  You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.

For even more information and help, check out these two blogs: