With the click of a button on our computers, tablets or phones, we can deposit checks, submit tax returns, lock our homes, start our cars and control our thermostats. But convenience may come at a price. Approximately 1 in 5 adult Americans has had personal information stolen or an account compromised because of their online activities.
Below are three of the most common online risks to your identity.
Email phishing
Phishing is when criminals pretend to be a legitimate business or organization in order to get personal information from you. The spam folder in your email inbox probably has a few of these phishing emails in there right now. For some emails, you can look at the "From" or "Subject" line and know fairly easily that it's a scam. Misspelling, lots of emojis (those little images that people use to express an idea or emotion), unfamiliar senders — these are all major red flags.
For other emails, it's a little harder to spot that they are spam. Some will be disguised as messages from your banks, credit card companies, government agencies like the IRS or websites like Amazon or Paypal®. They will tell you that they need to verify your account information or have an "urgent" message that your account has been compromised. Generally these emails will send you to a website and ask you to enter personal information there.
Most legitimate organizations do not request you to verify personal information via email. A good rule of thumb is to avoid clicking on links in emails unless you are confident it is safe. If you receive an email that you aren't sure about, go to the website (by entering the address into your browser, not by using the link in the email) or call customer service.
Some phishing emails will include attachments that contain viruses. These could be from strangers but they could also be from friends and family members who have had their own accounts hacked. If you get an email from someone you trust with an attachment and you didn't request the information, give them a call or text before opening it. Being a little suspicious won't hurt – and it could even help your friends if their accounts were hacked without them knowing!
Online shopping
Cybercriminals have gotten very skilled at creating sites that look just like popular websites. They also know how to reroute you so that when you enter in a legitimate web address, it will send you to that fake site (that still looks just like the real one) so that any information you enter in is now theirs.
Another common online shopping scam: online stores completely run by cybercriminals. Let's say that you are online searching for a deal on the toy everyone — including your kid — wants for Christmas this year. You find a site via Google® that is selling this toy for 30 percent cheaper than Amazon®. It seems too good to be true! And it is: That site is a front for criminals to obtain your credit or debit card information.
Before you ever enter personal or financial information on any website, always check for the little padlock symbol next to the address or that the address begins with "https" instead of just "http." If these things aren't present, the site definitely is not secure.
Also, make your purchases with credit cards, not your debit cards. If criminals have access to your debit cards, they can wipe out your entire bank account pretty quickly. Also, under the federal government, you are only liable for unauthorized credit card charges up to $50. For debit cards, the amount you're responsible for is greater if you take more than 2 days to report the loss or theft.
Social media
Your Facebook®, Twitter® and other social media accounts might not seem like places where criminals could access information to steal your identity, but don't underestimate the importance of the personal information you share on those sites. For example, 93 percent of respondents to a recent Identity Theft Resource Center survey indicated that their full name can be found on their Facebook profile, and 60 percent of respondents put their birthdate and hometown on their profile. You might think, what's the big deal if someone has this information? That information seems too simple to do anything with!
These pieces of information may be simple, but they are also essential to almost any financial, medical or insurance account. Think about how often you have to enter your full name and verify your birthdate to log into an account. If a criminal has these pieces, they have the foundation for some serious identity theft.
Location is another important piece of information that people offer up freely on social media without realizing the damage it could cause to their identity. If you check yourself in to various places on Facebook or post a photo on Instagram® that is geotagged (includes information about the precise location of where the photo was taken), you are giving criminals a glimpse into your whereabouts and your activity patterns (not to mention advertising when you aren't at home, which makes break-ins and property theft easier). Knowing where you eat, work and travel gives criminals a pretty complete picture of you so that when they do steal your identity, it is easier for them to mimic your activities.
Privacy settings are key when it comes to protecting your identity on social media, but also use common sense about what you really "need" to share. Consider listing only the day and month of your birthday, not the year, and avoid sharing your phone number, address or even city location.
