Monitoring your credit report

One of the best things you can do to protect your identity is to check your credit report regularly. Credit reports contain information about you, including what accounts you have and how you pay your bills. The law requires each of the major nationwide consumer reporting agencies to provide you with a free copy of your credit report, at your request, once every 12 months. If an identity thief is opening credit accounts in your name, these accounts are likely to show up on your credit report.

You can order a copy of your credit report from the 3 major credit bureaus:

Equifax or call 800-685-1111

Experian or call 888-397-3742

TransUnion or call 877-322-8228

Once you get your reports, review them carefully. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain. Check that information such as your Social Security number, address(es), name or initials, and employers are correct. If you find fraudulent or inaccurate information, get it removed.

You have rights under the Fair Credit Reporting Act. For more information about this, visit the FTC website.

See Correcting Fraudulent Information in Credit Reports to learn how to correct information that appears on your credit report.

Continue to check your credit reports periodically, especially for the first year after you discover the identity theft, to make sure no new fraudulent activity has occurred.

Resources:

Identity Theft Resource Center

Privacy Rights Clearinghouse

Your password allows access to banking information, account numbers, personal information, and more. If you have a lot of different sites or programs that are password-protected, you probably use the same password over and over to make it easier to remember; you may use personal information such as your pet's name or your child's birthday. Unfortunately, this also makes it easier for someone else to discover your password.

A safe password is one that's difficult for a potential hacker to guess, but easy enough for you to remember. What makes a password difficult to guess?

A good password:

• is long - at least 8 characters. Longer is safer.
• doesn't include personal information
• doesn't use real words - there are hacker tools that can try every word in the dictionary to crack your password
• mixes upper- and lower-case characters and uses numbers and/or punctuation marks
• is changed every 30-60 days and is not re-used for at least a year

Tools: Random password generators will create secure passwords for you. A few to try:

PC Tools Secure Password Generator

Random Password Generator

bytes Interactive Password Generator

So, if you can't use real words or names, you can't re-use passwords, and you're supposed to have a different password for every account, how on earth can you possibly remember them all? DON'T leave your password on a sticky note near your computer, or keep a list of all your passwords in your wallet!

Keep your passwords secure with a utility such as Password Safe or RoboForm. There are several free or low-cost utilities that you can use to keep track of your passwords.

You wouldn't give a complete stranger the key to your front door or your bank account numbers. When you open an e-mail message or attachment from an unknown source, you're potentially opening your electronic door to strangers. Even opening an e-mail can sometimes be enough to allow malware, spyware, and other unwanted programs onto your computer.

If an e-mail or attachment looks even remotely suspicious, delete it without opening it. If it's from a friend, co-worker, or someone else that you already know, call or e-mail that person to ask about the message; if it turns out to be a legitimate message, have them re-send it.

If you use the Auto-Preview function in your e-mail, turn it off. If you use Microsoft Outlook, select View > AutoPreview to toggle the feature on or off.

Shopping, banking, and paying bills online is a convenient option for many people. To make sure that this is a safe option as well, you should check out any merchant or vendor that you deal with online.

It's easy to impersonate a legitimate business online - take the following precautions to make sure you're dealing with a reputable business:

• Online merchants should list a physical address and have a phone number where they can be contacted
• All confidential transactions should be conducted securely. A secure connection begins with "https:" or has a picture of a lock on the brower's status bar. For more information about how to recognize fake websites, see #5 (phishing, pharming, and other scams).
• Familiarize yourself with the company's return and refund policies before you buy.
• Pay with a credit card, which limits your liability for unauthorized purchases.
• Look for online reviews for an unfamiliar company. What kind of experiences have other shoppers had?
• Print of copy of your receipt for your records.

Resources:

The Federal Trade Commission

Microsoft Corporation's How to shop online more safely website

A firewall is a hardware device or software package that filters the information that comes into your computer or network. Just like a physical firewall prevents a fire from spreading between areas, a computer firewall put a barrier between your computer and the outside world to make sure that people can't access your computer from the outside.

You can set rules to determine which information the firewall lets in. A firewall won't protect your computer from every kind of threat; viruses, spam, and other kinds of messages can get through a firewall. However, keeping your firewall up-to-date adds another layer of protection to your computer system.

A virus is a computer program that runs itself on your computer; it is also the general term used for all kinds of "malware" - that is, "malicious" + "software", or any program that is installed and run on your computer without your consent. Like the other kind of virus, computer viruses are spread when an infected computer comes into contact with other computers, such as on a network, over the Internet, or by sharing files or other information.

Anti-virus programs delete or quarantine certain kinds of programs to keep them from running. Just like with firewalls, it's important to keep your anti-virus software up-to-date to make sure that your computer is protected from the latest threats.

There are a lot of anti-virus software programs available. Some of the most commonly used programs are sold by McAfee and Norton. One list of anti-virus software can be found in the Wikipedia entry for antivirus software.

There are also a lot of different kinds of internet browsers available; Microsoft Internet Explorer, Mozilla, and Firefox are just a few. Whatever browser you use, be sure to check the manufacturer's website regularly for updates. These updates or "patches" will help protect your computer against the latest threats.

For more information on firewalls and antivirus software, visit OnGuard Online or Stay Safe Online.

Phishing is a scam where the perpetrator sends out legitimate-looking emails appearing to come from some of the Web's biggest sites, including eBay, Paypal, BestBuy, your bank, the IRS, etc., in an effort to phish for personal and financial information from the recipient (you). (Source: searchsecurity.com)

Very similar to phishing, pharming is another way hackers try to steal your personal information. When you type in or click on the fraudulent web address you are redirected to a clever and convincing website that looks like the real deal. At some point you are asked for your information, which you type into the criminal's database.

How can you identify a fake site? One great way to learn how to spot a fake site is the "Anti-Phishing Phil" game developed by Carnegie Mellon University's Software Engineering Institute.

For more information on e-mail safety, visit the following:
Helen Triantafillou's "Helen's Images" website

IT Security Resource Center's 99 Tips to Make You More Secure and Productive

The College of New Jersey's Email Security Tips page

Backing up your data helps ensure that you don't lose your information in the event of a virus attack, hard drive crash, natural disaster, or other unforeseen disaster. While nobody wants to think that something like this could happen to them - you'll be glad you took precautions, if it does. Don't risk losing irreplaceable data such as photos, or a term paper that your child has spent hours working on.

There are several methods to choose from:

• backing up to a CD or DVD
• backing up to a thumb drive
• online backup

For a review of the pros and cons of each method, see
Free-Backup.info.

Once you decide on a backup method, commit to backing up on a regular basis - daily, weekly, or whatever fits your needs. If you don't use your computer very often, backing up your data less often is fine.

Label your backups, and try to use the same format so that you can keep multiple backups organized. It's a good idea to store the backups separately from your computer, such as in a fireproof safe (locked, of course), a safe deposit box, locked in your desk at work, or at a trusted relative's house. Storing your backups in a different physical location may not be as convenient as putting a CD in your home desk drawer, but it also helps ensure that you will have access to your backups in the event of a physical disaster.

File extensions tell you what kind of file you're opening; for example, ".doc" for a document, ".jpg" for a graphic image, or ".exe" for a program. Some kinds of viruses and malware look like a harmless file type, but are really programs.

How can you tell the difference? Keep your file extension view turned on and you will always be able to tell what kind of file you are looking at.

1. From the Start button in the bottom left hand corner of your screen, select My Computer > Control Panel
2. From the Tools menu at the top of the page, select Folder Options
3. In the Folder Options dialog box, click the View tab
4. Uncheck the box next to "Hide extensions for known file types" and click OK.

From the Microsoft website: "In Windows XP, a user account is a collection of information that tells Windows what files and folders you can access, what changes you can make to the computer, and your personal preferences, such as your desktop background and color theme.

User accounts make it so that you can share a computer with several people, but still have your own files and settings. Each person accesses their user account with a user name and password." (source: Microsoft)

Every user who logs in to your computer should have their own account. This is an easy way to prevent unwanted programs and malware from being able to run on your machine.

To set up a user account, do the following:

1. From the Start button in the bottom left hand corner of your screen, select My Computer > Control Panel
2. Click the icon labeled User Account
3. Click Create a new account
4. Type a name for the new account and click Next
5. On the Pick an account type dialog box, select Limited
6. Click the Create Account button

To change the level of access for an existing user account, do the following:

1. From the Start button in the bottom left hand corner of your screen, select My Computer > Control Panel
2. On the Control Panel, click the icon labeled User Accounts
3. From the User Accounts dialog box, click the Add button
4. From the Group Membership tab, click on the level of access that's most appropriate for a particular user
   • As a general rule, only you should have Administrator rights for the computer. It's usually OK to assign everyone else to the Standard user group.

When you leave your computer on and your Internet access open, you're giving potential hackers more opportunities to break into your computer. Always remember to turn off your Internet connection when you're not using it, and turn your computer off in between uses.

Deleting a file doesn't actually remove it from the computer - it only makes it harder to find. Before you throw away or donate a computer, be certain that ALL your information is completely removed.

There are several free or low-cost programs available:

Wipe Drive 5 by White Canyon Software

Darik's Boot and Nuke (DBAN)

Shredit X by Mireth Technology (specifically for the Mac)

DisposeSecure Enterprise Edition by East Technologies

For an excellent explanation of e-waste and the surrounding issues, see the Wikipedia entry on this topic.

The Information Security MiRSA gratefully acknowledges Tom Stroup at Valaset Services for contributing this information.