How to Protect Yourself: Online Security

Source: The Florida Attorney General's Office

While there is no guaranteed way for consumers to guard against a data breaches and hackers, there are steps they can take to lessen the odds of becoming a victim.

Create strong passwords.

A strong password is an important key to protecting against opportunistic hackers using brute force attacks, in which a computer attempts every possible password until it finds the correct one. Consider the following tips when creating passwords:

• Always change the default password on any account or electronic device.
• Never use “password,” “letmein,” “qwerty,” “12345” or similar easy-to-guess phrases.
• Never use the name of a partner, child or pet; notable dates such as birthdays and anniversaries; or a favorite sports team or school mascot.
• Use a mixture of upper- and lower-case letters, numbers and special characters. Do not use words found in a dictionary without modifying them with numbers and special characters.
• Ensure all passwords are at least eight characters in length.
• Never use the same password across multiple websites.

Use strong security questions.

Security questions are often used to reset accounts if the user cannot remember his or her password or must verify the account. Consumers should consider the following tips when choosing a security question for your account:

• If presented with a series of possible questions to choose from, pick the one that would be most difficult for someone to guess the answer.
• Avoid picking answers that are public records, can be easily found online or known to friends and family.
• Answer in complete sentences when possible. For instance if the security question asks for the user’s hometown, the answer could be written as, “I was born in Tallahassee, Florida.”
• Modify an answer by using numbers and special characters whenever possible. So the user may enter his or her hometown as “T@llaha$$33.”

Limit the number of companies that possess your personal information.

The chance that your personal information could be gained in a data breach increases with the number of firms that have access to your information. Consider the following tips before providing personal information:

• Before signing up with a service, weigh the benefits of the service against the amount of personal information that is requested.
• When signing up with a particular service, provide only the information that is absolutely necessary. The more personal information a firm has access to, the more information there is that would be lost if that firm experiences a data breach.
• Always read privacy statements to determine how personal information will be used and whether it will be sold to third parties.
• Before sharing personal information such as a Social Security number at the workplace, a business, a school or a doctor’s office, consumers should ask why it is needed, how it will be secured and the consequences if not provided.

Don’t take the bait from a phishing scam.

“Phishing” is a form of social engineering used to directly gain access to a victim’s account or computer. Attackers often use email to pose as a friend, coworker or a business with whom the victim deals to trick the victim into entering his or her login information or downloading an attachment that is actually malware allowing the attacker access to the victim’s PC. Examples include emails from your bank, Internet service provider or online payment service that require that you “update” or “verify” your account details. The emails provide links that direct victims to a webpage designed to look just like the legitimate business’ website, further convincing the victim that they are responding to a real request to update their account. The victim then unknowingly submits their account information to scammers who will use it to commit credit card fraud or identity theft.

Never click on an emailed link from a financial institution.

Your bank or a financial institution, such as your credit card account holder or Paypal, will never email you asking to click a link to verify your information or change your password. To access your financial accounts online, you should simply create a bookmark in your web browser. When you receive an email from your financial institution, manually enter the web address into your browser’s address bar.

Look for the lock.

Ensure that you are using a secure connection online by looking for the lock. If you are browsing on a secure connection, you will see a locked padlock in the address bar of your web browser. You may also notice that rather than “http” at the beginning of the web address, you’ll see “https” instead, indicating the connection is secured and encrypted.

Recover from a data breach or identity theft.

If you suspect your identity has been stolen, take the following steps immediately:

Contact the police. File a report with law enforcement. Under Florida Statute Section 817.568(18), consumers may file a report in the location where the theft occurred or in the city or county in which they reside. When filing, consumers should provide as much documentation as possible, including copies of debt collection letters, statements showing fraudulent charges, credit reports or any other evidence they may have. Request a copy of the police report; creditors and credit reporting agencies may request to see it before removing the debts created by the identity theft from their records.

Report the incident to the fraud department of the three major credit bureaus. Consumers should contact the credit bureaus to place fraud alerts on their credit report. Consumers should also order copies of their credit reports to determine whether there are additional fraudulent accounts listed in their names. Contact information for the three major credit bureaus is as follows:

Contact the fraud department of each creditor. Consumers should gather the contact information for each of their credit accounts (credit cards, retail credit accounts, utilities, cable and Internet providers, etc.) and call the fraud department for each. Report the incident to each creditor, even if the account at that institution has not been affected. Consumers should close accounts that they believe have been compromised. Request the creditors place an alert on any accounts that remain open.

Fill out a Federal Trade Commission (FTC) Identity Theft Affidavit. The FTC provides a standardized Identity Theft Affidavit at www.identitytheft.gov. It is important to complete this form as some creditors will not begin an investigation or remove fraudulent activity from their records until they receive it. Check with each creditor to determine if it accepts this form; if not, request a copy the creditor’s fraud dispute form.

Contact banks or financial institutions. If consumers suspect their financial accounts have been compromised, they should close their checking and savings accounts. They should also ask that their banks issue not only new debit card numbers, but also new account numbers.

You may also file a complaint with the Florida Department of Agriculture and Consumer Services, which acts as the State's consumer complaint clearinghouse, at www.floridaconsumerhelp.com.