Safety Net

z_CoverIdeaInside_2If you have a credit card, chances are you could one day get a notice that your information may have been stolen, and your bank will issue you a new card. If you have an email address, it’s likely you’ll occasionally receive a “phishing” message that looks as though it’s coming from a familiar store or merchant asking you to verify information.

As the recent Target breach shows, even people who rarely use computers can find themselves victimized by identity thieves. The good news, however, is that while it’s impossible to control how our information is stored and safeguarded by retailers, credit card companies, banks and the like, it’s possible to head off any problems by taking some precautions.

Debit or credit? Choose credit and monitor your accounts.
If you’re not using cash, use a credit card rather than a debit card, which connects directly into a bank account, says Bloomsburg Professor Mike Shapeero, who teaches accounting and fraud examination.

“There is no advantage to using a debit card,” Shapeero says. “I had a student here two years ago who was in the process of buying a house and had about $4,000 in her bank account. Someone stole her debit card and PIN and was in the process of transferring $3,000 from her account. Fortunately, she was able to get someone at the bank to stop the transfer before it went through.

“I understand that people use debit cards because they don’t want to overspend, but once that money is gone from the account, it’s gone.”

Under the Fair Credit Billing Act, if the credit card holder alerts the bank when a questionable charge is spotted, the card holder is liable for only $50 – and most banks will even waive that, Shapeero says.

Shapeero advises to regularly check credit card accounts online – not to wait until the end of the month – and to be on the lookout for small charges that you don’t remember making.

“Maybe it’ll be a charge for something like $9.84 and many people will say, ‘Maybe I spent it on Starbucks or something,’ ” he says. “Ten dollars may raise a flag, but there’s something in the human psyche that when there’s details and specifics, people tend to accept those numbers.”

Using the recent Target breach as an example, Shapeero says it’s not uncommon for identity thieves to sit on information for months before using it. Small charges spread over hundreds or thousands of cards can quickly add up to big money.

Vary your passwords and don’t make them too easy.
z_SkyFalling“There are a lot of common passwords people use, even something like ‘abc123’ or dictionary words,” says Joshua Shoemaker ’11, who works for Verizon RISK, where he investigates data breaches for the company’s clients.

Shoemaker says a quick Google search of common passwords will show hundreds to avoid. “You should also use different passwords – if you’re using the same passwords for everything and someone compromises one account it’s easy for them to access all your accounts,” Shoemaker says. It’s an especially bad idea to use the same password for your email address and a bank account where you’ve registered the address.

Shapeero says he uses four different passwords ranging from fairly simple to complex for his online and bank accounts. He also recommends adding a cell phone number to accounts, since many banks will send a text alert if there is a change in an account’s status.

That smartphone is a computer – so treat it like one.
Virtually every bank has an app allowing people to check balances easily and to make other account adjustments using smartphones; all the free Wi-Fi means you don’t even have to worry about running up charges on your data plan.

Mistake. Unless you’re running antivirus software on your phone and using a system that routes your information through an encrypted server, or a VPN (Virtual Private Network), it’s better to stay off public Wi-Fi for anything sensitive.

“People know that computers need antivirus software. But phones? The average person has no idea,” says Bloomsburg Professor Scott Inch, who helped to create the university’s nationally known digital forensics program. “People are forgetting that a phone at this point is a computer on the network.”

Inch says he uses a free app called Lookout Mobile Security and warns that viruses targeting smartphone systems, such as Android phones, are on the rise.

Shoemaker says he uses a VPN on his computers and generally avoids public Wi-Fi, since there’s no way to be sure that someone isn’t using readily available software to monitor the connection. Though most banking apps have their own encryption, Shoemaker does not recommend logging on through a public network.

Inch says companies that allow employees to use their own mobile devices at work also need to be careful, since a computer virus can easily go from a smartphone to a firm’s network via its Wi-Fi connection.

And though it’s still more common to see attacks on computers, Inch believes phone security will be a growing problem. “It’s not on anybody’s radar,” Inch says. “However, I think phones are the most vulnerable at this point.”

Be cautious with emails and snail mail.
So, what do you do with those credit card offers you receive in the mail? How about the cash advance checks that credit card companies sometimes send? If you’re tossing offers in the trash, you could be opening yourself up to identity thieves, Shapeero warns.

“People are careless with what they throw away,” he says. “My local bank used to mail blank cash advance checks to me. All someone would have to do is fill out the check and the bank would apply it to my credit card.”

In addition to shredding financial information, Shapeero recommends calling the credit reporting bureaus to opt out of information sharing. Since he made the request, Shapeero says he gets only one or two pre-approved credit card offers a year.

When it comes to emails, sometimes it’s easy to spot phony offers, which frequently come from overseas and are written by people clearly unfamiliar with the English language.

But sometimes an email can be a perfect forgery of a real site, says Sam Josuweit, Bloomsburg University’s manager of network services. Just how troublesome are phony emails? Josuweit says 78 percent of all the emails coming into the university’s computer servers are rejected as either spam or phishing attempts.

Even with a good forgery there are telltale clues, he says. If the email has a link to another site, does the domain name match the company’s name? Is the email asking you to provide passwords or other private information?

“When you look at an email, you have to think: Would you believe this if you got it on paper? Or if someone called and said, ‘Hey, can you give me your password or what about your bank account number?’ ” Josuweit says. “A lot of people are conditioned to protect themselves over the phone or in the mail, but for some reason they drop that protection with email and they really shouldn’t.”

Michael Schearer ’97, a computer security and network analyst for Booz Allen Hamilton, also cautions against opening any attachments that come with unfamiliar email. Usually just opening an email won’t cause a problem, but clicking on an attachment may upload malware into your computer.

Using caution with unfamiliar emails is Schearer’s No. 1 piece of advice for staying safe on the Internet. “If you have questions about what you’re clicking on, then maybe you shouldn’t do it.” •

Jack Sherzer is a professional writer and principal partner with Message Prose, a communications and public relations firm in Harrisburg.

Similar posts
  • Backstage Pass: Have Bass, Will Trave... Tom Beaupre measures time in tours, rather than years. Beaupre has been the bass player for Florida Georgia Line’s touring band for the past five years. You can almost see him mentally converting tours to years when asked about the number of shows he’s played with the country duo. “We did 256 shows in 2013. [...]
  • Nickel Rides by Jerry Wemple I. Back in the days when your grandfather’s father, maybe his father, was a young man down at the shore amusement piers or the scruffy city lots over near the wrong side of town, they used to call them nickel rides. Steel boxes jacking up and down, bucking around, make your back feel like it [...]
  • At the Heart of Charm City When Yvonne Wenger ’02 landed her dream job as a reporter with The Baltimore Sun, she couldn’t know she would be at the center of an event that would challenge the nation’s [...]
  • Champion for Student Success Thirty-eight years ago, Irvin Wright fell in love with BU’s Act 101 program. As he retires, he leaves a legacy of students and alumni who say he changed their lives. [...]
  • Connecting in Cameroon More than 23 million people live in the Central African Republic of Cameroon. Only one is recognized as a digital forensics expert. In Cameroon, cybercrime is common, but few judges, police officers or lawyers understand the inner workings of today’s technology and the potential evidence devices contain, says Scott Inch ’86, professor of mathematics, computer science and statistics. Cases have been thrown out of [...]

President’s Blog

Dr. David Soltz shares his thoughts.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.