In a marketing stunt intended to highlight sloppy security habits, a computer-security firm recently offered “survey takers” a $3 food coupon in exchange for their computer passwords.
The results were shocking: in the experiment, conducted in tech-savvy San Francisco, two-thirds of the 272 people approached provided their passwords. Granted, some respondents may have given out bogus passwords. But in an effort to minimize that problem, answers were disregarded if respondents blatantly said they would give a phony answer.
There’s even worse news, too: of those who refused to divulge their passwords, 70% dropped hints, saying their password was their “spouse’s name” or “kids’ birth dates.”
We don’t have free food to pass out, but we do offer free password advice that could prevent unauthorized access to personal or company information:
Create strong passwords – (The following tips will help significantly increase password strength)
Using these techniques will increase your password strength exponentially and help ensure that hackers can’t use a “dictionary attack” to guess your password.
(phishing) (n.) The act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the receiver to visit a fraudulent website where they are requested to update or enter personal information, such as passwords and credit card, social security, and bank account numbers.
Is phishing a major problem?
The American Bankers Association (ABA) says “Phishers are criminals, just like other bank robbers. And as long as financial institutions are where the money is housed, robbers will continue to go after banks. The Anti-Phishing Working Group (APWG) announced there were over 15,000 phishing attempts reported in June of 2005. This number only includes those attempts reported. 91% of these phishing attempts were directed at financial institutions!
Ok, phishing is a problem but how do I identify phishing attempts?
Be wary of any email with an urgent request for personal financial information. Phishers try to entice victims through false and enticing statements.
Be wary of emails that are not personalized. Phishers will use greetings like “Dear Bank Customer”, this is done because the Phisher does not yet have your personal information.
Be wary of emails that have some personal information. Phishers are becoming more sophisticated and may include some stolen personal information in an attempt to gain your trust.
How can I avoid being a victim of phishing or identity theft attempts?
Do not use URL links in an email to access a financial institution’s Web page. Instead go directly to that institution’s web site by typing the URL in your browser. Never respond to an email requesting personal information.
Only communicate information, such as credit card numbers or account information via a secure web site or through a phone call you initiate. Type the institution’s web site URL into your browser instead of clicking on a URL in an email or pop-up message. Ensure that the site has a Https:// in the URL when passing sensitive information, and look for a lock/key symbol in the lower right hand corner of your browser window.
Regularly log on to your online accounts and check your bank, credit and debit card statements to ensure all transactions are legitimate. Early detection is critical in reducing fraud, an advantage of online banking is the ease of regularly checking your account activity.
When in doubt contact your financial institution or vendor directly.
Avoid providing personal information to anyone you have not initiated the communication with.
How do I report phishing attempts?
If you receive a phishing attempt through your home computer you should contact the FTC at firstname.lastname@example.org. The FTC also has great information on their web site at www.ftc.com if you suspect you have been a victim of identity theft.