How can this window sticker hurt you?
It tells criminals a lot about you. The pedophile now knows you have three children. The killer who’s going to break into your house now knows they have to murder two adults, three children, a dog, and a cat. When I point this out to people, they always respond with “I’ve never thought of it that way before.” Criminals aren’t necessarily creative, but they do see things differently than most law-abiding citizens. If they find a weakness, they are likely to exploit it. The best defense is information security.
The Prescott Daily Courier reports “Phone, web scams clogging local law agencies“. The article contains a laundry list of stories about local people getting scammed, and they’re in good company. Everybody gets fooled, even multi-million-dollar corporations.
Here are some things you can do to protect yourself.
Consult with someone who knows a lot about information security. A law enforcement professional is the very best source of information on how to protect yourself from criminals. Other good sources include a CISSP certified security professional, or a local IT professional.
Don’t believe them. If someone you don’t know calls you or e-mails you asking you for money or personal information, find out if they’re really who they claim to be before proceeding. Banks, eBay, ISP’s, and just about anybody you do business with will NEVER send you an e-mail or call you asking for your personal information. They always tell you to call them. They do this to prevent fraud. Again, if you have an arrangement with a security consultant, you can run suspicious communications through them to verify their authenticity.
Don’t try to rip off the bad guys. Bad guys are better criminals than you are. Sometimes you figure out it’s a scam, or sometimes you want to get even. A good example is they want to send you a check to pay you for doing some illegal international shipping. You may figure out it’s a scam and be tempted to take the check and burn the bad guys. But if you sign that check, then they have your signature, your bank account number, and your address which is more than enough to empty your bank account. Recently, a local business owner contacted me because he got scammed by some bad guys in Indonesia. He wanted to hire hackers to get even. After I scolded him for not doing business locally, I told him that hiring hackers would only result in him being further victimized, that it was illegal, and that his only recourse what to report it to the authorities.
Do business locally. If you can, do business locally. This is a really good way to decrease the likelihood of getting ripped-off, and it’s good for the local economy. Also, it’s a lot easier for local law enforcement to deal with criminal activity when it’s local. When it’s not feasible to do business locally, then do business with people who are clearly trustworthy. Don’t trust the BBB to protect you (because they won’t), do the homework yourself. If somebody is trustworthy and has been in business a while, then there will be dozens of websites with positive reports. If you don’t see lots of happy customers, then take your business elsewhere.
Watch the price tag. If you see something for sale, and the price is really low, then it’s probably a scam. As a rule, be wary of things that are selling for more than 25% off of what they normally sell for. For example, Windows 7 Professional – Retail (Microsoft part # FQC-00129) normally sells for $299.99, and if you find it on NewEgg for $268.99, then that’s Ok. It’s a reasonable discount, and NewEgg is well known. However, if you find the same thing for $225 or less, it’s counterfeit; I guarantee it. The counterfeit copy may work for a while, but Microsoft will eventually shut it down, and the counterfeit OS probably comes preloaded with malware.
Shred Documents. Criminals will dig through your trash looking for anything they can use to steal your identity. Get a cross-cutting shredder and destroy anything with your name on it. Shread old credit cards, CD’s, photos, anything you don’t want some stranger to have.
Stop using 123456 as your password. You may think that a pseudo-complex password like “omega7red” is good enough because it’s long and has a number in it. Well, it’s not. I know most people want something easy to remember and I sympathize. If it’s easy for you to remember, then it’s easy for the criminal to remember. A great amount of information theft occurs in the workplace and at home. Would you be able to remember “omega7red” in an hour as opposed to “fd796tx17b”? Also, automated processes can rip through millions of dictionary word and number combinations in mere seconds. Keep in mind that you’re smart enough to remember your social security number, telephone number, and drivers license number; which is information that you don’t even use everyday. You can certainly remember a complex password.
Use a firewall. A firewall is a logical barrier between your computer or local network and the rest of the world. It’s like locking the front door of your house. It keeps people out.
Use good anti-virus software. Norton Internet Security, Kaspersky Internet Security, and Symantec Endpoint Protection (for medium to large business) are the products that I personally endorse. Free anti-virus software doesn’t offer enough protection, and I’ve personally seen common malware walk right past the free editions of AVG and Avast. But don’t take my word for it; AV-Comparitives is the very best independent source of information about how anti-virus programs measure up. Also, keep your operating system up to date with automatic updates, and keep upgrading your OS. For example, Windows 7 with its UAC feature is far more secure than Windows XP, even if you keep XP up to date.
Password protect documents. If the criminals do get into your computer, they will probably ignore any files with a password. However, if your personal finances with all your accounts and passwords are recorded in an unprotected file, they will find it and sell that information on the internet. It happens all the time. I remember when the VA lost a laptop and data on 26-million veterans was out in the open; because VA policy wasn’t followed, and the laptop was stolen from the employees home. Information theft is usually physical, and happens at the workplace or at home (in this cause, a combination of both). Imagine a lawyer losing all their case files, or a dentist losing all their patient records, or a tax professional losing all those financial documents.
Phones and E-mail are not secure. Don’t put information in your phone or e-mail messages that you don’t want the whole world to have access to. If it’s not encrypted, then it’s not secure. Any transmission can be easily intercepted. Also, if you lose your phone or laptop, whoever finds it will have access to everything on them. Unfortunately, encryption can be complicated and difficult to learn; talk to your security professional.
If it’s too good to be true, it is. So there’s this guy in Nigeria who has access to a bank account with a million dollars in it. He just needs a little money to pay off some paperwork fees, only a few thousand dollars which he doesn’t have. He needs your help because your a long lost relative of the dead guy the account used to belong to, and he’s willing to give you 40% ($400,000) if you front the money he needs. Right… It’s obviously a scam, but people fall for it all the time. If only these victims had consulted someone first.
The modern criminal uses psychology. They play on your feelings. They call you up with a hostile tone of voice demanding that you settle this issue on your account, threatening to report your activity to the credit reporting agencies. They call saying your grandson is in jail and needs bail money, because he’ll lose his job if he doesn’t show up to work tomorrow. They need money to help children with polio in third-world countries. They know everything about you, and they need money. Best thing to do is hang up the phone; they won’t call back.
You become the criminal. If you buy online music from an unauthorized source, you’re breaking the law. If you innocently ship merchandise internationally for a 3rd party, the FBI will be knocking on your door very soon. If they steal your identity, they break the law on your behalf, and you get arrested. The drug dealer who steals your ID gets out on bail using your name, and when they don’t show up, the judge issues a warrant for your arrest. Somebody goes to the hospital with your identity, and then the hospital will have the wrong information about your blood type and allergies; and to add insult to injury, they send you the bill. Soccer-moms can go to jail, or get sued to death; it happens all the time.
There are millions of stories of people losing money, credit scores, entire businesses, retirement funds, investments, real property, their children, their jobs, and their lives because of poor information security.