Hard times seem to make people more vulnerable to ploys designed to separate them from their money and personal information. At least half of BBB Online's list of the Top 10 scams of 2010 occur in whole or in part over the Internet.
The best way to avoid being victimized by scammers is to be very careful about who you trust. Here are five ways to protect yourself from attacks on your bank accounts and private data.
Don't pay upfront
One thing several recent scams have in common is a request by the scammer for you to pay a small fee in advance for the promise of more money later. This is true whether you're applying for debt relief, job hunting assistance, mortgage refinancing, or "free" trial offers.
Bogus advance payments include requests to refund a portion of a payment someone makes to you by check; often the person claims the reimbursement is due to an overpayment. They may also be in the guise of a fee for a loan, a work-at-home scheme (such as the infamous mystery-shopper ploy), or fees associated with a lottery jackpot or other prize. The more you want to believe it's true, the more suspicious you should be.
Make online payments with credit cards, not checking accounts
Scammers want access to your bank accounts so they can clear them out for you. Payments made by credit card are protected by the Electronic Funds Transfer Act, which limits the liability of consumers and businesses when they report unauthorized or illegitimate payments in a timely manner.
The free Trusteer Rapport program creates a secure connection with online banking sites and promises to prevent man-in-the-middle attacks that attempt to intercept data transferred during the transaction. Brian Krebs describes how Rapport works in his Krebs on Security blog.
Don't volunteer personal information
The past year saw a sharp increase in attempts to trick people into sending their bank account numbers and other sensitive personal information to scammers who send text messages claiming to be from the victim's bank or another company the person has a relationship with. Elinor Mills explained the mechanics of a SMS-based or "smishing" attack in a February 2009 post on her InSecurity Complex blog.
Unfortunately, you're just as likely to have your private data stolen through no fault of your own via a security breach at a company you've dealt with in the past. The Privacy Rights Clearinghouse offers a Chronology of Data Breaches since 2005, and while the list is far too long to read through, the chronology is searchable and downloadable as a PDF.The Privacy Rights Clearinghouse also provides information on how to deal with a security breach, as well as links to sites listing information on the 40 states that require organizations to contact consumers whenever their personal data has been compromised as a result of a security breach at the organization.
Beware of bogus Facebook apps
You may have seen Facebook come-ons promising to explain subliminal Disney messages, show celebrities caught in the act, or let you see who deleted you or viewed your Facebook profile. All were attempts to trick you into surrendering your personal information.
Last week in her Dear@nna blog on SFWeekly.com, Anna Pulley interviewed Graham Cluley of security firm Sophos. Cluley explained that the Facebook scammers can make money by convincing you to complete an online survey, or they may try to get your telephone number so they can sign you up for an unwanted subscription you won't discover until you receive your next bill.
Even if you don't provide the scam Facebook app with any information, the program may still have access to your profile and can propagate to your friends. In a post from last October on Sophos' Naked Security blog, Cluley criticized Facebook's lax controls over application developers, particularly in comparison to Apple's vetting of would-be iPhone app developers.
Don't buy what they're selling door-to-door
Not all scammers focus on the Internet. Last August, AARP.org's Sid Kirchheimer described how thieves pose as roofers or others offering quick-and-cheap home repairs, utility workers providing free energy audits, or volunteers soliciting for charitable organizations.
Always verify the identity of any company or charity you deal with before you hand over a red cent. The safest advice is to avoid opening the door to any stranger you're not expecting and whose identity you can't verify beforehand.
This goes for people who claim to be new neighbors locked out of their house and in need of a few dollars to pay the locksmith, as described in the Maple Leaf Life blog covering that Seattle neighborhood. Sad to say, you simply can't trust anyone these days.
Best online-security practices
Last May, I described how to protect your privacy online and elsewhere. That post includes a link to an 11-part ID theft risk assessment that extends beyond online activities to paper records management.
Among the resources for reporting online fraud are the Internet Crime Complaint Center run by the FBI, National White Collar Crime Center, and the Bureau of Justice Assistance; USA.gov's Internet Fraud page; the Federal Trade Commission's OnGuard Online; and the Department of Justice's cybercrime page.