Many of us love shopping on the Web and keeping in touch via email, but a digital life comes with a downside: Americans reported losing an incredible $525 million to online cons in 2012, with the average loss a whopping $4,573, says the federal government’s Internet Crime Complaint Center. Phishing ploys are among the most common culprits. (The term is a play on the word “fishing,” because it means someone tries to reel in your private info and then steal your money or your identity.)
In two-thirds of the cases, victims are hooked by a bogus email that appears to have been sent from their bank or credit card or an online payment service such as PayPal, reports the Anti-Phishing Working Group. Such a message usually says there is a problem with your account and that your input (specifically, your password or other details) is needed. If you take the steps requested, you share enough personal details for the thieves to access your bank holdings or online payment service and steal your money. Or, they may secretly install malware, an insidious form of software, on your computer.
After that, once you click on a link or download a file, that software “will record everything you type when you log in at a bank site or shop online with your credit card information,” explains Marian Merritt, an Internet-security expert and the author of Norton’s Family Online Safety Guide. Either way, the con artists snag the info they need to use your credit cards, hijack your bank accounts, or steal your identity.
Do Damage Control
But what if — uh-oh — you unwittingly wind up revealing your personal info? First, don’t touch the device you were using when you fell for the scam. Use another device to log in to your critical online accounts (your email service and financial accounts) and start changing your passwords. Next, reach out to family and friends via a method notinvolved in the phishing scam. For example, text them if the thieves got into your email; email if they sneaked into your Facebook account. Warn your contacts not to respond if they receive anything from you via the compromised communication method. Hackers may send messages pretending to be you, saying, I’m out of town and in a bind; please wire cash ASAP! Believe it or not, these ruses often work.
Follow up, says Stephen Haag, Ph.D., an Internet-safety expert in the Department of Business Information & Analytics at the University of Denver, by running antivirus software if you have it, conducting a full scan of the involved device. “If your device has a bug on it that can’t be removed,” he says, “contact the antivirus-software publisher, which can most likely provide a software patch to rectify the problem.” If you don’t have antivirus software already running on your devices or you have any questions, get help from a professional service, such as Best Buy’s Geek Squad or Apple’s Genius Bar. “It’s rare that fixing the problem would cost more than the device or take longer than a few days,” adds Haag. (It typically costs about $200 to repair this kind of damage.) If you or your contacts actually lose money to scammers, reach out to your bank or the money-transfer service that was hacked as well as to the FBI’s Internet Crime Complaint Center (ic3.gov) to report the loss.
Use antivirus software to help keep your computer safe from hackers. “It needs to be running every day, on every download,” warns Haag, whether you use a PC or a Mac. Some trusted names to look for when shopping: Kaspersky, Vipre, Bitdefender, and Norton.
One more tip: Store sensitive information, such as PDFs of old tax returns, on an external hard drive or as a password-protected document. “If anyone is on your computer without your permission, the first thing they look for is a file named ‘tax return,’ ” says Merritt. “Fraudulent tax-form filing is a huge problem” and a new avenue for identity-swiping, she says.
The Latest Ploy
The rule about not clicking on links or downloading files doesn’t apply just to your email: Wily scammers are turning to social media. Have you ever received a direct message on Twitter warning about what someone is saying about you? Or perhaps you’ve noticed a friend’s Facebook post touting a video with a come-on like “You’ll never believe what this guy did!” These are all new forms of phishing; if you open the link, you might well trigger a malware download. So stay smart and skeptical: Not clicking will help you hold on to your cash.