The first step to preventing identity theft is to understand how it happens. Here are some of the most common vulnerabilities and strategies for fighting back:
Hacked Shopping Sites
Shopping online has become so routine for many of us that it's easy to forget that some Web sites haven't taken the steps they should to protect us. Sophisticated identity thieves -- often in foreign countries -- spend all day just trying to figure out how to hack into those sites and grab their treasure troves of credit card numbers and other identifying information. What to do?
Make sure when you move from the informational section of a Web site to the purchasing section, that the "HTTP" in the URL changes into an "HTTPS." The "S" stands for "secure."
Only shop at well-established retailers. If you must buy from an obscure site, check its reputation first with the Better Business Bureau.
Never use a debit card to make online purchases. If the thieves snatch your account information, they will be draining your actual bank account. Better to use a credit card, which limits your liability to $50. Usually the card company covers the entire loss.
When I infiltrated the Internet underworld where identity thieves buy and sell people's information, it was most gut-wrenching to see "full profiles" where the crooks even had the person's Social Security number, mother's maiden name and ATM PIN. Usually, this kind of detail is provided to the crooks by the victims themselves, when they respond to phishing e-mails. A phishing attack is an illegitimate e-mail made to look as if it's from a bank or government agency. They're very convincing. The crooks claim they need to verify your account information "for your own protection." They then ask for every possible financial detail.
Keep in mind that banks and government agencies rarely communicate with their customers/citizens via e-mail. If in doubt, call the entity in question and ask if they sent you an e-mail.
Be on the lookout for poor spelling and grammar. Many identity thieves are foreigners who mangle the English language. On the other hand, in researching this story, I found that some ID thieves actually copy phishing e-mails from consumer protection Web sites that post samples for educational purposes.
Only provide financial information when you have initiated the contact, whether by e-mail or by phone.
If you are phished, you need to know about the Federal Reserve Board's Regulation E. It states that as long as you report the problem within two days, you are only liable for $50 in losses. Wait three days and your liability jumps us to $500. Wait more than 60 days and your liability is unlimited.
As we show you in Part 2 of our special report "Stealing You" on "World News With Charles Gibson," clever con artists have learned to attach false fronts to ATM machines and capture people's PIN numbers that way.
Basically, they mount a skimming device over the slot where you insert your card. Then, there are two ways they learn your PIN. Either they mount a hidden camera nearby to record your PIN. Or they rig the machine so your card gets stuck in it. A spotter waits nearby, and when you struggle with the card, he offers assistance, claiming he just had the same problem. Eventually, he asks you to input your PIN, claiming that's what's needed to get your card out.