Please note the products, services, companies and websites (collectively "the resources") referred to in this document are provided solely for informational purposes and are only a representative sample of some of the many resources available to you. This is not an endorsement or representation about the effectiveness, reliability or availability of such resources. Please conduct your own research to determine what available options are best suited for your particular needs.
Security of information is paramount. We can't do it alone, however. Only you can protect yourself from identity theft. To that end, we have provided you with some of the key steps you can take to significantly reduce your online risks:
Most major software companies regularly release updates or patches to their operating systems to repair security problems. A large percentage of these patches and upgrades repair security problems that have been found in the software.
You can minimize your exposure to unintentional downloads by keeping your computer up to date with the latest security patches. Some websites, such as Microsoft® and Apple®, offer the ability to scan your computer for missing updates. It's good practice to go to your software vendor's website at least monthly to check for new upgrades and patches. For the best protection, set up your computer to receive updates automatically whenever possible.
Up-to-date anti-virus software protects your computer against current virus threats. Most commercially available virus protection programs offer automatic and emergency updates. Regularly scan all your files using the latest anti-virus updates. For the best protection, set up your anti-virus software to scan every file you open. You can also schedule your software to run periodic scans.
Free software is widely available on the Internet, but may contain hidden programs called trojans or trojanhorses . Trojans are malicious software programs hidden within other, more desirable software. Trojans that specifically watch your computer activity are called spyware. Spyware programs run on your computer and can gather private information such as passwords/PINs and credit card numbers, deliver unwanted pop-up advertising as you surf the Web, and monitor your browsing patterns.
Before you agree to download a software program, make sure you know and trust the company offering the software, and read the user agreement.
You can unintentionally download spyware onto your computer just by surfing the Web. Such spyware programs automatically install themselves, often without your knowledge or permission. Make sure to keep your computer updated by running your anti-spyware and anti-virus software regularly.
Some Internet Service Providers (ISPs) offer assistance in finding and removing spyware. The maker of your anti-virus software may also offer anti-spyware protection. Make sure you take advantage of these offers to protect your computer against the growing spyware threat. The U.S. Federal Trade Commission (FTC) has additional information about recognizing and removing spyware.
Firewalls serve as protective barriers between your computer and the Internet, preventing unauthorized access to your computer when you're online. Firewalls can be software programs or physical devices, often combined with your router. Firewalls are often included in security software suites such as Norton Internet Security™ and McAfee® Internet Security Suite.
Be sure to set up a firewall between your computer and the Internet. Some ISPs offer firewall software or hardware to their customers. You can also purchase firewalls at many computer stores.
The default configuration of most wireless home networks is not secure. Contact your wireless software vendor for specific information about enabling encryption and strengthening the overall security of your wireless home network.
Taking a few simple precautions when using wireless hotspots can help protect your computer:
Wireless technologies are continuously changing. Consult the manufacturer of your network hardware to ensure you have the most up to date security technology.
Make your passwords/PINs as hard to guess as possible. Avoid obvious numbers, such as a birth date or an anniversary, which would be easy to guess. Never divulge your passwords/PINs to anyone, including family or friends.
Be aware that sensitive information may still be stored within the browser, even after you log out of a website. If you leave a computer unattended after you have logged into a website, someone may be able to use the browser's Back button to view your personal information. To avoid this, log out and close your browser to minimize any security risk. You may also choose to delete encrypted pages and/or temporary Internet files from your computer's hard drive or disk (clear your cache), or set your browser to not save encrypted pages to disk (in your browser's security or advanced settings).
Phishing is the mass e-mailing of messages that falsely claim to come from a legitimate business. These messages often provide links to phony websites, where you are asked to supply personal information such as passwords/PINs, credit card numbers, Social Security numbers, or bank account numbers.
Never enter personal information unless you are sure the website is legitimate. You should also be certain the site is encrypted. Look for the letter "s" at the end of the "https" prefix to a website's URL, or address. An example of an encrypted site's address is https://www.companyname.com. The "https" prefix indicates that the site is running in secure mode.
Phishing messages have evolved dramatically over the few years, and they are often difficult to recognize. The creators now incorporate realistic company logos and graphics, provide links to real companies' privacy policies, and can even include realistic legal disclaimers.
To help determine if an e-mail is part of a phishing scam, ask yourself the following:
If you are at all unsure, contact the company by phone.
Be cautious of e-mail and attachments - even if they look like they're from a friend - unless you're expecting them or know what they contain.
Most e-mail is not secure or encrypted and should not be trusted to send personal or financial information. Legitimate companies seeking information normally send written requests on company letterhead.
You should be cautious of and verify any requests you receive that ask you to e-mail personal or financial information.
When on a website avoid entering sensitive personal information. If you do need to enter sensitive personal information look for forms that may encrypt data and that the web address is running in a secure mode as this may provide some enhanced protection of your information. Some websites or forms on websites may encrypt information, which may be identified by a padlock icon ( ) in your browser's status bar (at the bottom of the browser window), and the prefix "https" in the address in the browser's address bar that references the site is running in secure mode.
Additional information on phishing or identity theft can be found at Anti-Phishing Working Group or The FTC's Deter, Detect, Defend Campaign.
A few simple steps can go a long way. For example, shred sensitive documents instead of simply throwing them away. Also, be absolutely sure you know who you're dealing with before giving any personal or financial information. OnGuard Online™, a site created by the U.S. Federal Trade Commission (FTC), offers additional information on preventing identity theft.
Ask companies and government agencies you do business with if you can create an alternate customer identifier.
Promptly read any account or credit card statements or correspondence when they arrive. Make sure there are no changes or transactions you did not initiate. If a bill arrives unusually late or not at all, call the company.
Also, be sure to monitor your credit for inaccuracies. As of September 1, 2005, all U.S. residents are entitled to receive one free credit report every 12 months from each of the three nationwide consumer credit reporting agencies: Equifax, Experian and TransUnion. You can request your report AnnualCreditReport.com.
Identity theft warning signs include:
Although it could be a simple error, never assume a mistake has been made that will automatically be corrected. Follow up with the business or institution.
If you suspect that your personal information has been used wrongfully, immediately:
You may help protect yourself from online risks by using the security tools and resources listed here. (Please note this is for informational purposes only and does not advocate or guarantee the effectiveness of the third-party products or websites listed.)
Software resources free to all website users:
Resources provided by the U.S. government:
Major credit reporting bureaus:
Digital certificates are electronic means of authenticating users.
Some websites store information in a small text file on your computer, called a cookie. Cookies may be used for tracking purposes.
Public-key cryptography describes the method of encryption developed by RSA Security. Briefly, RSA's system for encryption requires two keys, or ciphers, to decrypt information: a private key, which is kept secure by the hosting party, and a public key, which is distributed to the client party. Both keys are required to unlock the scrambling code.
Secure Sockets Layer (SSL) is a security convention that establishes a secure session by electronically authenticating the source of encrypted transmissions. The idea is that you know exactly whom you are communicating with before sending any sensitive information.
While you navigate your account, note that the URL (website address) starts with "https://" rather than "http://". The "s" stands for "secure". Secure means encrypted.
This web site requires browsers to use 128-bit encryption to access account information. For more information on SSL, refer to What is Secure Sockets Layer (SSL)?, or see the VeriSign® articles on encryption in the Minimize Your Risks Online section.
Cookies are necessary to allow users to log in to this web site. Without cookies, your browser would be unable to remember that you were logged in, and you'd have to reenter your login credentials for every page you viewed.
You should always exercise caution when using a public computer, as most public computers are unsecured and may be infected with spyware and viruses. If you must use a public computer, be sure to follow these recommendations:
Your browser's cache is a temporary storage location on your hard drive where recently visited web pages are stored to allow faster web surfing. Please refer to your specific browser's User Manual or help files for instructions on how to clear the cache.
This error message usually means that a networking error has occurred on your computer. To verify this, try to access another website. If you receive this error from other websites as well, the error is probably a general error with your computer's Internet settings. You may wish to read a Microsoft® article describing troubleshooting steps for this error.
When you click the browser's Back button, the browser is sometimes unable to show you the previously viewed page. In these cases, the browser displays the "Warning: Page has expired" error message.
Browsers have this safeguard in place to prevent forms in web pages from being submitted twice. For example, this safeguard prevents you from buying a second, unwanted copy of an item by going back to the web page on which you bought it.
If you're trying to view a previous page and receive this message, try returning to the page using the website's in-page navigation rather than the browser's Back button.
You may need to allow extra time for a page to appear in your browser after you've clicked the link. Some pages may take as long as a minute to load, depending on the complexity of the transaction.
If your browser becomes unresponsive, close your browser and try again.
The third party providers mentioned are independent companies and not affiliated with XTRAC LLC. Listing them does not suggest a recommendation or endorsement by XTRAC LLC.
Microsoft is a registered mark of Microsoft Corporation.
Apple is a registered mark of Apple Inc.