Could You Be Putting Your Money at Risk Online?

by Jean Chatzky
Photograph: iStock

I blog, Facebook, Tweet and occasionally LinkIn. I shop, bank, buy groceries and book travel tickets—all online. I even fell in love with my husband online (no, we didn’t meet through a dating site, but he wrote great e-mails). Lately I’ve started to wonder: Should I be concerned that so much of my life happens on the Internet? Could my openness be putting my finances at risk?

I’m not being paranoid. As far as Web sites go, “there is no such thing as 100 percent secure,” says identity theft expert Robert Siciliano of Intelius. One basic: You should always check for https—rather than just http—in the URL whenever you’re prompted to enter sensitive information like a credit card number (that extra s indicates a secure site). But that alone won’t guarantee a safe experience, Siciliano notes. The FTC estimates nine million cases of identity theft each year—many perpetrated on the Internet. People ages 45 to 54 represent 31 percent of all identity theft victims, and women are 26 percent more likely than men to be victims. One reason? Women, who make 85 percent of all purchasing decisions, transact more online than men do.

And the problem is getting worse. “The speed of technology has outpaced the security of technology,” Siciliano says. “That’s why we’re having this conversation.” Going back to doing things the old-fashioned way is not an option for a twenty-first-century woman. Instead, just take these precautions.

Use anti-spyware protection

Essentially, spyware is software that installs itself on your computer without your permission. Mainstream retailers use benign versions, cookies, to learn about your online habits. Identity thieves use more menacing forms: Malware can cull your passwords, banking information and other personal or financial details. Some spyware applications (the kind private detectives use to catch cheating spouses) capture your keystrokes—which a thief can then use to figure out your passwords.

Protect yourself by keeping your computer clean. Install anti-spyware protection, anti-phishing toolbars and firewalls, says Scott Mitic, CEO of TrustedID. If you’re the DIY type, look for such free software as Ad-Aware Free or Spybot Search & Destroy (find both at Or buy a security suite like the one from Norton ($69.99), which includes both antivirus and anti-malware software. To help you choose, find reviews at

And note—it’s not enough to buy the technology; you have to put it to use. According to McAfee, the antivirus software company, while 73 percent of Americans think they have a firewall installed, only 64 percent have it enabled. If you use Windows XP, check if your firewall is active by going to the start menu, then clicking “control panel” and “security center.” On a Mac, go to system preferences, click “security,” then turn the firewall on or off.

Secure your wireless network

Those steps will protect your computer. But you also need to safeguard your network, in order to secure the information you’re sending over the Internet. Networks have been compromised before, occasionally on a grand scale. For instance, in December 2006, hackers stole the credit card numbers of 45 million customers of T.J. Maxx and Marshalls. They did it by setting up a radio antenna in one store’s parking lot and using it to intercept data flowing between computers in the store. From there, they broke into the company’s network and wreaked havoc.

Essentially the same thing could happen to you in your home. If your network is unprotected, a stranger could jump onto your Wi-Fi and use that access to break into your computer. Fortunately, this is easy to prevent. Make sure your wireless router offers Wi-Fi Protected Access (WPA) or the more recent and powerful WPA2. Any router you buy today will have at least WPA, and it should say on the box which encryption it supports. (WEP or Wired Equivalent Privacy is an older version that is fairly easy for hackers to crack. If your router only offers WEP, it’s time to get a new one.) When you install the router, it will offer you a pull-down list asking you which encryption you want to use. Then, make sure you turn the encryption on. Finally, you need a strong password for your network: at least 10 characters in a largely random combination of letters and numbers.

Don’t use public Wi-Fi to pay bills or place orders

There are days when I can’t think in my home office. So I pack up my laptop and head for the nearest Wi-Fi equipped coffee bar. I can log on there and do anything I’d do from home except print. But sources say I shouldn’t. Why? Sniffing.

When you use a public Wi-Fi connection to process private information—banking, paying for something—you’re opening yourself up to hackers. They use software called packet sniffers, widely available online, to sniff out data in a wireless environment. Or you might fall prey to an “evil twin,” a Wi-Fi hot spot set up to look like a known, trusted wireless connection spot—bearing the same marks that are supposed to indicate security—but that in reality passes data through a hacker’s PC. “Anyone can slap a logo on a Web site to say it’s secure,” Siciliano says. “It’s just a logo. Whether it reflects the actual installation of security technology or whether it was put there to give that impression is anyone’s guess.” Software can’t help you avoid this, though the latest versions of the big browsers—Firefox, Internet Explorer, Google Chrome—will alert you if a page may be dangerous.

It is safe to log on to your e-mail in a public Wi-Fi hot spot, as long as you don’t send any identifying details back and forth. And as for your work computer? It should be safe to shop online from there, although your company policy might prohibit such use.

Watch yourself on social networking sites

In October 2009, a Canadian woman named Nathalie Blanchard, who had left her job due to depression, was informed that the $3,000 a month she was receiving in disability payments from her insurer, Manulife Financial, had been discontinued. Why? She says her insurance agent told her that in the vacation pictures on her Facebook page she didn’t look depressed. “We’ve asked the insurance company to provide information on how they reached the decision to cut her off, and they refused to give it to us, so we’re taking them to court,” says Blanchard’s attorney, Tom Lavin. Manulife has acknowledged that it does use social networking sites to investigate claims, but it won’t comment on individual cases.

Blanchard’s experience makes the point that anything you post about your life can directly impact your ability to get a job, keep a job or manage your benefits. These sites can also give a hacker insight into your passwords—many people use the names of their pets or kids. “A lot of people worry about giving away financial information, then log in to Facebook and reveal a huge amount about themselves,” says security expert Phillip Hallam-Baker, author of DotCrime Manifesto. The message is not that you should stop using these sites. Rather, you must make sure your password is obscure enough that someone who knows the workings of your life wouldn’t be able to guess what it is. Picking a word at random won’t do it; hackers sometimes use “dictionary attacks” that try every word in the book. Change all your passwords every three to six months.

You should also leave your date of birth and hometown off your Facebook page. Why? Pretexting. Here’s how it works: Someone uses the information they’ve gotten about you online—your dog’s name, where you made your last few purchases—to call your bank and pretend to be you. A pretexter may claim he lost his checkbook and needs information about his own account, and emerge with your account numbers, information in your credit report, even your Social Security number.

To protect your personal information, configure your own privacy settings. (Even if you’ve done this once, check again to make sure your preferences are still set.) Go to the privacy settings page (click on “account” in the toolbar, then “privacy settings” in the drop-down menu). You’ll be able to decide what to make available to specific people, such as “friends,” “friends of friends” and “everyone,” as well as list people with whom you want to block communication.

Don’t store your credit card numbers online

It’s tempting to allow sites to store your credit card data or your passwords. But don’t take the risk, says Hallam-Baker: “You want to be the one who is in control of that information.” Otherwise it’s easy for someone to log right in to your account, particularly if you have a shared computer. Believe it or not, one third of identity theft is perpetrated by friends or family members.

Yes, pay your bills online and do your banking online. It’s safer

As I’ve said in this space before, I am a fan of banking online and making automatic payments. Individuals who bank online look at their financial information four times more often than those who bank the old-fashioned way; just looking can alert you to a breach, according to Javelin Strategies. Indeed, Hallam-Baker notes that the risk of fraud through online banking is greater if you don’t use it than if you do, and the losses are less: $551, on average, for people who bank online compared with $4,500 for paper-and-mail bankers.

In addition, Hallam-Baker has recently noticed a disturbing increase in criminals enabling the online banking feature of old accounts. “You may have an account you opened 20 years ago for which you never used the online banking feature,” he says. “And when you use a check in a store, a clerk could look at the account number on the check, go to the bank’s site, enable online banking, and now they can act just like they are the customer.”

Wipe your old hard drive clean

Your hard drive is a “twenty-first-century treasure chest for identity thieves and information pirates,” according to the FTC. When you ditch your laptop or desktop, remember that computers hold your personal information (passwords, account numbers, tax returns), and it is all still in there. Even if you’ve deleted a file, bits of the information can be retrieved with a data recovery program. So before you dump the machine, use software to wipe that hard drive clean. Buy a boxed version such as WipeDrive or download a free one from PCWorld.
Once your computer is clean, consider donating it to a local organization or recycling it according to EPA specifications. Or take a screwdriver, open your computer, and destroy the hard drive with power tools. (For the how-to, go to Popular Mechanics.)

Set your own standards

The more information I gathered for this column, the clearer it became that there is no way to be completely safe. So use my suggestions to help you find your personal comfort level. Then check your credit report for free three times a year at; pull your report from Equifax this month, from Experian four months later and from TransUnion four months after that. If that’s not enough for you to feel at ease, consider putting a renewable fraud alert on your accounts at the three credit bureaus. It’s free and lasts 90 days, at which point you have to repeat the process. Or you can put a security freeze on your accounts. It costs $10 in most states to put it on and take it off; if you’ve been the victim of a fraud, the freeze is free. To do it, go to the Web sites of each of the bureaus:, and, then follow the link to “personal,” and you’ll find the fraud alert link on the left side of the page.


Jean Chatzky is More’s finance columnist and the author of several books. Read more of her advice here.

First Published Tue, 2010-02-23 11:21

Find this story at: