Internet Security, Fraud and Protecting Yourself

I've been dealing with some unfortunate fraud claims and figured I'd share a bit of info. I might lose some credibility here just based on the fact I've still had credit card fraud issues and my thoughts are not bulletproof in keeping the bad guys away.

For the record, I will reiterate, that I am in no way compensated for any content I provide on my blog, and have no incentives to post anything. Further, I check EVERY single site and page I post a link to. I have never linked a page I have not visited myself, and I will never do so to maintain security. I believe the links I post to be safe and accurate to the descriptions I give.

For a while I got calls nearly daily from 727-471-1418. Just a quick Google search shows that many others got these same calls. While I'd never answered the phone, I have some words of caution I would share with any/all readers (see below).

Last week I got a call from 602-624-4919 and heard nothing but dead air on the line for a few seconds before the call was disconnected. If you get any type of call like this, I'd strongly suggest you only say "Hello" or "who is this." Don't offer ANY information like, "Hello, this is Mathilda, is anybody there?" That could be the beginning of a Social Engineering structure...

I also had several fraudulent charges on my credit cards... Here's an example: Mfire Internet Services. I Google'd them to find the phone number matched that on my credit card statement. I called (use caller ID blocking here!). Here's my full conversation summarized:

Mfire rep: "Mfire Internet Services, this is Anthony. How can I help you?"
(First sign of trouble, a live "agent" answers... How many times does THAT happen with a real ISP or Domain Hosting Service... HA HA.)

me: "I'm calling to find out if you have any other names you do business as?" The idea is these days with technology, one never knows if my current internet company (ISP or domain hosts) has merged. I was trying to find out.

Mfire rep: "Hold on, I'll try to see... No, we don't."

me: "Okay, I was recently billed by you, and I figure this must be an error."

(here's where this person is trying to earn trust and confidence...)
Mfire: "It sounds like this might be an unauthorized charge we can look into."

me: "No, I'll look into it myself thank you."

Mfire: "I can check on that for you to confirm your account, if you'll give me the first 4 and last four numbers of your card."

me: "What card?" (I'd never mentioned a "card," I could've received a paper "bill"... hmmm).

Mfire: "The card you had the charge made to."

me: "No, I'll file a claim on my own. That won't be necessary."

Mfire: "If you'd prefer we can look you up to confirm your account using your last name and phone number..."

me: "No, thanks. I'll be dealing with this independently. Good bye."

Here's the deal: I do not and have not ever had an account with Mfire. From the phone service I have had with my ACTUAL ISP and Domain Hosting companies, I can tell you this... The first piece of info they ask for is your domain (your "account" number for ISP and your domain name IS usually your "account" for hosting). Only after this, would they ask you to confirm any personal info.

Here are some steadfast rules to apply:

1. NEVER click a link in an e-mail that is asking for financial info... I have all my financial account log-in pages bookmarked in Firefox. I go to Firefox and open a new browser page to log-in. The e-mail may be a good reminder a bill is due- especially if it coincides with your billing cycle, but why trust it when you've got your site log-in bookmarked?
2. Don't fill in more personal info than you need to. If a phone number is not required for a site registration, don't fill it in. It's simple really.
3. Be careful with your password reminders. These may give other people that learn personal info about you unknowing access to your secure info by circumventing the passwords you use.
4. If you EVER get a phone call that is regarding financial or personal info, find out what it is regarding (give little to no info during the conversation). Ask if the person has a phone number that you may call back before sharing personal info or financial info. Before calling back, use the internet to confirm that the number given is the ACTUAL number of the company they claim to represent. It's a simple step, and very worthwhile.
5. If you are using your cell phone in a public place, be EXTREMELY cautious when talking about sensitive information. A common verification with accounts is the last four digits of your Social Security Number. If you can enter using the keypad, do so... Otherwise, lower your voice as much as possible. There is no reason to give out personal info over the phone to strangers (like the verification code on the back of your card, your zip code, or last four of SSN).

Understand this... E-mail links are NOT always what they claim to be. I have received many that "show" a different target e-mail address (like PayPal or Bank of America) but send to a different address altogether. I have a basic understanding of html coding, so I can glean this from the full headers in a mail message usually... It can often be a simple line of code to makes something appear to be something it is not. (see the Microsoft link below for an example).

You may think it is not a big deal when you are repeating your zip code for account verification to your stock broker or whatever over your cell phone. But many purchase points (like gas stations) ONLY require this 5 digit number to authorize your card for use. No PIN, no code off the back. This can create a dangerous situation you don't need to be a part of.

Use the internet as a research tool. If you're getting calls from numbers you don't know, or billed from companies you've never heard of... Look them up using Google or reverse telephone directories!

I would suggest using caution when making internet purchases. If one seller offers a new electronic product for 25% less than any other, I'd be kinda worried. If you have good experiences, continue using the same sites. Most likely, the price differences aren't worth fiddling with multiple shipments from multiple suppliers- all for a couple bucks.

A HUGE element is participation. Rate the sellers you use and have experience with. Not only will you gain a historic profile of those sellers (after some time you may forget if your experience was good or bad with them), you help others gain better insight. It doesn't matter if you rate them on Amazon, PriceGrabber, Yelp, epinions, ResellerRatings, Shopzilla, Smarter.com, any other site, or all of the above. Just do a small part... It really helps.

Here are a few links to recent fraud threats and useful tips:

• Microsoft's advice and definitions of fraud threats, a very useful page. It defines phishing, social engineering and many of the processes people use to try to gain your trust.
  
• A page dedicated to awareness of bank e-mail scams and phishing.
  
• Info about phone number: 602-624-4919, and a resource for others to post about phone numbers that may be phishing threats.
• Info about phone number 727-471-1418, while this link has a domain that looks iffy (like why would the "g" be missing from the key layout in the domain name?") at best, I have visited it and it appears to be very credible site.
• Another site re: 727-471-1418, and dedicated to stopping junk phone calls.
  
• Mfire Internet: from the above example that I believe is a social engineering structure.

That's it for now... Sheesh I've been making really long posts this week. I hope some find this helpful. Drop me a comment if you have something to say... I do spend my own personal time creating this blog and really do appreciate feedback. Cheers.