According to the latest figures from the RSA Anti-Fraud Command Centre, South Africa received the third highest number of phishing attacks in the world during March 2011, and the South African Fraud Prevention Service reports that in the last three years, 56 000 cases of attempted and confirmed Internet fraud have been reported.
But if you use technology smartly, you can protect your identity and your business, says Carolyn Holgate from MWEB. Here are her top 10 online anti-fraud tips:
1. Power up your password
If you think ‘password’ is a password, then read on! “Always use different passwords for the sites you use, never write your passwords down or send it by email and remember to change them every few months,” says Holgate. Here are her essential dos and don’ts for adding muscle to your password:
• Don’t choose a word – hackers use programs which try out every word in the dictionary.
• Don’t use your name or your company name.
• Do use a combination of upper and lower case letters, numbers and symbols.
• Do ensure your password is at least 7 characters long.
• Do link your password to a memorable phrase to make it easy to remember.
2. Track your spending
Keep track of your personal and business bills and statements and check them against receipts. “It may be time-consuming,” says Holgate, “but the peace of mind gained is immeasurable.”
3. If you think its spam, delete it!
Never open spam emails, delete them immediately. Consider using two email addresses: one for people you know, the other – which should include no identifying features – for all other purposes.
4. Get shredding
“Your rubbish is a goldmine to a potential criminal so make sure you and your staff destroy any paperwork with your own, or your company's, details on it,” says Holgate.
Use a cross-cut shredder, which cuts paper into tiny pieces before recycling. “And don’t forget to shred your CDs and DVDs, too,” she says.
5. Who do you think you're dealing with?
Only interact with companies you can verify. To confirm the owner of a website and to find out when it was launched, visit whois.domaintools.com. If you want to trace the location of the sender of an email try whatismyipaddress.com.
6. Clean your computer
If you’re planning to upgrade your computers, ensure all sensitive information is wiped off the old ones before disposing of them.
7. Phishing, Smishing, Vishing…
Ensure you’re never on the wrong end of a phishing scam: if you are directed to a website from an email, always compare the link in the email to the link you are directed to, says Holgate. And if you are banking online, type in your bank’s website in full.
Smishing is the use of SMSs to trap unsuspecting cyber-crime victims. “It is never okay to give out personal information via SMS,” says Holgate.
Vishing is when someone sends an SMS stating that a bank official will contact you to update your details. You will then receive a call from the ‘official’. “Hang up immediately and inform your bank,” advises Holgate.
8. What's your policy?
Make sure everyone in your company is aware of the risks of identity fraud and how to handle sensitive information. “And don’t forget to revoke any access that ex-employees might have had,” says Holgate.
9. Get insured
For added security, consider taking out identity theft protection from your insurance company.
10. Don't be a reckless networker
If you’re using social networking sites to build your company brand or to network, familiarise yourself with and use the privacy features. “Always use a strong password, and remember: never publish your phone number or BBM pin online,” says Holgate.
Need more advice? Ask Carolyn a question here!
*Carolyn Holgate is the General Manager of MWEB. Visit MWEB on www.mweb.co.za or call 08600 3200.