Australians are warned to be aware of a scam which is targeting public uncertainty following publicised hacking events or data breaches. People are being sent links to fake sites which ‘test’ your logon details for popular sites such as Twitter, LinkedIn, Facebook, Hotmail and Gmail. But be warned, many of these are fake password checking sites, or similar and are phishing for your user name, password and other personal information. We look at this scam in more detail, and how it could impact you and your credit file.
By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.
Giving away your details to these sites could put you at risk of identity theft and credit fraud– so the message from Australia’s ‘Stay Smart Online’ is – always be suspicious of sites asking for your user name, password or personal information. If you’re not sure – don’t take the chance.
“Links to password checking sites often circulate on social media and email after publicised hacking events or breaches – such as the hacking of the Associated Press’s Twitter account – a time when checking the strength or security of your own account might seem appealing,” Stay Smart Online warned in an alert yesterday.
SSO advises never to enter your username and password anywhere except on the site it is intended for:
Don’t use links in emails or social media messages that take you to a log in page. Navigate there yourself independently to make sure you are on the legitimate site’s logon page.
Make sure the addresses of the websites you use are correct.
When logging on to a website, check for HTTPS (or a padlock) in the address bar. This is the secure form of HTTP. Websites that don’t offer HTTPS at logon are unsecured.
Always be suspicious of unsolicited emails, especially those seeking personal or financial information.
SSO says there are some legitimate password-checking sites out there, and some of the legitimate sites have been copied.
Legitimate sites can use minimal information supplied by you, such as your email address (not your password!) to check your address against lists of stolen information found in data dumps on hacker sites. Other legitimate sites may offer to simply test the strength of your password. But trying to distinguish the real from the fake may not be worth the risk.
SSO warns fake sites may be very difficult to distinguish from legitimate ones, and will simply collect your details.
“…someone then has everything they need to access to your account,” SSO states.
The danger in clicking on any link from an unknown source is not only that the personal information that you give out could be directly warehoused for future purposes of identity theft for fraud, but you could also end up downloading malware or a virus which takes that information from your computer.
Recently MSN Money commented on this latest scam in its story Avoid Password-Checking Sites:
Given that most people still use simplistic passwords and use them across multiple sites — as has been shown in a variety of data breaches and surveys — there’s a lot at stake when you give yours away. Imagine losing control of not only your social networks, but also access to your email, online banking and other personal and financial information.
Even if you catch the breach quickly, it will still be a colossal pain to get everything back to normal.
What can fraudsters do if they can get their hands on your personal information?
They can steal passwords to your bank or credit accounts and they can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents, and apply for credit in your name.
Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties – the victim can have a stack of credit defaults against their name by the end of their ordeal – and sometimes no proof it wasn’t them that didn’t initiate the credit in the first place.
Recovery can be slow, and in some cases victims have had no way to prove they weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity crime happening long before the fraud took place.
New laws coming through in March 2014 are aimed at protecting your credit file following an incidence of identity theft. If you know you have been scammed, you will be able to put a ‘ban’ on your credit file – so no one will be able to access your credit information – therefore protecting your credit information from misuse.
But if you don’t know you have been scammed until it’s too late, or if you can’t pinpoint what’s happened to you, it may be still be difficult to protect your credit rating. So you have to be sure you protect all of that, by staying ahead of scams such as this, and by keeping strong passwords.
MSN Money provides some tips from Microsoft about password security to consider when creating — or changing — a password:
• Make your password at least eight characters long
• Mix up the characters with capitals, lower case, numbers, symbols and punctuation marks
• Change your passwords regularly
• Use different passwords on different sites
If you think you might have entered details into a fake site…
* Change your password immediately. If you use the same logon information elsewhere you should also change these passwords, ensuring you create a unique password for each service.
* Contact the Police – as well as your bank – especially if you have given over personal information to fraudsters. Don’t be embarrassed – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place. You should also contact the credit reporting agencies that hold your credit file and inform them that you may be at risk of identity theft.
* Order a copy of your credit report. If there are any inconsistencies on your credit report – change of address, strange credit enquiries and credit you don’t believe you’ve accessed, then you may already be a victim – and should do all that’s possible to follow up on each account so as not to accrue defaults on your credit file that should not be there.
Credit file defaults are difficult for the individual to remove and generally people are told by creditors they remain on our file for 5 years, regardless of how they got there.
Although it seemed so easy for the fraudster to use your good name in the first place, you are now faced with proving the case of identity theft with copious amounts of documentary evidence.
If you have neither the time nor the knowledge of our credit reporting system that you may need to fight your case yourself, you can seek the help of a credit repairer. A credit repairer can help you to clear your credit file and restore the financial freedom you rightly deserve.
The reason a credit repairer is usually so successful in removing your credit file defaults, is their relationships with creditors, and their knowledge of current legislation.
Visit www.mycra.com.au for more information on identity theft or how to repair bad credit.
image: foto76/ www.FreeDigitalPhotos.net