Identity Theft and the Internet | Attorney General - State of Colorado

Identity Theft and the Internet

Someone Entering a Credit Card Number Online using a Keyboard

With advancements in technology, the Internet has now become a fast and convenient way to shop for goods or services, exchange information, and to manage your finances. At the same time, it is very easy for unscrupulous individuals to use flashy and professional-looking web sites to lure you into giving up valuable personal or financial information.  Before entering personal information online, computer users should make sure to review websites thoroughly to determine if they are comfortable with the level of security on each site. 

Privacy Policies can be a good resource to find out how web sites are encrypting the information they collect as well as how they keep user's information safe.  Users that are navigating the internet on a smartphone, tablet, or other mobile device should also be cautious of entering personal information into websites.  They should also take notice of their Wi-Fi connection and remember that entering information on public Wi-Fi isn't safe.  For tips on keeping your smartphone safe visit our Digital Fraud Center.

Important Tips:

  • Review the web site to determine whether the business has a posted privacy policy and a description of how they encrypt personal or financial information they receive from you to keep it safe. Read all policies very carefully. If a site does not post this information, or if you cannot understand a company's policies, do not do business with them.
  • Never provide any "optional" information requested on these web sites when making purchases.
  • Never provide your social security number unless you have independently verified that it is absolutely necessary (e.g., you may need to provide your SSN to check your credit reports on-line).
  • Never respond to e-mail or “pop-up” messages on your computer claiming some problem with a credit card, Internet, or other account. Promptly contact your real credit card company or ISP to verify that there are no problems with your account.
  • Set up all of your credit card accounts to require a secret password or PIN in order to be used. Do not use common numbers (like birth dates or part of your social security number) or commonly chosen words (such as a child’s, spouse’s, or pet’s name) as passwords or PINs.
  • Never store passwords on your computer. Memorize them or keep them in a separate, secure location in your home or office.
  • Keep reliable, up-to-date, anti-virus software on your computer. There are computer viruses that may come attached to e-mail that are designed to capture personal information from your computer.
  • Never post personal or financial information on discussion lists, chat rooms or public bulletin boards or forums, even if they claim to be private.

Phishing and Pharming
Your on-line mailbox is no doubt full of messages from complete strangers with even stranger messages: “This is the email confirmation of your recent purchase,” VERIFY YOUR ACCOUNT,” “THIS IS YOUR FINAL NOTICE,” “U.K. NATIONAL LOTTERY (WINNING NOTIFICATION),” and on and on. All of this is part of an elaborate Internet scam known as “phishing.” In a very real sense, these scam artists are fishing – not for bass or trout – but for your personal and financial information.

These and countless other e-mail messages are designed to fool you into thinking that you are dealing with a real merchant, bank, Internet service provider or even governmental official. You will often be directed to an authentic looking website where you will be prompted to “confirm” or “verify” account information, or to provide other personal or financial information (such as birth dates, family names, social security numbers, bank or credit card account numbers). All of these websites, and the emails that directed you there, are phony.

“Pharming” refers to another Internet scam where identity thieves misdirect your attempt to visit a popular legitimate website instead to another site of their design. They do this by attacking corporate domain name system (DNS) servers. The thieves attempt to change the records used to convert domain names to numerical addresses. Identity thieves don’t need to persuade you to visit their bogus website; you are automatically misdirected there. You think you are logging on to a favorite website to do some on-line banking, or purchase a book or download some music.

There are some basic tips to avoid these types of identity theft scams:

  • Never respond to e-mail messages from unknown persons or with suspicious messages in the “Subject” line. Your real bank, credit card company, or Internet service provider will not contact you in this fashion.
  • Install good anti-virus and anit-spyware software on your computer. Most new computers come equipped with such software, but you need to download updates (usually free) on a regular basis to keep up with all the new viruses being developed.
  • Verify that commercial websites you visit offer security features, including encryption technology to protect your personal and financial information. Look for a golden locked padlock icon in the lower right corner of the website, or a website address that begins “https” rather than the traditional “http.”
  • Review the website’s posted privacy and security policies. These should describe to your satisfaction how the business in securing your personal and financial information. They should also disclose whether they sell your information to third parties.
  • When a website requires you establish a password to access certain payment or other features, it will often ask whether you want them to “save your password.” This is tempting, especially since consumers have to remember so many passwords. However, you should never save important passwords on-line. Keep them safe at your home.