PayPal scam!

[bil207]

PayPal scam rises again

[LR827]

This is what I'd like to know:

If you do not fall for a scam -- if you do NOT send your credit card info to the scammer -- is there any way for them to "harvest" your information off the PayPal (or other) site itself?

In other words, can they hack into a credit card acct. and use it regardless of having contacted you & obtained your information directly from you?

[Diana]

Hi Lorraine,

To keep from becoming completely paranoid, I've chosen to trust that most banking/shopping sites are doing all they can to prevent hackers from getting into their systems. I do my checking before I place this trust though:
Do the sites use the SSL (Secure Socket Layer) technology to encrypt transmitted data? Are their certificates valid and issued by a recognized issuer? Are their privacy policies up to snuff? Then, are they selling/offering a legitemate service for a legitemate price?

I refrain from letting my browser or the site "store" my credit card information. I put that store in quotes because although I may have to enter it each time I do business there, I can't guarantee that the final person who processed my order didn't keep the card info somewhere, but I also trust that my waiter at the Chuck Wagon didn't do the same thing.

We are also responsible for making a best-practices effort to create unique usersIDs (where you're given that option) and very difficult passwords. Passwords should _never_ be made up of words or anything that can be found in any dictionary in any language. Passwords should be a mix of upper and lower case letters, include some non-letter characters like #, &, * and numbers 1-9. There are techniques for creating "random" passwords that are secure but mean enough to you the user that you can remember it, important because if you write it down on a sticky note and paste it to your monitor you're defeated before you even start.   Oh, and I say "it", but make sure that you don't use the same password for all applications/uses. If someone did hack your password at TS and attempted to use it at PayPal, you'd be sunk again if you used the same one. If your userIDs or passwords are too easy, hackers may attempt to gain access to your personal info at some place like PayPal through brute force means by using their browser and pretending they're you...guessing and guessing until they get it right. (there are programs to automate this). But a more secure site will lock the account after a set amount of failed guesses and this will prevent most of these types of attacks. Using difficult userIDS and passwords will mean that no one can guess in the first three tries.

Don't use any of the many programs that offer to make life easier for you when filling out forms. M$ Passport being a big offender. Many of these offenders are OS sensitive because they need Outlook or a  Windows browsert to get themselves installed..(Outlook Hotbar being a new one. Gator being an old one), but you are using passport if you have a hotmail account. Obviously you haven't put credit card details in your passport settings you're not giving that away, but you still may be giving away more than you knew.

So, I believe that using your credit card on the internet is no more insecure than giving it to the waiter as long as you've done your homework. Be smart, be a little paranoid, be very watchful and sleep well.  

[pendragon]

What Diana said.

And just in case...

In addition to notifying the credit card issuer in the event of card loss or theft, notify the credit tracking companies. This will put in place the controls necessary to ensure you are not a victim of identity theft.

The numbers are:
* Equifax 1-800 525-6285
* Experian (formerly TRW) 1-888-397-3742
* Trans Union 1-800-680-7289

The Social Security Administration also has a fraud line: 1-800-269-0271

The FTC Identity Theft Hotline is: 1-877-438-4338

Harv

[LR827]

That's very helpful.

I haven't used any Passport or Gator programs, but I am certainly guilty of allowing some places to keep my credit info on my account.  Amazon, eBay and Paypal.

I have not gotten the password thing under control, yet -- stickies versus having to have my password re-sent to me every time.

The only real step I've taken to protect myself is to have 2 credit cards and 2 bank accounts (for PayPal) each with a relatively low balance.  One credit card limit is $1,000 and the other $500., and I try to keep both bank accounts under $500.  That way, even if I'm hacked or otherwise mutilated, at least it'll be limited.

So, how do you keep track of a zillion different passwords without using stickies?

By the by, Di, love the new avatar!  Is that you in the saddle?

[Diana]

I trust Amazon but not E-bay..but again, I have to trust PayPal, even though they're an E-bay company, because to get full use out of it, you have to leave your card number with them. Your method of assigning special accounts for internet use is smart.

As for passwords, one way to create memorable ones is to use phrases...again not one anyone would guess you would use, but something that you can always remember. You can take a sentence; a favorite quote, a statement, a question and pull characters from it. Ex: "Drive thy business or it will drive thee." (Benjamin Franklin) and create this: dtb01WDt!
I replaced the "o" with a zero and the I with a number 1 and randomly capped some of the letters. The exclamation point is to make it have a character that isn't even in the quote. Now, if that was a quote I knew well, I could easily remember that password. Since there are many sites that require passwords, I sometimes use my self-created userID to help me remember which password I used for that site. If the userID has an exclamation point in it, then the password will be the one and only one I"ve used that has an exclamation point in it. (_never_ make your useIDs and passwords the same!)
You could also make this password from the above quote: RhUrT14H& by using the second letter of each word. ( 4 = R backwards   )

There are conflicting theories about how long passwords should be, but to maintain a consistency across sites, use at least eight characters. Some sites require that many and if you're used to using something shorter, then sure enough, that will be the one you forget. All this does take some work, but if we could convince everyone of the value of having very secure passwords, much of the kiddie and internal corporate hacking that goes on these days would be greatly curtailed. I generate random passwords for the users on this server and if I'm not convinced that they will change them responsibly, I "forget" to tell them how  

   Yes, that is me in the saddle. The horse was So Long Jet (AQHA stallion) and we were showing at his first ever dressage show, training level and he scored a 68.   (for those who don't know the scoring process, 68 is pretty darned good for a newbie..