Don’t Feed the Hackers - When you go online, you share the Internet with nearly a billion others, including some information-hungry criminals.

by Mark Druskoff  |  Illustrations by Luc Latulippe

It’s hard to remember a time when you couldn’t check the weather forecast instantly, read up-to-the-minute news, print out travel directions and pay your bills without writing a check.

Despite all the ways the Internet has made our lives easier, it’s not without fault or weakness. In fact, security measures evolve daily to protect users, discourage and disarm hackers and foil would-be identity thieves.

In the hands of these stealthy criminals, it only takes a few key pieces of data—Social Security number, name, address, checking account or credit card numbers—to cause plenty of financial headaches. Unfortunately, this is the very same data we use to buy things online or check our account balances. So what are you to do? The best way to avoid problems is to be aware of the dangers.

A Feast of Information
A remarkable, unprecedented form of communication and commerce, the Internet had fairly humble beginnings. On Oct. 29, 1969, the first-ever Internet message was sent from one computer at UCLA to another at Stanford University. Within two months, the emerging computer network doubled to four computers. Fast-forward nearly four decades. By March 2007, according to Internet World Stats, total worldwide Internet usage exploded, reaching more than 1.1 billion people—an increase of more than 200 percent since 2000.

We’ve come so far so fast, it’s no wonder everyone isn’t up to speed on just how accessible all of our data can be. “It used to be no one thought about protecting their Social Security numbers,” remarks Mike Barth, director of privacy for Thrivent Financial for Lutherans. “They used to be printed right on checks. Nobody worried about it.” But the worldwide reach and fluidity of e-commerce has raised the risk significantly, especially if you’re not paying attention.

“Anytime you’re entering personal information about yourself online, your level of caution should go up,” advises Brian Picard, director of compliance and business continuity management for Thrivent Financial. But we all know that sometimes you have to share personal information online, particularly if you’re going to do many types of financial transactions.

So how do you weigh the benefits and the risks? “Everybody has their own level of comfort when it comes to taking risks,” Picard says. However, one of the best lines of defense when registering for a new Web site can be taking the time to actually read the security policy to see how your personal data is being protected before you press “OK.”

As Stacey Hennessey, vice president for product development and training at Thrivent Financial Bank, points out, this cautious approach to a new tool isn’t new. People looked at automated teller machines with an equal measure of caution and suspicion early on. It took time for this tool to be fully accepted, yet now people have come to rely on it. Use of the Internet seems to be following a similar path.

Taking the Bait
For many wrong-doers, attacking well-defended companies requires a lot of work, and they’ll usually move on to a more vulnerable target: individuals. Identity thieves are constantly developing new ways to obtain your personal information.

Some common tactics are viruses, spyware and Trojan Horse programs, because users inadvertently download them, but once installed they can enable hackers to control your computer. (Using anti-virus and anti-spyware software for your computer and keeping it updated, though not a completely fail-safe measure, is one of the best ways to deal with this problem.) Internet intruders also can attempt to log directly on to your computer, though a properly configured firewall is a good defense against such attacks.

Another common tactic is called “phishing,” in which an identity thief will send out authentic-looking e-mails from well-known financial institutions seeking to “verify” personal data. If you click on the suggested link and provide the requested information (often account PIN numbers), identity thieves can use that information to access your accounts or open up new accounts in your name. You should never respond to an e-mail (or phone call, for that matter) request for personal information that you haven’t initiated.

More elaborate still is a newer form of attack called “pharming,” where hackers will secretly redirect visitors from a legitimate Web site to a fake one that is virtually identical to the original (even down to a similar URL address), and then ask for personal information. In the event of a pharming attack, you might not know you’ve become a victim until identity thieves start doing damage. “Pharming is a more sophisticated scam,” says Dave Stacy, director of information security at Thrivent Financial.

“Fortunately, it’s more difficult to pull off.”

Another area to watch for is the rising use of wireless networks, made available in coffee bars, hotels and other public places, to connect people to the Internet. Such networks are often unsecured. “The average person may not know they are using an unsecured wireless network,” warns Dave Stacy. The best advice is to check the weather, check the news, but save your financial transactions for your home computer where you are likely to have a more secure connection to the Internet.

Protecting Your Plate
To stay ahead of would-be information thieves, keep tabs on your credit report through the three major credit reporting agencies: Experian, Equifax and TransUnion. Look for changes, such as unfamiliar new accounts or other activity. Federal legislation gives every consumer the right once a year to see the credit report on file with each of the three national reporting agencies for free (visit www.annualcreditreport.com for more information). Barth suggests staggering those free credit report requests to once every four months so you will continuously be able to monitor your credit situation. There are also fee-based online services that can keep you alerted on a more frequent basis.

Although risks exist when using the Internet for financial matters, they can be managed. And just as you need to be savvy about where you spend your hard-earned money, you should be circumspect about where you share your hard-won personal data.

Mark Druskoff is a Houston-based freelance writer.

Read More
Online Security Jargon
5 Kid-Friendly Internet Tips

Enhanced Security

Your information is important to you, and it’s equally important to Thrivent Financial for Lutherans. Here are some of the layers of security that help ensure member information is protected.

• Our Web site uses secure socket layer (SSL) technology to protect user information, and it uses industry standard encryption software, Verisign, which scrambles personal information while it travels on the Internet.
• Thrivent Financial takes steps to secure and protect information by encrypting all laptop computers carried by financial representatives.
• While Thrivent Financial uses e-mail to communicate organization and product news, we will never ask you to provide or confirm your personal information through an e-mail unless you have requested such an e-mail or transaction from us. Never respond to an e-mail (especially unsolicited) that asks for personal or account information.
• Callers to our customer interaction telephone center will be asked some personal questions to ensure we are speaking with the authorized person before we undertake any activity or make changes to the account.
• To protect the paper trail, Thrivent Financial shreds all discarded paper onsite at our Operations Center. In a typical week, we will shred as much as five tons of paper from both the Corporate and Operations Centers.