What rules should we follow in the age of
Fraud 2.0? It's very difficult to protect your financial data and personal data, but there appear to be a few measures that
may reduce the probability of a successful attack:
1. Never respond to an email or phone call initiated by a bank, governmental agency, financial entity, etc. These should all be assumed fraudulent. If a phone call demands urgent action and you believe it to be real, you may consider the option of hanging up and calling your bank at a known valid number. If you want to be truly safe, however, you probably have to go in person. (Who knows if the VOIP router has been hacked?)
2. Never, ever, enter any kind of sweepstake or contest. They now exist primarily to identify victims. As a general rule, never provide information about yourself through any avenue that suggests you are vulnerable, naive, or gullible. If you buy a lottery ticket, pay cash. You don't want to establish yourself as a mark.
3. Never, ever, respond to any telemarketers of any kind, including legitimate sounding charitable fund raisers. Always say - "I don't do anything by phone". Tell them to remove you from the call list. Tell them you have no money at all. It doesn't matter who they say they are, tell them "mail only". If you respond to a telemarketer you are marking yourself as vulnerable. If you deny them all then you establish yourself as a hard-case and the crooks will seek easier prey elsewhere.
My last bit of advice is more controversial. It's ironic because fifteen years ago I scoffed at those who claimed eCommerce was significantly more risky than regular credit card transactions. Now that we have
ultra-effective phishing attacks and a
decade of inaction by credit card companies my opinion has changed. So we have recommendation #4:
4. Commerce over the net, including internet banking, is a risky activity which should be avoided by all but the most technically savvy and well defended.
Number four is extreme. Our situation, however, is getting extreme.