Newsflash! The security of your computer and personal information are at stake. Sound insane? I thought so too at first. Hopefully my online blunders and the mishaps I have seen friends and family go through can help keep the rest of the ebay community safe. Why am I concerned? Why do I want to spend 45 minutes typing this guide to "keep you safe?" The reason is selfish really; the more people there are being careful, the more we are discouraging online predators to victimize ebay users which in turn keeps me safe. It is win-win really (except if you're one of those predators!), so listen up. This guide will cover safety and security for email, ebay users, ebay sellers, and those of us that have become oh-so-dependent on the internet in general.
Any Ebay User Should Be Aware...
Fill out your community bio and "About Me" with care. Be careful what pictures you put up as your "avatar." Be careful what you say and disclose to people in neighborhoods and blogs. While "About me," "avatars," "ebay Neighborhoods," and "ebay Blogs" are intended to help you network your product/your need for a product to a larger range of people (and also to give you more to do on ebay so you spend more time on the website duh!), it can come back to bite you. For instance, posting a picture of yourself if you are a.) young b.) female c.) BOTH is not a good idea. Sharing your age is not a good idea either. Why? People looking to infect your computer with viruses and all manner of icky things will be more likely to attempt to victimize you because of the stereotype that women, especially young women, are not computer savvy. We women also seem to be more prone to caring and compassion and will be more likely to open an email appearing to be from an upset customer/ebay user to solve a problem without thinking that the email might contain something malicious. When bogging or corresponding with people, do you let them know things about yourself that might be answers to your security questions for your sensitive accounts? Just by innocently labeling pictures in something like an online wedding photo album will let people know "the name of the best man at your wedding" and "your mother's maiden name." Those are TWO big security questions for a lot of companies (ie credit card companies) so BE careful what you put out there!
Password Security
Each account I have online (stores I shop at, ebay, paypal, Amazon), has a wildly different password. I never use the same password more than once per site. For example, should your email account somehow become compromised, the slimy thief that has access to your account without your permission now sees the advertisements you get from the online stores you use. This is a prompt for them to use your email address and email password at this online store, hoping you have the same password for everything. If you have your debit or credit card information saved to any of these online stores; I'm saying a prayer for you right now.
Making the perfect password: Pick a phrase you can remember. If you always have the same song stuck in your head, for example, "Rehab" by Amy Winehouse, take a line like "and I said no no no" and remove the spaces "andisaidnonono" then replace any letter that is shaped like a number, with a number such as "4nd1s41dn0n0n0." Then write it down and keep in a safe place. Don't use the one I used in my example now. This needs to be unique to you. NEVER use the same password to log into more than one place. Never type a list of passwords and save them to your computer. Should you ever have "malware" (short for Malicious Software) infect your computer, the author of the software may gain access to such documents.
I absolutely 100% swear by the PayPal Security Key (google it or look it up on PayPal.com, they won't let me add the link to it here because it is not an ebay.com link). One $5 Key can be used for one ebay account along with one paypal account. It is a digital keychain that offers a different number every 30 seconds that the "on" button is pushed. It is an extra password on top of the password you have already that constantly changes and no one has access to this key but YOU! I have one and I am begging my banks and credit card companies to do the same. I had to make this paragraph in bold because $5 for this little thing has, and I know it has, protected me more than I could ever imagine.
Keep a list (not saved to your computer) of all of the places you choose to save your credit/debit information to. If any account becomes compromised, you will be able to troubleshoot better.
Request that vendors you have information saved with do not email you advertisements. If someone should gain access to your email, you do not want them to know where you shop. If you mention "identity theft prevention" to reputable companies, they will stop their mailings immediately-even the most aggressive of advertisers.
For Buyers
If someone that you do not know offers to sell you something online ask them to set up a "buy it now" on ebay to keep the transaction secure. If they refuse; block them. Sending payment information over the internet with no security or method of filing a dispute or investigation is not a good idea.
Buying from people that have good feedback is important. However, the number of feedbacks they have are important too! I personally do not purchase from people with less than 20 feedbacks (must have at least 95% positive). Someone with little to no feedbacks will not value their ebay account as greatly as someone who has a large amount of feedbacks. If someone does not value their ebay account, it won't matter to them if you are unhappy or cheated because they can just delete the account and start over again.
For Sellers
If you have an email scanner (such as Norton) turn it on. If you do not have one, get one. Request that people have questions send you a secure email using ebay. This ensures that the email is safe to open. If you did not sell anything recently do not open emails that are yelling in the title "WHERE IS MY ITEM, I AM GOING TO LEAVE NEGATIVE FEEDBACK!" I wouldn't open those emails even if you did sell something recently. If you open a suspicious email DO NOT REPLY to the email and DO NOT CLICK on any links or pictures!!! Run your virus scanner AND spysweeper immediately and do not log on to any more websites until you get a clean bill of health from the scanners.
Speaking of anti-virus software: Norton Antivirus did absolutely nothing for me when my computer has been in trouble. Most of the nutty-computer-hacking-life-altering-identity-stealing sleesebags out there are using "Malware." This is NOT included in your Antivirus software (usually). Malware is not a virus. It is software that attaches itself by what is called a "worm" and can change the behaviors of your computer (ie sending a page you are viewing to it's author, spying on your hard drive). Get an Antispyware program WITH antivirus protection and a firewall. I have several different programs on my computer and you can set them all so that they do not block each other. These hackers are not so concerned with computer-wrecking viruses as much as they are with a program that will let them steal your identity.
Turn you computer off when not in use OR get a firewall that allows you to "stop" (stop all internet communication with computer) when the computer is not in use and a "filter" option that will alert you with the name of any program within your computer that is trying to access the internet. The filter option will allow you to block any communication of programs you do not recognize.
Emails From "ebay" (this is mostly for sellers, can be for anyone).
Get a Gmail account!! With my Yahoo account, it says "from" and then the "subject" of the email. It does not show the email address. False "ebay" sounding titles will coax you to open the bad email. With Gmail, it shows the same thing, but you can put your mouse over the "from" part and it shows you the email address that it is from WITHOUT opening the email. Look at the address, is it from "ebey.com"? Look at the last part of the address, they've spelled ebay wrong. Is it from "yaho.com"? Notice Yahoo is missing it's last "o" . Never open these (or any others like it, ebay and Yahoo are just examples). What in the world would they need to spell an email address wrong for? Hijackers that have gained unwarranted access to other people's accounts (normal folks like you and I), will then change the password so that initially, these people cannot get back into their accounts and see what's going on. They they use that person's email account to send out viruses and malware to other people, but they slightly change the spelling of the email address (like in the examples I just mentioned) so that if the recipient attempts to respond to the email account/address it was sent from, they will get a mailer error. If an email account is used this way involving ebay or paypal transactions, both ebay companies are AWESOME in letting you know about it.
"This seems impossible! I am running a business here, I can't be suspicious of every single email. I do not have time." Who does? That is what the authors of these "programs" are counting on! To make everything shorter and easier, put on each listing you have and in your "bio" and "about me" sections: "Please contact us with any of your questions! If you need to contact us, please use the "contact the seller" option ebay provides on each auction listing to ensure the safety of our computer's and your's. Contacting us using your personal email and not ebay's secure contact option may result in us choosing not to open your email. Thank you for understanding." Therefore, if you get an email that appears to be from ebay or an ebay user, do not open it in your personal email. Log on to ebay and check "my messages" if it is a legit email, a copy of it will be in your ebay messages inbox. Never, ever, ever respond to an email you do not trust, and never, ever click on links or pictures in an email of someone you do not know. It is asking, begging even, for trouble.
Non-Internet and Internet General Protection
Call your banks, debit, and credit card companies. Request a money limit per transaction or per day (ie "I don't want anymore than $100 charged to my card per day." Request immediate notification if your bank account goes below a certain number or your credit card balance goes above a certain amount. Get one credit card with a SMALL credit limit and only use this one card on the internet. This limits the amount of assets that you have that someone can attack from online. Opt to order over the phone instead of the internet when you can. Request new cards with a changed account number when you feel you might have been compromised. IT IS NEVER A PROBLEM for them to do this for you and do not hesitate to do so. If you must use a debit card online make sure it is backed by a major credit card company. If your debit card is not backed, good luck.
Get a locking-mailbox. The mailman can slip the mail in, but to get it back out it has to be unlocked with a key. People steal mail all the time. Just think of all of the account numbers and other nonsense that show up in your mailbox each day. Would you want just anyone to be able to open your mailbox and grab it? Get a paper/credit card/CD shredder. I have three in my home. Besides, it makes everything fit into the recycle bin more easily.
Too Late, the Sky is Already Falling:
Take a deep breath. You will need to act quickly and smartly. There is no room for spazzing out or emotions here. Identity theft is serious business and you need to mean business to ensure your safety in the future and that your assets will be returned to you.
Report it immediately. Notify every credit card company you have about the problem and request a hold on all transactions, especially internet transactions. Do the same for your bank account and debit cards. Do this for debit and credit accounts that you are not even worried about. You never know what could happen. Request the account numbers be changed and that new cards be issued to you.
Check in with your bank frequently for the next several weeks for purchases that you did not make. Have fraud/dispute forms handy.
Notify the police and don't let them make you feel like this isn't an issue they would not write a police report for especially if financial loss is involved. Identity theft, no matter now unsevere, is still illegal. File a report with the Internet Crime Complaint Center (IC3). Go to ic3.gov and click "file a complaint." Give them whatever information you know about your issue (you do not need to give them credit/debit bank account numbers or sensitive information!!!). PRINT OUT/MAKE COPIES OF ALL COMPLAINTS/ACTIONS TAKEN. You will need to prove to your creditors that this WAS NOT YOU and you are doing everything you can about it to make it right. If it was a debit card or bank account, and money was stolen from you, you may be given a provisional credit to replace the money for a certain time period but you will still need to provide documentation that you were robbed or you will owe this money to you bank.
Change your password on any online accounts, even ones you are not worried about. Never use the same password twice.
PayPal funds sent to some random email address you do not know? Dispute it immediately.
Did someone make purchases on ebay, Amazon or another company using your accounts/payment methods? Contact the company (ebay, Amazon) and also the seller of the item and let them know what happened. Ask them to stop shipping on the item if possible. Do not yell at them, this is not anyone's fault but the person who frauded you. Could you imagine being a seller and someone emailing/calling you yelling they want their money back because this was fraud? a) would you believe them? b) would you want to be out of an item AND out of the cash to pay for someone elses's identity theft when you didn't do anything wrong? For refunds I would go to the site Amazon, ebay, PayPal or my credit/debit company instead. This is not the seller's fault or problem and they certainly do not deserve negative feedback (unless they are really mean and ignorant or something).
Call a professional to manually scan your computer and remove the malware. Do not use your computer to log onto anything sensitive OR enter in credit/debit/bank account numbers until you are sure your computer is OK.
Check your credit report. A credit card number and your Social Security Number are all anyone needs to apply for a store card at someplace like Zales or Victoria's Secret and take you to the cleaner's if they (you) are approved. Make sure no one has taken out a loan in your name; even if you don't think it is possible. You do not know what they know about you/have stolen from you until you see what they can do with what they stole. You can "freeze" your credit as well. If anyone tries to take out a loan in your name or apply for a store/credit card in your name it will alert the business/credit card company that the person applying is probably not who they say they are and it will not allow the transaction to go through. This means you cannot apply for a card either while your credit is still "frozen."
This is the end of my guide so far. I will add more if I can think of anything. PLEASE VOTE that you found this guide helpful! I spent a lot of time writing this, truly caring about the wellbeing of other people and I would appreciate the feedback. Thanks so much for reading! I hope it helped!
)