BBB on Top Five Ways to Prevent ID Theft Online

April 16, 2008

Despite the decline in reported ID theft, Better Business Bureau (BBB) warns that thieves and hackers still lurk online and is offering advice consumer can use to protect their personal and financial information.

“ID theft prevention should always be on an individual’s mind when they are online,” said Daniel MacDonald, Communications & Marketing Coordinator of BBB Serving Southern Alberta. “When it comes to protecting your identity, an ounce of prevention is worth far more than the amount of money, energy, and aggravation that goes into getting your life back to normal after your financial and personal information has been stolen.”

BBB recommends consumers take the following fives steps to prevent ID theft whenever they are online: 

1.  Don’t fall for a phishing e-mail.
Phishing—using email or phone calls to pose as a trustworthy organization in order to coerce sensitive information from victims—is on the rise.

Phishing emails can look legitimate with graphics and official logos of banks, government agencies, or credit card companies. The e-mails usually include hyperlinks that direct the victim to a Web site designed to install viruses and malware or solicit bank account or Social Insurance Numbers. 

In order to prevent ID theft through phishing emails, computer users should completely delete unsolicited emails from banks, credit unions, investment firms and government agencies with which they do not already have an established relationship. If the recipient does have an existing relationship with the supposed originator of the email, BBB recommends calling the organization to confirm whether or not the email is legitimate before taking any further action.

2.  Create strong passwords and protect them.
Developing a habit of regularly changing passwords makes it much more difficult for ID thieves to steal personal information. Some passwords, however, are stronger than others. Attributes of a secure password include a combination of numbers, capitalized letters and symbols. Consumers should never use sensitive information for a password such as their Social Insurance Number, mother’s maiden name or birthday.

3. Be safe and secure when on the go.
Computer users on the go should be wary of entering passwords or sensitive information into a computer that isn’t theirs, such as at an Internet café, library, computer lab or airport kiosk. Hackers can actually record their target’s keystrokes to learn passwords and other information.

Wi-Fi networks, either on the road or in the consumer’s own house, present even more opportunities for ID thieves. The easiest way to protect a Wi-Fi network at home is to not broadcast the Service Set Identifier (more information on this topic is available at A safe rule is to avoid exchanging sensitive information through the Internet when using a public Wi-Fi connection and to simply wait until a trusted network can be used.

4. Guard personal computers with anti-virus, anti-spyware, and firewall protection.
Opinions vary, but the amount of time it takes for an unprotected personal computer to become infected with a virus or malware can range from four to thirty-four minutes. That’s why a computer must have good anti-virus software, as well as anti-spyware and firewall protection. Consumers can purchase protective software, but there are also a number of reputable, free programs available for download online. BBB advises consumers to do their research into a company beforehand to make sure it provides legitimate, reliable software. Also, many operating systems already provide firewall protection so users should always make sure this protection is enabled.

After acquiring security software, users must keep the programs updated. Operating systems also require patches and other additional updates that computer users need to install in order to maintain security.

5. Only transfer information over a secure server.
When it comes to giving out personal information online, consumers should only do so on a secure server. On a secure server, the information is encrypted as it is being transmitted; that way, others can't read it if they should intercept it.

BBB advises consumers to make sure they are on a secure server by checking the URL of the page when asked to give any personal information. An unsecured URL will look like this: A secure server will have an "s" either in front of or following the "http", and it will look like this: or s 

For more trustworthy information on preventing ID theft, as well as BBB advice on what to do if your identity is stolen, go to