Compared with other challenges in our technological world, identity theft is a newcomer on the scene. As recently as five or 10 years ago, we felt relatively safe surfing the World Wide Web. Today, the threat of our identities falling into dangerous hands tops the list of rapidly growing e-crimes.

The ever-increasing use of the Internet gives agencies an excellent opportunity to provide their customers with information they can use to protect themselves against identity theft. Here are seven of the most common mistakes people make online that can lead to identity theft.
Mistake 1: Handing over personal details to a phisher. According to Webopedia, phishing is “the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, Social Security and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information.”
For example, some cyber bad guys recently spammed large groups of people with a false eBay scheme to supposedly “confirm” credit card information. They counted on a certain percentage of readers being willing to carelessly hand over valuable information.
Financial institutions are being hit the hardest. According to a 2007 study by the IBM Internet Security Systems X-Force, 19 of the top 20 companies that were the supposed senders of phishing e-mails were in the banking industry.
Protection tip: Never click on a link in any e-mail from someone you don't know, especially if it's from a business like eBay. Open a browser and visit the real Web site. You can find out more about phishing scams at www.scambusters.org (“Phishing Scams: How You Can Protect Yourself”).
Mistake 2: Telling the world who you are and how you live. Social networking. Belonging. Instant access to new and old friends around the world with a mouse click. What a fantastic opportunity to be part of the great cultural link known as the 24/7 wired society. Or is it?
Sites like Facebook and MySpace are adding new members by the minute. Unfortunately, criminals are also working minute by minute on new ways to add to their collection of identities stolen from unsuspecting social networkers. Their target? Insignificant details about your daily life and lifestyle.
These thieves understand the value of ordinary tidbits of data that can enable them to piece together enough information to pass themselves off as you and commit another crime. They can screen-grab your photo, too.
Protection tip: Never use your full name on social networking sites. Use a nickname wherever possible. When you must use your name, never provide additional personal details and resist the temptation to post your photo.
Mistake 3: Downloading spyware by clicking on one of those annoying pop-ups. When was the last time one of those annoying pop-up messages invaded your Web experience? If you were on the Web this morning, you may have seen one (or many more) today.
For example, a common threat is the pop-up message warning you that your Internet security is at risk. At best, this seemingly innocent act can be the first step to downloading and installing a program on your PC aimed at identity theft or spying. At worst, you could be downloading a cyberspy that records every keystroke before sending this valuable information to a scammer.
Shady music downloading sites or clicking on an e-mail link that tells you a friend has sent an e-card greeting can be the first step to identity theft.
Protection tip: Never click on an unexpected pop-up. Even better, disable pop-ups in your browser if you can. Before you click on an e-card link, make sure you know the sender.
Mistake 4: E-mailing your confidential information to thieves. Many agencies are surprised to learn that their e-mail is probably not secure. This means that e-mailed information is up for grabs for cybercriminals. Customers have the same problem. Whether their e-mail is hosted by Yahoo, Hotmail or one of the other dozens of e-mail services, information ranging from an address to a Social Security number is ripe for picking.
Protection tip: Do not put personal or financial information in an e-mail. Phones still work in the Internet Age, and they're much more secure. If possible, make sure e-mail is deleted from the server by the e-mail provider. And don't forget smart password management by making sure addresses and passwords are hard to guess (see below). If you visit a site that requires an e-mail address and you're reluctant to provide one, check out a creative option: one-time e-mail addresses available at www.10minutemail.com. You can also use a service such as www.sneakemail.com to create an e-mail address you can turn off at any time.
Mistake 5: Revealing yourself on unsecured Web sites. Here's a brilliant revelation: Unsecured Web sites cannot secure information from hackers and scammers. Entering personal details on even a legitimate site can make you an easy target for identity theft if the site isn't properly secured.
Protection tip: Look for “https” or “shttp” (the 's' stands for secure) before giving personal information. Another tip is to look for a lock icon in the address or status bar.
Mistake 6: Leaving personal information on a public computer. What do cybercaf?s and public libraries have in common? They're both places where personal information can be left behind for eager identity thieves to steal.
Whenever you walk away from a computer, you potentially leave a wide variety of personal data behind. Even computers that are shared with coworkers increase the risk of losing control of private personal data.
Protection tip: Avoid using public computers for confidential purposes, period. Even if you logged out–which is nonetheless still a good idea–details of your activities are still stored on the PC. Public computers may have spyware to capture passwords. Make a habit of frequently cleaning your browsing history by using the options or security menu in the browser.
Mistake 7: Using easy-to-remember passwords. If your passwords are easy for you to remember, they're also easy for cybercriminals to guess.
Passwords, the very tools designed to provide security, are often the weakest link in our Internet armor. Using any single word, whether it's your pet's name or a random word from the dictionary, makes it easy to discover. Using insecure password savers or storing them somewhere is also a giveaway.
Protection tip: Obviously, stay away from passwords based on the name of your pets or kids or important dates. Use mixtures of letters, numbers and even punctuation, and change them frequently. Don't use programs that fill in your passwords unless they too are protected by a master password. An excellent place to start examining the security of your password is Microsoft's online password checker.
The Internet superhighway carries an ever-growing amount of the activities, information and communication that make up our modern society. We all understand that car drivers must be educated and licensed to operate a vehicle. Doesn't it also make sense to educate Internet “drivers” on the proper and safe way to navigate their wired world? And all the more so when it's apparent that the electronic future will bring only more identity risk?
Like most insurance carriers, Allstate has an excellent commercial in which the distinguished actor Dennis Haysbert offers a free “Parent-Teen First-Time Drivers' Contract.” Since the public already understands the benefits of driver training, offering something like a “Parent-Teen Identity Protection Contract” is an excellent opportunity for an agency to communicate a strong protection message to both baby boomers and Gen Y. Sound like an interesting idea? Advanced Automation has just such a resource that we'll be delighted to send you. Just e-mail me–securely!–at [email protected]. Tom Baker is the Solutions coach for Advanced Automation's Solutions agencies. For the past 17 years, Advanced Automation has offered agency consulting services to address a variety of management and agency development issues. He is also an author and frequent conference speaker. Tom can be reached at [email protected].