Do NOT use
your User Name(s) or email address(es) in any forums or discussion
groups, use a completely different ID instead and use a 'disposable'
web based email address (such as Hotmail or Yahoo). Many user names/email
addresses are picked up from these groups by fraudsters (especially
the Usenet groups which are almost completely unmoderated and full
of personal abuse and spamming and subsequently receive a plethora
of spoof and spam emails).
Do NOT use
the same password for more than one site. This is very dangerous, if
for example, you had used the same password for eBay and Paypal,
then it would take the fraudster a few more seconds to completely wrap
up your auctions and accounts. Many people have used the same password
over and over again when they really should not.
NEVER,
and I do mean never click on any link, or complete any form in
any email whatsoever! That applies whether it is genuine or not,
and this is because any link can be disguised with a little knowledge
of HTML code (http://www.ebay.co.uk may
look like it will take you to eBay UK, but it will actually open our
home page with ebay.com showing in the address bar). See also Identity
Theft Part 3. Its best to open your internet browser and manually
type in the address of the web page you want to go to.
NEVER supply
your user ID and password in response to any email whatsoever. eBay
and Paypal will never ask you to do this, so DON'T DO IT!!
Always sign
up with any online payment scheme (such as Paypal) using a private
email address that you do not use elsewhere. Your email for eBay does
not have to be the same email address that you use for payments.
Always use
a secure sign in, reputable and responsible sites offer this, if they
don't - DO NOT USE THEM! eBay has a very poor policy on this; you will
always be offered a standard sign in on their log in screen, with the
secure sign in as an option. Amazon and Paypal, however, only have
a secure sign in, and once signed in, you are contained within a secure
connection. Secure connections have a URL beginning with "https://" and
will show a 'locked gold padlock' symbol
in your browser's status bar.
NEVER write
down your password(s) OR share them with anyone (hell hath no fury
like a friend/partner scorned)!
Always ensure
your physical privacy when entering your User ID and password - make
sure that no one can see what you are typing.
BE AWARE of
the URL address of the website that you are visiting and be satisfied
that you are at the correct site before interacting with it
in any way. For instance, if you were at the sign in page of eBay.com
(US site), the address will be http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn.
Get familiar with those site address prefixes and if you need to be
sure that you are at the right site in the first place, simply enter
the address of the site's homepage in the address bar of your browser
(e.g. www.ebay.com). Once you are at the site, check the URL
in the address bar.
NEVER remain
logged into your account unnecessarily - do what you have to do and,
when finished, log out staight away.
DISABLE JAVASCRIPT (or
active scripting) while browsing auction pages and' About Me' (or any
other user compiled) pages in eBay. We've seen a demonstration of Cookie
data being gleaned from users' machines from within these pages in eBay (such
as other users' 'About Me' pages - as was perilously shown by a now banned eBay
user). Log in only to buy or sell, and log out when you are finished.
CONFIGURE YOUR
EMAIL program to read emails in
plain text only
USE reputable
firewall and anti-virus software at ALL times. Also, keep the programs
updated on a daily basis (including virus definitions.
USE a
reputable trojan horse and/or privacy scanner program, such as Spycop.
Also, keep these programs and your operating system (such as Windows)
up to date on a daily basis.
Next we look at what we can do to avoid becoming
the victim of a hijacked account on eBay...