A cybercriminal can buy credit card data for about the cost of two lattes at Starbucks. A set of 50 "fulls" -- or complete credentials stolen from customers of big American banks -- can be purchased in underground forums for around $500, according to RSA, a security firm used by the majority of Fortune 500 companies. Add 30 fraudulent calls to banks, online merchants and money transfer services for another $300. Now he's all set to make big ticket purchases and resell the items, and it's on your dime.
Take steps to prevent identity theft. Here's how:
The autofill function in browsers was designed to save users time, automatically filling in forms with information like names, addresses and phone numbers, each time a form is detected by the browser. However, the cost of convenience may be too high.
No browser is immune. At a conference last summer, Jeremiah Grossman, chief technical officer of White Hat Security, showed all four major browsers -- Safari, Internet Explorer, Chrome and Firefox -- to be susceptible to autofill vulnerabilities. As soon as browser companies patch a current version, cybercriminals look for new ways to steal information.
If you're an Internet Explorer user, select tools indicated by the gear in the upper right corner in IE8 and then select Internet options from the dropdown menu. Click on the "Content" tab and then click "Settings" in the AutoComplete section. Uncheck the boxes for forms and user names and passwords on forms. Don't close this dialogue box without also clicking on "Delete AutoComplete history." (If you haven't updated to Internet Explorer 8, do it now.)
Safari, Google Chrome and Mozilla Firefox autofill options are found under their respective tool menus.
Clean up e-mail
Cybercriminals steal e-mail addresses to spread their malicious links. Just last month, the Gawker network was hacked and 1.3 million logins, passwords and e-mail addresses were posted online to the delight of the criminal community. While you can't prevent such attacks, you can minimize the damage.
Establish one e-mail account for communication with friends, family and others who are known to you. Set up a second account for subscribing to newsletters and other services to keep these separate from your personal contacts.
If your e-mail account has been used to send unauthorized e-mails, close it. It cannot be salvaged.
It is possible and even likely that once you've closed an e-mail account, whoever stole it will continue to send spam and other unwanted messages to your contacts, using the closed e-mail address to make it appear that the e-mail is coming from your account, a practice known as spoofing.
Send a brief e-mail to your contacts from your new account letting them know you've closed the problem account. Remind them that any future e-mails that may appear to come from the old address can only be fraudulent.
Clean up passwords
It's tempting to use one password for all of your accounts, but it's also dangerous. If one site is compromised, the others may fall like dominoes to an attack. Use one password for your personal e-mail, another one for your secondary e-mail, a third for your online banking account if you have one, and a fourth for everything else.
If you're a frequent Amazon or eBay user, you might consider unique passwords for these types of accounts that involve financial transactions.
A safe password consists of letters, numbers and special characters if permitted by the site. Do not use passwords associated with personal information like your birthday or words found in a dictionary, which can be broken in seconds.
Keep an offline list of passwords that you can access. If you have to give a sensitive password to someone in an emergency, go online and change it as soon as you can.
No card left behind
If you saved your credit card number to a site, remove it. In the future, when you're shopping online and the site "asks" if you'd like to save your credit card information on the site, decline. Shop as a guest whenever possible rather than setting up an account.
Shrink online footprint
When signing up for an offer or online account, share as little personal information as possible. Mandatory fields are usually indicated by an asterisk -- leave the others blank. If you're just getting a coupon, why on earth do they need your phone number and address? They don't.
Some sites require just an e-mail address and a password, but even that can be risky. Consider a temporary e-mail address from a service such as www.mytrashmail.com, a site designed to give you a live e-mail address to fulfill a site's requirements, but lasts just hours.
Ogden-based TopTenREVIEWS.com guides consumers by comparing products in the world of technology, including electronics, software and Web services. Have a question for TopTenREVIEWS? E-mail Leslie Meredith at email@example.com.