I got an e-mail message from Amazon.com last week. Seems the order I placed for a t-shirt – one of those screened to look like a tuxedo – had been canceled. “Damn it,” I muttered to myself. “Somebody got me.” I found my way to the “Contact Us” section of Amazon, put the order number in the subject line and typed a quick note along the lines of: “Regarding this order, I didn’t place it. And I didn’t cancel it. Suspect identity theft and fraud.”
It was right about then that my 15-year-old son came through the door. “You didn’t order a tuxedo shirt through Amazon did you?” “Yes,” he stammered, sure I was going to be mad he did so without asking permission. “But then I canceled it.” How could this happen? Very easily. Our desktop computer is a communal machine. Thanks to cookies that have been dropped by Amazon, a site I frequent, it recognizes anyone who goes there from that machine as me. And to make my own life easier, I’d signed up for one-click ordering. I jotted another note to Amazon: Sorry, false alarm.
“Are you mad?” my son asked. In fact, I wasn’t at all. He’d alerted me to the fact that even after taking what I thought were some precautions, I still had way too much of myself – and my financial life – online. I wrote about this issue for my monthly column in More magazine. And after I did so, I started taking the precautions I’d recommended. I stopped banking from Starbucks. I made sure my firewall was active and my passwords strong. I stopped leaving my credit-card information when I shopped. But I didn’t go back and retrieve those credit-card numbers from sites where I’d already stored them.
Perhaps the most potentially dangerous breach lies on Facebook. In the story, I noted that you should be very careful about the information you put on your page. References to a favorite pet or middle name could tip friends or friends of friends off to your likely passwords. Even the sharing of birthdays (a feature I love because I’m one of those people who constantly forget even the days I really want to remember) has serious dangers. When American Express wants to verify it’s really me on the phone, what do they ask for? My mother’s birthday. Thanks to Facebook, that information could wind up in the hands of a friend who’s not all that friendly.
Or – as I read in a recent New York Times article – in the hands of someone who isn’t even remotely connected to me. “During several weeks in February, iDefense tracked an effort to sell log-in data for 1.5 million Facebook accounts on several online criminal marketplaces,” the story said, adding “bundles of 1,000 accounts with ten or fewer friends for $25 and with more than ten friends for $45.” What could be done with this information? Bank accounts could be robbed. Jobs and mortgages could be applied for. The permutations are endless – and creative. The Times focused on a California woman whose Facebook was breached. The hacker sent e-mails to 20 friends that she was stranded in the UK and needed money to get home. One friend actually wired some.
What to do? Be a little more careful, and a little more vigilant. Check your credit reports a few times a year at annualcreditreport.com. Bank online (from home) so you can constantly see the flows of your money. We’ve gotten so comfortable with our abilities to shop from anywhere, bank from anywhere and communicate from anywhere, that we’ve let our guard down. It’s time to remember that all that convenience may come at a cost.