Zendough is an identity theft protection product that is offered by one of the three credit reporting agencies, namely TransUnion (the other two being Experian and Equifax). Zendough, as a company, offers a philosophy as well as credit monitoring services and tools for money management. That philosophy revolves around assisting the subscriber to approach a better overall understanding of their financial standing. While TransUnion has its own credit monitoring service (known as TrueCredit), Zendough takes this a step further by offering a complete finance management package. Within this package, credit monitoring and credit protection are merely aspects of the whole.

Zendough makes an effort to play upon the concept that financial issues require a clear understanding that border on the spiritual. As such, Zendough presents itself as a peaceful location where this type of financial “spiritual mastery” can be attained.

Product Features

Featured Zendough Services

Zendough offers several features that are advertised to promote a financial journey of money mastery. The key to this is, according to Zendough, is a harmonious and clear way of financial data organization that will make achieving financial goals and milestones easier. The services offered by Zendough are divided into several sections, as follows:

• My Zendough – this is a snapshot overview of the subscriber’s credit. It also includes credit alerts, risk assessment of ID threats, debt to income ratio and other financial metrics that are designed to present a complete financial picture.

• My Credit – a set of planning and management tools which will include a credit health score known as VantageScore. This was developed by all three credit bureaus in order to analyze an array of financial factors that include; recent applications for credit, payment history and balances. The goal is to illustrate how much the subscriber is relying on their credit.

• My Accounts – this is an analysis of the subscriber’s debt which begins with an income-to-debt ratio. There is also a presentation of how the overall financial health is impacted by the subscriber’s financial allocations. Suggestions are made as to how to more effectively manage those allocations.

• My Path – this presents savings and financial planning strategies for individual life events that include; marriage, having children, getting out of debt and purchasing a home.

• My Identity – encompasses identity protection services. These will include an analysis of online records and any necessary ID recovery suggestions and assistance. The ID recovery assistance includes case managers that can help subscribers regain control of lost ID information. However, unlike other ID protection services that offer more, Zendough limits its ID theft expense reimbursement to $25,000. It also does not offer services found elsewhere, such as credit freezes, etc.

Zendough Security

Information confidentiality is vital to any company that is offering identity theft protection. Zendough maintains this level of security through the use of:

• An Identity Verification System that has been designed to protect privacy and security. This will ensure that only the subscriber can view personal credit reports. This is accomplished through the utilization of a series of questions that have been compiled from the subscriber’s credit report. Incorrect responses will prohibit credit report viewing. If a subscriber is experiencing difficulty with this feature, they can contact the Zendough Customer Service Representatives.

• Zendough also uses SSL Encryption (Secure Sockets Layer). This means that all of the subscriber information in Zendough files have been encoded and can only be deciphered by Zendough software.
Web Browser Requirements

Zendough will support 128-bit encryption and relies on browser compatibility that supports encryption for security purposes. The browsers that are recommended by Zendough are:

Microsoft Internet Explorer®
Version 6.0 or newer is recommended.
Firefox®
Version 3.0 or newer is recommended.
For AOL Users:
Internet Explorer or Firefox is recommended
Note: Some versions of AOL use IE 3.x as their web browser.

Pricing and Cancellation Policy

Zendough is offered on a free trial basis for seven days and then charges $14.95 a month. If a customer cancels during the free trial, they get to keep the three credit scores. There have been some reported issues with cancellations not being immediate or difficult to obtain.

Identity Guard functions as the identity theft unit of a public traded company known as Intersections, Inc. (INTX). Its main purpose is to address security and identity fraud protection concerns. The parent company provides major financial institutions and banks with their fraud protection services while serving over seven million customers throughout the globe. Other services provided by Intersections, Inc. include: pre-employment screens, membership products and insurance for consumers. These services are provided by Screening International LLC (in the U.S.) and through a partnership agreement with Control Risks Group Ltd. in the U.K. (Internationally). The services that are reviewed in this article will pertain only to the Identity Guard fraud protection aspect of the parent company.

Product Features

Featured Identity Guard Services
Identity Guard offers a comprehensive package of products and services that work in concert to protect the identity of the individual. In actuality, there are four levels of protection services that are designed to offer increasing protection. Higher levels are assessed additional costs. This is intended to meet the budget and needs of the individual. The services that are offered are, as follows:

“Good Start” Identity Guard

This is the initial and least expensive offering from Identity Guard. This service features email alerts in conjunction with credit bureau monitoring on a daily basis. The monitoring is designed to check for fraud activity on the subscriber’s consumer credit reports. This can assist with the verification of credit file accuracy and the email alerts can point out any new changes to those reports. Changes that can be spotted will include unauthorized inquiries and potentially fraudulent transactions. This can help the subscriber limit any negative effects or losses that may come about from such fraudulent activity. A toll-free customer support line is included in order to help the subscriber validate suspicious activities.

“Watchful Eye” Identity Guard

The next level of Identity Guard service will add monitoring, on a daily basis, of illicit activity Internet chat rooms and “ID theft black market” sites. This level of service provides these tools in addition to the services included in the “Good Start” package. This level of protection can be very useful for those who utilize the Internet (or any wireless devices), on a frequent basis, for financial transactions. This type of Internet activity is particularly prone to the theft of personal financial information. Upon signing up for this level of service, one can visit the Identity Guard secured website and register up to ten credit card numbers. Identity Guard will then monitor these numbers in order to determine if they are being sold by credit card fraudsters. This will also allow the subscriber to easily cancel a lost or stolen card.

“Extra Caution” Identity Guard

The third level of Identity Guard will, in addition, add the reports, quarterly updates and scores of the 3 credit bureaus to the “Watchful Eye” Identity Guard services. This will allow the subscriber to look over and check for any credit report inaccuracies. This can catch those fraudulent transactions that may have been missed by credit bureau monitoring. This will also give the subscriber access to credit scores which may be helpful in the negotiation of new credit terms.

“Total Protection” Identity Guard

In addition to all of the other features mentioned in the services above, this level of service adds application and Social Security fraud scanning as well as improper public record reporting. Identity Guard utilizes a unique combination of advanced technologies in order to determine if the subscriber’s public record information has been posted improperly to any websites. This information can include; drivers license information, property that is owned, addresses, assets listings and any civil judgements. There will also be Social Security number and sensitive data surveillance, as well.

Also included with the “Total Protection” service is the ZoneAlarm® Internet Security Suite. This software feature will offer updates for as long as the person is subscribed and will remove spyware and viruses from the subscriber’s PC. Spam is also reduced along with phishing scams while protection is afforded a wireless PC connected to the Internet. This constitutes comprehensive Internet and PC protection for average users. However, some users have reported that there was a need to uninstall their current virus protection prior to being able to install ZoneAlarm®.

Customer Service

Identity Guard Dispute Center
Should a subscriber encounter a credit score or credit report item that is deemed inaccurate, it should be disputed before it can negatively affect a credit application or other area of one’s finances. The Identity Guard Dispute Center provides resources and tools that will guide the user through the standard dispute process. Information is provided in order to assist in the correction of any credit file inaccuracies.

Pricing and Cancellation Policy

• “TOTAL PROTECTION”: $17.99/month or $179.95/year (save 15%)
• “EXTRA CAUTION”: $14.99/month or $149.95/year (save 15%)
• “WATCHFUL EYE”: $9.99/month or $99.95/year (save 15%)
• “BASIC PROTECTION”: $4.99/month or $49.95/year (save 17%)

Those who subscribe on the monthly plan will pay for their months in advance and will be given a pro-rated refund of the amount in full, if not satisfied.

Those who subscribe annually will be covered by a 30-day full refund guarantee. In addition, the subscriber will be entitled to a pro-rated amount of the subscription, as a refund, no matter what time the cancelation is initiated, after the 30-day full refund period.

Get the Identity Guard Offer

Having originated in 2005, TrustedID is based in Redwood City, California and is funded by Opus Capital Ventures and Draper Fisher Jurvetson. It is recognized by the Identity Theft Resource Center which is a non-profit organization that is dedicated to the research and prevention of identity theft occurrences.

TrustedID is considered a premier identity theft company and it has been featured in the New York Times, the Wall Street Journal and Time and Newsweek magazines. It has also been named #1 in its class by Javelin Strategy and Research and has been officially endorsed by renowned financial expert Suze Orman.

Product Features – IDEssentials

This service offers identity theft protection along with additional assistance should identity theft have occurred. The service is composed of several features that make up a comprehensive package that offers consumer ID protection. The package consists of:

Credit Monitoring – performed on a daily basis at the 3 credit bureaus (TransUnion, Experian and Equifax). Notification is given should there be any changes to the credit report. The credit score as well as the credit report from each of the 3 bureaus is provided.

Fraud Alert Option – the option is given to place fraud alerts on credit reports so that the individual is contacted before any new credit is issued. Assistance with renewing credit bureau fraud alerts is given through a Fraud Alert Reminder every 90 days.

Identity Threat Score – this is designed to assess the risk of an individual’s identity theft. This is accomplished through the constant monitoring of hundreds of private and public databases while sifting through millions of financial records. Patterns are analyzed through advanced technology in order to determine identity theft occurrences or the possibility of a future occurrence. The score is calculated on a 0 – 500 scale (0 = safe, 500 = identity theft has already occurred). Specialists at TrustedID will assist in proactive measures to protect the individual’s identity.

Stop Unsolicited Credit Report Checks – this will halt pre-approved credit solicitations by having TrustedID remove the individual’s name from solicitor’s lists. Third parties will no longer have credit report access. Other types of junk mail will also be reduced.

Medical Benefits Security Check – a medical benefits statement review to determine if any unauthorized medical care is being performed.

Checking the Identity Theft “Black Market” – TrustedID will routinely scan for your personal information in places where ID thieves buy and sell personal ID information such as bank and credit card numbers, Social Security numbers and names and addresses.

TrustedID Service Warranty – if identity theft occurs while using their service, the victim will be covered for up to $1 million. The money is to be used to cover expenses incurred while repairing the identity theft damage; legal fees, new credit application fees, missed time at work due to compromised employment qualifications or time taken off to repair identity theft damage. Up to four weeks or $5,000 lost wages are covered. TrustedID will also assist with the restoration of identity.

Family Plan – covers the above mentioned credit scores, monitoring and reports for 2 adults at a discount over the standard plan.

Credit Freeze – for an additional fee, TrustedID will place a credit “freeze” with the three credit bureaus. This adds convenience to the process – rather than manually contacting the bureaus, separately.

Customer Service

TrustedID customer service is available 24/7 and is not outsourced to foreign countries. The service line is staffed by knowledgeable identity theft experts and reports indicate that the service quality is superior. Additional products are suggested only when a direct need is indicated.

Pricing

TrustedID offers a 14-day free trial period. The price for TrustedID is $125 per year for an individual. The family plan (for 2 adults) is $240 per year.

Get the Trusted ID Offer

The Anatomy of the Phishing Con

Phishing scams usually involve an email sent to the user warning of some dire event (e.g., closing of an account) or offer (e.g., free gift certificate). Concerned or elated, the emotionally-motivated user clicks on the link in the email telling them to act now. That link takes the user to a Web site that looks exactly like the one in question; here the user enters login credentials, credit card numbers, a Social Security number, or other sensitive information which the criminal now has in their possession.

In many cases, simply logging in to the site gives criminals all they need; getting your login and password allows them to access your account, as well as any other accounts for which you have used the same password. The brands they choose to imitate are among the largest on the Internet (i.e., Amazon, eBay, Bank of America) and telling a fake site apart from a real one can be next to impossible. What’s more, building such sites is not difficult, as the perpetrators simply steal source code from legitimate sites and change it slightly, perhaps adding fields for social security number or bank account numbers that are not on the real site.

Sometimes the emails themselves are the spearhead of the attack—a well-known scam involves an email that looks like it came from a legitimate wire transfer company. The email says there is an incoming money transfer, and it asks users to click on a link. Once the user does so, a Trojan installs on the computer in question, and the user is compromised.

Identifying Phishing Emails

If you look carefully at your email, you shouldn’t fall victim to phishing scams. After all, the main target of attack is you; if you simply delete the email, the phishing attack has failed. Here are a few things to look for in emails from so-called “legitimate” companies that can give them away as something less so:

• Poor grammar and misspellings: Though most phishing attacks originate in the United States, many do originate elsewhere in the world, and the people putting them together often have a poor grasp of English. Giant corporations, on the other hand, usually hire skilled people to write their correspondence. Poor grammar or spelling is a prime clue that the message in question is a scam.

• Strange Web addresses: Usually the Web address you’ll be asked to click to doesn’t seem quite right—banks, for example, won’t have “https” in front of them, indicating a secure connection. Other addresses will simply look strange, or the link might say one thing (e.g., www.citibank.com) and actually link somewhere else (e.g., http://web.da-us.citibank.com). You can determine the actual target of the link by mousing over it, but NOT clicking on it. Most browsers will display the actual link in the bottom of the browser window.

• Lack of security: Most companies that deal in sensitive information use SSL (Secure Sockets Layer) protocol, created to protect consumers. Instead of using http:// to begin the Web address, you will see https://, usually along with another little feature in the address bar. Wells Fargo, for example, has a small red “WF” logo, while Bank of America shows a miniature of its logo. If you don’t see these things at a Web site you are told to click to, provide no personal information, and close the site right away.

• Impersonal verbiage: When you are told your account is about to be closed and the salutation is “dear customer,” never believe it. Simply visit delete the email and visit the legitimate Web site in question. If there are any problems with your account, you’ll find out quickly.

See also: credit monitoring

The Essentials: What You Get For Your Money

Every credit protection company offers a different slate of services. Before you decide on the right one for you, determine which services you need.

• Account Monitoring: Most all credit protection companies provide monitoring of your credit report. They will obtain the free reports that the credit rating agencies must, by law, provide you with every year, and most will look at your credit report with great frequency, even daily. If they see any suspicious activity they will notify you immediately, giving you the chance to catch problems early. Some companies will even monitor your bank and credit card accounts to ensure that all activity there is legitimately yours.

• Credit Freezing: This service involves a lockout of your credit, a freeze that keeps anyone—including you—from accessing your credit history. When you apply for a loan or otherwise need access to credit, you must call the company to unlock your file. You will often pay extra for this service, but it is among the most powerful identity protection tools around.

• Internet Monitoring: Some companies employ sophisticated electronic techniques to troll the Internet for your personal information, determining whether it is being passed around on disreputable Web sites or making its way into illicit databases. If they do detect your information out there, they will alert you and help “lock down” your personal information.

• Public Records Searches: A few firms will monitor court records, post office filings, alias changes, and even sex offender registries to make sure that no one is using your personal information fraudulently within the public sphere (e.g., registered as a sex offender with your address, using your Social Security number in conjunction with a new identity or name, etc.).

• Identity Recovery Resources: If your identity is stolen, these companies will assist you in mitigating the damage—contacting creditors on your behalf, disputing charges on your credit report, even helping to replace the contents of your wallet should it be stolen. Further, they often provide a monetary guarantee if your identity is stolen on their watch, though you must read the fine print to see just what that payout will cover.

Price vs. Service

Credit protection services run from the quite inexpensive (less than $5 per month) to four or five times that amount. Granted, you will probably get more services included with a more expensive fee, but you may be paying for more than what you need. If you are already taking steps to protect your identity, paying someone else to do the same job is a waste of money. Make sure the company you choose is covering only the bases you are not.

Dangers of Credit Protection Scams

As mentioned above, along with all the legitimate credit protection firms, there are a number of credit protection scams designed to take advantage of consumer fear. Here are a few ways to avoid such rip-offs:

• Never respond to a credit protection offer that comes via email. The chances are too high that it is spam, and that rather than offering you a service, the message is simply a lure to infect your computer or attain personal information.

• Offers of free credit reports almost always involve a bait and switch. You may get a free credit report (which you can get on your own very easily) but you’ll also get a monthly bill you didn’t anticipate when the company in question starts billing you for credit monitoring the next month. If you want the company’s services, you are entitled to pay for them; just be sure to read the fine print, and remember that no one asks for your credit card information unless they intend to use it.

• Be sure you understand any ID theft insurance the company in question offers. In other words, just because a firm offers $1 million to victims of identity theft doesn’t mean that you will get that money if the worst happens. Anyone can say they will pay you if your identity is compromised; a massive list of loopholes will render the coverage useless, however, and leave you out not only what the identity thieves have stolen, but all the money you’ve given to your “protection” company.

The earliest computer viruses were conceived as digital vandalism in the mid-1980s. Hackers and programmers in search of an audience would create malicious programs (malware) to show off, or simply to alleviate boredom. As time went on and more economic activity moved online, malware experienced an explosive evolution from potentially destructive nuisances, designed simply to inflict damage, into tools of economic theft or malicious, “forced” advertising, in the hands of criminals.

This latter-day malware is extremely dangerous from a data protection point of view; before the afflicted user even knows what’s happening, a malware program can steal vital information in any number of ways:

• Waiting for you to access legitimate Web sites, then imitating those sites to steal vital information once you enter it

• Stealing online gaming information, then using that data to access gaming accounts for more valuable information

• Stealing passwords and credit card numbers with keylog programs that relay your keystrokes to a remote user who can then determine your passwords

Spyware and adware—programs that install advertising software into your computer without your permission—are not as dangerous as the malware described above, but they can lead to problems of their own, namely slowing down your system and subjecting you to advertising material you do not want, such as adult Web sites or other inappropriate content.

What Makes Your Computer Vulnerable?

A number of factors increase your vulnerability to malware.

• Using one of the major operating systems—Windows, Apple OS, UNIX, or Linux—increases chances of attack, simply because the code used in these platforms is common knowledge. Some other programs—major Web browsers in particular—create even more security risks due to common use and frequent security breaches.

• Leaving computers online 24 hours a day increases the access malicious users have to your system, as well as the time necessary to break in.

• Allowing open access on wireless networks gives criminals access to networked computers.

• Running outdated protection software leaves your system open to newer programs that have their own methods for circumventing older countermeasures.

Obviously, some of these vulnerabilities are easy to address, while others require major changes to your computer system. You can, for example, switch Web browsers fairly easily, or take your computer offline when you are not using it. Other changes, like changing operating systems, might be too disruptive, and result in costly (in both time and money) conversions.

The good news is that even if you’d like to continue using your current setup, there are a multitude of anti-malware programs and countermeasures available to protect you.

Protection Programs Defined

Defensive programs are your main line of defense from dangerous malware and the malicious computer users running it. These programs fall into a few different categories, and use different techniques to combat different malware. You must have all of them installed to establish adequate electronic protection.

• Firewalls: Block unauthorized access to a network or computer while allowing authorized communication. They keep outside users from accessing private networks, fulfilling a preventative function—they simply block things without identifying them.

• Anti-Virus Programs: Running a virus protection program as a stand-alone measure will not provide you with enough protection; malicious programs meant for criminal activity behave very differently than simple viruses, which seek mostly to reproduce themselves and cause more of a nuisance than an actual security threat.

• Anti-Malware Programs: These programs combat malware in two ways: providing real-time prevention of malware instillation (preventative) and detection/removal of malware already installed in the system (reactive). These programs rely on constant updates, as malware evolves daily, and they are never 100% effective, but they provide a significant defense, and are even more effective when computer users update them and run defensive scans regularly. Some newer programs will even track down security patches you don’t yet have and install them for you.

Users as System Flaws

Unfortunately, no protective software can cover for user errors. Social engineering is an attack method in which criminals manipulate people into giving up their valuable information online, the same way that malicious telemarketers used to steal credit card numbers over the phone by promising vacations and other offers to their targets. Online, this method works in much the same way; hackers will send emails or spoof Web sites that seem trustworthy, but in fact are traps designed to attain vital information. The best defense against these attacks is to trust no one—never give out important information in response to an email, phone call, or any other contact that you do not initiate with the company in question.

Though file sizes continue to grow, data storage has become incredibly cheap—only six years ago, cost per gigabyte of storage ran close to $150 for portable USB devices; today that cost can run under $2. Data storage is even cheaper if you buy an external hard drive, which can provide a terabyte of storage for less than $150. Mass data storage has never been more affordable, but there are still some considerations to keep in mind in regard to data security.

What is the Right Data Storage Solution for You?

It may seem like an easy decision to make, but your data storage strategy must take into account three important factors:

• Portability: How much data do I need to transfer to machines outside my own network?
• Size: How much data do I need to store, and how much will I need to store in the future?
• Accessibility: Do I need to access my data on a regular basis, or do I simply need backed-up files? Do I need to access my files remotely?

After considering these three factors, you’ll be able to make an educated decision among the many storage options available.

USB Drives: Portability and Accessibility

These drives are best for travelling professionals or students who need to bring a lot of data or programs with them, and have a computer to use at the other end of their trip. Rather than taking along a laptop, these drives hold all the data someone might need to work on the road.

Unfortunately, the maximum size of USB drives at this time is about 256GB, which is very large given the size of the device, but it’s certainly not enough for storing banks of high-definition photos or videos. What’s more, USB drives get lost—their size makes them easy to misplace, even in familiar surroundings. You can leave them plugged into borrowed machines, lose them under a stack of papers in a drawer, or simply drop them on a plane or in a taxi. For this latter reason, utilizing a USB drive as your sole data storage solution can put your files in harm’s way very easily.

Portable Hard Drives: The Ultimate Backup

Portable hard drives provide two appealing advantages: 1) a massive amount of storage, ideal for backing up every file in a system; and 2) very low price. Portability is something of an issue, as carrying around a separate hard drive isn’t very feasible, but carrying it around isn’t really the point. A dedicated backup drive creates a secure data “crate,” as you can plug it in, back up your files, and then unplug it, leaving that data safe should your main system become compromised. You can even store very sensitive information completely on this backup drive, removing any possibility that vital files (e.g., customer data, tax and financial information) spend any more time exposed than they have to.

Portability is the main drawback for external drives, but it isn’t the only one. A fire in your office or home renders all your careful data storage useless, and if you do keep some data exclusively on the removable drive, you need yet another storage device to backup that data. Another major issue is accessibility—when that drive is disconnected, you cannot access it whether you’re next door or 1,000 miles away. Not wanting to forget any important files, you could be tempted to pack more and more onto a portable USB drive, thus leading to potential data exposure.

Online Data Storage: Low Cost, High Convenience

Online data storage services provide disc space to users who wish to save their files over the Internet, allowing them access to their data anywhere. The cost is also quite low; most services provide unlimited storage for less than $10 per month—often far less. Files are secured via password protection on secure servers, and you can provide access to your files by creating additional user access accounts.

Online data storage is probably the best option for combining access, portability, and size (most services provide unlimited data storage for their flat monthly/annual fee). The time necessary to put all your data online depends on the speed of your Internet connection; a slow connection will mean a lot of time spent downloading files. However, once they are there, you can access them from anywhere, from any other computer.

If you have a little time to spare for the uploading, transferring files to an Internet-based storage service is an easy, inexpensive way to both store data and provide access to it anywhere in the world. It also makes travel easier, as packing your storage device becomes irrelevant.

Though good password protection is fairly easy, users are too often lackadaisical in creating them; they settle for six- or seven-character words pulled straight from the dictionary, or the user’s personal life. A determined hacker only has to look at a Facebook page or utilize one of many password cracking programs available on the Internet to gain access. As such, password construction is more important than ever, and requires effort and creativity. Simply rotating through the same three passwords for every online account and program access point just won’t work.

Password Coding

The best password defense is a randomly-generated string of characters (12-15 characters long is a generally-accepted optimum length) with no relation to each other. Passwords like these are difficult to remember, but they remain your best defense—simply write them down and take the time to memorize them. To create passwords that are a bit easier for you to remember, come up with an encryption plan; for example, write out the alphabet, then randomly assign other letters, numbers, or symbols to each of the originals. Though it may seem like a bit of work, doing so puts you on your way to creating a strong password system that you can again and again.

If you do choose your own words, don’t simply open up a dictionary and pull something out. Be sure to insert numbers, capital letters, odd spelling, and symbols to make ensure password strength. Don’t settle for words spelled backwards or common abbreviations that you might like (e.g., SCUBA, SETI). Passwords like these are easily cracked, and with only a little extra effort you can do far better.

Here are some good password examples, and the words they derive from:

aLLi5gatoR974 not alligator
blacKBerri129 not Blackberry
DIScl23osure not disclosure

Above all, stay away from Social Security numbers, children’s birthdays, or other easily-guessed sequences that anyone who knows you (or can know you quickly via any social Web site) could find out easily.

Once you have good passwords, write them down—and by all means don’t store them on your computer in a folder called “Passwords.” Once you have them in hand, take care not to reveal them—never send passwords in an email, or type them while you’re on a public computer. It’s easy to forget that many computers are defaulted to remember Web IDs and passwords once they are typed in.

Patches: Protecting the Back Door

Patches are software fixes meant to fix issues discovered over time—primarily software bugs and security holes. Most users are never aware of these security issues in the first place; in fact, the software company itself is usually ignorant of the problem until a hacker somewhere exploits the gap and compromises someone’s computer system. Patches come out regularly, though people often do not utilize them in a timely fashion; according to Secunia, a Danish security software company, 95 out of every 100 computers are running unsafe software that requires updating.

Intelligent Patch Management

Chances are your operating system performs automatic software updates, finding new patches and downloading them as background activity, then applying them once you shut down your computer and restart. However, it never hurts to find out what the most current patches are, so you can make sure that your computer is up-to-date. What’s more, many users simply bypass their computer’s automatic update process by skipping it. The bottom line: let the automatic system work at the very least. And to truly protect your system, double-check available patches and make sure that you have them.

Of course, keeping track of patches yourself can be difficult to manage. Luckily, there are also programs available that will monitor the many programs installed on your computer and let you know which ones are running outdated versions. Then you can download the relevant patches and keep your computer updated at all times. Along with anti-malware programs, such patch maintenance is the foundation of secure computing, and should be monitored on a regular basis.

Whether you do it yourself or have a credit protection company do it for you, monitoring your credit report is a serious matter. However, even the best credit monitoring can’t prevent most identity theft scenarios; the fact is, most identity thefts aren’t elaborate electronic schemes, but the results of a lost or stolen wallet, or a stray piece of mail. In other words, most identity theft takes before you can do anything about it.

What Happens Under the Credit Radar?

Fraudulent payday loans, stolen credit cards, utility accounts issued in your name—these are just a few examples of the small-scale identity theft that simple credit monitoring can uncover, but cannot prevent. These incidents show up on your credit report later; in fact, you may only learn of them once they do show up on your credit report. However you do find out, the next step is to deal with the problem quickly and correctly, to minimize the damage.

The Federal Trade Commission (FTC) provides a wealth of resources for fighting back against identity theft, and suggests taking the following four steps as quickly as possible:

1. If you haven’t done so already, place fraud alerts on your credit reports with all three credit agencies.
2. Close the accounts that you know (or suspect) have been used by identity thieves.
3. File a report with the FTC.
4. File a report with the local police.

By taking the latter two steps, you can create an Identity Theft Report, which allows the credit reporting companies to verify that you are a victim, and which accounts were damaged by the identity theft.

Placing Fraud Alerts

Protecting your identity from further abuse should be your first priority; placing fraud alerts will prevent additional illicit accounts from being opened. You must contact at least one of the three credit monitoring companies, as the one you call will notify the other two.

• TransUnion: (800) 680-7289; www.transunion.com
• Equifax: (800) 525-6285; www.equifax.com
• Experian: (888) 397-3742; www.experian.com

Once the alert is in place, get a copy of your credit report from each of these companies (you are entitled to one free report per year from each one) and review it for any other suspicious activity.

Closing Compromised Accounts

When you call companies to close fraudulent accounts, ask for the fraud department, and make sure that you understand what documentation they might need. Banks and credit card companies often need written permission to act on accounts; be sure to follow through on all the information they ask for, and do so quickly. If there are disputed charges on the account, ask for the paperwork necessary to have the charges removed, and if a whole new account was opened using your information, have the institution close it immediately.

When the situation is resolved, make sure you ask the company for a letter stating that the accounts in question are closed, and that any fraudulent debts have been removed from your responsibility. This letter will be invaluable if you have to file a dispute with the credit agencies to have bad charges removed.

Tell the FTC and the Police

The FTC has both a toll-free identity theft hotline (877-438-4338) and an online form (www.ftccomplaintassistant.gov) for submitting identity theft complaints. Telling the FTC allows the government to compile identity theft data and pass on valuable information to national law enforcement. An FTC complaint also lends weight to your case; in conjunction with a police report, your FTC ID Theft Complaint can provide you with the additional protections that come with a completed Identity Theft Report (i.e., blocking fraudulent information from your credit report, preventing companies from trying to collect on fraudulent debt, placing long-term fraud alerts on your credit file).

When filing your police report, ask if you can file it in person; by meeting the filing officer face-to-face, you can be sure to give them any supporting documentation, as well as your paperwork from the FTC. Otherwise, file your report over the phone or online. If the police in your jurisdiction will not take the report, contact your state Attorney General to find out which law enforcement entity in your area to go to.

If you can file in person, insist that the officer taking the report add your ID Theft Complaint from the FTC into their report, as these two documents together provide your best tools in disputing any charges incurred by the identity thieves. If you can, get a copy of the police report to submit to the companies in question; if you cannot, be sure to write down the police report number so you can at least provide proof that a report has been filed.

Junk mail represents a major security issue. Credit card offers, financing offers, catalogs, and sweepstakes announcements all present their own issue, and while some are more serious than others in terms of credit protection, you don’t have to settle for receiving any of them.

Whatever your reasons for doing so, reducing the volume of junk mail you receive takes very little time, and the benefits cut across the board.

What Doesn’t Work: “Return to Sender”

The U.S. Post Office makes huge revenues from junk mail. In fact, in 2005, the USPS processed more junk mail that First Class mail for the first time ever. Simply writing “Return to Sender” at the top of an envelope and throwing it back into the mailbox doesn’t incur any additional cost for either the post office or the original sender; the message in question simply gets thrown away, as per postal regulations. The post office’s main obligation is to the mailer, as they are the ones paying the bills.

What Does: List Removal Services

Unfortunately, there is no government-sponsored program for junk mail like the National Do Not Call List, a service created in 2003 to stem the flow of unwanted telemarketing phone calls. There are other resources, however, at least one of which is dedicated to protecting customer credit: optoutprescreen.com, a joint venture between all three major credit reporting firms as well as a fourth, Innovis, which is much smaller and deals primarily with real estate transactions.

Credit agencies provide lists of potential customers to credit card companies, allowing those solicitors to send credit offers on their own, without customer approval. However, the agencies must provide consumers the means to strike their names from these lists, and signing up at the Web site above fulfills this function.

You have two choices for opting out: you can do it for five years by simply signing up on the Web site; or permanently, which requires printing out a form from the site and mailing it in. Credit card companies maintain that very little identity theft actually occurs because of prescreened offers, and some evidence shows they may be right. But the less exposure your critical information receives, the better protected your identity will be.

Stemming the Catalog Crush

Besides credit card offers, perhaps the most pernicious and frustrating junk mail are catalogs, which take up both mailbox and landfill space. As more shopping moves online, these catalogs are less and less necessary, becoming just another thing to throw away and pollute the environment.

About 80% of sales correspondence comes from members of the Direct Marketing Association, an organization of about 3,600 companies that engage in mail, email, and other targeted forms of marketing. DMAchoice is a free program developed by this organization designed to reduce unwanted customer correspondence. Signing up for this service allows you to opt out of certain kinds of mail—credit offers, catalogs, magazine subscriptions or other deals—and to limit what companies are permitted to contact you. (Although choosing to limit credit offers simply sends you over to optoutprescreen.com, the service described above.)

Sweepstakes: Potential Land Mines

Registering to win a sweepstakes is possibly the best way to get your name on at least one, and probably many, marketing mail lists. The best way to avoid such a thing is to avoid entering these contests. If you already have, visit the big sweepstakes companies online—Publisher’s Clearing House and Reader’s Digest are among the biggest—and request that your name be taken off their lists.

Other Opt-Out Services

Some companies, particularly those you’ve done business with in the past, will continue mailing you catalogs and other material even if you register a DMAchoice account. You must contact these companies directly and ask them to remove you from their mailing lists, if you wish to be removed.

In addition, there are other direct marketing firms that manage and sell consumer lists. Valpak, Valassis, and R.L. Polk are a few companies that sell information to thousands of businesses, and contacting each one will remove you from more mailing lists, thus reducing your volume of junk mail even more.

Of course, all of these steps take time and effort. If you have the financial means to do so, companies like 41pounds.org charge very little to contact dozens of direct mail companies in order to stop junk mail sent to you. Their service lasts five years, and only costs $4l, or about $.70 per month.