Many troubling stories are emerging from the Gulf Coast in the wake of Hurricane Katrina. As one who lives in the heart of earthquake country, my heart goes out to the thousands of individuals displaced as a result of this storm. But within the last week or so, the most heart-wrenching tales have given way to stories of hope for those individuals trying to get their lives back on track. For most, that means filing a claim, either with an insurance agent or with the federal government. And it is because of those tales that I started thinking about how these natural disaster survivors could be unwilling victims of online scams and, worse, identity theft--in other words, the victims could be victimized once again. Here are some online security-related tips and recommendations.
FedEx Kinko's to the rescue?
Those who have moved their banking and bill-paying online should be able to put their financial lives back together quickly. Now might be a good time for the rest of us to sign up for these online services. Unfortunately, many of the victims in the Gulf Coast are not on the connected side of the Digital Divide. I'm not sure what we as a nation can do to change digital inequity, but I hope that someone in Washington is presently working on a solution. (There is talk in Washington of digitizing all medical records, which, if handled correctly, should help in future disasters.)
According to this Washington Post article (free registration required) some people are flocking to their nearest FedEx Kinkos in the wake of Katrina to use the company's computers, printers, fax machines, copiers, and (most important) Internet connectivity. They're checking e-mail and, in some cases, getting credit references online.
You might want to set up remote access on your home or office computers as a backup.
It's too late for many people now, but those of us elsewhere in the country might want to set up remote access on a home or office computer as a backup. The service I use gives me access from any Internet-connected Web browser--no messy VPN settings to contend with. These services cost a nominal amount per month for access, and MyWebEx PC and LogMeIn offer secure, free versions.
That said, I would think twice about accessing my banking information or connecting to my home or work computer from a public terminal, whether it's a library or the local FedEx Kinko's. Back in 2002, a man named Juju Jiang loaded a keystroke logger onto several computers at various New York-area Kinko's. Customers who happened to use the GoToMyPC remote access service at those locations began to notice their home and office computers were being accessed remotely when they were logged on locally. Jiang pleaded guilty in 2003 and is now serving time. If at all possible, always use your own laptop to access work or home computers remotely. Or at the very least, borrow a desktop computer or laptop from someone you trust.
A government for the people by…Microsoft?
Many alternative browsers support ActiveX or make allowances for it, so I fail to see why the U.S. government would insist that Katrina victims use only one browser--a browser with a long history of security flaws, some of the more serious ones having to do with ActiveX Controls. It seems wrong to me that FEMA or any other government agency should restrict access to one browser. I hope this is a temporary oversight.
A scam by any other name
Most troubling of all the storm-related security risks are the various phishing scams. Not only are the Gulf Coast victims at risk (more below), but well-meaning individuals around the world may find themselves donating to a criminal organization instead of a relief organization. I saw one phishing site that stole the typeface and the images from a real Red Cross site but with a URL registered abroad. The FBI has been researching dozens of Katrina-related domain names, but phishing scams have a way of building the domain name so that a common link looks like the real thing.
Most troubling of all the storm-related security risks are the various phishing scams.
The bottom line is, do not link to a donation page via an e-mail solicitation--that's a classic phishing scenario.
My advice is that if you want to contribute money online, start at the home page of the charity of your choice and drill down to its donation page. You may, in some cases, be sent to another domain--that's because the relief agencies have been overwhelmed with donation requests and have contracted with third-party organizations to accept your donation. Spread the word. If you're like me, you want your donation to reach the victims, not disappear into some bureaucratic black hole.
Online vs. offline identity theft
Given all my concern about Internet security, there's a very real danger from all that paper information left behind. Reporters have commented on wallets and purses seen floating in the murky waters of New Orleans; looters may have raided abandoned file cabinets. In some cases, the bad guys might attempt to use the soggy IDs to impersonate the victims.
There's no good prevention tip here other than to monitor your credit rating (on top of all your other concerns). The Federal Trade Commission (FTC) now allows U.S. citizens to request one free credit report each calendar year from each of the three credit bureaus, but I think the victims of Katrina should be given access to their credit reports more often. There's talk already of waiving certain taxes for Katrina victims. With regard to identity theft, I hope Washington also does the right thing.
Have you made preparations for a disaster on the magnitude of Hurricane Katrina? What have you done? Talk back to me.