Then again, it’s possible to get swindled even if your laptop never leaves your side. In addition to buying security software, take the time to update your OS and browser regularly. When your system is vulnerable, attackers can access sensitive information and turn your computer into a “bot,” using it remotely to send spam and host phishing sites.
“People don’t necessarily update their OSes,” said Bill Rosenkrantz, director of product management for Symantec. “In Vista, it ships automatically on. But in XP you have to turn on automatic updates. Often those updates are critical patches for the system.”
The next step, Rosenkrantz said, is to protect the passwords themselves. Avoid using the same password for every site you use, don’t save them in your browser, and never list them in an unlocked document. Livingston says the best passwords have 13 letters and numbers, and include at least one symbol. Once you’ve picked your passwords, protect them with password-management software. (Norton Internet Security 2008, whose Identity Safe feature stores passwords, is one of several programs that do this.)
Although Stickley can’t disclose which of his corporate clients have failed his security tests, it’s easy to tell which sites encrypt customers’ sensitive information. Look for companies whose login pages begin with “https”—the “s” is for “secure.” Because the information is encrypted, anyone who tries to intercept the network stream from these sites will see only a series of random digits.
Moreover, no legitimate institution, whether it’s a bank or Internet service provider, will ever ask for your password. During the writing of this article, we received an e-mail from a phisher with a “.edu” address, warning us that someone had trespassed our (nonexistent) PayPal account. The sender advised us to log in and change our password. We smelt a rat and sent it straight to our junk folder. If you’re unsure, call the company’s customer service and visit its Web site by typing the official URL into your browser; clicking on any links in suspect e-mails could lead you to imposter sites.