Selling identity theft protection has become a big business. Consumers are constantly being offered different forms of identity theft protection online or through their banks or credit cards.  However, many of the most effective online identity theft prevention measures are free or cheap and do not require you to sign up for any special service. The following are five of the most effective.

Keep your operating system, browser and anti-virus software up-to-date
One avenue fraudsters can use to access your personal information is through malware that might infect your computer. To prevent such infections, it’s important to keep your operating system and web browser up-to-date. Similarly, it’s important to update and run your anti-virus software on a regular basis. If you don’t have anti-virus software, there are several good free programs (e.g., AVGMalwareBytes) as well as the standards (e.g., NortonMcAfee, etc.).

Check your credit report
All Americans are entitled to an annual free copy of their credit report. The FTC offers a good resource on this, and you can get your free report through Be sure to check your report at least once a year for suspicious items, and remember you shouldn’t have to pay for this.

Freeze your credit report
One of the dangers of identity theft is having new lines of credit taken out in your name. For the most part, this can be prevented by putting a freeze on your credit report. Freezing your credit report prevents potential creditors or other third parties from accessing your credit history and therefore issuing new lines of credit. Depending on your state, freezing your credit report is free for identity theft victims and around $10 for everyone else. The Consumers Union offers an excellent resource on this.

Use secure passwords
When choosing passwords for your bank account, email, and other sensitive information, be sure to use an intricate password that is not publicly available or easy for a fraudster to guess. Weak passwords include birthdays, common words, your mother’s maiden name, and the last four digits of your social security number. Strong passwords contain a mixture of letters, numbers and special characters (e.g., “?”, “!”, “#”, etc.). For critical accounts, it’s also a good idea to use a unique password, different from the passwords used for less important purposes.

Do your research before disclosing personal information
In general, it’s best to share as little personal information as possible online. However, if you do need to give out sensitive information like your credit card number or home address, it’s always best to verify that the recipient of the information is trustworthy. This can be done by checking reviews of unfamiliar websites before entering personal information and allows you to see if others have reported issues such as phishing. Other red flags to watch out for are personal information requests over email (generally not secure) and personal information request on pages without encryption or HTTPS. If you’re ever in doubt, it’s usually best to error on the side of caution.

And of course if you ever come across any suspicious sites, be sure to report fraud and scams on SiteJabber.

This post originally appeared on the National Cyber Security Alliance Blog.

Lawmakers who follow online gambling regulation typically fall into one of two camps – those who think online gambling should be illegal and those who think it should be regulated and taxed. Penny auctions, a new form of online gambling, have heretofore fallen through the cracks of regulation. The result: penny auction owners are profiting richly at the expense of consumers.

What is a penny auction?
Penny auctions look like typical eBay-style auctions. On the website, goods (often expensive electronics, designer handbags, and gift cards) are shown for sale, bids are being placed, and there is some sort of clock counting down the time left in the auction. However, something is amiss: prices are cents on the dollar. A 50” HDTV might be going for $8. A $1000 Marc Jacobs bag for $10. A $100 Target gift card for $3. As you can imagine, consumers visiting a penny auction site for the first time might be tempted to sign up and bid for what they think is an incredible deal. But as consumers sign up for the penny auction site, they quickly see the catch: you must pay for bids in order to participate in the auctions. Penny auction sites typically charge anywhere from 10 cents to $3 for bids and will often encourage costumers to buy “bid packs” so they do not “miss an opportunity to bid.”

Having their heart set on the expensive electronic, luxury item or gift card, consumers are often tempted to buy a couple bids and see if they can swoop in and scoop up the bargain before the auction ends (the time is often ticking down to put pressure on bidders “not to miss the deal”). But once the consumer bids, invariably another entity also monitoring the same auction places another slightly higher bid, and the price of the item goes up by a few cents and the time of the auction is extended. And this happens again and again with the final result generally being: (1) the consumer drops out of the auction having lost the money spent on the bids or (2) the consumer stays in the auction and ends up paying much more than he or she would have ordinarily to purchase the item. As you can see, either way, the owner of the website is the only one who really benefits. Examples of penny auction sites reviewed by the SiteJabber community include Quibids, Beezid, BidFun, BigDeal, and BidCactus.

What’s wrong with penny auctions?
If presented with complete transparency and run ethically, penny auctions might be seen like a typical gambling outfit. Prizes are displayed. Lottery tickets are purchased. And the house takes a rake. However, something more pernicious is happening here. We at SiteJabber have three primary issues with penny auctions:

1) Disingenuous marketing: penny auctions advertise and promote themselves as fun ways to get deals when in fact they are, at best, gambling outfits. Whatever you may think of online poker sites, they at the very least are clear that they are indeed gambling.

2) No transparency: the lack of transparency in their marketing is only the beginning of the deception around penny auction sites. From a consumer’s standpoint it is impossible to tell the odds of your lottery ticket (penny auction bid) paying off. We often liken participating in penny auctions to playing a slot machine that doesn’t list its payout odds.

3) Fraud: one of the other issues with the lack of transparency around penny auctions is that it creates an environment highly conducive to fraud. Because consumers cannot tell who else is bidding on the items, website owners can very easily employ shill bidders or bid bots (software scripts that mimic human bidders) without consequence. A number of these cases have been reported on SiteJabber, although it is presently impossible to know how often such fraud occurs.

Who owns penny auctions and when did they first appear?
Penny auctions have grown like weeds because of the profitability of the business model and the ease of setting them up. New companies have cropped up that sell penny auction templates so anyone can start one at almost no cost. Many of the largest penny auction sites, started in the late 2000s, are not run by anything as flashy as brooding oligarchs or organized crime. Rather, they are venture capital financed and often run by professional American managers with MBAs from top schools and a nose for lucrative business models.

What should be done?
In our view the general public needs to get the full story on penny auctions before more consumers are hurt by these sites. There is scant data on penny auction usage, but SiteJabber has received thousands of complaints about penny auctions in the last nine months, and penny auction sites themselves receive millions of visitors, suggesting the size of the problem is significant with hundreds of thousands of consumers likely affected.

For regulators and law enforcement we would recommend taking a close look at penny auctions. Given their current rapid pace of growth and the issues with their business model, it’s hard to imagine they will not be regulated at some point. It’s just a matter of who gets there first and how many consumers are hurt in the interim.

More information on penny auctions:
Understanding the Penny Auction (graphic)
Further Explaining Penny Auctions
Quibids Review Round-Up

Consumers with experience on penny auction sites can review them or report fraud if applicable on SiteJabber.

This post originally appeared on the National Cyber Security Alliance Blog.

Work-at-Home Scams

March 22, 2011

One of the knock-on effects of the continued bad economy has been a surge in the number of online work-at-home scams reported on SiteJabber. In response to this, we have developed a few resources to help consumers avoid getting scammed.

Red Flags for Work-At-Home Scams

Requiring upfront payment: a common trait of work-at-home scams is to require people to pay money upfront. Sometimes this payment is claimed to be used to purchase “work materials” such as business cards or marketing collateral; other times the payment is required to subscribe to a “service” or to purchase the product inventory which you are meant to sell. Legitimate jobs typically don’t require upfront payment.

Collecting personal information: work-at-home scammers often make money by collecting other people’s personal information and then reselling it or using it illicitly themselves. Essentially many work-at-home scams are phishing scams.

Demanding that you to sign up others to make money: some multi-level marketing (MLM) schemes have been around for years and are not scams in the traditional sense (think Amway or Monavie), but a new breed of online MLM scams have cropped up. If you need to sign up your grandma to make a buck, it has a high likelihood of being a scam.

Too good to be true: oftentimes the best way to avoid a scam is to do a gut-check. Ask yourself: “Does this deal seem too good to be true?” If the answer is yes, then it’s probably best to avoid it. Most likely no one will pay you $5000 a month to work in your pajamas.

Resembling known work-at-home scams: some work-at-home scams have cropped up again and again on SiteJabber. If you encounter a website offering to give you money for any of these “jobs,” think twice before participating:

• Filling out surveys

• Searching for and clicking on websites and ads

• Claiming free government grant money

• Setting up e-commerce websites

• Paying or giving out personal info to get access to job postings

• Data entry

• Medical claims processing

• Reading emails

• Stuffing envelopes

• Assembly or craft work

Tips to Stay Safe from Work-At-Home Scams

Do your homework: before participating in any work-at-home program, be sure to research it first. You can research the program’s website on SiteJabber to see if anyone else has had a bad (or good) experience. You can also do a quick Google search for the name of the program, adding the word “scam” or “fraud”.

Avoid paying money upfront: don’t forget that most legitimate jobs do not require you to pay money to apply, subscribe, or otherwise participate in the job.

Do not give out personal information: avoid giving out any personal information unless you feel very confident about the identity of the website or company with which you are dealing as well as what they are planning to do with your information.

Exercise extra caution if you are in a high-risk demographic: perpetrators of work-at-home scams often go after: (1) the long-term unemployed, (2) stay-at-home mothers looking for supplemental income, and (3) retired people unable to live on social security or pensions alone. If you fall into one of these three categories, be aware that scammers may be targeting you and use extra caution.

Epilogue: What to do if You’ve Been Scammed

Contact your financial institution: if you think you’ve been scammed, the first thing you should do is contact your credit card company, bank or other financial institution to see if they can help recover what you’ve lost and prevent you from losing any more money by putting a hold on the account. This will not always work but is worth a try.

Contact the website or business that cheated you: some work-at-home programs are not entirely scams, and if you raise enough of a fuss, you may be able to recover at least some of your losses.

Report the scammer: in an effort to protect others from being scammed, you can report the website fraud or scam publicly. Oftentimes a shady business may not return your private emails or phone calls, but a public review will motive them to respond. Additionally, you can report scammers to the FBI and the FTC to help law enforcement catch these criminals.

This post was originally published on the National Cyber Security Alliance blog.

Consumers & daily deals

March 8, 2011

Daily deal sites such as Groupon and Living Social now commonly pepper Facebook feeds and Pandora wallpaper ads. You may have seen some: “50% off Champagne brunch!” and “$80 in spa services for only $40!” While these daily deals are generally not scams, there are some pitfalls to be avoided.

How daily deals work

A business (usually a local business) provides a product or service at a large discount (usually 50% or more) to a daily deal site. The site then lists the deal which will only be available once a certain number of deals are sold and within a certain length of time. This creates a sense of urgency and incents people who want to take advantage of the deal to convince their friends to participate. Daily deal sites rely heavily on this kind of “social marketing” (persuading people to sell to their own friends).

Consumers who buy the deal will pay the site which will then issue a voucher for the consumer to redeem at the local business. This graphic illustrates the process. Interestingly, the daily deal sites will take 50% of the sales, leaving the local business with little or no profit. Despite this, local businesses are still keen to participate (often waiting months to get on sites like Groupon) in the hopes of acquiring new customers and or selling additional items to the people they bring in the door.

Pitfalls to avoid

1. Pressure to buy
These sites employ a series of effective sales tactics—giant “Buy Now!” buttons, ticking clocks to create a sense of urgency, maximum quantities to create scarcity, and perhaps most effective of all: convincing people to sell to their own friends. Deals can be great, but over-consumption can be painful.

2. No refunds or customer service Once deals are purchased, little support is offered. Typically there are no refunds and little or no customer service on deals.

3. Your purchase can expires before you can redeem it Many purchased deals are never redeemed—sometimes because of forgotten expiration dates but also sometimes because of the nature of the deal. That is, if a restaurant with only twenty seats, sells five-hundred Sunday brunches, and the deal expires in two months, it might be difficult to redeem your deal in the time allotted.

4. Lots of fine print
In addition to expiration dates, many deals are more restrictive than they seem. They can only be redeemed under certain conditions or at certain locations. Many deals also cannot be used immediately. The fine print on these deals is a must-read.

5. Being up-sold
Because many of the local businesses offering these deals are not making much money on them (50% discount + the 50% they lose to the deal site) expect to be “up-sold.” That is, your relaxing trip to the spa might be often interrupted by your masseuse trying to get you to also buy a facial, mud bath, body wrap, and anything else that can help them recoup the cost of your daily deal.

6. Your credit card number on file
It’s not to say that daily deal sites will necessarily do anything pernicious with credit card information on file, but they do generally store your credit card information when a deal is purchased (oftentimes the only notice of this is in the fine print). If this is something that concerns you, you may need to put in a special request to have your credit card information removed from their database.

7. The local businesses are not always good
For the most part, businesses offering these deals are legitimate. However, the daily deal sites do not always thoroughly vet the businesses offering the services featured in the deals for quality. For example, a photography Groupon in Atlanta turned out to be a fraud.

Consumer tip: research research research

Daily deals can offer real savings to consumers. However, as with all new services and unfamiliar websites, it’s always best for consumers to do their research before they make a purchase. Sites such as Groupon, Living Social, 1 sale a day, and  Buywithme have left consumers with a mixed bag of experiences that are worth understanding before jumping into the next hot deal.

More on the pros and cons of daily deals.
This post originally appeared on the National Cyber Security Alliance Blog.

Abusive SLAPP lawsuits (Strategic Lawsuits Against Public Participation) have made headlines in recent months. SLAPP lawsuits are those in which businesses sue individuals for posting critical comments on consumer review websites. A recent case involves a woman being sued by a local Chicago concrete company for complaining about their service online. Now more than ever, it’s critical that these suits – designed to intimidate and censor critics through costly legal action – be put to an end.

Why?  Because at a time when online fraud rages out of control, an emerging class of consumer advocates has begun to provide a critical public service.  Without them the legal system faces a Sisyphean task and both consumers and our economy suffer.

According to the Washington Post, damages from online fraud have reached $100 billion per year. And despite the best efforts of federal and state law enforcement, the distributed nature of online fraud makes it incredibly difficult to fight using traditional tactics.

Even with adequate training and resources, law enforcement agencies face both jurisdictional issues (i.e., if a fraudster is based Tajikistan there may not be processes in place to detain and prosecute him) and logistical challenges (e.g., if 100 fraudsters commit $1000 crimes across 100 countries, it isn’t cost effective to detain and prosecute each of them).

The result: since 2001, the FBI has reported a 677% increase in online fraud complaints And that’s complaints, not occurrences.

Enter the online consumer advocate.

With the emergence of social networks and review sites, honest and good online citizens now have the tools to warn other consumers about pernicious websites and take bad businesses to task.  And as a result, law enforcement agents are no longer alone in the critical struggle to keep us safe online.

This new paradigm of online consumer advocacy is not without detractors.  Some business owners have expressed concerns that their businesses will be sabotaged by unethical customers or even by competitors posting misleading information.  To be sure, this can be a legitimate problem

But SLAPP suits are not a solution.  Instead we can look to new technologies and features to address this.

Websites like YelpAngie’s List and SiteJabber have developed reputation systems that communicate an individual’s online credibility.  The systems can be both algorithmic (using software to determine a user’s legitimacy) and crowd-sourced (the community weighs in on the helpfulness of reviewers’ contributions).  Such systems give context to reviews and marginalize would-be saboteurs.

Additionally, many sites, as a free service, allow businesses to respond to critical reviews.  And businesses that do often find that they are actually able to improve customer loyalty, unmask unethical reviewers, and grow their business.

The Anti-SLAPP laws on the books in 27 states are critical to the preservation of free speech and the continuing emergence of this next generation of consumer advocates because it enables them to freely post their opinions online without fear of frivolous legal intimidation. For more information on federal SLAPP laws please read this blog post or visit

Note: this post originally appeared on the National Cyber Security Alliance blog

An astounding 70% of US consumers consult reviews or consumer ratings before making purchases.  Whether you’re buying a new digital camera, finding a new dentist, or researching an online pharmacy, user reviews can be a powerful tool to make better choices about which products and services to buy and from whom. However, reviews also have pitfalls. Below are four tips to safely and effectively use online reviews.

  • Look beyond ratings to read individual reviews: Although a business, product or service may have hundreds of positive reviews, it unfortunately does not necessarily mean you will have the same positive experience. The criteria and standards of the other reviewers may differ significantly from your own. For this reason, it’s critical to read reviews carefully and understand the individual perspectives of the reviewers.
  • Inspect the motivations and qualifications of reviewers: When reading an individual review, it’s important to investigate the author. Have they written other reviews? Does the review sound like they are trying to “sell” you on the product, service or business? Is there other information about the reviewer (job, education, etc.)? Does the reviewer have authority on the site or otherwise online?  Have others agreed or disagreed with the reviewer? Do your best to answer as many of these questions as possible and try to weight the content of the review accordingly.
  • Check for conflicts of interest: In addition to inspecting the reviewer, it’s also important to inspect the website or service providing the reviews to ensure it does not have incentives to provide anything but objective information. For example, many sites claim to review online services (website hosting, online pharmacies etc.) but are in actuality advertising on behalf of those services (i.e., the website is being paid money by the services that are being “reviewed”). If conflicts of interest exist between the site providing the reviews and the businesses that provide the products or services being reviewed, more trustworthy sources should be sought (this information can often be found in the “about us” or “frequently asked questions” sections of a review website – if you cannot find the information it’s generally best to error on the side of caution and seek better sources).
  • Use reviews as a guide: While reviews can provide incredibly helpful information, they are best used as data points, not a single authoritative source. Your own research and good sense are, as always, your most valuable assets.

This post originally appeared on the National Cyber Security Alliance Blog.

SiteJabber.comOn Tuesday, SiteJabber made its public debut to a mostly warm reception. Michael, Rodney and I are excited but focused on the work we need to do in the coming weeks and months to provide the best possible experience for the consumers that have begun to use our site.