Can you distinguish a real e-mail from a fake one that’s out to steal your identity? Do you know how to pick the best security software for your computer? Looking for tips on protecting your children online or reducing the amount of annoying spam you receive on your cell phone? A new Consumer Reports Web site helps you with that and more.

The Consumer Reports Guide to Online Security site brings together the best of our reporting, tests, and survey data to create a one-stop place to get the latest information on how to protect yourself, whether on your cell phone, mobile device, or computer.

The information, most of it free (ratings are available to subscribers only), covers such subjects as spam, viruses, phishing, and ID theft; security software; and the newest threats you should guard against. Current features include 19 tips for staying safe online and findings from our 2008 investigative State of the Net survey. You also can take our interactive “Phishing Trip” to test your ability to distinguish legitimate e-mail messages from fraudulent ones.

The site also features videos, including a musical animation about e-mail scams called Gone Phishin’ and a clip on the Lenovo IdeaPad laptop, which lets you log on by scanning, believe it or not, your face. The guide also includes gateways to our online security blog and security and privacy user forum.

If you have a mortgage with Countrywide Financial, may want to check your credit report. This advice follows the arrest of a Countrywide employee the FBI says sold Social Security numbers and other sensitive information on as many as 2 million customers.
    The arrest was the result of a joint investigation involving the federal agency and Countrywide’s own investigators.
    Countrywide, which was acquired by Bank of America Corp. in July, has been notifying some customers by mail that their information may have been sold, including names, addresses, Social Security numbers, and various other loan and application information. The company says it has no evidence that the information has been used to steal anyone’s identity.
    Countrywide is offering those customers two years of free credit monitoring. They will receive e-mail alerts when new accounts, inquiries, negative information, credit-limit changes, and other items appear on their credit reports at the three major credit reporting agencies, Equifax, Experian, and TransUnion. Only customers who receive a notice from Countrywide are eligible for the free monitoring service.
    In addition, we recommend that Countrywide customers consider the following:
    (1) Freezing your credit files, which will prevent lenders from accessing your information. The cost of freezing your file at each of the credit reporting agencies varies from state to state and can be found, along with other tips, on the Consumers Union Web site. Consumers Union is the nonprofit publisher of Consumer Reports and this Web site.
    (2) Initiating a free 90-day fraud alert on your credit report. An alert signals lenders that they should verify the identity of anyone applying for credit. An alert requested at one of the three credit reporting agencies will automatically trigger alerts at the other two. The 90-day alerts can be renewed after they expire.
    (3) Checking your credit report. By law it’s available for free every 12 months at each of the three agencies, or whenever you initiate a 90-day fraud alert. The official Web site for this purpose is AnnualCreditReport.com. —Anthony Giorgianni

Be stingy with your Social Security number if you want to avoid becoming a victim of identity theft, warns FINRA, the largest private regulator of the securities industry.

Generally, you do need to disclose the number to your employers, for wage and tax reporting; to banks, brokerages and other financial institutions, for tax reporting and credit checks; to your landlord and utility companies, for credit checks; to government agencies, for providing services or accepting tax payments; and to credit reporting agencies, including when you request a free copy of your credit report.

If an individual, business, or agency requests your number, FINRA recommends that you ask why it’s needed, how it will be used, how the number will be protected, and what would happen if you don’t provide it.—Anthony Giorgianni

Devastating natural disasters like the recent cyclone in Myanmar and the earthquake in China move many to reach into their pockets to help. They also bring out the opportunists who seek to cash in on that benevolence through scam charities. So before you donate money, make sure you’re giving to a legitimate organization, warns the Federal Trade Commission and Better Business Bureau.

Bogus groups solicit donations using e-mail, telemarketing, and other methods. In the past, scam organizations have sprung up just hours after a disaster.

The FTC offers a charity checklist that's worth reviewing before you give. The BBB has issued a warning about potential fund-raising scams in connection with the crisis in Myanmar

Here are some things to keep in mind:

• Be careful about giving online, especially in response to unsolicited e-mail, which may contain links to phony Web sites that resemble those of well-known charities.
• Don’t provide credit card information until you’ve reviewed all the information from the charity, including details about how the donation will be used.
• If you’re being solicited by a telemarketer, contact the charity directly to make sure the solicitation is authorized. Ask how much of your donation will go to the organization, as opposed to the fund-raising firm.
• Find out if the charity is providing direct, on-the-ground relief or simply raising money for other charities. Get information at InterAction, the nation’s largest coalition of international relief organizations.
• Find out whether the donation is tax deductible and, if so, ask for a receipt stating the amount and its deductibility. (Just because an organization is tax-exempt doesn’t mean a donation automatically is deductible.) To be safe, donate to a U.S.-based charitable organization that’s tax-exempt under section 501(c)(3) of the Internal Revenue Code. See IRS Publication 78 for a current list of organizations eligible to receive contributions deductible as charitable gifts.
• Avoid donating cash.

Beyond these recommendations, you can ensure that the bulk of your donation goes to good works by giving the money directly to the charity, rather than through professional fund-raisers.

Also, check out well-known national organizations by visiting the Web sites of the Better Business Bureau or one of the other leading charity watchdogs. The Consumer Reports Money Adviser newsletter offers additional advice. —Anthony Giorgianni

If you get an e-mail containing a “subpoena” commanding you to testify before a grand jury, watch out. Not only is it likely fake, it may contain a link to a Web page that will download malicious code on your computer, warns the Internet Crime Complaint Center (IC3), a joint operation of the Federal Bureau of Investigation.

To help it look authentic, the mail contains a court case number, federal code, name and address of a federal court, court room number, issuing officers' names, and a court seal. It also threatens contempt charges if you refuse to appear.

The e-mail directs you to click on a link to download and print certain information for your records, but doing so will infect your computer with the malicious code. IC3 does not know what the code will do if it infects your computer. But we saw one online forum post that says the code will  send send information from your computer to a computer currently located in Singapore. Some of the e-mails have targeted company CEOs.

If you’re concerned that a court related e-mail actually may be legitimate, don’t click on the link. Instead call the court to verify the email’s authenticity.—Anthony Giorgianni

Reading warnings about the tactics scam artists use to perpetrate investment fraud is one thing; seeing those alleged tactics in action can be real eye-opener.

In connection with civil fraud charges it filed recently against two Utah residents, the U.S. Securities and Exchange Commission has posted portions of TV infomercials it said the two used to dupe the elderly and others into believing they could “make extraordinary stock market profits" by buying an expensive securities trading system.

The SEC filed a complaint against Linda Woolf and David Gengler in U.S. District Court in Virginia, alleging that they falsely claimed that they became successful investors using the "Teach Me To Trade" classes, mentoring, and computer software. The two promoted the system through infomercials, print ads, direct mail, and free “investor’s workshops” typically held in hotels, the complaint says.

Separately, the two were indicted March 6 by a federal grand jury on charges of wire fraud and conspiring to commit wire and mail fraud in connection with their marketing practices.

In one of the infomercials on the SEC Web site, Woolf says she was a former teacher who was able to replace her entire income in less than nine weeks using the Teach Me To Trade system. In another infomercial, Gengler talks about how he turned $10,000 into $20,000 in one week. The SEC complaint says that Gengler claimed that he was able to pay back the $50,000 he spent on his "education" just three months after he began trading. It said he also claimed that he made $100,000 trading securities during the following year and nearly $800,000 about four years later.

Yet, according to the complaint, “during the period Gengler claims to have been a successful professional trader using the option and short-term trading strategies,” his tax returns “typically reflected no short-term capital gains.” It says that Woolf never declared a securities trading profit on her federal income tax returns.

Instead, the complaint alleges that together the two made more than $6 million in commissions selling the investment system, charging customers as much as $40,000. It says the two encouraged prospective customers to pay for the system by borrowing on their credit cards, providing a script for them to use when requesting a credit line increase.

"The allegations depict a cold-hearted scheme that preyed on the elderly, the desperate, and even the unemployed by promising financial security while instead robbing victims blind," SEC Chairman Christopher Cox said in a prepared statement. "The commission's charges should send a warning to all those who would masquerade as successful traders on TV while prowling the country for victims."

FINRA, the largest private regulator of the securities industry, has been warning investors about investment scams aimed at elderly people, and has urged the public to be especially cautious about attending free investment seminars.

The SEC is asking the court to order Woolf and Gengler to return all “ill-gotten gains” and to pay civil penalties. If found guilty in the federal indictment, the two could face 30 years in prison, a $250,000 fine, and five years of supervised release.

The complaint describes both as independent contractors for entities affiliated with Teach Me To Trade, which is owned by EduTrades, a subsidiary of Cape Coral, Fla.-based Whitney Information Network. In January, Whitney reached a settlement with the Florida attorney general, which investigated several of its stock market and real estate investment programs, including Teach Me To Trade. Although it did not admit wrongdoing, the company agreed to provide $450,000 in consumer restitution in addition to some $580,000 it had already refunded to consumers, set aside $150,000 to cover any additional claims, contribute $150,000 to the attorney general's "Seniors vs. Crime" program, and pay $150,000 to cover the cost of the agency’s investigation. It also agreed to change some practices and to make certain disclosures and disclaimers to consumers regarding its seminars and training courses.

For the 12 months ending Dec. 31, 2006, the complaint says, the company received $112.6 million in cash from sales of its securities workshops. —Anthony Giorgianni

Law enforcement officials throughout the country are warning of misleading solicitations aimed at pressuring car owners to buy extended warranties.

Missouri Attorney General Jay Nixon recently announced that he had filed lawsuits or reached settlements with numerous companies that he said misled and pressured scores of car owners across the country into buying extended warranties that, in most cases, they didn't need. In some instances, consumers were charged thousands of dollars.

He said the companies, most based in St. Louis, used official-looking postcards that included words such as “Notice of Interruption!” or “Important Dated Material Enclosed” to mislead vehicle owners into thinking that the mailing was from the vehicle manufacturer or dealer that sold them the car. He said one elderly consumer paid nearly $1,900 to buy a warranty after being told that her existing coverage “expired or was about to expire” in March 2007; the actual expiration date was November 2008. He said the company then refused the customer’s request for a refund.

“Many consumers—confused, but not wanting their car warranties to expire—went ahead and purchased the new, but in most cases unneeded, service contract the company was hawking,” Nixon said, in a news release.

A warning on the Washington State attorney general’s office Web site said that attorneys general around the country have been receiving increasing numbers of complaints about the practice. It said many of the postcards are personalized with the car owner’s name and a customer ID number. On such postcard, which appears on the Web site, was labeled in large, capital letters: “FINAL WARRANTY NOTICE.”

The Connecticut attorney general’s Web site reports that 20 states are investigating such solicitations, which it said also come in the form of letters, e-mail messages, and telephone calls.

Even when extended warranties are being sold honestly, they often aren’t worth the added expense, especially if your car has a top-reliability score. On the other hand, if your heart is set on a model with below-average reliability, deciding on whether to buy an extended warranty —also known as an extended service contract—is more of a toss-up. —Anthony Giorgianni

Here’s another reason to be wary: Crooked telemarketers are using an obscure financial instrument known as a demand draft or remotely created check to steal money from unwary consumers’ checking accounts. This article on the Daily Dollar, a Consumers Union blog on money issues, explains how the scam works.

How can you protect yourself, aside from never answering the phone? The Daily Dollar offers this advice: “[R]ead your bank statements carefully and report and dispute any error, no matter how small. Thieves sometimes put through a small charge first, and if that works, try again with a larger charge, or put the same charge through to your account every month. If you aren’t happy with how your bank responds, file a complaint at: www.helpwithmybank.gov."

For more information on where to complain, depending on where you bank, click here.

An economic stimulus package proposing tax rebates for most Americans hasn't yet been signed, but scam artists already are using it to try to separate us from our money.

The IRS reported a new scam today, in which consumers get a phone call from someone identifying himself as an IRS employee. The caller tells the targeted victim that he is eligible for a sizable rebate for filing his taxes early and asks for the victim's bank account information for direct deposit of the rebate. Without direct deposit, the caller says, there will be no rebate.

It's a hoax. The economic stimulus package hasn't been signed, and process for distributing the rebates has not yet been finalized.  And besides, the IRS would never contact a citizen that way or require direct deposit for a rebate. If you follow through on this scam, you risk being robbed of your money and your identity.

In another scam—a first, according to the IRS—citizens get e-mails addressing them by name and suggesting they're candidates for tax audits. The e-mail instructs recipients to click on links and fill in account information--data that thieves can then use for identity theft.

Don't fall for this one, either. The IRS says it doesn't send unsolicited, tax-account-related e-mail to any taxpayer.

                                                                       ********************

If you're wondering what you will get from the economic stimulus package, check this blog regularly. We'll update you on your due—and advise you on sensible ways to use it—as soon as the bill is signed.

--Tobie Stanger

A colleague brought us a letter he received in the mail at home that included a very real-looking check for $3,860.95. The letter informed him that he’d won $288,000 in a lottery, and that the amount of the check was deducted from his winnings, partially to pay the taxes that would be due on the total amount. The letter, which bore no return address but was posted in Canada, went on to instruct the “winner” to call for specific instructions on how to claim the full prize.

We didn’t call the number but we’ve seen this sort of thing before, so we knew it was a scam. For one thing, our friend never entered any lottery or sweepstakes, which presumably one would have to do in order to win. But this type of rip-off takes other guises—job offers or mystery shopper assignments, potential love interests in other countries, overpayment for items being sold at auction, even free pedigree puppies. What they all have in common is that they ask you to send money or personal information back to the scam artist.

The ones that come with checks attached might be the most convincing. You’re told to deposit the check and immediately send part of the proceeds to a third party for a reason that sounds legitimate. Of course, by the time you find out that the check was bogus, you’re out the money you sent—and probably bounced check or overdraft fees that your bank will hit you with.

“Most Americans don’t realize they are financially liable when they fall for these scams,” says Susan Grant, vice president of the National Consumers League. “There is no legitimate reason anyone would mail you a check or money order and then ask you to wire money in return. People need to know that checks can take months to clear, even if the money initially looks like it’s in your account."

The National Consumer League says that victims lose an average of $3,000 to $4,000 in fake-check scams. The league, along with the U.S. Postal Inspection Service and other partners, recently launched a Web site, FakeChecks.org, to help spread the word about these scams.

Bottom line: As realistic and enticing as that check looks, don’t cash it. File a report with the Federal Trade Commission or the postal authorities.
 

Two e-mail scams purportedly from the IRS recently landed in my “in” box from baffled friends. Like all e-mail attributed to the IRS, these were phonies.

One had an official-looking e-mail address with irs.gov on the end. The subject line said, “IRS USA for Businesses: Important messages to all business Accountants and Treasury Managers!” The main message told recipients to download information on recent changes to business and corporate tax laws, and offered an address to click on for more information, including “www1.irs.gov” in the URL.

Point 1:  There is only one official IRS Web site: www.irs.gov.

The other e-mail was scarier because it looked so real. It, too, was sent from an e-mail address with irs.gov on the end, and informed the recipient that she was due a tax refund of $93.60. To add to its verisimilitude, a copyright line for the IRS was posted at the bottom.

Clicking on the provided link led to a Web page with official-looking IRS letterhead, and that very familiar san serif typeface that says “I’m not kidding.” And what did the “IRS” want from my friend? Her Social Security number and a current credit card number—for who knows what kind of mischief. The only thing that gave away the scam was the URL that popped up on that second page: www.drunkenmedia.com.

Point 2: The IRS never communicates with taxpayers via e-mail. Even the electronic confirmation you get after filing electronically comes through the tax-prep software provider, not the IRS.

I checked later and both offending Web pages had been taken down. Someone had obviously reported them, a wise move.

Point 3: Never respond to e-mails that purport to be from the IRS.

Otherwise, you could become the victim of identity theft. Report any e-mails you receive from the IRS to phishing@irs.gov. Check the IRS Web site for more examples of common e-mail schemes.

--Tobie Stanger