Blog

How Mitto Protects Users Against Phishing and Identity Theft

February 3rd, 2009

Phishing and Identity Theft (which we’ll define here as the illegal and malicious use of another individual’s identity) are growing problems for online users. Mitto helps to protect you against both.

Phishing

Phishing is a problem when you click on a link, most often through your email, to go to a website that asks you to provide personal information. Although you think you are at the site you intended to go through, the site is actually a fraudulent site made to look like the one you intended to go to. To combat phishing, we always encourage Internet users to do two things:

• Don’t click links in your email. Always type in the full URL of the website that you intend to go to. So whenever you log into Mitto, you should always type the full URL yourself, https://app.mitto.com. On your own computer, you can make this a bookmark for convenience.
• Verify your URL. Before you login or provide any other personal information, always make sure that the address bar in your browser indicates that you are at the site you intended to go to.

Protection #1: Restricted Links Via Email

As a company, Mitto has a strict policy that states that we will never send a user an email that contains a URL to a page that asks them for personal information. Any emails from Mitto will provide URLS to informational pages only.

Protection #2: By using autologins instead of following links, you can avoid becoming a victim of phishing

When you use Mitto to log in to your other password protected sites, you know you are being directed to the sites you want to log in to. Never follow links in email that take you to pages that ask for sensitive data or login information. Whenever you need to log in to any of your password protected sites, use Mitto for added protection against Phishing.

Protection #3 Email Security Phrase 

When you create a new Mitto account, you set up an email security phrase. This can be anything you want, but should not be a password hint. When Miitto sends automated system emails to you, this security phrase will be included in the body of the email. If the email does not contain this phrase, you should disregard the email as a phishing attempt. The email security phrase can be changed by you at any time through your account settings, and is an important tool used to help you to avoid phishing and fraud. 

Identity Theft

As Identity Theft becomes more of a problem, online users should be taking proactive steps to prevent this kind of fraud and using measures to help early detection of unauthorized use of your online credentials. Mitto helps to be proactive in both of these areas.

Protection #1: Mitto Encourages Different Strong Passwords

You’ve probably heard that having different passwords for different sites is recommended. Using the same password for all or most of your online logins is a bad password habit. Firstly, if someone gains access to that password, now all of a sudden they can potentially access all other accounts with that password. These days not all sites encrypt your password like Mitto does, and quite often they store them in clear text. If you’ve ever had your password emailed to you when you sign up for a new service, it probably means they are not encrypting your passwords, and anyone who as access to their system can see your password. In this scenario, if you used the same password for everything, your other online credentials are at risk. To read more about why using the same password is a bad idea, see our article about 4 Common and Dangerous Password Habits.

By encouraging the use of different passwords for different sites (and providing you a manageable way to keep track of them), Mitto helps you to isolate security breaches of one site from affecting your others. We even provide a password generator and strength meter to help you select strong passwords for all of your sites. By using different passwords, if one of your services is compromised, your others are still safe.

Protection #2: Early Detection

Part of the problem with Identity Theft is that you don’t know about it until significant damage has been caused. With our Last Login Feature and Login History, you can check to see if there may have been any irregular login activity with your account. The history will attempt to show you where and when you logged in from last (time, date, IP address, and country/metropolitan area), what browser you were using, and what operating system that computer was using. By viewing your history, you are alerted to potential unauthorized access so that you can take necessary corrective action.