Charlie Cookston responded to what looked like a legitimate e-mail from PayPal, an online payment service. It asked for his user name and his password — and he gave them.
Turns out it wasn't PayPal, it was a scam.
“When they got into the PayPal account, they got the charge card and the checking account and the routing number for the checking account,” says Cookston.
And there was more.
“I had all my accounts, insurance, vitamins, whatever I buy on the Internet with the same user name and password,” he says.
Internet security experts say millions of Americans like Cookston are vulnerable to identity theft because they use only one password for multiple accounts.
Hackers count on that pattern.
“This absolutely is the threshold to identity theft,” says MSNBC.com technology writer Bob Sullivan.
Sullivan says it's all too easy. There are places people can go on the computer to get your password.
“We just typed ‘password cracker’ into Google,” demonstrates Sullivan. “And you get back all sorts of results. Some are written by good guys, and some are written by bad guys. [There are] tons of Web sites devoted to figuring out what people's passwords are so that they can break into their accounts.”
There are ways to protect yourself, including using longer passwords and ones that combine numbers, letters and punctuation. Another effective approach is to not use your real name when you log on — make one up.
“When you're logging onto newspaper sites, recipe sites, other sites that don't have any kind of critical components, use a fake name, use a fake address,” says Sullivan. “Save really strong passwords and your personal information for the sites that matter.”
And if you think it can't happen to you, remember Charlie Cookston — he's a computer programmer, and it happened to him.
“I have now gone through all my logon information,” he says. “They all have a unique password.”
That means more work, remembering more passwords, but also more protection for you and your identity.