Sometimes I have to stop and remind myself that, for a lot of musicians, the Web is a brand-new place. And with more and more indie musicians trying out services like eBay and Paypal to sell CDs and merch, a lot of them don’t know when to be cautious with their personal information. So this post may to old news to some readers out there, but it’s important enough to bear repeating.
If you use Paypal, eBay, Cafepress or any other online service to sell your wares, remember this golden rule:
Never, ever respond to a password change request that arrives by email.
I get several of these emails a week, asking me to change my password because my account was suspended or somehow “compromised.” Some of them have links to very convincing-looking login pages. 100% of them are fake, trying to get me to panic and give up my password so the sender can login and scoop up my bank and credit card info. This is called phishing and it’s a common form of identity theft.
No amount of security can prevent you from willingly entering your password into a login box you think is safe. Don’t ever do it. If you have any doubts, open up a separate browser and go to the site directly (type the address by hand) — you’ll know shortly if there’s a real problem with your account or not.
Being an artist is hard enough without scrambling to close all your credit cards.