Consumer Protection

When a database containing usernames and passwords is stolen or hacked, criminals often try using that list of usernames and passwords on hundreds of other companies' websites to see if they can get into any other accounts.

Don't use the same username and password combination on multiple sites, and avoid the most common passwords. For some fun reading, do an internet search for “most common passwords."

Use a password that is at least 8 characters long and contains an uppercase letter, a lowercase letter, a number, and a special character. As an example, pick eight characters (e.g., PB&J2eat), then add several characters from the site name that you are logging into. This way, you can still remember your password and it will be unique for each website.

In this example, we used “PB&J2eat”, plus a simple description.

• www.mypowercompany.com
  PB&J2eatpower
• www.cellularphone.com
  PB&J2eatphone
• www.yourbank.com
  PB&J2eatbank

This way, if one of the companies got hacked, the other logins wouldn’t be compromised.

When Personal Identification Numbers (PINs) are needed, don’t use the most common PINs (like 1234) or all repeating numbers (1111, 7777, 5555, etc). Banking industry studies have shown that the top 10 most commonly used PINs account for over 25% of PINs used. If a criminal tries the top 10 of the most frequently used PINs, they have over a 25% chance of gaining access.

DISH sends out email alerts when your account information has changed. Make sure you receive these alerts by providing a valid email address at mydish.com/myprofile.

Call DISH at 800-333-DISH (800-333-3474) to add PIN verification to your account. With this option turned on, anyone calling into DISH is immediately prompted for your account's security code. This prevents unauthorized individuals from gaining access to your account.

Research "identity theft protection" to find out more about companies you can pay to monitor your personal and credit information.

Closing the browser window doesn't always log you out. If you walk away from your computer, someone else could re-open your browser and access your accounts.

To protect yourself even further, learn how to delete your browser history and cookies for whatever browser you use. Browsers keep a history of what you do while you are online. If you use a public computer, you don't want to leave behind information about yourself that someone else could access.

Hyperlinks, which typically appear as blue underlined words, are normally used to take you to another website. However, they can take you somewhere other than what that link actually claims.

In Internet Explorer, Chrome, and Firefox, you can hover your mouse over a hyperlink to display the underlying link in the lower left corner of the browser window. On most mobile devices, you can press and hold a hyperlink to display the actual link destination.

If the underlying link does not match where you are expecting to go, do not click on it.

The return email address on an email can be spoofed (made to appear as if it came from DISH when it did not). The name that appears as the return address might not be where the email came from, and it might not be where a return email will go if you respond.

Emails from DISH will almost always come from dish@dishemail.com, and replies will go to feedback@dishemail.com. If you receive an email from a different email address, do not respond to it.

If you respond to a valid email from DISH, be aware that the information in the email is not protected. Unless you know for sure that your email is set up to be encrypted, don't send any personally-identifiable information in an email.

Criminals attempting to scam people out of their money might contact them with a great offer in exchange for an upfront payment made via a specific payment method (usually money order through a service such as Green Dot or Western Union). They may also ask that you purchase gift cards.

Any offer that requires you to pay outside of your normal payment method is most likely a scam. DISH customers pay for their service on a monthly basis, and there are no offers that require paying for 6 months or a year in advance. Additionally, DISH will never require that you use one particular payment method. We accept a wide variety of payment methods, including credit card, debit card, electronic funds transfer, check by mail, and money order.

If you receive a call about an offer that sounds too good to be true, hang up and call back on DISH's main phone number: 800-333-DISH (800-333-3474).

Criminals attempting to commit fraud sometimes call customers and claim to be DISH representatives. Since they are able to “spoof” DISH's phone number (make it appear as though their call is coming from DISH even though it is not), these calls often appear legitimate.

Do not provide these callers with any personal or account information, including your account number, security code, receiver number, or location ID. You may be asked to provide this information when you contact DISH directly, in order to verify that you are authorized to access the account and/or make changes, but DISH will never call you asking for this information.

If you receive a questionable call, hang up and call back on DISH's main phone number: 800-333-DISH (800-333-3474).

Phishing (pronounced "fishing") is a term used to describe the process of gathering information. Any additional information that a criminal collects about someone is a successful phishing attempt.

A criminal phishing for information could send out several thousand emails to random email addresses. The email might state that immediate action is required to prevent their DISH installation from being cancelled. Someone might then respond to that email and say that they don't have an installation scheduled.

By responding to the email, that person has let the criminals know that their email address is valid. They have also potentially provided the criminals with additional information, such as their full name and whether or not they are a DISH customer. The criminals can use this information to continue phishing for even more information or to pass themselves off as the customer to DISH or another company.

Social engineering is also used to describe attempts to gather information, but it involves playing on human emotions to do so. Social engineers will usually pass themselves off as someone who needs help or who is trying to help you. They may know the amount you pay for DISH service, where you work, if you have kids, etc. They will use this information to get you to believe their story. They may also exhibit one of more of the following traits:

• Rapport: The caller is polite and attempts to talk about common experiences. Human nature tells us that nice people aren't crooks.
• Humanitarianism: The caller tries to draw upon your good nature of wanting to help someone else or a family member. It's in our nature to care.
• Repetition: The caller repeats the same information over and over but words it slightly differently each time. Things we hear over and over tend to sink in.
• Urgency: The caller insists on immediate action. A sense of urgency in someone else's voice tends to get the average person's adrenaline going.
• Authority: The caller tries to make you believe they are a person of authority. We are taught growing up to believe and respect authority figures.

If you receive a suspicious call, hang up and call back on DISH's main phone number: 800-333-DISH (800-333-3474).

Reporting fraud or fraud attempts helps law enforcement understand the scope of the problem. If everyone reports it, law enforcement has more investigative leads and prosecutors have more of a reason to pursue it. Even if your local law enforcement agency doesn't have the resources to investigate it, you can still report it using one of the links below.

Federal Bureau of Investigation
www.fbi.gov

Federal Trade Commission
www.ftc.gov
www.consumer.gov/idtheft

International Consumer Protection and Enforcement Network
www.econsumer.gov

If you're a victim of fraud where someone else has your personal information, you should also contact the credit reporting bureaus to help prevent someone else from opening up loans or bank accounts in your name.

Equifax
888-766-0008
www.equifax.com

Experian
888-397-3742
www.experian.com

Trans Union
800-680-7289
www.transunion.com