It is important to protect your personal information online and be confident that the websites you access are treating it securely and appropriately.
Online safety resources
The following websites give excellent advice on staying safe online:
- The Australian Government has a website with information and tips to help you protect your privacy online.
- The Australian Bankers Association provide details on staying safe online through their security and fraud prevention site.
- Staysmartonline, an Australian government initiative, provides simple information for Internet users on how to protect themselves online, as well as up-to-date information on the latest online threats.
- Scamwatch, run by the ACCC, provides information about current scam alerts as well as how to recognise and avoid scams.
Identity fraud involves pretending to be someone else to steal money or other benefits. The person whose identity is used may suffer consequences when held responsible for the perpetrator's actions. Australia has laws in place at both federal and state level to prevent the misuse of personal information and data.
Identity fraudsters use various methods to gain this information via the use of phishing, the use of Spyware and the interception of un-encrypted internet communications.
Be cautious when revealing sensitive information over unsecured networks or on computers without an appropriate level of protection (public computers should be treated with extreme caution).
Some things to be aware of with your email:
- Phishing: the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication - never click on a link in an unsolicited email that takes you to a site that then asks you to enter sensitive information (eg passwords).
- Emails containing suspect attachments which may contain spyware or malware like Trojan horses.
- Email messages transit through unsecured servers and intermediate computers where it is possible for unencrypted messages to be intercepted and read.
- Many Internet Server Providers (ISPs) store copies of messages for back-up purposes.
In general terms, email is about as secure as a postcard through the mail.
Transport Layer Security (TLS) Protocol and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over networks such as the Internet. Several versions of the protocols are in wide-spread use for web browsing, e-mail, instant messaging and voice-over-IP (VoIP).
Part of this process involves buying a security certificate for the web site (used in identity verification and data protection) from a third party Certification Authority. Certificates are only valid for a finite period of time and then must be renewed. You can still browse a site with an expired security certificate but it's advised you don't share any sensitive information as the communication might not be secure.
Secure/encrypted network connections are identified by the presence of a padlock icon in the browser taskbar (not on the actual web page). The padlock icon is found at either the top or the bottom of the browser.
Password & PIN security
Some standard precautions to take with your PINs and passwords:
- Password complexity - use a combination of letters and numbers - don't use the names of family or pets!
- Regularly changing your password helps protect your accounts in the event your password becomes known to others.
- Never reveal your password/PIN to anyone and don't keep a written record in your wallet or purse.
- Do not use the same password/PIN for every account. If you want to limit the number of passwords/PINs you use, then create a small group that you use for specific purposes.
Sites like Facebook, MySpace and blogging platforms can offer exciting social networking opportunities. But you should be cautious not to expose yourself to the risk of security or privacy violations.
Before setting up a profile (which usually requires you to enter some personal information), you should check the privacy settings offered by the site. Ensure that your profile is set up in such a way that suits your personal privacy needs.
Be aware that many sites keep the personal information you enter even if you deactivate or delete your profile. While this information can be withheld from general public access (as with Facebook), the data is still online.
The level of personal information revealed can be used for identity fraud purposes. Users should be wary of revealing information that might help identify PINs or passwords, or making information like your date-of-birth and full address visible.
Unrestricted sites can be searched by users (or prospective employers) looking for background information on an individual. If you value your privacy, then you should be careful about the type of information you make available in these circumstances.
Cookies are used for authenticating, session tracking and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts. Cookies have been an internet privacy concern because they can be used for tracking browsing behaviour.
Cookies are not computer programs. They are parcels of text sent by a server to a browser and then sent back unchanged by the client each time it accesses that server, and are unable to perform any operation by themselves. They are neither spyware nor viruses, although cookies from certain sites are described as spyware by many anti-spyware products because they allow users to be tracked when they visit various sites
Most browsers allow users to decide whether to accept cookies, but rejection makes some websites unusable. For example, shopping carts implemented using cookies do not work if cookies are rejected.
If you have concerns about your security and privacy online contact us in one of the following ways: