Identity fraud involves pretending to be someone else in order to steal money or other benefits. The person whose identity is used may suffer various consequences when held responsible for the perpetrator's actions. Australia has laws in place at both federal and state level to prevent the misuse of personal information and data.
Identity fraudsters will use various methods to gain this information via the use of phishing, the use of Spyware and the interception of un-encrypted internet communications.
Caution should be taken with revealing sensitive information over unsecured networks or on computers without an appropriate level of protection (public computers should be treated with extreme caution).
Some things to be aware of with your e-mail:
- Phishing: the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication - never click on a link in an unsolicited email that takes you to a site that then asks you to enter sensitive information (ie passwords)
- E-mails containing suspect attachments which may contain spyware or malware like Trojan horses
- E-mail messages transit through unsecured servers and intermediate computers where it is possible for unencrypted messages to be intercepted and read
- Many Internet Server Providers (ISPs) store copies of messages for back-up purposes
In general terms, email is about as secure as a postcard through the mail.
Transport Layer Security (TLS) Protocol and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over networks such as the Internet. Several versions of the protocols are in wide-spread use for web browsing, e-mail, instant messaging and voice-over-IP (VoIP).
Part of this process involves buying a security certificate for the web site (used in identity verification and data protection) from a third party Certification Authority. Certificates are only valid for a finite period of time and then must be renewed. A site with an expired security certificate should be treated with caution by users, but may still be browsed, as long as the user exercises appropriate care with the level of sensitive information revealed (as the communication may no longer be secure).
A secure/encrypted network connection may be detected by the presence of a padlock in the browser taskbar (not on the actual web page). This will be positioned at either the top or the bottom of the browser.
Password & PIN security
Some standard precautions to take with your PINs and passwords:
- Password complexity - use a combination of letters and numbers - don't use the names of family or pets!
- Regularly change your password - even if you just change the number/s in your password
- Never reveal your password/PIN to anyone and don't keep a written record in your wallet or purse
- Do not use the same password/PIN for everything. If you want to limit the number of passwords/PINs you use, then create a small group that you use for specific purposes.
We know that sites like Facebook, MySpace and the various blogging sites offer exciting social networking opportunities. But remember that some care should be taken to ensure you don't unnecessarily expose yourself to the risk of security or privacy violations.
Prior to setting up a profile (which usually requires you enter a certain degree of personal information), you should familiarise yourself with the privacy settings offered by the site. Ensure that your profile is set up in such a way that suits your personal privacy needs.
Be aware that many sites retain the personal information you enter even if you deactivate or delete your profile. While this information can generally be withheld from general public access (as with Facebook), the data is online and is potentially vulnerable.
The level of personal information revealed can be used for identity fraud purposes. Users should be wary of revealing information that might help identify PINs or passwords, or making information like your date-of-birth and full address visible.
There is also the matter of personal privacy. Unrestricted sites can be searched by users (maybe even prospective employers) looking for background information on an individual. If you value your privacy, then you should be careful about the type of information you make available in these circumstances.
Cookies are used for authenticating, session tracking and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts. Cookies have been an internet privacy concern because they can be used for tracking browsing behaviour.
Cookies are not computer programs. They are parcels of text sent by a server to a browser and then sent back unchanged by the client each time it accesses that server, and are unable to perform any operation by themselves. They are neither spyware nor viruses, although cookies from certain sites are described as spyware by many anti-spyware products because they allow users to be tracked when they visit various sites
Most browsers allow users to decide whether to accept cookies, but rejection makes some websites unusable. For example, shopping carts implemented using cookies do not work if cookies are rejected.
R.U.N.S.A.F.E documents key information regarding the safe and secure operation of desktop computers. The R.U.N.S.A.F.E concept and documentation has been adapted to suit the Victoria University environment. The R.U.N.S.A.F.E acronym is made up of the following:
- R - Refuse to run unsafe programs
- U - Update software regularly
- N - Nullify unneeded risks
- S - Safeguard our identity and passwords
- A - Assure sufficient resources for proper system care
- F - Face insecurity
- E - Everybody needs to do their part
The goal of R.U.N.S.A.F.E is to help you attain the knowledge and skills necessary to more safely operate a network connected computer.
If you have concerns about your security and privacy online: