, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

(originally published to Helium writing site, now gone; written in 2009 but probably still quite relevant)

The internet provides an amazing array of opportunities for wrongdoers to take advantage of innocent and vulnerable people. Some of the most common of these methods involve ways of obtaining personal information and using it for various gains, causing people to lose their privacy.

One of the major privacy concerns on the internet is identity theft. Unscrupulous people will seek out your information such as full name, address, phone number, email address and date of birth, and will use these details for various purposes. This might include obtaining credit, buying goods and services, and getting medical care and drugs. Sometimes a person might use your details instead of their own if they are caught committing a crime. Or the person might assume your entire identity in all their activities.

There are a number of ways people can steal your identity from information you have stored somewhere on the internet. One of the easiest ways is through internet searches, perhaps using a name and address and phone number from a telephone directory as a starting point.

A more sophisticated way is to steal personal information from a computer database. For example, a Trojan horse can enter a computer via an electronic game or some other program and allow a hacker to access information. Hackers have various other ways of obtaining data from your computer, for example, by means of a spoofing attack which can trick you into giving out confidential information, or a packet sniffer that can obtain passwords, or keylogging which allows the hacker to record your every keystroke.

Another common way criminals try and obtain your personal details is by emailing you with what appears to be a genuine job offer, or telling you that you’ve won a lottery, or that you are the beneficiary of a will, or offering you a loan. These scam emails will usually ask you to provide your name, address, phone number, occupation, age, and so on. Sometimes they ask for a curriculum vitae and banking details.

Crooks even scan MySpace and Facebook looking for personal information. Make sure you use the privacy settings. But these people don’t stop there. Some of them might visit public dumps looking for old computers. Information is never erased from your hard drive so make sure you smash your old computer to smithereens before throwing it out. My wife is good at this and has obliterated a couple of our old computers.

Phishing is yet another method used by people to steal personal information. This is where a person will set up an email and a website that look like they are from a well known institution such as a bank or an online payments processor. The email tells you that you have to click on a link and update your account details, sometimes saying things like your account will be suspended if you fail to act. The unsuspecting recipient might do as the email says, but if you hold the cursor over the link, a totally different website name will usually show up in a little window if it’s a scam. Never try and update usernames, passwords, credit card numbers and other details this way. A spam filter will reduce the number of unwanted emails. You could also direct any email where the sender isn’t in your address book to the anti-spam folder.

Make sure you trust your internet service provider (ISP) too. A provider is able to find out everything a user does on the internet, although such actions are usually illegal. It is also possible for an ISP to build a profile of your web habits and sell the information to marketers.

Cookies can sometimes be used to track usage. Information that identifies you can be placed in a browser and used for profiling or tracking, thus the name tracking cookie. Personal information can be stolen from a cookie by techniques such as cross-site scripting. This is where code is injected into the web pages you view, which may result in unauthorized access, theft of information and financial loss. Most web browsers are set up to prevent script from being used in this manner.

Spyware installs itself on a computer without the user knowing. The perpetrator tricks the user into installing these programs by piggybacking onto some other piece of software being downloaded or via a Trojan horse. Spyware can collect data on sites visited as well as installing extra software, redirecting browser activity (where you suddenly find yourself at a totally different site from the one you thought you were opening), and can change your computer settings. Anti-spyware software is readily available to deal with these problems.

The solution to these issues is twofold. First, install an internet security system that includes protection against viruses, spyware, spam, phishing and other intrusions. Second, be careful and responsible. Don’t splash your name, address, phone number and email address all over the web. Make sure you feel you can trust a site before using it. Never give out your passwords to anyone. Don’t reply to emails from people you don’t know. Never try and remove yourself from a program or database you didn’t subscribe to in the first place.