-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Protecting Your Privacy
Before submitting your email address or other personal information
online, you need to be sure that the privacy of that information will
be protected. To protect your identity and prevent an attacker from
easily accessing additional information about you, avoid providing
certain personal information such as your birth date and social
security number online.
How do you know if your privacy is being protected?
* Privacy policy
Before submitting your name, email address, or other personal
information on a web site, look for the site's privacy
policy. This policy should state how the information will be
used and whether or not the information will be distributed to
other organizations. Companies sometimes share information with
partner vendors who offer related products or may offer options
to subscribe to particular mailing lists. Look for indications
that you are being added to mailing lists by default -- failing
to deselect those options may lead to unwanted spam. If you
cannot find a privacy policy on a web site, consider contacting
the company to inquire about the policy before you submit
personal information, or find an alternate site. Privacy
policies sometimes change, so you may want to review them
periodically.
* Evidence that your information is being encrypted
To protect attackers from hijacking your information, any
personal information submitted online should be encrypted so
that it can only be read by the appropriate recipient. Many
sites use SSL, or secure sockets layer, to encrypt
information. Indications that your information will be
encrypted include a URL that begins with "https:" instead of
"http:" and a lock icon in the bottom right corner of the
window. Some sites also indicate whether the data is encrypted
when it is stored. If data is encrypted in transit but stored
insecurely, an attacker who is able to break into the vendor's
system could access your personal information.
What additional steps can you take to protect your privacy?
* Do business with credible companies
Before supplying any information online, consider the answers
to the following questions: do you trust the business? is it an
established organization with a credible reputation? does the
information on the site suggest that there is a concern for the
privacy of user information? is there legitimate contact
information provided?
* Do not use your primary email address in online submissions
Submitting your email address could result in spam. If you do
not want your primary email account flooded with unwanted
messages, consider opening an additional email account for use
online (see "Reducing Spam" for more information
<http://www.us-cert.gov/cas/tips/ST04-007.html>). Make sure to
log in to the account on a regular basis in case the vendor
sends information about changes to policies.
* Avoid submitting credit card information online
Some companies offer a phone number you can use to provide your
credit card information. Although this does not guarantee that
the information will not be compromised, it eliminates the
possibility that attackers will be able to hijack it during the
submission process.
* Devote one credit card to online purchases
To minimize the potential damage of an attacker gaining access
to your credit card information, consider opening a credit card
account for use only online. Keep a minimum credit line on the
account to limit the amount of charges an attacker can
accumulate.
* Avoid using debit cards for online purchases
Credit cards usually offer some protection against identity
theft and may limit the monetary amount you will be responsible
for paying. Debit cards, however, do not offer that
protection. Because the charges are immediately deducted from
your account, and attacker who obtains your account information
may empty your bank account before you even realize it.
___________________________________________________________________
Author: Mindi McDowell
___________________________________________________________________
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-013.html>
Copyright 2004 Carnegie Mellon University
Terms of use
<http://www.us-cert.gov/legal.html>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFA9XGuXlvNRxAkFWARAmsRAJ4zH4FKY5nJ/IqijmTarhBVQgiW0gCff6Cz
VbGlmKYFuOzhoNFyxxsyd/s=
=Fl15
-----END PGP SIGNATURE-----
