-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Tip ST04-013
Protecting Your Privacy
Before submitting your email address or other personal information
online, you need to be sure that the privacy of that information will
be protected. To protect your identity and prevent an attacker from
easily accessing additional information about you, avoid providing
certain personal information such as your birth date and social
security number online.
How do you know if your privacy is being protected?
* Privacy policy - Before submitting your name, email address, or
other personal information on a web site, look for the site's
privacy policy. This policy should state how the information will
be used and whether or not the information will be distributed to
other organizations. Companies sometimes share information with
partner vendors who offer related products or may offer options to
subscribe to particular mailing lists. Look for indications that
you are being added to mailing lists by default--failing to
deselect those options may lead to unwanted spam. If you cannot
find a privacy policy on a web site, consider contacting the
company to inquire about the policy before you submit personal
information, or find an alternate site. Privacy policies sometimes
change, so you may want to review them periodically.
* Evidence that your information is being encrypted - To protect
attackers from hijacking your information, any personal
information submitted online should be encrypted so that it can
only be read by the appropriate recipient. Many sites use SSL, or
secure sockets layer, to encrypt information. Indications that
your information will be encrypted include a URL that begins with
"https:" instead of "http:" and a lock icon in the bottom right
corner of the window (see Understanding Web Site Certificates for
more information). Some sites also indicate whether the data is
encrypted when it is stored. If data is encrypted in transit but
stored insecurely, an attacker who is able to break into the
vendor's system could access your personal information.
What additional steps can you take to protect your privacy?
* Do business with credible companies - Before supplying any
information online, consider the answers to the following
questions: do you trust the business? is it an established
organization with a credible reputation? does the information on
the site suggest that there is a concern for the privacy of user
information? is there legitimate contact information provided?
* Do not use your primary email address in online submissions -
Submitting your email address could result in spam. If you do not
want your primary email account flooded with unwanted messages,
consider opening an additional email account for use online (see
Reducing Spam for more information). Make sure to log in to the
account on a regular basis in case the vendor sends information
about changes to policies.
* Avoid submitting credit card information online - Some companies
offer a phone number you can use to provide your credit card
information. Although this does not guarantee that the information
will not be compromised, it eliminates the possibility that
attackers will be able to hijack it during the submission process.
* Devote one credit card to online purchases - To minimize the
potential damage of an attacker gaining access to your credit card
information, consider opening a credit card account for use only
online. Keep a minimum credit line on the account to limit the
amount of charges an attacker can accumulate.
* Avoid using debit cards for online purchases - Credit cards
usually offer some protection against identity theft and may limit
the monetary amount you will be responsible for paying. Debit
cards, however, do not offer that protection. Because the charges
are immediately deducted from your account, an attacker who
obtains your account information may empty your bank account
before you even realize it.
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-013.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRo0npvRFkHkM87XOAQID8gf+MlK0WW6TuvQKB35V+dL5yX4GBCi/q+bu
KBa2BQ59IH/eNXuvebs4MGzccGRhFjwDjQadeSAPzFeBvurfRTeKopIPh6pDP499
f9ROw6c6xJAXGY9fRHqQR7ZMCozTUuYnl3OfT2hvU1Zlpbf3NDrPP4BHvgb+OU0s
qmPuFnxsFJfNQeE0xeL/ZiIsC4IAJhRgud7BrhRzM9Zy4ttZfq2aeGqcQNXoxVWf
sYj2BiBI6gnz/61z0uuRaRk6IcQZwLHZmi50AnezIc7O3tcU4SkNGbLDSNIYxvq+
hAgUDoQ1gqJqz2k7g1BoMu9847yhhS5+5hXZcV97DSouwRP/TzxyEQ==
=T4fB
-----END PGP SIGNATURE-----
