Understand IP addresses even if you're not a math major
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
Products  

Tips & Best Practices

IT Managers

Business Managers

Dustin Barnes

Video Tutorials

Radio Free Security

White Papers

Case Studies

Network Security Glossary

 LiveSecurity Service - Network Security Basics

Keeping Personal Information Personal

by Judy Bodmer

Editor's note: WatchGuard's LiveSecurity Service provides articles on how to keep business computer networks secure. However, it turns out some business people have families. (Who knew?) So a few times each year, we send an article written with the computer security needs of home users in mind. Feel free to forward this article to individuals you know who are not fully aware of what can happen to personal information they voluntarily fill in on forms at Web sites. —Scott Pinzon

Recently I received an e-mail from a friend requesting an update on my personal contact information. Because I've known this person for ages, I didn't think twice. I clicked on the site, filled out the form, and hit Next. Up flashed another screen. I was in a big hurry, so I hit Next again. To my surprise, I was now a registered user of a service called Plaxo, and it wanted access to my contact file. I hesitated, but only for a moment because I trusted the person who had sent the e-mail. I hit Okay. As name after name flew out of my file, I began to panic. What had I done? Where was this information going?

Truth was, I had no idea.

In just a few minutes, I had made several classic blunders. Not only had I shared my personal information with an unknown source, but I was also sharing the personal information of my friends, relatives, and business contacts.

At best, the end result would be an avalanche of new spams in our inboxes. But at worse, it could lead to something a lot more serious. Maybe what I learned that day will help keep you out of trouble.

Don't Go Phishing

My first mistake was failing to verify that this e-mail was legitimate. It looked like it was from a trusted friend, but was it really? I have since become acquainted with a nasty trick called "phishing." This is where illegitimate people send out e-mails that look like they are from a legitimate source. They usually disguise themselves as financial services and ask you to update your account numbers or passwords. One such case was reported in July of 2003. A young man sent e-mails purporting to come from an America Online (AOL) Billing Center. The e-mail warned the receiver that their account would be closed immediately unless he or she sent not only their credit card information but their mother's maiden name, a billing address, social security number, bank routing number, credit limit, personal identification number, and password. No legitimate businesses would ever ask for this information.

In my case, I should have e-mailed or phoned my friend and asked him if this request for information was legit before I did anything. Spammers know how to lie in the "From" field of your e-mails, so even if an e-mail looks like it came from your friend, if it doesn't "sound" like it came from your friend, you're wise to verify. Funny thing, I sent out sixty plus names that day and only six people e-mailed to ask if this was real. Fifty-four signed up — just like me.

Slow Down

Another mistake I made was neglecting to read Plaxo's privacy policy. I know, I know. That's boring. If you've ever clicked on that little Privacy Policy link, you've discovered they are full of mind-numbing technical terms. Most of us might read the first paragraph and then decide we have a real life to get back to. But wait. It's important to know what this company plans to do with the information you've just supplied them.

If you don't want to read the whole privacy policy, scroll down to the "third party" clause. Companies who don't share your information with third parties are good. Companies to avoid share with "other users," "guests," "our affiliates," "our marketing partners," "co-branded sponsors," and "those we may rent it to from time to time." Before you complete this transaction, ask yourself if it's worth the whole world knowing the information you've just typed into those little boxes.

I do my banking online. Just out of curiosity, I checked the privacy policy of my financial institution, and guess what? They share my information with life insurance companies, travel services, discount hotel accommodations, and shopping services. I discovered I can opt out of some of this sharing but not all.

Online pharmacies also offer poor privacy. A report posted on www.privacyright.org in mid-April 2004 found that only about half of the fifty online pharmacy sites visited had privacy notices. In January 2004, the Associated Press reported that the number one spam topic is pharmaceutical drugs. Number two? Online pharmacies.

Stay Out of Bad Neighborhoods

The more times you visit the Web and type in your credit card number, the more likely you are to have this information stolen. Where do you do business? Are these well-known Web sites, or are they places you wouldn't want your mother to know about? If the latter, then the chances of their security being lax increases.

Even well-known sites cannot always be counted on. Recently an AOL worker was arrested for stealing 92 million names and selling them to an Internet gambling operation. Lowe's home improvement and Playboy's network also have had customer information stolen, including credit card numbers. MSNBC reported that two million bank accounts were robbed by identity thefts in the last year. Next time you type in your credit card number on some Web site, ask yourself if this transaction is worth having your number stolen.

Understand Your Cookies

The first time I visited Amazon.com, they asked me to register. I quickly filled out their little form. The next time I visited them, the site said, "Hello, Judy Bodmer." Ah, they remembered me. They even had suggestions for things I might like to buy based on what I had browsed during my last visit. This demonstrates the use of a cookie. It's a little file they planted on my computer so that when I went back to their Web site, they knew who I was. This seems harmless enough. But if you don't like the idea of a company keeping track of you, you can delete cookies from your file. From Internet Explorer, go to the Tools menu, choose Internet Options, then the General tab, and you'll see how to delete them. (However, this also means some sites you like to visit won't recognize you next time you're there. In that case, they just install a new cookie.) For further control over cookies, click the Privacy tab.

Most companies, like Amazon.com, can be trusted with this information. My son even says he likes cookies because he doesn't want to type out that information every time he visits his favorite places. Most privacy policies will state what the company does about cookies. Good ones delete them at the end of the transaction. Bad ones keep them active for as long as 30 years.

Nasty Little Web Bugs

Something a little more alarming are Web bugs (sometimes called Web beacons, pixel images, or pixel tags). These are hidden graphics used to track your movements throughout the Web. They were developed to help advertisers track customers. An innocent enough reason. But again, the idea of someone tracking our movements without us knowing about it is unsettling.

Spammers use them. Once you open an e-mail from them, the Web bug sends a message back to the spammer that this is an active e-mail address, which then invites more spam.

What can you do?

  • Develop a junk e-mail address for the Web. You can do this through free e-mail accounts such as Juno, HushMail, or Yahoo!. Give out your legit e-mail address only to your friends, relatives, and trusted business contacts.
  • Fill out only required information on forms; don't volunteer optional information.
  • Install anti-spyware like Ad-aware, Spy Sweeper, or SpyHunter and run it regularly.
  • Never open e-mail unless you know it's from a legitimate source.

I was lucky this time. It turned out Plaxo was an okay company. But if it had had a privacy policy as loose as many other commercial sites, my friends might be hearing from spammers forever because of my slip-up. Keeping your personal information safe in the cyber world takes a little time and attention, but it's worth it. ##

Judy Bodmer is a freelance writer in the Pacific Northwest. Her articles have been published in numerous publications, including Reader's Digest. She is a past president of the Pacific Northwest Writers Association and the author of two books, including When Love Dies: How to Save a Hopeless Marriage.