Protecting Your Information
This is the third in my series on privacy and security. Last month, I reviewed one method of creating secure passwords, and I explained how passwords are typically exposed or cracked. This month I want to look at why it is important to protect our information.
Who Are We Protecting Our Data From?
First, let's look at who is using our data and why they are using it. Businesses like Google, Microsoft, Facebook, and Amazon; internet service providers like Comcast and Verizon FiOS; mobile phone service providers like Verizon, AT&T, T-Mobile, and Sprint are all collecting information about you through various means. Most of these companies collect your information so they can turn around and resell it to others or use it to target advertisements to you. You have probably experienced this firsthand if after searching for a medical condition or a vacation site you suddenly notice all of the ads you see online are ads for related medications or hotels and attractions in the area you researched. Most of this seems benign, but do you really want Target to know your daughter is pregnant before the rest of the family knows? (This is an actual situation that occurred several years ago. Search online for the words "target" "teen" "girl" and "pregnant" for more information.)
In addition to normal businesses, you have criminals and criminal organizations, including some that are operated or supported by foreign governments. Criminal organizations typically steal information for profit. It is easy to see how to profit from stealing credit cards and bank account numbers, but other information can be used to make future attacks more effective.
Finally, you have the individual thief or attacker. They may have a number of motivations such as personal gain through theft, vandalism, or attacks on you or your family, sometimes to show they can pull it off. A couple of years ago a personal swatting attack where the attacker called the police to report a violent crime in progress led to the death of an innocent person when the person initiating the attack used the incorrect address. The innocent victim was killed by the police believing the victim was engaged in violence against his family based on the swatting report.
What Do You Need to Protect?
It seems obvious we need to protect Social Security numbers, driver's license information, passport information, phone numbers, credit cards, residential address, email addresses, and of course passwords. Facts like pet names, high schools, previous addresses, parent names, web sites we visit, and our current location should also be protected.
Why Do We Need to Protect Our Information?
It isn't always clear why we need to protect all of this information, but let me provide some examples of things that have actually happened to people.
For one example, a criminal monitors a Facebook account and determines from posts that a family member (child, grandchild, or sibling for example) will be away during a certain period of time and will be difficult to contact. By monitoring Facebook, they have learned a lot about the family and have used other internet sources to locate addresses and phone numbers and additional information. They then call a vulnerable family member and report that are calling on the traveler's behalf and the traveler is in trouble (possibly arrested) and needs cash to bail them out. The victim is instructed to take the cash out of the bank, box it up, and overnight the money to an address in a distant city. This address is likely to be an address of a house the perpetrator knows will be empty. The criminal waits for the package to arrive at the empty house and picks it up, keeping the cash for himself.
How do we protect ourselves from this type of crime? First, don't post where you are going or where you are currently on social networks. Post your photos and comments after you return. Second, if you are traveling to an area where you will be difficult to reach, set up a special code word or phrase that you can share privately so a message can be verified as being from you, whether it comes from a third party or from an email or text message. Give as little information as needed on your social media sites and limit who can read your posts to only people you know directly and not friends of friends of friends.
Beware of phishing. Phishing is the practice of enticing people to give them information that should be protected. Last week I received a call claiming to be from DirectTV. I used the information I had at hand (caller ID for example) and quickly determined the call was fake. I presented this to the caller, and he admitted it was a phishing scheme. They sell you a steeply discounted plan (that doesn't exist) just so you will give them your credit card information. Once given, your credit card has been effectively stolen. This is a similar scam as the zero percent interest rate calls from "Alice." Once you give the caller your credit card information, the card has been stolen. Many email scams work the same way. They offer you a deal and provide you a link to a web site that looks legitimate. When you make the purchase, the merchandise is never received, and your card has been stolen.
Protect yourself by never giving any personal information to a company that calls you. If it really sounds legit and you are interested, look up the company and call them. Don't trust a call-back number provided by an operator that called you. Never follow a link in an email unless you personally know the sender and recognize the link (I won't even follow links in emails sent by my mother). It is best if email links are disabled by default in your email client. These links cannot only send you to phishing sites but can also send you malicious files that infect your computer through the browser.
Remember people can use your information to file fraudulent medical claims, steal your identity, and apply for loans in your name, file fake tax returns in your name and collect a refund, get a job using your social security number, and otherwise harm you and your loved ones.
My final words this month: be careful what you share, use strong passwords, and if available use multifactor authentication.