Correct privacy threats

Protect. Detect. Correct.

Correct threats through action by protecting your PC and other devices.

"High-tech crime is no longer the province of science fiction movies."
Former Victorian Police Commissioner Mal Hyde, Australian Federal Police

There are steps you can take to protect yourself from privacy threats, whether it’s the high-tech kind or someone watching over your shoulder on the bus. The first step is to be aware when your private information is visible to others and identify when your privacy is at risk. The next is to secure your computer, smart phone and other electronic devices. Finally, be vigilant when sharing your details online and don’t be afraid to ask questions if something doesn't look right.

Malware

Malware is software with a malicious purpose. It may be able to disable or remotely control your device, or retrieve your personal information.

The following suggestions are designed to reduce your exposure to malware:

• ensure your operating system and software are up-to-date
• download applications from reputable sources only
• closely monitor application permission requests
• check the feedback from other users before installing programs
• don’t leave your mobile device unattended in public places
• don’t leave your mobile device on wi-fi ad-hoc mode
• turn off bluetooth and other connections when not in use
• install anti-malware software.

Encrypt sensitive information stored on your PC

Encryption is the process of systematically encoding data before transmission and during storage, so that an unauthorised party cannot easily decipher the data. If you keep personal or financial information on your computer, consider taking steps to encrypt and protect sensitive files and folders.

The method of encryption will depend on the system you operate at home. Instructions for some commonly used systems are linked below:

• Windows 7
• Windows XP
• Mac OS X 10.6
• Mac OS 9

If another user attempts to open, copy or move an encrypted file, he or she will be unable to do so without being given relevant access privileges.

What you need to know about email

Spam is a generic term used to describe electronic junk mail, that is, unwanted messages sent to your email account or mobile phone. Although there are exceptions, it can be illegal to send unsolicited commercial electronic messages. The Australian Communications and Media Authority (ACMA) is responsible for enforcing the Spam Act 2003 (Cth) and actively works to fight spam in Australia. The ACMA keeps a running feed on current scams and e-security issues facing Australians.

Phishing email messages are more sinister because they are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data.

Microsoft offers the following clues to help you spot fraudulent email messages or links within them.

• Emails might appear to come from your bank or financial institution, a company you regularly do business with, using phrases such as:
• • "Verify your account"—Businesses should not ask you to send passwords, log in information, user names, or other personal information through email. If you receive an email message from Microsoft or any other business asking you to update your credit card information, do not respond as this is likely to be a phishing scam.
  • "If you don't respond within 48 hours, your account will be closed"—These messages convey a sense of urgency so that you'll respond immediately without thinking. A phishing email message might even claim that your response is required because your account might have been compromised.
• Emails might appear to be from someone in your email address book.
• Emails might ask you to make a phone call. Phone phishing scams direct you to call a phone number where a person, or an audio response unit, waits to take your account number, personal identification number, password, or other valuable personal data.
• Emails might include official-looking logos and other identifying information taken directly from legitimate websites, and they might include convincing details about your personal history that scammers found on your social networking pages.
• Emails might include links to spoofed websites where you are asked to enter personal information.
• To make these phishing email messages look legitimate, scammers use graphics that appear to go to familiar websites but actually take you to a phony site or a pop-up window that looks exactly like the official site.

Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered by adding, omitting, or transposing letters.

For more information about phishing and scams, visit ScamWatch.

Accessing your money online

Most Australian banks, building societies and credit unions operate in an environment of “bricks and clicks”, that is, they have traditional bank branches in key locations but they also offer internet banking. In fact, today you can use most of the banking facilities available to you in a branch through a bank’s website.

When banking is taken out of the safe domain of bricks and mortar branches, security must be a priority. Banks have taken steps to protect you such as securing log in pages through an encryption process, but as a customer, it is your responsibility to become familiar with your bank’s security measures. You can check the security of your exchange with your bank by:

• checking that the beginning of your bank’s internet address changes from
• ‘http’ to ‘https’—this means a secure connection is made
• never leave your computer unattended when logged in to your online account
• set strong passwords and change them regularly.

Conducting transactions online is quicker and easier than ever before, but the privacy risks are ever-present. Online transactions can be monitored, recorded, and key logged by a variety of hackers and third parties without the knowledge or consent of the user. To mitigate the risks associated with online transactions:

• use familiar websites for stores that you know to be reputable
• look for secure payment options when shopping or paying bills online (make sure all websites that involve account information exchange have a padlock symbol or icon in the status bar at the bottom of your web browser, or right next to the URL—this means that the site has been assigned the authority to accept secure and protected information)
• give as little personal information as possible (most retailers don’t need to know your date of birth or licence number to transact with you)
• pay attention to your billing cycles and double check your transactions
• notify providers immediately of any account irregularities.

Passwords

You can password protect all manner of technological devices and remote-access services. In doing so, don’t forget your phones and tablets—small, portable and full of personal information, these devices may pose a greater privacy risk than your personal computer.

Choose difficult passwords, memorise them and change them often. Avoid your mother’s maiden name and other commonly used passwords…

From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords. To give you some insight into how predictable humans are the following is a list of the 10 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.

• 123456
• 12345
• 123456789
• password
• iloveyou
• princess
• rockyou
• 1234567
• 12345678
• abc123

There are some interesting, but common, passwords that show how people try to be clever, but even human cleverness is predictable. For example:

• ncc1701—the ship number for the Starship Enterprise
• thx1138—the name of George Lucas’s first movie, a 1971 remake of an earlier student project
• qazwsx—follows a simple pattern when typed on a typical keyboard
• 666666—six sixes
• ou812—the title of a 1988 Van Halen album
• 8675309—the number mentioned in the 1982 Tommy Tutone song.

If you’re concerned about being able to remember a complex code for a password, here’s a little memory-jogging trick: take a sentence and turn it into a password. For example “This little piggy went to market” might become “tlpWENT2m”.

Related links

• Stay Smart Online
• Think You Know
• Australian Competition and Consumer Commission
• Office of the Australian Information Commissioner