Protect yourself online

Identity fraud

Identity fraud involves pretending to be someone else in order to steal money or other benefits. The person whose identity is used may suffer various consequences when held responsible for the perpetrator's actions. Australia has laws in place at both federal and state level to prevent the misuse of personal information and data.

Identity fraudsters will use various methods to gain this information via the use of phishing, the use of Spyware and the interception of un-encrypted internet communications.

Caution should be taken with revealing sensitive information over unsecured networks or on computers without an appropriate level of protection (public computers should be treated with extreme caution).

Email security

Some things to be aware of with your email:

• Phishing: the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication - never click on a link in an unsolicited email that takes you to a site that then asks you to enter sensitive information (eg passwords).
• Emails containing suspect attachments which may contain spyware or malware like Trojan horses.
• Email messages transit through unsecured servers and intermediate computers where it is possible for unencrypted messages to be intercepted and read.
• Many Internet Server Providers (ISPs) store copies of messages for back-up purposes.

In general terms, email is about as secure as a postcard through the mail.

Security certificates

Transport Layer Security (TLS) Protocol and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over networks such as the Internet. Several versions of the protocols are in wide-spread use for web browsing, e-mail, instant messaging and voice-over-IP (VoIP).

Part of this process involves buying a security certificate for the web site (used in identity verification and data protection) from a third party Certification Authority. Certificates are only valid for a finite period of time and then must be renewed. A site with an expired security certificate should be treated with caution by users, but may still be browsed, as long as the user exercises appropriate care with the level of sensitive information revealed (as the communication may no longer be secure).

A secure/encrypted network connection may be detected by the presence of a padlock in the browser taskbar (not on the actual web page). This will be positioned at either the top or the bottom of the browser.

Password & PIN security

Some standard precautions to take with your PINs and passwords:

• Password complexity - use a combination of letters and numbers - don't use the names of family or pets!
• Regularly change your password - helps to protect your accounts in the event your password becomes known to others.
• Never reveal your password/PIN to anyone and don't keep a written record in your wallet or purse.
• Do not use the same password/PIN for everything. If you want to limit the number of passwords/PINs you use, then create a small group that you use for specific purposes.

Social media

We know that sites like Facebook, MySpace and the various blogging sites offer exciting social networking opportunities. But remember that some care should be taken to ensure you don't unnecessarily expose yourself to the risk of security or privacy violations.

Prior to setting up a profile (which usually requires you enter a certain degree of personal information), you should familiarise yourself with the privacy settings offered by the site. Ensure that your profile is set up in such a way that suits your personal privacy needs.

Be aware that many sites retain the personal information you enter even if you deactivate or delete your profile. While this information can generally be withheld from general public access (as with Facebook), the data is online and is potentially vulnerable.

The level of personal information revealed can be used for identity fraud purposes. Users should be wary of revealing information that might help identify PINs or passwords, or making information like your date-of-birth and full address visible.

There is also the matter of personal privacy. Unrestricted sites can be searched by users (maybe even prospective employers) looking for background information on an individual. If you value your privacy, then you should be careful about the type of information you make available in these circumstances. 

Cookies

Cookies are used for authenticating, session tracking and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts. Cookies have been an internet privacy concern because they can be used for tracking browsing behaviour.

Cookies are not computer programs. They are parcels of text sent by a server to a browser and then sent back unchanged by the client each time it accesses that server, and are unable to perform any operation by themselves. They are neither spyware nor viruses, although cookies from certain sites are described as spyware by many anti-spyware products because they allow users to be tracked when they visit various sites

Most browsers allow users to decide whether to accept cookies, but rejection makes some websites unusable. For example, shopping carts implemented using cookies do not work if cookies are rejected.

Contact us

If you have concerns about your security and privacy online contact us in one of the following ways:

• Phone ITS Service Desk: +61 3 9919 2777 (option 1)
• Report an IT fault or service request online – login using your MyVU or Active Directory (AD) username and password (same as your student email login details) 
• Ask a question through: ASKVU.