"Traveling the information highway" as a metaphor for "using the internet" is getting very cold. An increasing number of the "highways" are very real today and it is becoming easier for criminals to locate, follow and target victims.
In spite of a plethora of web sites serving up documents, tutorials and blogs regarding computer security, privacy and safety, the threat of identity theft and other types of crimes on the internet continue to increase. Mr. George Farah, Information Systems Security Manager states, "Cybercrime, computer hacking and spear phishing leading to identify theft are three of the major threats we face on the Queen's University campus in the area of computing". Mr. Farah stresses the importance of becoming aware of these threats, "Knowing how they happen and knowing how to protect ourselves as organizations and individuals is ever increasing as the nature of these threats evolve".
In June 2010, a Consumer Reports survey (State of the Net 2010) indicated that over 50 percent of adults who use social networking applications provide information that makes them a target for identity theft and other crimes. This same survey reported that a million households were victims of phishing attacks; they lost money or had their accounts misused. In August 2010, the additional security risks introduced by the use of social networking sites prompted EDUCAUSE & and the Internet2 Higher Education Information Security Council (HEISC) to create a list of suggested tips for safe and secure social networking on a Social Networking Security wiki page for educational institutions.
It's time to put on your brakes, park your mouse, and learn about computer security, privacy and online safety. Don't become a victim.
This article summarizes some of the current computer security, privacy and online safety issues and presents links to additional resources on and off the Queen's campus. As you read about these issues, keep in mind that the internet is largely unregulated. There are a few new (e.g., anti-spam legislation) and existing laws being re-written and expanded (e.g., criminal harassment via email) to cover criminal activity on the internet (e.g., theft, fraud, pornography, threats, etc.). However, the best filter for determining your risk of becoming a victim is the one between your ears. Use it wisely.
Social networking and privacy: One risk is privacy settings on social networking sites. Do you know what they are and have they been changed without your knowledge? In the past few years, Facebook administrators have changed privacy settings to allow less restricted access to all pages. Did you change your privacy settings back? Additionally, while you may only accept friends you know personally, the same may not be said of friends you accept. The pressure to have "a lot of friends" may inadvertently prompt your friends to accept requests from strangers, and without thinking, open your personal information up to them. Finally, while many people created Facebook accounts several years ago, just to see what the hype was all about, and have no intention of using Facebook again, their personal information is still there. Facebook does not remove dormant accounts; they count on "friend requests" to lure you back. It is important to delete any personally identifying information.
Social networking, application integration, and privacy: It may not be obvious to most people who put personally identifying information on social networking sites and who then use and post from location-based applications (Twitter places, TripIT, Foursquare, Gowalla, etc.) that they are increasing their risk of becoming a victim. One of the risks is best exemplified by the web site, PleaseRobMe.com, which made headlines earlier this year by aggregating tweets and "check-in" or location-based applications, such as Foursquare, to produce a list of "No one home" addresses. This site was created for the purpose of increasing awareness of security and privacy risks.
Location-based applications are very cool and convenient. They let your friends and family know where you are. They also let criminals looking for a target know that you are not at home, in real time. Using Google Maps, it is fairly easy to determine how long it will take you to get home from your favorite restaurant! A thief with a sense of humor might even send an anonymous tweet.
Interestingly enough, locational privacy is a controversial issue for many people when control of it is in the hands of authorities, e.g., video surveillance in public places, office buildings, etc. Yet most people do not realize that they are giving up their locational privacy to millions of strangers every day and some of those strangers do not have your best interests in mind. For example, when you post on twitter (or on your Facebook page) that you leaving tomorrow for 3 weeks in Europe, while your Facebook (or Myspace) page displays personally identifying information, you have just sent out an invitation to criminals. Don't make it easy. Becoming aware of and understand privacy settings on social networking sites is one way in which you can protect your privacy. In addition, understanding how the combination of applications you use can reduce your "locational privacy" is something to consider carefully.
Phishing attacks: Did you receive an email asking you to reply (or click on a link to fill out a form) with your Queen's University NetID or email address, login password and possibly with your date of birth? If so, delete it! The "From:" field may look like it is coming from ITServices or from an authority on campus - it's a fake!
No campus authority, including ITServices, will ever send you an email asking you for your NetID and login password!
To learn more about phishing attacks, and see an actual phishing email, read the article, About Email Asking You for Your Account NetID and Password, published in ITServices Spring 2010 Newsletter.
State of the Net2010. (2010, June). Consumer Reports Magazine. Retrieved August 22, 2010 from http://www.consumerreports.org/
Copyright Queen's University
Kingston, Ontario, Canada K7L 3N6 613.533.2000