Lloyd Borrett, Security Evangelist at AVG (AU/NZ), says: 'In the real world, we have a lifetime of experience to help us distinguish between who is trustworthy and who is not. This informed awareness is not yet at the forefront of our activities in the digital world. And it is leaving the door wide open for cyber criminals.'
Online forms: deciding who to trust
AVG (AU/NZ) advises you to check the following before you hit the Submit button for an online form containing your personal information:
- Make sure you know what company is operating the web site and whether it is legitimate.
- Look for signs that indicate the site has been reviewed by independent site verification organisations, such as VeriSign.
- Ensure the padlock symbol is visible in your browser status bar '” this means the site is secure and using encrypted (https) communication so nobody can intercept and misuse your data.
Recognising the trouble signs
AVG (AU/NZ) also highlights the following indicators of trouble and warns you should be very careful about providing any information to a site where:
- Your security software or web browser shows the page is dangerous.
- You accessed the web page through a link in an e-mail message from someone or some company you don't know '” this is spam and you should never be tempted to click through.
- You accessed the web page through a link from a company you know but which contains text that tries to scare you into providing important private information such as passwords - this is known as phishing; never give away passwords or other sensitive information.
- Your web browser warns you about certificate issues (e.g. not signed by a valid authority, a certificate meant for other URL address or expired). You should also always check that the URL in your browser status bar is correct for the company you believe you are visiting on the web. In particular, look out for these warning signs:
o The domain name is totally different from the company name or its area of activities.
o The domain name contains characters that can be easily mistaken for other characters (e.g. using a capital 'i' in place of a small 'L').
o The top-level domain name contains an unexpected country code '” for example, you believe you are visiting a site in Australia, but the domain is cn (China) instead of au for Australia.
Deciding what kind of information is safe to provide
Borrett says: 'By dividing your personal information into three levels of importance or privacy, it will be significantly easier for you to consider how to respond to requests for your details. Careful consideration will then become automatic: do you really want to give your data to this particular web site; and do they really need this kind of information?'
1. Top Secret
The Top Secret category covers all sensitive personal information that can easily be misused by a data snatcher or cyber criminal. If you provide this data, you must be completely sure that the web site is both secure and authorised.
Examples include: login names and passwords; credit/debit card numbers, expiration and 3-4 digit card verification codes; bank account numbers; passport number or other government identity information such as Medicare number or Centrelink details.
Information in this section is not as sensitive as the Top Secret data, and may already be in the public domain, but you should still be careful to whom you provide it, as it could readily be misused.
Examples include: e-mail and postal addresses; phone and fax numbers; personal photos; employer information; income and asset values; car licence plate/registration.
This category contains all information not attached to your name, so it can't be used to track you as an identifiable individual over the Internet.
Examples include: votes in Internet polls; opinions and blog comments; citizenship or nationality information; age, gender, job description.
Borrett concludes, 'It's far better to err on the side of caution and spend an extra minute or so considering the safety aspects of the web site than to just blindly trusting your personal information to what could be a criminal web site.'
### ENDS ###
About AVG (AU/NZ) Pty Ltd '” www.avg.com.au
Based in Melbourne, AVG (AU/NZ) Pty Ltd distributes the AVG range of anti-virus and Internet Security products in Australia, New Zealand and the South Pacific. AVG software solutions provide complete real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers '” documents, account details and passwords, music, photos and more '” all while allowing users to work, bank, shop and play games online in safety.
AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers always-on, always up-to-date protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions.
Talk to Us
Lloyd Borrett AVG (AU/NZ) 03 9581 0807
Shuna Boyd BoydPR 02 9418 8100
For more information: