Protecting Your Privacy

This web page provides tips for mitigating technology-related risks while getting the most out of your computing environment. It addressesprotecting your privacyand some of the privacy and identity threats that exist.

Be Aware of Phishing Scams

Be aware of phishing attempts and be diligent with regards to identifying an attempt.

If you receive any suspicious email messages, please forward these to abuse@iup.edu.

Providing Personal Information Online

Many websites today offer features and services customized to your preferences based on personal information that you supply. For example, some shopping sites save you time by retaining your shipping and billing information, some news sites offer you the headlines you're most likely to be interested in, and some sites even collect Social Security numbers or driver's license numbers for various reasons.

However, not all sites can be trusted to use your personally identifiable information the way you want or expect. If you are not careful, you may find yourself the victim of identity theft.

Recognize Identity Theft Threats

Several types of attacks are used to steal information and other assets on the web. The most common ones include phishing, spoofing, and spam.

If you receive any suspicious email messages, please forward these to abuse@iup.edu.

Phishing

The act of a malicious user or website that deceives people into revealing personal information, such as account passwords and credit card numbers. A phisher typically uses deceptive email messages or online advertisements as bait to lure unsuspecting users to fraudulent websites, where the users are then tricked into providing personal information.

Spoofing

Spoofing attacks are commonly used in conjunction with phishing. The spoofed site is usually designed to look like the legitimate site, often using components like company logos from the legitimate site.

Spam

Unsolicited email that could be used to spread email messages as part of a larger phishing scam.

Protect Yourself and Personal Information

Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the internet. Emails and internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information.

  • If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and websites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.

  • Never provide your password over the phone or in response to an unsolicited internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.

  • Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.

  • Devote one credit card to online purchases. To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online. Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.

  • Avoid using debit cards for online purchases. Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.

  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

  • Do business with credible companies. Before supplying any information online, consider the answers to the following questions: Do you trust the business? Is it an established organization with a credible reputation? Does the information on the site suggest that there is a concern for the privacy of user information? Is there legitimate contact information provided?

More Information on Protecting Your Privacy and Identity Theft