Worried about scammers stealing your personal—and family—information online? Protect yourself with these five strategies for safer, savvier surfing.
In this article:
These days, you can't pick up the paper or watch the evening news without seeing reports of hackers stealing personal data. With Internet security threats becoming
more prevalent—and ever graver—you might think it's easier for a scammer to get information about you than for you to track down Grandpa's military service record.
So how do you protect your privacy when you're surfing the Net and sharing family tree information? Here are five tips for keeping safe on the Web.
1. Avoid getting hooked "phishing."
Phishing is an attempt to get sensitive information such as your username, password and credit card numbers by posing as a trustworthy institution—your bank,
eBay, PayPal, even the Internal Revenue Service. You'll usually receive phishing messages via e-mail or IM (instant messaging), and the message will direct you to a fraudulent
Web site that, in most cases, looks exactly like the real site. Once on the fake site, you're directed to login and "verify" your credit card or bank information.
Phishers disguise these links to appear legitimate. For example, a link might read www.wellsfargo.com—but if you click on or hover your mouse over it,
you'll see the actual destination is a string of Internet protocol (IP) numbers (such as 220.127.116.11) or a suspect URL (wellsfargo.someweirddomain.com).
So how do you avoid getting hooked? First, be aware that the secure URLs banks and legitimate vendors use begin with https://, rather than http:// (the s stands for secure).
In addition, know that banks and other financial institutions will never ask you for any personal information via e-mail because e-mail isn't secure. If you receive an e-mail asking
you for personal or account information, consider it highly suspicious.
Next, take advantage of free tools to help you identify phishing schemes. Many web browsers and antivirus software packages include antiphishing features. You can download a toolbar
with an icon that lights up green when you're on a legitimate eBay or PayPal page. Earthlink's toolbar has a feature
called ScamBlocker, which will alert you to sites operated by a phisher.
2. Keep your anti-virus software up to date.
These days you have to defend against not only viruses, but also Trojan horses—programs that set up malicious software while appearing to do something else, such as
installing a screensaver or a new IM program. For example, a Trojan horse might inserting a keystroke logger on your system to spy on your computer usage and log your
passwords and user names for sensitive sites.
Avoid this threat by regularly scanning your computer with anti-virus and anti-spyware programs. Two highly rated free anti-spyware options are
Spybot Search & Destroy and Ad-Aware.
When you buy an anti-virus program, you typically get a year of updates—be sure to renew your subscription or buy a new program after that runs out, or you won't
be protected from new threats. Use a personal firewall to keep hackers off your computer, too. We recommend getting a security suite (Symantec and McAfee offer various options) to
guard against multiple threats at once.
3. Maintain two e-mail accounts.
If you have an e-mail account from your Internet service provider (such as firstname.lastname@example.org), don't spread it around the Web: Use that account only in personal correspondence with trusted
friends and family or for online financial transactions.
For all other online activities—including posting genealogy information, downloading software, and filling out online forms—sign up for a free Web-based e-mail
service such as Hotmail, Yahoo! or Gmail.
These "public" e-mail addresses generally attract the most spam, phishing and virus attacks. Although the free services have smart spam filters, they're easy for shysters to target.
That's where having separate accounts helps: If you're doing all your sensitive e-mailing through your Internet service provider account, you'll know for sure that any eBay or
bank e-mails sent to your public account are fraudulent.
4. Learn how sites are using your personal information.
Rarely are the legal notices on Web sites read in full—most of us just glance at privacy policies or quickly check the "I agree to the terms of service" box to get on with what we're doing.
and what security measures the site employs to protect information it stores about you.
The site also uses "cookies" to track your product purchases, remember your login information for easy access and automatically fill in forms for you.
What if you don't want your information logged via cookies, even though they pose a minimal security risk? Most Web browsers have a menu item that allows you to block cookies; however,
that makes it tougher for you to access your online subscriptions and sign-ins—you have to log in manually every time.
5. Keep living relatives' information private.
When you pass along genealogy information in the form of a GEDCOM file or post family history information
on your own Web site, keep in mind that virtually anyone can download or transcribe it. Once the data is out of your hands, you have no control over how others use your information.
That doesn't mean you should stop sharing data, just that you need to take proper precautions. When your create a GEDCOM for the web or generate HTML pages from your genealogy software,
delete information about living people, including birth dates and contact information. Unfortunately, this does hamper legitimate genealogy research—but
with financial scammers trying every method possible to part folks from their sensitive data, you're better safe than sorry. It's also a courtesy to relatives trying to limit where their names pop up online.
But because it's not hard to find information about living people online, don't use website security questions with easy answers, such as your mother's maiden name or your eldest sibling's birth year.
Even once you've employed these five strategies, you shouldn't let down your guard. As consumers get more savvy, hackers' tactics get more sophisticated. Whatever scammers are phishing for, don't bite.