Privacy Policies
8/8/2013
Worried about scammers stealing your personal—and family—information online? Protect yourself with these five strategies for safer, savvier surfing.

 


In this article:

These days, you can't pick up the paper or watch the evening news without seeing reports of hackers stealing personal data. With Internet security threats becoming more prevalent—and ever graver—you might think it's easier for a scammer to get information about you than for you to track down Grandpa's military service record.

So how do you protect your privacy when you're surfing the Net and sharing family tree information? Here are five tips for keeping safe on the Web.

1. Avoid getting hooked "phishing."
Phishing is an attempt to get sensitive information such as your username, password and credit card numbers by posing as a trustworthy institution—your bank, eBay, PayPal, even the Internal Revenue Service. You'll usually receive phishing messages via e-mail or IM (instant messaging), and the message will direct you to a fraudulent Web site that, in most cases, looks exactly like the real site. Once on the fake site, you're directed to login and "verify" your credit card or bank information.

Phishers disguise these links to appear legitimate. For example, a link might read www.wellsfargo.com—but if you click on or hover your mouse over it, you'll see the actual destination is a string of Internet protocol (IP) numbers (such as 69.123.44.77) or a suspect URL (wellsfargo.someweirddomain.com).

So how do you avoid getting hooked? First, be aware that the secure URLs banks and legitimate vendors use begin with https://, rather than http:// (the s stands for secure). In addition, know that banks and other financial institutions will never ask you for any personal information via e-mail because e-mail isn't secure. If you receive an e-mail asking you for personal or account information, consider it highly suspicious.

Next, take advantage of free tools to help you identify phishing schemes. Many web browsers and antivirus software packages include antiphishing features. You can download a toolbar with an icon that lights up green when you're on a legitimate eBay or PayPal page. Earthlink's toolbar has a feature called ScamBlocker, which will alert you to sites operated by a phisher.

2. Keep your anti-virus software up to date.
These days you have to defend against not only viruses, but also Trojan horses—programs that set up malicious software while appearing to do something else, such as installing a screensaver or a new IM program. For example, a Trojan horse might inserting a keystroke logger on your system to spy on your computer usage and log your passwords and user names for sensitive sites.

Avoid this threat by regularly scanning your computer with anti-virus and anti-spyware programs. Two highly rated free anti-spyware options are Spybot Search & Destroy and Ad-Aware.

When you buy an anti-virus program, you typically get a year of updates—be sure to renew your subscription or buy a new program after that runs out, or you won't be protected from new threats. Use a personal firewall to keep hackers off your computer, too. We recommend getting a security suite (Symantec and McAfee offer various options) to guard against multiple threats at once.

3. Maintain two e-mail accounts.
If you have an e-mail account from your Internet service provider (such as yourname@cox.net), don't spread it around the Web: Use that account only in personal correspondence with trusted friends and family or for online financial transactions.

For all other online activities—including posting genealogy information, downloading software, and filling out online forms—sign up for a free Web-based e-mail service such as Hotmail, Yahoo! or Gmail. These "public" e-mail addresses generally attract the most spam, phishing and virus attacks. Although the free services have smart spam filters, they're easy for shysters to target.

That's where having separate accounts helps: If you're doing all your sensitive e-mailing through your Internet service provider account, you'll know for sure that any eBay or bank e-mails sent to your public account are fraudulent.

4. Learn how sites are using your personal information.
Rarely are the legal notices on Web sites read in full—most of us just glance at privacy policies or quickly check the "I agree to the terms of service" box to get on with what we're doing. But to stay safe, you should read the privacy policy on every Web site that asks you to register or provide sensitive information.

Most ethical sites link to a privacy policy from their home page. This policy should inform you what information (if any) the site collects, how the information will be used, and what security measures the site employs to protect information it stores about you.

For example, Genealogy.com's privacy policy informs users that their information may be given to Genealogy.com affiliated partners. The site also uses "cookies" to track your product purchases, remember your login information for easy access and automatically fill in forms for you.

What if you don't want your information logged via cookies, even though they pose a minimal security risk? Most Web browsers have a menu item that allows you to block cookies; however, that makes it tougher for you to access your online subscriptions and sign-ins—you have to log in manually every time.

5. Keep living relatives' information private.
When you pass along genealogy information in the form of a GEDCOM file or post family history information on your own Web site, keep in mind that virtually anyone can download or transcribe it. Once the data is out of your hands, you have no control over how others use your information.

That doesn't mean you should stop sharing data, just that you need to take proper precautions. When your create a GEDCOM for the web or generate HTML pages from your genealogy software, delete information about living people, including birth dates and contact information. Unfortunately, this does hamper legitimate genealogy research—but with financial scammers trying every method possible to part folks from their sensitive data, you're better safe than sorry. It's also a courtesy to relatives trying to limit where their names pop up online.

But because it's not hard to find information about living people online, don't use website security questions with easy answers, such as your mother's maiden name or your eldest sibling's birth year.

Even once you've employed these five strategies, you shouldn't let down your guard. As consumers get more savvy, hackers' tactics get more sophisticated. Whatever scammers are phishing for, don't bite.