Worried about scammers stealing your personal — and family — information online? Protect yourself with these five strategies for safer, savvier surfing.
These days, you can't pick up the paper or watch the evening news without seeing reports of hackers stealing personal data. With Internet security threats becoming more prevalent — and ever graver — you might think it's easier for a scammer to get information about you than for you to track down Grandpa's military service record.
So how do you protect your privacy when you're surfing the Net and sharing family tree information? Here are our top five tips for keeping safe on the Web.
1. Avoid phishing scams.
For the latest on Internet threats, we tapped the experts at security software firm Symantec. Mark Kanok, senior product manager for the company's Norton 360 <www.symantec.com/norton360>, says phishing (say “fishing”) has become the most serious problem in the past 18 to 24 months.
Phishers attempt to get information such as your user name, password and credit card numbers by posing as a trustworthy institution — your bank, eBay, PayPal, even the Internal Revenue Service. You'll usually receive phishing messages via e-mail or IM (instant messaging), and the message will direct you to a fraudulent Web site that, in most cases, looks exactly like the real site. Once on the fake site, you're directed to login and “verify” your credit card or bank information.
Phishers will disguise these links to appear legitimate. For example, a link might read www.wellsfargo.com — but if you click on or hover your mouse over it, you'll see the actual destination is a string of Internet protocol numbers (such as 18.104.22.168) or a suspect URL (wellsfargo.someweirddomain.com).
How do you avoid getting hooked? First, be aware that the secure URLs banks and legitimate vendors use begin with https://, rather than http:// (the s stands for secure). In addition, know that banks and other financial institutions will never ask you for your Social Security number or account information via e-mail because e-mail isn't secure. If you get an e-mail asking you for such details, consider it highly suspicious.
Next, take advantage of free tools to help you identify phishing schemes. You can download a toolbar with an icon that lights up green when you're on a legitimate eBay or PayPal page <pages.ebay.com/toolbar/accountguard_1.html>. Earthlink's toolbar <www.earthlink.net/software/free/toolbar> has a feature called ScamBlocker, which will alert you to sites operated by phishers. Or get Spoof-Stick <www.spoofstick.com>, a plug-in for Internet Explorer and Firefox broswers that helps you detect fake sites.
2. Keep your anti-virus software up to date.
A few years ago, you mainly had to worry about viruses designed to crash your computer system. Now, you still face thousands of viruses, but also could be unwittingly downloading their evil cousins: Trojan horses. These programs set up malicious software while appearing to do something else, such as installing a screen saver or a new IM program.
What might a Trojan horse do? One possibility is putting a keystroke logger on your system. By capturing all of your keystrokes, this application can be used to spy on your computer usage and record your passwords and user names.
Avoid this threat by regularly scanning your computer with anti-virus and anti-spyware programs. Two highly rated free anti-spyware options are Spybot Search & Destroy <www.safer-networking.org> and Ad-Aware 2007 <www.lavasoftusa.com>.
When you buy an anti-virus program, you typically get a year of updates — be sure to renew your subscription or buy a new program after that runs out, or you won't be protected from new viruses. Use a personal firewall to keep hackers off your computer, too. We recommend getting a security suite (Symantec and McAfee <www.mcafee.com> offer various options) to guard against multiple threats at once.
3. Maintain two e-mail accounts.
If you have an e-mail account from your Internet service provider (such as email@example.com), don't spread it around the Web: Use that account only in personal correspondence with trusted friends and family or for online financial transactions.
For all other online activities — including posting genealogy information, downloading software, and filling out online forms — sign up for a free Web-based e-mail service such as Hotmail <hotmail.com>, Yahoo! <yahoo.com> or Gmail<mail.google.com>. These “public” e-mail addresses attract the most spam, phishing and virus attacks. Although the free services have smart spam filters, they're easy for shysters to target.
That's where having separate accounts helps: If you're doing all your sensitive e-mailing through your Internet service provider account, you'll know for sure that any eBay or bank e-mails sent to your public account are fraudulent.
4. Learn how Web sites use your personal information.
What if you don't want your information logged via cookies, even though the security risk is minimal? Most Web browsers have a menu item that allows you to block cookies; however, that makes it tougher for you to access your online subscriptions and sign-ins — you have to do it manually every time.
5. Share family data safely.
When you pass along genealogy information in the form of a GEDCOM file or post family history information on your own Web site, keep in mind that virtually anyone can download or transcribe it. Once the data is out of your hands, you have no control over where others submit your information — be it a legitimate genealogy database or a scammer looking for your mother's maiden name.
That doesn't mean you should stop sharing data, just that you need to take proper precautions. When your create a GEDCOM for the Web or generate HTML pages from your genealogy software, delete information about all living people, including birth dates, addresses, contact information and maiden names. Unfortunately, this does hamper legitimate genealogy research — but with financial scammers trying every method possible to part you from your sensitive data, you're better safe than sorry.
Further, take care when you post photographs online. If you don't want others to download your ancestral photos, don't put them on the Internet. It's easy to find photos even on low-traffic Web sites using image searchers at Google <images.google.com> and other search engines. So use good judgment in posting family photos on the Web — we strongly suggest you don't put photos of children on a public Internet site.
Once you've employed these five strategies, you shouldn't let down your guard. As consumers get more savvy, hackers' tactics get more sophisticated. Whatever scammers are phishing for, don't bite.
All the hype over online fraud is enough to make you swear off the Internet entirely. Not so fast — we urge you to be safe, but remember two key facts:
• Americans reported more than 10 million cases of identity theft in the past 12 months. But only 31 percent — less than a third — of those occurred through the Web. The majority of cases are still the result of stolen wallets, hijacked paper mail and other low-tech means.
• GEDCOM databases aren't top targets for scammers, nor are they likely to become a priority. That's because the personal information they contain is of limited value. Crooks are more interested in Web sites loaded with financial data and Social Security numbers; they can easily get maiden names elsewhere.
From the November 2007 issue of Family Tree Magazine.