Identity Theft and Internet Security

Links for resources, services, and feedback:

Includes Information & Library Services related links

How to keep your information secure at the office, and on the internet, as well as protecting your email account and personal computer.

Protecting your information:
At the office:
  • Never give your Bates password to anyone. It can be used to look at confidential information beyond email.
  • Log out or reboot your computer if you leave it on over night.
  • Log out of email after you are done or even better, reboot the computer especially if it is a shared computer.
  • Lock your computer if you are stepping away from your desk for any long period of time. [windows = press control/alt/delete simultaneously, macintosh, please consult locking macintosh help sheet.
  • Use a paper shredder to destroy sensitive paper communications.
Passwords:
  • Should be 6 or more characters long. A mix of letters and numbers at the very least. Preferrably including a special character like !@#$%^& if the system in question will accept them.
  • Not easily figured out like birthdays, pet’s or children’s names, phone numbers, social security numbers or license plates.
  • Don't use the same password for every internet site you visit... if it is compromised, you've lost security everywhere.
  • Don't use your current Bates password on systems outside of Bates. Feel free to recycle an old one that was wickedly difficult to type, but that you still remember.
  • Memorize all of your passwords. Don't keep a copy in your purse or wallet. Please don’t tape your password to your monitor, or to the bottom of your keyboard, or keep it in the top drawer of your desk.
  • DO change your Bates related passwords to match your current Bates password.
    (Dreamweaver, Meeting Maker, Netscape Mail, Sophos Updater)
General tips:
  • Don't carry your Social Security card in your wallet or purse.
  • Buy a cheap paper shredder and destroy sensitive documents that you would otherwise just throw away.
  • Be very careful of Social Engineering. Unless you make the initial contact, do not give out any personal information especially credit card numbers, Social Security numbers or passwords over the phone.
  • If you feel you need to give someone your information (Social security number, mother’s maiden name, PIN, password) then call the organization at a number that you looked up or that is in the statement that they mail to you.
  • Request from the major businesses that you work with that they do not share your name and address with their business partners.
  • If you own a non-Bates laptop, password protect it and record all Serial Number information in case of theft.
  • When throwing away or donating an old computer, make sure the hard drive is erased and all sensitive material is deleted
Protecting your email:
Disposable e-mail account:
  • Set up an e-mail account with a free e-mail service like hotmail or gmail.
  • If you do any internet shopping, use this e-mail address for sending information.
  • If there are non-Bates related web forms, use this address as well.
  • If this address becomes the target of SPAM, then abandon it for a new one.
Fake sender:
  • Mail may not come from the stated sender. Email addresses can be spoofed, appearing to be from someone that you know.
  • Be especially careful if it has an attachment. Never give your personal information even if it seems to come from a legitimate source.
SPAM: don't answer:
  • If no one answered SPAM mail, it would eventually stop. Many SPAM offers are fraudulent and millions of dollars are stolen each year.
  • Never click on the unsubscribe button in a SPAM mail. This only show the spammer that it is a live address and you get put on more lists.
SPAM marking:
  • Bates automatically marks e-mail the system believes to be SPAM with [PMX:#####]
    (the more # symbols, the more sure the system is that it is SPAM)
  • Many e-mail browsers can be taught to recognize SPAM and either mark it for further review or filter it automatically to the trash.
SPAM filtering:
  • Create a folder and have all messages marked with [PMX:### moved to that folder for later review or deletion.
  • If a certain email address constantly sends you SPAM, you can filter all mail coming from that address.
  • e-mail filtering instructions
Attachments:
  • Verify who the email is from. Make sure you know who the email and attachment is from.
  • Look at the name of the attachment and make sure it looks like a valid file name.
  • If the file ends in a .exe, .vb, .vbs, and .zip be VERY careful about opening the attachment.
  • If you're not sure, contact the person and verify with them that they sent you an attachment that you are meant to look at.
Protecting your computer:
Administrative password:
  • Put a secure administrative password on own computer (Some viruses are now set to guess passwords and login to your computer. They guess admin, passwd, Rover, Fluffy, manager, iloveyou…)
Firewall:
  • Windows XP has a firewall that can be turned on to keep others from using your computer when it is on the Net.
  • You might also consider a hardware firewall.
Spyware: Viruses:
  • The importance of installing anti-virus software and keeping it up-to-date cannot be stressed enough. Bates provides free virus protection software:
    [SOPHOS for Windows][SOPHOS for Mac OS X]
  • Virus software companies send out updates constantly. Have your virus checking software set to automatically update the virus definitions.
  • Your virus checking program will not work properly if the configuration is not set correctly. Have it set to check all files, check zip files, to warn you and quarantine corrupted files.
  • Viruses don't just travel via email anymore. There are security updates for your computer that can help, but viruses can still find their way onto your computer.
  • New computers often come with a trial version of virus protection but you often have to purchase a subscription to keep the virus definitions up-to-date.
Security Updates: Protecting yourself on the Internet: Cookies:
  • Cookies are little pieces of information that web sites store on your computer.
Common scams:
  • "phishing" Banks and major e-commerce sites will never ask you for credit card or account information. Even if the communication or web address looks valid. If you are unsure, contact the company first before responding.
  • If it sounds too good to be true, it probably is.
  • Pop-up messages. Use a browser that blocks unknown Pop-Up's like Firefox or if you use Internet Explorer, install and use the pop-up blocker in the Google Toolbar.

    Firefox: http://www.mozilla.com/en-US/firefox/

    Google Toolbar: http://toolbar.google.com/googlebar.html

Double-check the URL:
  • Some phishers use foreign character sets to create URLs close enough to fool users into thinking they're on the real site.
  • Make sure the site you're logging on to is really www.paypal.com and not www.paypäl.com.
Instant Messages:
  • IM is not secure. Don't type anything in an IM you wouldn't want posted on a bulletin board next to the highway.
  • Messages are saved on the host servers for a period of time, and may be accessed by others.
Online shopping:
  • Use a major credit card, not a bank card to buy things online. A credit card is more vigilant about fraudulent purchases than a bank card.
  • Consider opening a PayPal account if you want to use Ebay or shop at questionable websites, to protect your banking information.
  • Review bank statements and verify if there are any questionable transactions. If there are, contact your credit card company and bank as soon as possible.
  • Try and keep to major, well regarded web sites.
  • Make sure that you use secure transactions when entering personal information and credit card information.
    the url will start with https:// rather than http:// if the site is secure
  • Read all information carefully before pressing the submit button. Sometimes a check box can offer to opt you OUT of receiving sales or marketing email.
  • Look for the privacy policy. Some companies will sell their contact lists to everyone and actually state their in their Privacy Policy. Look at the small print.
Web viruses:
  • One way of spreading Internet viruses other than email is to have a user click on a button on a webpage that will download the virus code to the user's computer and automatically run the virus code, infecting the computer. These buttons are also put inside email messages. Sometimes the button is labelled "Unsubscribe me from this mailing list" or "To unsubscribe from this list, click here". DON'T click the button.
  • Even if this is not a virus trap, many mailing list companies take any response to their message as proof that they have reached a "live" email address. This may mean that you get put on more mailing lists and get more SPAM messages.
Online Resources:
Identity Theft: