Share Your Information with Care
It’s easy to find any information you need in today’s connected world. Have you ever Googled yourself? A search can often provide your address history, phone number, age, birthdate, employment information, public records, and social media accounts. Consider what can be done with Personally Identifiable Information (PII) from the perspective of a cyber-criminal looking to commit identity theft or other crimes.
Children, teens, and senior citizens are groups who may not realize how vulnerable they are to being a victim of cyber-crime. Senior citizens may be more trusting of the requests presented to them online. Children and teens are growing up with technology, and may be using it to communicate with each other with only a recreational level of understanding. They may not realize that once you post online, it rarely goes away.
In order to keep information safe or private, we need to take care in sharing it, and teach cyber hygiene to those who may not understand its importance. Here are examples of how we are asked to provide information, or how people share information that should be kept private:
Phishing Emails – Cyber criminals will offer false and unbelievable deals to get you to click on a link and provide them with your information. You may hear about a loan offer, or a notification that your order shipped and you need to log in by clicking their link to track it. Criminals seek your information in an effort to steal your identity and use it to open up fraudulent accounts in your name. Always shop with trusted vendors, and never follow an unsolicited link in an email asking you to log in to an account. Instead head to the website you normally use by typing it into your browser.
Fraudulent phone calls (Vishing) – Criminals may call saying they’re from Microsoft or another device/software company, telling you that your software has expired or your device is infected with malware. They may ask for money to renew a license, as a method to complete the fraudulent activity. Other criminals may pose as the IRS, pressuring you into paying taxes. Never offer payment information or personal information to someone calling you unsolicited. Always end the call and attempt to contact the organization through a publicly listed phone number that is legitimate, then see if you need to work with them on a problem.
Social Media Sites – These sites provide a relaxed atmosphere where you can chat with friends and family. The issue is that anything you post or share is likely a permanent submission that many others can access. Oversharing on social media may lead to you voluntarily giving up answers to account security questions, like the color of your car or the town where you were born. Posting about being on vacation sends a signal to criminals that your home may be unoccupied and a great target for a robbery! With all this information about you on social media, be sure to set your account privacy settings so only friends can view your content. Lastly, consider deleting old, unused social media accounts to cut down on your digital footprint.
Whenever communicating with people or posting online, avoid sharing too much. When receiving emails, mail or calls asking for sensitive information (birthdate, social security number, credit card, etc.), always contact them at the legitimate address or phone number you normally use for that organization. Do not share information if you do not initiate the communication!
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.