Protecting Yourself Online - What Everyone Needs to Know SECOND EDITION
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Introduction Many of us have openly welcomed the To help keep all Australians safe and secure online, the Australian Government offers a range of information from internet into our lives. a number of different sources, including the ISBN: 978-1-921725-68-5 © Commonwealth of Australia 2011 For most of us the internet is part of • Attorney-General’s Department All material presented in this publication is provided under a Creative Commons Attribution our daily routine for keeping in touch • Department of Broadband, Communications and the 3.0 Australia (http://creativecommons.org/licenses/by/3.0/au/deed.en) licence. with friends and family, working, Digital Economy For the avoidance of doubt, this means this licence only applies to material as set out in this document. studying, playing games, shopping • Australian Communications and Media Authority The details of the relevant licence conditions are available on the Creative Commons and paying bills. website (accessible using the links provided) as is the full legal code for the CC BY 3.0 AU • Australian Competition and Consumer Commission licence (http://creativecommons.org/licenses/by/3.0/legalcode). While the internet offers us many Use of the Coat of Arms • Australian Federal Police, and The terms under which the Coat of Arms can be used are detailed on the It’s an Honour benefits, there are also a range of • Office of the Australian Information Commissioner. (http://www.itsanhonour.gov.au/coat-arms/index.cfm) website. safety and security risks associated Contact us with its use. This publication brings a lot of this information together in Inquiries regarding the licence and any use of this document are welcome at: one handy booklet, to help you stay safe and secure when Business Law Branch Attorney-General’s Department These include threats to the integrity using the internet – whether dealing with scams, spam, 3-5 National Circuit of our identities, our privacy and banking or bullying. BARTON ACT 2600 Telephone: (02) 6141 6666 the security of our electronic copyright@ag.gov.au communications, in particular Disclaimer financial transactions, as well as The information in this publication is solely intended to provide a general understanding of the subject matter and to help people assess whether they need more detailed information. exposure to offensive and illegal The material presented in this publication is not and must not be regarded as legal advice. content and behaviour. Users should seek their own legal advice where appropriate. While everything practicable has been done to ensure the information in this book is accurate, no liability is accepted for any loss or damage whatsoever that can be attributed to reliance on any of that information.
Contents Reduce your risk • some sections of this booklet also provide A summary 2 How to be safe online 22 additional information, for those who wish to take Eight simple tips to help protect yourself online 2 Social networking safely 22 Being aware of what risks you face online will help you further precautions. make informed choices about how you use the internet. Deal with offensive content 24 How to secure your computer 4 Mobile computing is now a dominant trend. While the Protect your children online 25 There are no absolute guarantees that you can protect all term ‘computer’ is used throughout this document it’s Install security software 4 of your information online – but by following the advice Deal with online child grooming 27 important to remember that your phone, tablet computer, Turn on automatic updates 5 in this booklet you can significantly reduce your risk of game console and even refrigerator may be able to Checklist of basic steps 29 Use standard user accounts 5 becoming a victim of cyber crime. connect to the internet. The processing power in these Set and protect your passwords 5 Where to go for more information 30 devices and the amount of personal information they A bit unsure? Avoid running out of date software 7 hold is equivalent to a small computer so only thinking Use smart settings for your web browser 7 Where to go to report online incidents 31 Taking the necessary steps to protect yourself online about security for ‘computers’ misses the reality of the can be a bit daunting – especially to those less familiar modern world. Control your internet connection 7 Glossary of some online terms 32 with technology or the internet. However, there are Securing your wireless network 8 Read on to find out what you need to know to help protect simple steps you can take to protect yourself and your Checklist of basic steps to secure your computer yourself and your family online. family online. or other internet enabled devices 9 You can also refer to the glossary at the end of this By taking the time to understand online risks and how to How to be smart online 10 booklet to help you understand some online terms, minimise them, you can gain greater confidence in how to including those marked throughout this booklet. Prevent viruses and other malware 10 be safe and secure when using the internet. Reduce spam 11 This booklet provides a range of information to help Secure your money online 12 protect you online Avoid scams and fraud 15 • 8 simple tips that you should always follow Be aware of phishing 17 Know how to spot money transfer scams and • further information on various online issues, including advance fee fraud 17 basic steps that you are strongly encouraged to take Protect your identity and privacy 18 Checklist of basic steps to be smart online 21 PAGE iv PAGE 1
A summary There are a lot of steps you can take to protect yourself Whether you are new to using the internet or a regular What these steps show is that protecting yourself online online – and it can seem a bit complicated, especially if user – there are 8 simple tips that you need to follow to is about more than just how you set up and use your you are new to using the internet. help protect yourself online: computer, mobile phone or any internet enabled device. It’s also about being smart in what you do and the choices This booklet provides a range of information to cater for you make while using the internet. you – no matter whether you have had a little or a lot of experience online. There are criminals who use the anonymity of the internet to run old and new scams. While many of these are scams that most people would spot a mile away if they 1 Install and renew your security software and set it to scan regularly. were attempted in the ‘real’ world, online scams are very sophisticated and often harder to detect. 2 Turn on automatic updates on all your software, including your operating system and other applications. So it’s important to remember that while the technology may be new, the old wisdom still applies. If something you Think carefully before you click on links and attachments, particularly in emails and on social 3 networking sites. see online or which is sent to you seems suspicious or too good to be true, it probably is. 4 Regularly adjust your privacy settings on social networking sites. Further information about online issues and the steps you can take to be safe online are provided in the Report or talk to someone about anything online that makes you uncomfortable or threatened – following chapters. 5 download the Government’s Cybersafety Help Button. This booklet is available online at www.ag.gov.au/cybersecurity and Stop and think before you post any photos or financial or personal information about yourself, 6 your friends or family. www.staysmartonline.gov.au. You can request hard copies of this publication from 7 Use strong passwords and change them at least twice a year. cybersecurity@ag.gov.au. 8 Talk within your family about good online safety. PAGE 2 PAGE 3
How to secure your computer Turn on automatic updates Use a standard user account Reputable software companies often issue free updates to Your computer has two types of user account options, a their software to fix security and other problems. These standard or administrative account. Creating and using a fixes are called patches, and they should generally be standard user account for most daily tasks, such as surfing applied as soon as they’re available. Security fixes are also the web and reading emails, will reduce the amount and included in general updates, even if they don’t mention it. type of malware that is able to infect your computer. The average time it takes to attack an unprotected Here are some basic steps you can take to secure computer connected to the internet is measured your computer Most software will have an option called ‘check Many forms of serious malware require a user to be in minutes.1 for updates’ under the help drop-down menu. You running an administrator account in order to successfully • install reputable security software that protects your should check this regularly. A lot of operating system infect your computer. Going online with a standard user So it’s important to protect your computer properly. computer from viruses, malware and spyware, and and application software can now be set to update account greatly reduces the effectiveness of many types Otherwise you may be putting yourself and possibly includes a firewall automatically – you should enable this option wherever of malware. your family and friends at risk. • have your security software set to update it is available. The Stay Smart Online website has factsheets on Make sure your computer is protected from harmful automatically What is a drop down menu? how to set up standard user accounts. emails and viruses, and from unauthorised people • renew your security software when the subscription Visit http://www.staysmartonline.gov.au/factsheets accessing your internet connection and personal is due. to find out more. information. Also, beware of scareware – these are pop-up messages Set and protect your passwords Install security software or unsolicited emails that tell you that your computer is compromised and want you to purchase software to repair Passwords aren’t absolutely unbreakable, but they can To help secure your computer you need reputable security it. These messages aim to trick users into believing your help prevent criminals from accessing your computer. software. The easiest software to install is an all-in-one computer is already infected, and that purchasing the package that includes virus and malware protection, Here are some basic steps you can take to set and protect software will help get rid of it. Checking your security spyware protection, a firewall – and parental controls your password settings and making sure your pop-up blocker is on may if you have children. If you’re not sure what software is help avoid this. There have also been instances where • choose a ‘strong’ password reputable ask at your local computer store or look for IT users have received a phone call purporting to be from a magazine or online surveys of security software. –– a minimum of eight characters security company advising them that their computer is at risk. Quite often the message and the software are fake. –– a mix of upper and lower case letters –– at least one number, and –– at least one symbol • avoid using words found in the dictionary – try a 1 According the US Computer Emergency Response Team passphrase instead www.us-cert.gov/reading_room/before_you_plug_in.html#I PAGE 4 PAGE 5
Avoid running out of date software • have different passwords for different activities and Discontinued products that are no longer for sale or Here are some basic steps you can take when setting up change them regularly, particularly those for sensitive The challenge today – passwords and are out of date are more likely to make your computer your web browser transactions such as banking, social networking and remembering them! insecure. This can include the software that runs your • set up your own security settings on your web browser your computer logon computer and other computer programs. Ensuring that your passwords are secure is • if in doubt – set the security levels to high. But know • don’t store a list of your passwords on your computer Use smart settings for your web browser that this may restrict your ability to view and use some in a word document – this makes it easy for anyone important. If your password is captured, guessed or stolen, someone could impersonate you online, websites or the functions on them who gets into your computer to access your social A web browser is the software you use to view websites. networking, banking and other accounts steal money from your bank account, send emails • use the latest version – so update your web browser as in your name or change files on your computer – Do not use the ‘remember’ function for passwords that new versions become available. • Select ‘no’ when your computer offers to automatically to name just a few of the possible outcomes. give access to financial or personal information like your remember a password when logging into a website, banking or social networking accounts. This ensures that especially banking, social networking and web mail Passwords do not have to be a single word, if your web browser gets attacked, you don’t lose all of Control your internet connection accounts. This is because scammers can use malware base your password on a phrase or sentence - a your sensitive passwords. More and more Australians are connecting to the internet to find these stored within the PC. passphrase. Think of a phrase then change some using a broadband connection, whether it is ADSL, of the characters to make it a strong password: Most computers come with a web browser already wireless or cable. If it helps to write your passwords down, do so – but installed. However, there is no guarantee that the web hide them somewhere safe, away from prying eyes and I wish I could eat 12 meat pies a day becomes browser has been set up with the right security settings In addition to desktop computers and laptops, many not together with your computer logon. An even better iWice12!mp@d for your needs. Hackers know how to exploit web browser mobile devices, such as smart phones, can be used idea is to use a passphrase. settings, so it’s important to select the right settings to to access the internet. It’s just as important to enable I love my cat becomes i
• If you have an ADSL or wireless modem then you • be careful about how you allow your phone to • change the Service Set Identifier (SSID), the name that should always change the default password. broadcast your location – such as GPS applications. identifies the wireless network. Don’t use a name that Checklist of basic steps to secure Do you really want a thief to know where you live and makes your network easy for others to identify, such For more information check the instructions in the your computer or other internet when your house is empty? as your family’s name or business name manufacturer’s handbook or ask your Internet Service enabled device Provider (ISP) for advice. • tampering with your phone’s software or operating • make sure your network encryption is turned on install and maintain security software system (sometimes known as jailbreaking) may leave and, just like your software, use the latest encryption Some additional steps you can take to control your it exposed to additional security vulnerabilities available on the device. turn on automatic updates for software internet connection are If you are unsure of how to do this follow the instructions • set up separate accounts – only access the internet by Secure your wireless network use a standard user account in the manufacturer’s handbook or seek advice from using an account with limited access, rather than by an set and protect your passwords, use a Wireless networks are a great way to make the internet your ISP. administrator account. different password for different accounts more accessible and to share information between Here are some basic steps you can take to secure your devices online. set up your own security settings on your web smart phone and its internet connection browser But an unsecured network is just like an unprotected • use a PIN or password, so no one can access your computer – it leaves your personal and financial control your internet connection private data if your phone is lost or stolen information vulnerable. Securing your wireless connection can prevent unknown people from accessing your wireless secure your wireless network. • like your computer, set automatic updates or check connection for excessive downloads or illegal activities. regularly for downloads to your phone’s operating system and applications If you run a wireless network at home or in your business Still unsure about how to stay secure online? Visit page 30 there are a few steps you need to take to make it secure. to find out where to go for more information. • only download applications from official stores or from a trusted source, such as your own bank Here are some basic steps you can take to control your wireless network • take control of your smart phone - turn off your Wi-Fi and Bluetooth when not in use or change your settings • assign a password so that any device that is attached so that your phone asks for permission to join a new to the network must know the password to connect. wireless networks. Don’t just use the default passwords as these are widely known and make sure you use a strong • only connect your phone to a secure (encrypted) password wireless network and while it’s alright for general browsing don’t use public wireless networks for important online transactions such as banking PAGE 8 PAGE 9
How to be smart online If you suspect that your computer has been hacked The Internet Industry Association in conjunction or infected by a virus with the Australian Government has developed a voluntary code of practice for ISPs. The icode • scan your entire computer with fully updated is designed to provide a consistent approach for The steps outlined in the previous section are an Here are some basic steps to prevent malware anti-virus and anti-spyware software Australian ISPs to help inform, educate and protect important start in protecting yourself online. However, • scan email attachments with security software before • report unauthorised access to your ISP their customers in relation to cyber security risks. simply setting up and maintaining your computer correctly opening them is not enough to fully protect yourself and your family and • if you suspect that any of your passwords have Make sure you use an ISP that is compliant friends. • don’t open emails or attachments if you’re not been compromised, call the relevant service with the icode, look for the Trustmark expecting them or you don’t know the sender provider (e.g. ISP or bank) immediately below on their website. You also need to be smart about what you do and the choices you make online. This means being aware of • think carefully before you click on links and • if you need assistance in removing potential risks while transacting online, particularly where attachments in emails and on social networking sites malware from an infected computer, money is involved. It’s important to show commonsense Reduce spam visit www.staysmartonline.gov.au to find and not be tricked into doing things online that you • only download files from websites you trust resources and services that can help you. Electronic junk mail is commonly known as spam. wouldn’t feel comfortable doing in the ‘real’ world. • double check that the URL or website address is These are electronic messages you haven’t asked for • you can also find more security related correct, as the link may redirect you towards a fake that are sent to your email account, mobile phone number, Prevent viruses and other malware information and assistance on the icode or instant messaging account. address, which may look similar to the legitimate site website www.icode.net.au. Malicious software or malware is a generic term for • be wary when exchanging files over peer to peer The content of spam messages varies. Some messages software that is designed to specifically damage, disrupt networks promote legitimate products or services, while others or take control of systems. The Cyber Security Alert Service is a free will attempt to trick you into following a link to a scam • read the licence agreement and terms of use before Types of malware include things such as viruses, trojans, subscription based service that provides website where you will be asked to enter your bank you download software and don’t download it if you worms or spyware. information on the latest computer network account or credit card details. Many spam messages don’t trust the terms and conditions threats and vulnerabilities in easy to understand contain offensive or fraudulent material, and some Your computer can be infected by malware through spread computer viruses. • never click on an ‘Agree’, ‘OK’ or ‘No’ button to close a language. email messages, visiting compromised websites, and window on a website you don’t trust. This can launch downloading infected files. It also provides solutions to help manage these risks. Spam now makes up the majority of email traffic. spyware onto your computer. Instead, click the red ‘X’ Billions of unwanted spam messages clog up the in the corner of the window You can sign up for the free Cyber Security internet, disrupt email delivery, reduce productivity Alert Service at www.staysmartonline.gov.au/ and irritate users. alert-service PAGE 10 PAGE 11
If you have doubts, it’s safer not to proceed Here are some basic steps to reduce spam • be very careful about using your personal email Be smart about online payments address on any websites • speak to your ISP about spam filtering Do what you can to satisfy yourself that any online • protect your private email account by creating payment you make is secure. Companies that offer secure • if you don’t know who sent you an email, delete it separate email accounts for use when conducting payments will tell you so before you start to provide your Be aware while shopping online • if the message appears to be genuine, but unsolicited online transactions or social networking credit card details. Online shopping is convenient and reasonably safe – in nature, reply with ‘STOP’ (for SMS) or use the • change your email account password regularly Although there are a number of things you can look as long as you take precautions. unsubscribe facility (for email). On the other hand, if for on a secure web page, the unfortunate fact is that a message appears to be from a questionable source, • consider changing your email address if it’s discovered When you are shopping online, be wary if scammers may be able to reproduce symbols to give you avoid replying as it may alert the scammer that you by spammers the impression that a fake website is secure. have an active email address or phone number • the website looks suspicious or unprofessional • update your email program as new versions If you have doubts, it’s safer not to proceed. • don’t reply to or forward chain letters that you receive often have built-in security and the latest spam • the website is offering bargains that look too good to by email identification options. Here are some basic steps to ensure your online be true, or payments are as safe as possible • think carefully before you click on links and • you think you won’t get what you pay for. attachments in emails and on social networking sites There are laws against spam in Australia. If you • check you are on a secure page – the URL or web Here are some basic steps to make sure your online have been spammed you can report it or lodge a address will begin with https (instead of just http) and • don’t give your email address away unless you are shopping is as safe as possible. complaint with the ACMA – refer to a key or padlock icon will appear somewhere on your confident the recipient is a trusted party www.spam.acma.gov.au or phone 1300 855 180. browser. But remember, this will only guarantee a Before making the purchase • add the spam address to ‘junk senders’. Most email secure payment process – it does not guarantee the Spam SMS can be forwarded to 0429 999 888. • know who you are dealing with – check that contact programs have the ability to add them to a ‘junk senders’ identity of the website operator. details are correct list which blocks them next time they try to email you • double check that the URL or website address is • report email or SMS spam to the Australian Secure your money online • know what you are buying – read the description of the correct – and not just similar to the legitimate website product carefully – check the size, colour, value and Communications and Media Authority (ACMA) at There are criminals who will try to find holes in your • some web browsers also colour code the address safety of the product www.spam.acma.gov.au or forward spam security measures and internet habits when you’re doing SMS messages to 0429 999 888 bar to identify these websites with advanced security online transactions – including paying bills, shopping • read all the fine print including refund and complaints certification features. Here are some additional steps to reduce spam and banking. They will try to trick you into revealing your handling policies personal details and account details so they can steal your • if the source seems genuine, and the message • check the currency, postage and handling, and other information, money and property. appears to promote a legitimate Australian business, charges – there may be extra charges you aren’t contact the business and ask them to take you off their So make sure your computer is protected from online aware of mailing list. security threats and that you have smart online habits. PAGE 12 PAGE 13
Jessica’s pedigree pup was • check the final cost before paying, including any too good to be true Bank online securely currency conversions and additional shipping costs. Online banking is convenient and reasonably safe – Making the payment “I was thinking about buying a dog and was as long as you take reasonable precautions. looking through an online classifieds website. • only pay by a secure web page and use a secure Here are some basic steps to ensure your online banking payment method. Where possible, avoid upfront I fell in love with the photo of little Buster instantly. is as secure as possible payment of any kind or money transfers and direct He was a 2 year old golden cocker spaniel with • never use a link to your financial institution that has debit, as these can be open to misuse and it is rare to adorable ears. He also had an impressive pedigree. been sent to you by email or that is on a website. recover money sent this way Best of all he wasn’t even very expensive as his If these were from fake emails these may lead to family was moving overseas and they wanted to • when shopping through official classified websites, fake websites make sure he went to a good home. or online auction sites, ensure you complete the • Once you have arrived at a website, double check transaction through the website’s payment system. I contacted the seller immediately and after a that the web address is correct – scammers can use If you transact outside these systems you lose any lengthy email exchange, they decided that I was a malware to make your computer redirect you to a protection that the site offers good fit to take care of Buster. scam copy of a legitimate website Avoid scams and fraud • never send your bank or credit card details by email – I made a money transfer of $375 to pay for • always log out from your internet banking session and Scams are dishonest tricks designed to fool you into giving only by a secure web page Buster to be transported to me and went on a pet close your internet browser when you have finished someone your money, passwords, personal details or shopping spree so that Buster had everything he • always print and keep a copy of the transaction other valuables. needed when he arrived. • if any windows pop up unexpectedly during an internet • if you think you have provided your account details banking session, be suspicious, especially if they direct Scammers love the anonymous nature of the internet. I went to the airport to pick him up but they said to a scammer, contact your bank or financial you to another website which asks for your account If you are shopping, banking, socialising or playing games they had no record of Buster in their systems. I institution immediately. information or password. If this happens, do not enter online, be on the lookout for people, emails or websites tried calling the seller but the phone number was your account information, password or any personal which try to deceive you. disconnected. details into the site and close the window immediately If it seems too I contacted the online classifieds website to find • don’t send your financial information by email Dodgy sites and dodgy dealers are not always easy to spot but knowing some of the warning signs can reduce good to be true – more contact information, but they told me I was the victim of a classifieds scam and that several to anyone your risk. it probably is other people had complained about the ad. Besides the $375 I lost to the scammer I was also • avoid using a public computer or public Wi-Fi connections to do your online banking Here are some basic steps to avoid online scams • protect your identity: your personal details are left with a pile of dog toys and food that I didn’t need” • make sure you are aware of, and act on, the security private and invaluable – keep them that way and away advice provided by your financial institution. from scammers PAGE 14 PAGE 15
Be aware of phishing • don’t respond: ignore suspicious emails, letters, phone Phishing emails used to be associated with banks, but • when you are on a banking website, look for a key or calls or text messages – press ‘delete’, throw them out David was scammed $450 and couldn’t these days scammers will try to trick you into providing padlock icon and that the website address begins with or just hang up pay his rent your personal and banking details by pretending to be https, to make sure the site is secure from all sorts of well known and respected organisations, • don’t let scammers push your buttons: scammers will • never send your personal, credit card or online including government agencies. play on your emotions to get what they want “I’m really busy with work, so I signed up to online account details via email. banking and found it was an easy way to pay my While some emails will have tell tale scamming signs • resist the personal touch: watch out for scammers bills and maintain my accounts. such as misspelt words or poor grammar, others can Know how to spot money transfer scams posing as someone that you know and trust, look like the real thing, using corporate logos and links to and advance fee fraud pretending to know you, or pretending to be from well One day I received an email which looked like it genuine looking websites. known public companies or government departments had come from my bank saying that my account With the rise of internet banking it is easy to transfer had some irregularities and that I needed to If you receive one of these emails – and chances are you money online. Unfortunately this has also meant an • stay one step ahead of scammers: visit the log into a secure site to confirm my identity. probably will – do not follow any of the links. You could increase in the number and types of scams that try to trick SCAMwatch website at www.scamwatch.gov.au to It had the proper logo and everything, so I also lose money and put your accounts at risk if you you into sending your money to scammers. learn more about scams that might target you. clicked on the link in the email and typed in provide any of your personal details. You can also subscribe to their email alerts at my details. Once you send money to someone it can be very hard to https://www.scamwatch.gov.au/content/index.phtml/ Here are some basic steps to avoid phishing scams get it back – especially if they are overseas. Worse still, tag/ScamWatchEmailAlert I was still worrying about my account later that you could be recruited as a money mule and find yourself day, so to be safe I rang the bank to double check • never respond to requests for personal information in in an illegal money laundering ring. that the problem was fixed. It was then that the an unexpected email or on a website linked to from an bank lady told me that the message was a scam unexpected email, even if it is supposedly from your Scammers use all sorts of stories to try and get your If you have identified a scam or been a victim bank or an organisation you know or trust money. For example, don’t be lured by the prospect designed to trick me into revealing my banking of fraud of a new job opportunity where you can earn large passwords and details. • be sceptical if you receive a request to update, validate commissions for transferring money to other employees. • report it to your service provider (eg bank, or confirm your personal information – if in doubt, She said the bank didn’t email its customers Likewise, don’t be fooled by an email saying you have or a social networking site), your ISP, and your contact the organisation by phone like that. She was really helpful and froze inherited a large sum of money from a long lost relative local police my account straight away. I was relieved but • never enter your personal, credit card or online – and that you need to pay some fees to claim the • you can report it to the ACCC via the someone had already taken out $450. It could account information on a website if you are not certain inheritance – this is a scam. SCAMwatch website (www.scamwatch.gov.au) have been much worse but I didn’t have enough it is genuine or by calling 1300 795 995. to pay the rent that week and I had to change all my banking details and get new cards, • check the website address carefully, remember that which was a pain.” scammers often set up fake websites with similar addresses to real ones PAGE 16 PAGE 17
Protect your identity and privacy Here are some basic steps to avoid being involved in a money transfer scam Identity theft refers to using another person’s name or other personal information, usually for financial gain. • avoid using public computers to access your personal information. If you do use a public computer, check You wouldn’t hand your • don’t fall for elaborate stories – try to remove the Identity theft is a criminal offence. to see if the service provider has any secure settings. Always remember to clear the history, close the web personal and financial emotion from the situation and think before you act While the internet has improved communications and the • don’t respond to emails offering you the chance of ease of doing business, the downside is that fraudsters browser and log out before you leave the terminal. details over to a stranger in the street so don’t and other criminals may have more opportunities avoid using Wi-Fi hotspots for sensitive internet use. making easy money to obtain details about you, where you live, and your These are often open and unencrypted. A hacker may be do it online. • verify any person or company before you transfer personal life. able to break into your computer through a hotspot and money or provide your credit card or bank potentially access your personal information. By stealing your identity, a person may access your bank account details. account, obtain credit cards or loans in your name, and potentially ruin your credit rating. Here are some additional steps to protect your identity If you think your personal information has been and privacy Lyn was taken for a ride by an online Here are some basic steps to protect your identity and inappropriately used or accessed online, you can lover lodge a complaint with the Office of the Australian • thoroughly check your account statements, including privacy online Information Commissioner at www.privacy.gov.au credit cards, bank statements, telephone and • check your privacy and security settings on your social or phone 1300 363 992 internet bills “I joined a dating site to see what it was like. networking profile, never give away your account Pretty soon I was talking to a nice man from If you suspect any fraudulent use of your identity • destroy or shred personal information – don’t just details, and regularly update your computer security Greece. He told me all about his home town and you should report it to the website operator throw it out software even sent me photos. He seemed really nice. (eg bank or social networking site), your ISP and • check your credit report at least once a year – • use strong passwords and change them regularly your local police. After six months he told me he loved me and I this can help you catch any unauthorised activity. – the personal information you put in your social couldn’t have felt happier. A few months later he Credit reports can be ordered from networking profile may be used by scammers to told me his mother had cancer and had to have guess your passwords –– Veda Advantage at www.mycreditfile.com.au or chemotherapy. He said he couldn’t afford to pay phone 1300 762 207 for it and he didn’t know what to do. • don’t share your personal information in an email, SMS or on a social networking site with people you –– Dun and Bradstreet at www.dnb.com.au or I felt so sorry for him. I’d recently had a family don’t know and trust phone 13 23 33 member go through cancer treatment so I agreed to help him out. I took out loans so that he could • don’t accept a friend request or follow a request from –– Tasmanian Collection Service at pay the hospital bills. After sending the money, a stranger – the best way to keep scammers out of www.tascol.com.au or phone 03 6213 5555 I never heard from him again. I had to sell my your life is to never let them in house to repay the debt.” PAGE 18 PAGE 19
• check out websites’ privacy policies. Only conduct business, visit sites or become involved with websites Justin’s online friend stole his identity Checklist of basic steps to be smart online that have adequate privacy policies that cover at least –– who your information will be passed onto “I set up a profile on a social networking site, Preventing malware and reducing spam Transacting online and avoiding scams added all my friends and posted a few pictures. and fraud –– why the information is being collected Think carefully before you click on links in emails I filled out some of the basic optional fields, such or on social networking sites. It’s always better check you are on a secure page –– how the information will be used as my birthday, hometown, email address and my to type the address into the address bar yourself interests. I also joined a few groups, such as my use a secure payment method –– how you can access information the organisation old school and one of my old jobs. don’t open email attachments if you’re not holds about you don’t send your financial information by email expecting them or you don’t know the sender I chose secure settings so that only my friends • if you do not agree with how websites and companies don’t respond to emails offering you the chance could see my profile – I thought this was safe scan email attachments with security software will use your details, do not provide them. of making easy money enough. before opening them verify any person or company before you I started getting a few friend requests from don’t give your email address away unless you transfer money, provide your credit card or people I didn’t know, but I accepted some of them are confident the recipient is a trusted party. bank account details. because they had similar interests to me or were friends with my friends. Protecting your identity and privacy With so much of my personal history available, one don’t share your personal information in an of these new ‘friends’ was able to forge documents email, SMS or on a social networking site with and even make a fake ID using my photo. people you don’t know and trust He then got a credit card in my name and ran up a avoid using public computers or Wi-Fi hotspots debt of $500. to access or provide personal information. Since then I am very careful about what I post, even if I think it’s private.” Still unsure about how to stay smart online? Visit page 30 to find out where to go for more information. PAGE 20 PAGE 21
How to be safe online • don’t post photos of you or your family and friends that • learn how third party applications on social networking may be inappropriate – or that your family and friends sites use your information. You can often control this haven’t agreed to being posted by accessing your privacy or security settings • never click on suspicious links – even if they are from • download or find out more information on the Just as you need to be smart when transacting online, you So be very careful about the information you share and your friends – they may have inadvertently sent them Cybersafety Help Button at www.dbcde.gov.au/ also need to be aware of the risks of social networking, how you protect it. Criminals may also attempt to use to you helpbutton. It is an online resource that gives easy particularly when interacting with people that you haven’t this information to facilitate other illegal activities in the access to cyber safety help and information. • be wary of strangers – people are not always who they spoken to or met in person. real world. say they are. It’s a good idea to limit the number of The unfortunate reality is not everyone is who they claim The social networking sites will often offer you options to people you accept as friends to people you know or If you suspect any fraudulent use of your identity to be online. Not everyone you meet online is trustworthy control the type of information you share with other users have met in real life and trust you should report it to your social networking enough to be considered a friend. and options to manage the people you want to interact • always type your social networking website address service provider and your local police. with. However, you still need to be careful about what into your browser or use a bookmark. Social networking safely personal information you put online and who you accept Parents: if you or your child has been harassed as your ‘friend’. or bullied on a social networking site, Never accept a Social networking sites have become very popular ways to go to www.thinkuknow.org.au or communicate online. Here are some basic steps you can take to stay safe when www.cybersmart.gov.au for advice and tips. friend request from using social networking sites People use them to stay in touch with friends, make new Download the Cybersafety Help Button at friends or business connections, and share information • set your online profile to private or ‘friends only’ and opinions about a range of topics. • protect your accounts with strong passwords a stranger www.dbcde.gov.au/helpbutton. It’s an online resource that gives children, teenagers, However, some people using these sites have ill intentions parents and teachers instant access to help and • have a different password for each social networking information on cyber safety issues 24/7. and may use your information to embarrass you or Here are some additional steps you can take to stay safe site so that if one password is stolen, not all of your damage your reputation. when using social networking sites accounts will be at risk If you are concerned about online behaviour that Criminals can also use your information to steal your • check if your social networking site has a safety centre. involves sexual exploitation of a child or other • think before you post – expect that people other than criminal activity, you should report this to your identity. Indeed, some criminals will use social networking This will provide a number of tips and examples of best your friends can see the information you post online local police, or phone CrimeStoppers on sites to find out more about you and your interests so they practice when social networking online can target you more efficiently with scams. 1800 333 000. • don’t post information that would make you or your • remember that any information available about you family vulnerable – such as your date of birth, address, online is potentially there forever. You can check what information about your daily routine, holiday plans, or information about you is publicly available online by your children’s schools typing your own name into a search engine PAGE 22 PAGE 23
Deal with offensive content When you are using the internet, you may encounter • remind your children not to talk to strangers online Sarah was being harassed by a stranger content that you find offensive – such as explicit sexual Report any inappropriate content to ACMA by • monitor and supervise internet use by having the activity or material containing excessive violence or sexual completing the relevant online form at computer in a visible place in your home violence, drug use, or criminal activity. www.acma.gov.au/hotline or by calling “I like social networking because it’s a good way of 1800 880 176. • tell your children that if they are uncomfortable talking keeping in touch with what my friends are doing. You can make a complaint about offensive content to I can see the photos they’ve posted, and they can to you they can contact the Cybersmart Online Helpline the ACMA. see mine. I’ve also made new friends online. (Kids Helpline) at www.cybersmart.gov.au. You can do this by completing the relevant online form Protect your children online One day I received a friend request from someone Here are some basic steps for your children when at www.acma.gov.au/hotline or by calling 1800 880 176. The internet offers an exciting world of experiences for they’re online I’d never met before. ‘Claire’ was about the same Make sure you take note of the offensive website’s address children and the whole family. It can be entertaining, age as me, and I could see from her profile that we so the ACMA can access the online content. • never give out any personal information. This includes educational and rewarding. liked the same music, so I accepted. your name, address, phone number, any family If the content is sufficiently serious, such as child However, using the internet also involves risks and information, where you go to school or where you Everything was ok for a while, and we would pornography, the ACMA may refer the material to the challenges. play sport sometimes chat online. But then Claire started appropriate law enforcement agency. writing nasty things about me and sending me Children might be exposed to content that is sexually • think before you post or share photos with people online threatening messages. You can also contact your local police to report serious, explicit, violent, prohibited or even illegal. They may illegal online content such as child pornography. • never share your passwords, not even with your friends also experience cyber bullying or be at risk from contact I was really upset, so I checked my social Here are some basic steps to deal with offensive by strangers. • think carefully before you open any attachments in networking site’s safety information to see what I could do about it. Following their advice, I reported online content emails from people you don’t know and trust. Children may – unknowingly or deliberately – share her using the ‘report’ link, and also blocked her so • take note of the website address so the ACMA can personal information without realising they may become that she can’t contact me again. access the online content victims of identity fraud, or that they are leaving behind Now I am much more careful. I have increased • make a complaint to the ACMA – by completing an content that might not reflect well on them in the future. Stranger danger the privacy settings on my profile so that only my friends can contact me, and I only accept friend online form, sending an email or making a phone call Here are some basic steps for you to protect your children online applies to people requests from people I have met in real life.” • help protect your children from offensive content by installing and maintaining a content filter on your • for younger children, set up your computer security online, just as it computer or using parental controls on your security software and letting them know that they can do if they software to only access approved websites and email addresses. This is known as whitelisting and will help does in real life come across offensive content. to block inappropriate content PAGE 24 PAGE 25
Dealing with cyber bullying • download or find out more information on the Cybersafety The AFP works with state and territory police, other Help Button at www.dbcde.gov.au/helpbutton so agencies and ISPs in the battle against online sexual Unfortunately, your children may be exposed to cyber that your child can access support immediately if they exploitation of children. bullying. This can include are bullied. Here are some basic steps to help deal with child grooming • receiving abusive emails or texts Deal with online child grooming • monitor where your children go online • unkind messages or inappropriate images being posted on social networking sites Online child grooming is when an adult forms a • educate your children not to share personal relationship with someone under the age of 16 with the information online • being excluded from online chats. intent of later having sexual contact with that child or young person. • remind your children to never meet someone in Like other forms of bullying such as verbal abuse, • never respond to negative messages but save the person who they have met online unless a responsible social exclusion and physical aggression, cyber bullying This can take place in chat rooms, instant messaging, message and the details of the sender. If you are a adult is also present may result in the targeted person developing social, social networking sites and email. parent, you may want to save the message so your psychological and educational issues. • report suspicious behaviour to your local police or child doesn’t keep reading it and feel worse Signs that a young person might be the target of online Crime Stoppers by phoning 1800 333 000. While cyber bullying is similar to real life bullying it also grooming may include excessive use of the computer, • monitor where your children go online differs in some ways late night computer use and secretive computer use, Here are some additional steps for you to protect your • remind your children to only have people they know changes in sexualised language and behaviour—either children online • it can occur 24/7 and a child can be targeted at home and trust as online friends/contacts becoming more or less sexualised in language, behaviour • explore the internet with your children – consider • it can involve harmful material being widely and and dress—and a change in the way they relate to friends • reassure your children that you love and support them using safe zones and exploring child-friendly websites. rapidly sent to a large audience, for example, rumours or family. These signs do not necessarily mean a young and you will help them Bookmark websites for them that you have approved and images can be posted on public forums person is being groomed. They could also be signs that a • report cyber bullying to your children’s school and/or young person is experiencing more general social issues • let your children know that not all websites are • it can provide the bully with a sense of relative the relevant social networking site or service provider associated with growing up. suitable and if they encounter a site that makes anonymity and distance from the target, so there is a them feel uncomfortable, they should leave the site lack of immediate feedback or consequences. • if your child has been involved in cyber bullying and If you think that you or your child is being groomed immediately, either by clicking on ‘back’ or closing the seems distressed or shows changes in behaviour online, then contact the Australian Federal Police (AFP) Here are some basic steps to help deal with cyber bullying browser altogether or mood, seek professional help. You can do this by completing an online reporting form at the ThinkUKnow • increase your online security and privacy and block through the Cyber Smart Online Hotline at cyber safety website – www.thinkuknow.org.au. • reassure your children that they won’t be denied communications from cyber bullies www.cybersmart.gov.au/report.aspx. This provides access to the internet if they report seeing free, online counselling for children and young people. inappropriate content Your child’s school may also be able to provide support and guidance PAGE 26 PAGE 27
• for older children, consider tools that block access to chat rooms and prevent giving out personal If you or your child has been harassed or Checklist of basic steps to be safe online information bullied on a social networking site, go to www.thinkuknow.org.au or Social networking safely Protecting your children online • check to see if your ISP is www.cybersmart.gov.au for advice and tips. Family Friendly by looking set your profile to private install and maintain a content filter on your for a lady bird logo on their If you believe someone has behaved computer or use parental controls on your protect your accounts with strong passwords security software website. These ISPs must inappropriately or in a sexual manner towards your adhere to the Internet child or children, report it to your local police, or use discretion when accepting ‘friends’ for young children, set up your computer to only Industry Association codes of practice. They offer phone Crime Stoppers on 1800 333 000. access approved websites and email addresses information and online tools to help parents and think carefully before you click on suspicious If there is a threat to your child’s safety the police links – even if they are from your friends monitor where you children go online children use the internet in a fun and safe way. can help. In a life threatening and time critical situation call Triple Zero (000). don’t post information that would make you or educate your children not to share personal your family vulnerable, such as your date of birth information online Download the Cybersafety Help Button at and address report cyber bullying to your child’s school and www.dbcde.gov.au/helpbutton. Its an online your ISP resource that gives children, teenagers, don’t post photos of you or your family and parents and teachers instant access to help and friends that may be inappropriate – photos that remind your children to never meet someone information on cyber safety issues 24/7. your family and friends haven’t agreed to being in person who they have met online unless a posted or that identify where you live, work or responsible adult is also present go to school. tell your children that if they are uncomfortable talking to you they can contact the Dealing with offensive content Cybersmart Online Helpline (Kids Helpline) at take note of the website address www.cybersmart.gov.au make a complaint to the ACMA. report suspicious behaviour to your local police or Crime Stoppers by phoning 1800 333 000 download the Cybersafety Help Button at www.dbcde.gov.au/helpbutton. Still unsure about how to stay safe online? Visit page 30 to find out where to go for more information. PAGE 28 PAGE 29
Where to go for more information Where to go to report online incidents Cyber security Offensive content Fraud Offensive content • www.staysmartonline.gov.au – for individuals and • www.acma.gov.au • report any loss or fraud attempt to your service • Report any inappropriate content to ACMA by small business provider (eg bank, social networking site), your ISP, completing the relevant online form at Online shopping and your local police www.acma.gov.au/hotline or by calling 1800 880 176 • www.cert.gov.au – for large companies • www.accc.gov.au or phone 1300 302 502 Identity fraud and identity theft Scams and phishing • copies of the Australian Government’s Cyber Security Strategy are available at www.ag.gov.au/cybersecurity • report any fraudulent use of your identity to your • report any scams to the ACCC on the SCAMwatch Privacy service provider (eg bank, social networking site), website at www.scamwatch.gov.au or phone the ACCC • www.icode.net.au for information on the Internet • www.privacy.gov.au your ISP, and your local police Infocentre on 1300 795 995 during business hours Industry Association’s voluntary code of practice on cyber security (the icode) • also report any scams to your service provider (eg bank, Scams and fraud Malware social networking site), your ISP, and your local police Cyber safety • www.scamwatch.gov.au • If you are having difficulties removing malware from your computer report the matter to your ISP or contact Spam • www.cybersmart.gov.au • SCAMwatch twitter – follow SCAMwatch on Twitter at a professional to remove it. The icode website has http:twitter.com/SCAMwatch_gov or @SCAMwatch_gov • you can report or complain about spam to the ACMA • www.thinkuknow.org.au information on finding professional help at – refer to www.spam.acma.gov.au, or for spam SMS http://icode.net.au/professional-help.php • cybersafety@acma.gov.au or phone 1800 880 176 Spam forward the message to 0429 999 888 • www.spam.acma.gov.au Privacy • www.dbcde.gov.au/helpbutton Online grooming • if you think your personal information has been • phone the spam hotline on 1300 855 180 • you can report online grooming to the AFP by Identity security interfered with online, you may be able to complain to completing the online reporting form at • spam SMS can be forwarded to 0429 999 888 the Office of the Australian Information Commissioner • www.ag.gov.au/identitysecurity www.thinkuknow.org.au at www.privacy.gov.au or phone 1300 363 992 Other • you can also report any online incident to Crime Stoppers by phoning 1800 333 000 PAGE 30 PAGE 31
You can also read