April 17, 2015
Jackie here. We’ve advised you not to share your Social Security number unless absolutely necessary, but the tricky part is knowing when you must share and when you can say no, especially when you head to the doctor’s office. There is often a space on their forms for a SSN. Do they really need it? Here’s what you need to know about sharing your Social Security number when you go to the doctor.
Does My Doctor Need My SSN?
There is no simple answer to the question, “Does my doctor need my SSN?” It really depends on your insurance. Some insurers use the SSN as an identifier. If your doctor doesn’t have yours, they won’t get paid. Does your insurance company need a SSN to pay claims? Call and ask to find out. If you have Medicare, a SSN is almost always needed. Other insurance companies including Medicaid, TRICARE, and CHIP used to use SSNs for patient identification, but have transitioned to a different system. If you have an old card that uses your SSN, call and ask for a new one.
How to Say No to Sharing Your SSN
If your insurance company doesn’t require an SSN, you can likely refuse to provide it at the doctor’s office. Be kind, but firm in your refusal. Remember, you can refuse, but they can also refuse to provide service. Staying calm will lead to better results than getting angry or frustrated. Try these tips:
Ask Questions- Before providing your SSN, find out how it will be used. Ask questions about why it is needed, how it will be protected, what happens if you refuse, and what your other options are.
Offer Alternatives- If a doctor’s office wants your SSN to get in touch should billing problems arise, offer alternatives like an email address or a cell phone number. Try to avoid providing things like your driver’s license number, as this too can be used to commit ID theft.
Find a Different Doctor- If your doctor insists and you really don’t want to provide your SSN, find a different provider. Unless your insurer requires your SSN for billing, you shouldn’t have to share it with your doctor.
It’s important to know when you are required to share personal medical information and when are may have another option. This will help you keep your information safer from medical identity theft. Find more tips from Consumer Reports here.
April 14, 2015
Jackie here. There’s a scam making its way around Facebook and other social media sites that could leave your computer ridden with malware if you aren’t careful. Here’s what you need to know:
What is Malicious Tagging?
This scam uses a practice known as malicious tagging. A friend will appear to share a video (often one with adult content) to their wall with the names of many friends tagged. If you’re tagged, you’ll receive a notification and likely want to view the video. If you click to view the video, a pop-up will appear that encourages you to update your video player software (like Flash Player). Click to update and you’ll unknowingly install malware on your computer. This malware not only steals personal information (potentially leading to ID theft), but also takes over your Facebook, tagging your friends in the malicious video and perpetrating the scam once again.
What Can You Do?
This scam is a scary one, but there are ways to protect yourself and your friends.
Just Because it’s from a Friend, Doesn’t Mean It’s Safe- We tend to trust links and videos shared by friends, but on social media, this isn’t always a wise choice. Your friend’s accounts may be compromised and they may be unknowingly sharing malicious links. If something seems suspicious, steer clear, even if it’s shared by a trusted friend. To spot a potential scam, look out for postings that seem out of the norm for your friends – if they don’t usually share videos with friends, double check with them before you watch.
Beware of Required Updates- Stay on top of your computer, plug-in, and software updates on your own (automatic updates are an easy way to do this). If an update notification pops up when you attempt to watch a video or follow a link, decline the update and head to the applicable website to do it yourself. Here are some tools to help you stay on top of the updating game:
Firefox’s Plug-In Checker- If you use Firefox, try the Plug-In Checker to see what needs updating. You’ll see which plug-ins are potentially vulnerable and will have access to easy links to update.
Chrome Plug-Ins- Chrome users can head to Chrome’s help page on Plug-Ins for links to supported plug-ins and their updates.
Microsoft Update Page- This help page from Microsoft has tips and tools for keeping your computer up to date.
Report It- If you come across spam or potentially malicious content on Facebook, report it. This helps Facebook to find and remove the bad content and may protect other friends from falling victim.
Think Before You Click- If something is touted as “exclusive”, “one-of-a-kind”, etc. keep your eyes open for a scam.
Stay on the lookout for malicious tagging and don’t fall victim.
April 11, 2015
Jackie here. When it comes to protecting your privacy online, one of the best places to start is with your social media accounts. It might not seem like you share a lot with these sites, but you’d be surprised how quickly those little snippets of your life add up. Here are a few surprising things Facebook (and the world if you’re not careful with your privacy settings) knows about you.
What’s in a name? It might seem like pretty basic information, but knowing exactly who you are makes everything you do on Facebook so much more valuable. You aren’t just a nameless user to Facebook, but a specific person complete with a name. Identity thieves may use your name to trick friends and others into believing a scam is real.
Facebook knows your birthday since it is something you must share to register for an account. But, if you aren’t careful with your privacy settings, everyone else might know your birthday too. Since birth dates are sometimes used as a piece of important identifying information, it might be a good idea to restrict this information, or at the very least, only share it with friends.
Where You Live
Even if you haven’t personally chosen to reveal your current city of residence to Facebook, they may know where you live based on GPS. Your mobile device may share your location every time you use the Facebook app. Additionally, those check-ins at your favorite restaurant reveal a lot about your location. Be careful with check-ins. Thieves have been known to use Facebook as a tool for determining when you are and are not at home.
What You Look Like
Facebook is surprisingly good at identifying its users through pictures. Their facial recognition program, DeepFace, boasts 97.35% accuracy, close to human level performance. Facebook knows what you look like and can find and identify pictures of you, even if you haven’t tagged yourself. Always double check pictures that are tagged of you on the site to make sure they are pictures you want identified with you. Although you can’t remove other Facebook user’s pictures, you can untag yourself if you don’t want the picture to show on your account.
What You Like
Each time you click “Like” on Facebook, you tell them a little more about what you like and who you are. While this information is highly lucrative to Facebook for advertising purposes, it can also be valuable to thieves if your profile isn’t properly secured. Thieves can see what you like, what companies you do business with, and can potentially use this information to create highly targeted scams that you may fall victim to.
Who Your Friends Are
Facebook is all about friends. After all, what fun would be the site be if it wasn’t for those silly cat pictures your friends are posting? Choose your friends carefully. If you want to welcome everyone into your network, use Facebook’s options for differentiating friendship levels. You can classify people into groups like Acquaintance, Friends, Family, etc. to ensure you’re always sharing with the right audience.
There’s nothing wrong with sharing on Facebook, but make sure you know what you’re sharing and with whom. Take the time today to check your privacy settings and make sure you are protecting your online privacy.
April 6, 2015
Jackie here. Do you use an activity tracker? These wristbands can make it easy to stick to your fitness goals, but does this convenience come at a price? Some privacy experts worry that fitness trackers could be used to gather and sell personal information. If you’re interested in using a fitness tracker, make sure you know what you’re sharing so you can make an informed decision. Here’s what you need to know about fitness trackers and personal privacy.
No Regulations- While there are regulations regarding privacy on health apps, the same does not apply to fitness apps. These apps are use at your own risk and the privacy policies involved can vary greatly from company to company. Do your research and be aware that privacy policies are determined by the company, not by federal regulation.
Your Data is Valuable- You might think that no one else cares about your fitness activities, but this is not true. Your information is very valuable to advertisers, health insurance companies, and even employers. Don’t underestimate the value of your data.
Send Data Securely- If you do use a fitness tracker, send your data to the company securely. Unsecured networks (public Wi-Fi) can be easily compromised.
Last year we shared some information about health and fitness apps and privacy from the Privacy Rights Clearinghouse’s special report. Much of the information we shared then, applies here too. If you haven’t had a chance to check it out, make sure you do.
Do you use a fitness or activity tracker?
April 4, 2015
Jackie here. Have you been neglecting your identity? In the daily hustle and bustle it is easy to let some important identity protecting tasks fall through the cracks. Just like you spring clean your house to get caught up once a year, take some time to spring clean your identity. Catch up on those tasks you’ve been forgetting and keep your identity a little safer. Here are some ideas:
Check Your Credit (and Clean it Up)- Have you ordered your free credit reports this year? Once a year you’re entitled to a free report from each of the credit bureaus. Get your reports by visiting annualcreditreport.com. If you notice any errors, correct them right away. If you see signs of ID theft, take action before the problem gets worse.
Opt Out- Are you getting unwanted credit card offers in the mail? Is your number on the Do Not Call Registry? Take a few minutes and opt-out to protect both your privacy and your identity. Here are a few opt-out options to consider:
Top Opt Outs from the World Privacy Forum- a great list of 10 opt-outs you should consider.
Shred- Unwanted paperwork can pile up. Take some time and get to shredding. Shred any paperwork with sensitive information that you no longer need, including old bills, medical statements and records, expired credit cards, bank statements, tax records, etc. Use a crosscut shredder to ensure your documents are really destroyed.
Change Your Passwords- Even if you’ve chosen strong passwords, it’s still a good idea to change them occasionally. If you haven’t changed your passwords lately, update them today!
Check Privacy Settings- When was the last time you checked your privacy settings on Facebook, Twitter, Google+ and other social accounts? This help sheet will walk you through the process on many of your favorite sites.
Re-Read Privacy Policies- Privacy policies might not be the most interesting reading around, but they are important. Review the privacy policies at your favorite websites and be aware of what you’re sharing.
Update- Is your anti-virus software up to date? What about your favorite apps and plug-ins? Update your computer, run an extra security scan, and make sure you’re protected.
Delete Old Apps- Remember that heartbeat tracking app you installed and used only once? Now’s the time to say goodbye. Go through your apps and delete any that you aren’t currently using. In addition, double check the information you are allowing your current apps to access – many automatically request access to data they do not need.
What will you do spring clean your identity this year?
April 2, 2015
Karen Taylor for AllClear ID
When we think about threats to private data we often think of the headline-grabbing cyber attacks. We tend to forget the data breaches that result from a more mundane cause — the loss of devices and documents on which the data resides.
Yet, there is a real and present danger of data being breached through lost, stolen, and neglected devices and documents such as servers, computers, and cell phones, according to experts.
In one study, eSecurity Planet found the leading cause of data breaches has been the theft or loss of unencrypted laptops and USB drives. “If there’s a difference between a laptop theft today and 10 years ago, it’s that it’s probably got saleable data on it,” stated ESET senior security researcher Stephen Cobb.
Further, in its 2014 Healthcare Breach Report, data protection company Bitglass found that “68% of breaches since 2010 occurred because devices or files were lost or stolen, while only 23% were due to hacking.”
While not as sensational as external threats, internal data security threats come with the same high costs — regulatory penalties, lawsuits, and PR nightmares.
For example, the Ponemon Institute found that “lost or stolen devices increased breach costs by $18 per record.”
Losing Sight of Lost Data Risks
Every year there are hundreds of cases of missing data due to lost, stolen, and neglected devices and documents in every industry — from banking to healthcare. Here are just a few scenarios.
Lost in Transportation. An employee of a large Canadian bank lost two back-up servers while transporting them from one location to another. The tapes included the private data of 260,000 customers, including Social Security numbers and bank account information.
Blowing in the Wind. In 2014, a man found patients’ medical records scattered down a street blowing out of a trash dumpster. The records contained the patients’ names, addresses, phone numbers, Social Security numbers, and other private information patients shared with a healthcare provider in Kansas City, Missouri.
Missing in Inaction. In February 2012, a healthcare provider lost ten computer disks that were being stored in an empty office. They contained encrypted personal information on over 300,000 patients, including names, diagnosis, Social Security numbers, and more. Emory Healthcare faced HIPAA fines, a HIPAA breach violation, and a class action lawsuit.
Dealing with a Physical Data Breach
The moral of these stories is that your breach preparedness plan should cover the steps you need to take to deal with and recover from a device breach as well as the more sensational cyber breaches. In many instances, enhanced employee security and data disposal training may prevent a data breach from occurring altogether.
Keep in mind that from a customer’s perspective, the loss of their privacy data by any means is often catastrophic. They are not concerned whether it was a high-tech headline-gripping malicious attack or a mistake that sent their private information blowing down the street. They just want to know how the organization is going to help them recover after a data security incident.
As entities entrusted with our customers’ data, we should treat every data breach with equal care, concern, and proactive communication.
April 1, 2015
Jackie here. When you want quick and easy… buy a kit. We use kits for making salads, DIY crafts, etc. Scammers use kits for something much more sinister… stealing your information. Phishing kits are an inexpensive way for thieves to launch information stealing campaigns. Let’s take a look at what phishing kits are and how you can protect yourself from phishing attacks.
What Are Phishing Kits?
Phishing kits enable scammers to quickly and easily steal your information. Little technical knowledge or expertise is needed when using a kit. Scammers simply buy the kit (sometimes for as little as $2) and install it, no programming needed. This allows thieves to jump in and start stealing information quickly. Unfortunately for those of us that aren’t thieves, phishing kits are bad news because they make the process of stealing information much simpler.
Phishing kits are often loaded on to legitimate blogs and websites when hackers compromise these sites. This makes having up to date anti-virus software even more important because you don’t have to be visiting dodgy websites to be at risk.
How Do They Work?
Phishing kits can snatch your login information when you visit websites. It might look just like the login page for your bank, but it might not be. When you enter your username and password, the phishing kit gathers the information and sends it back to the scammer. Sometimes you’ll even be successfully logged into the site (using a trick where scammers input the information for you on the legitimate site) to keep you from realizing you’ve been compromised.
How Can I Protect Myself?
Protecting yourself from phishing kits requires diligence. While there isn’t a 100% guarantee you can protect your computer, here are a few tips that can reduce your risk:
Be Cautious with Links- Stop and think before you click that link. Hovering over a link to see where it is headed it always a good idea.
Watch for Bad Grammar- If you notice blatantly bad grammar in an email, send it to the trash. Scammers often use bad spelling and grammar in their phishing emails. Phishing is getting more sophisticated these days, so watch for strange requests for personal information in unsolicited emails.
Update Your Computer- Make sure your anti-virus software is up to date. Also update your various software programs. Thieves often exploit vulnerabilities in programs, which software updates may correct.
Check the Reputation- You can check the reputation of a site before you visit. This reputation checker from Norton is one tool that can help.
Try an Incorrect Password- If you’re unsure whether a login page is legitimate, try the wrong password first. Often, phishing pages won’t return an error message.
Phishing kits are scary business, but if you follow smart browsing principles, you can do a lot to protect yourself.
March 30, 2015
Jackie here. LinkedIn is a wonderful networking tool, but it is not without privacy trade-offs in some instances. LinkedIn recently created and implemented their own ad network that tracks you across the site and on the web. If you don’t want to receive targeted ads from the site, here’s what you need to do to opt-out.
How to Opt-Out
The ads on the new ad network won’t just appear on LinkedIn; they can be found on websites across the internet (Groupon and Samsung are some of the first to test the network). According to the company, the ads might be highly targeted, but the companies in question won’t know who you are. They are simply targeted to people in certain professions, LinkedIn groups, and locations.
This is a great reminder to double check your privacy settings on all social media sites. Policies often change and checking in regularly will help you to stay in control of what you share.
March 27, 2015
What Do Smart TVs Gather?
Smart TVs collect and send data about all of your watching habits to various third parties. This can help to personalize your viewing experience. Your TV knows what you like to watch and can recommend new shows. This data can also be used to personalize your advertising experience, showing you ads that are more relevant, and more interesting. But, this information isn’t just helpful to the consumer. It is also highly valuable for companies.
Smart TVs gather information about your viewing patterns, and not just what you stream over the internet. The technology is known as automatic content recognition (ACR) and gathers information about everything you view. They can tell what DVDs you’re watching, what television programs you’re watching, what you view on YouTube, and what you do on Netflix, Amazon Prime, Hulu, etc. This information can be sold to television companies to determine ratings, used for advertising to target specific shows and products, and to improve and change services offered by the TV. Some ads even allow viewers to purchase recommended products directly from their remote controls.
If your set has voice command enabled, your device may also inadvertently capture anything you say around it, transmitting this information to various information gathering companies.
What Can You Do?
Many of the controversial services, including voice commands and ACR, can disabled if you find the right section and follow the process. This can be difficult, but if something makes you uncomfortable, take the time to find out how to disable these services. Consult your TV manufacturer for specifics on opting out on your device.
If your TV is smart, you’ve got to be smarter. Know what you’re sharing and make an informed decision about protecting your privacy.
March 26, 2015
Jackie here. When you swipe that credit card, what information are you giving away? A recent study suggests that consumers are likely sharing more information than they intend. The study used anonymized credit card data to pinpoint particular purchasers, turning private purchases into public knowledge.
With just four purchases (an amount easily made within one day: your morning coffee, your grocery store run, lunch, and a gas station fill up), researchers were able to identify consumers from anonymized data with 90% accuracy. If prices were included, only three transactions were needed.
What does this mean for you?
Quite simply, it means that it might be easier to identify you by seemingly random purchases than many originally thought. Companies often share anonymized data with outsiders. Consumers aren’t typically concerned as the data shouldn’t be able to tie directly to them. This study suggests that a little more caution may be needed.
March 22, 2015
Jackie here. Do you have a Lenovo device? Recent reports indicate that the company has been shipping devices pre-installed with a type of malware known as “Superfish”. What do you need to know to protect your privacy?
What is Superfish?
Superfish is a type of malware that comes pre-installed on some Lenovo devices. When you hear malware, you might think scammers and ID theft. This malware is different. It monitors your internet usage and inserts ads into your searches. At the very least it’s a pesky privacy violation, but some security experts worry that thieves could potentially use it to steal your information. It can also interfere with security certificates on secure sites making it risky to connect to online banking.
To find out if your computer is loaded with Superfish, head to this website and wait a few seconds. The website will perform a quick check and let you know if Superfish is operating on your device.
What Can You Do About Superfish?
If you do find Superfish on your computer, take action. Security experts have found ways to use Superfish to compromise computers and thieves probably have too. Amid public backlash Lenovo has released a way to uninstall the malware. Head to their support site and use the removal tools provided on your device.
March 19, 2015
Jackie here. When you’ve got work to do on the go, nothing beats a laptop. Are you keeping yours safe? Proper care for your laptop is much more involved than just storing it in a padded case. Try these tips to boost your laptop security and keep your identity safe.
Treat It Like Cash- Would you leave a $100 bill on the table of your local coffee shop while you run to the counter for your order? Then don’t leave your laptop. OnGuardOnline recommends treating your laptop like cash. This will help keep your laptop out of the wrong hands.
Give It a Password- If your laptop doesn’t have a password, set one up today. A password is a great first line defense against prying eyes. Make sure you store your password in your mind, not on a paper inside of your laptop case. The same rule applies for passwords to bank accounts, email, and other sensitive websites.
Ditch the Laptop Case- A laptop doesn’t have to live in a laptop case. Storing it in other, more discreet cases may be a bit safer. Consider stowing your laptop in a small padded cover inside of a backpack instead of the traditional case.
Alarm It- If you use a laptop often, you may want to invest in a laptop alarm or lock. These can help you keep an eye on your laptop even when you have to momentarily look away.
Pay Attention- If your laptop is out, pay attention. Be aware of your surroundings. Thieves don’t have to physically take your laptop to capitalize on your information. Looking over your shoulder can yield usernames, passwords, account numbers, and more if you’re not watching.
Use Anti-Virus Software- Don’t connect to the internet without up to date anti-virus software. Since laptops aren’t always turned on (like a home computer) they can easily get behind in their updates. It’s a good idea to pull out your laptop and manually update software before a big trip out of town or some other occasion where you will be frequently connecting to public wi-fi.
Be Careful with Wi-Fi- It’s always safer to avoid entering personal information over a public Wi-Fi network. If you’re using your laptop out and about, you’ll need to have a plan to use Wi-Fi safely. These tips from Microsoft may help you as you create your plan.
Turn Off Your Wi-Fi Connection When Not In Use- Turn off your Wi-Fi connection when you aren’t using the internet.
Now that you’ve got some tips, try your hand at this fun laptop security game from the FTC and see how you do.
March 14, 2015
Jackie here. In most instances, identity theft is considered a crime and that means that your local courts and legal system may be able to offer some assistance in identity theft resolution. The availability will vary greatly depending on where you live, but here are a few resources from the Identity Theft Resource Center.
Your Local District Attorney’s Office
Many district attorney’s offices offer some sort of victim assistance for ID theft. Contact your local DA’s office and ask what programs are available. Your local office may have group meetings, victim counselors, packets of local resources, helplines, or informative websites to provide information.
File for Restitution
If you want to file for civil restitution after ID theft (especially common when the perpetrator was local), your local court is the place to start. Restitution can help cover expenses related to the theft (including postage, time off work, photocopies, faxes, etc.). In order to file a claim, you’ll need to keep detailed records and save receipts.
Get Your Credit Report
As an identity theft victim, you’re entitled to free copies of your credit report during the resolution process. Your police report and records of other legal filings can be used to prove that you’re entitled to these free reports. Just a note, under the Fair Credit Reporting Act, each of the 3 credit bureaus is required to provide you with a free copy of your credit report, at your request, once every 12 months. Visit www.annualcreditreport.com or call 1-877-322-8228 to request your copy.
Letter of Clearance
If you’re a victim of criminal identity theft and are struggling with mistaken identity, a letter of clearance from the court can be used to prove your identity to law enforcement and help you avoid jail stays due to your identity theft.
For more tips about using the legal system to your advantage after identity theft, check out this great tip sheet from the ITRC.
March 3, 2015
Jackie here. How many credit cards are in your wallet? A new service called Plastc hopes to replace your many cards with just one. They offer a high tech credit card alternative that stores all of your card information in one place. Let’s take a look at some of the features.
What is Plastc?
Plastc is a one card solution to all of your cards. It can be programed to act as a credit card, debit card, security access card, gift card, and loyalty card. Once your cards are entered into the device (it can currently hold 20 cards), you can access them using the touchscreen display. The card has a magnetic stripe (like your credit card) and a barcode display. It also has NFC and Chip and PIN capabilities. It can be used with all credit cards including Visa, Mastercard, and American Express. Plastc also tracks account balances and spending.
Plastc isn’t just convenient. The creators hope to increase the security of your cards as well. The card uses a secure PIN entry to unlock the card before purchasing. Proximity alerts let you know if you ever leave your card behind. If the card is lost, it can be remotely wiped to protect all of your information.
Cards are available on pre-order right now and cost about $150 each.
Plastc is a neat idea and we’re excited to see how it works out. There is no guarantee it will boost your credit card security but the possibilities are promising. Would you be open to using such a card if it meant enhanced security?
February 26, 2015
Jackie here. ITRC president Eva Velasquez recently shared some ID theft tips we can all take advantage of. Often it’s the little things you do that make the biggest difference in keeping your identity safe.
Password Protect Your Phone- Is your phone password protected? If you haven’t taken the time yet to set up this simple, but essential identity protection, stop reading and go do it. Setting up a password just takes a few minutes and can keep your personal information safe should your phone be lost or stolen.
Keep Your SSN to Yourself- When companies ask for your Social Security Number, ask them why. In many instances, they don’t actually need it. What should you do when asked for your SSN? Eva Velasquez offers a simple solution, “You are free to tell the company that you do not give out your Social Security number, and that you’ll be happy to provide different information, such as your phone number or address.” In certain instances, however, companies do need you SSN to provide you the services you request.
Take Your Mail to the Post Office- Don’t drop that tax form or check into the mailbox outside of your house. Take it to the Post Office instead. If you’re mailing anything that contains personal information (including checks, health insurance statements, and tax documents), send it directly from the Post Office.
Change Your Password- Change your passwords often and while you’re at it, make sure you’re choosing strong ones. Hint: your birthdate or address is not a good choice.
File Your Taxes Early- We’ve told you before and we’ll tell you again, file your taxes as soon as possible. If you’re waiting to file, remember that the thieves are not. “If a thief gets there first, your legitimate return will be rejected for having a return already filed under your Social Security number.”
Take these 5 simple steps today for a safer identity.
February 20, 2015
Jackie here. Is your job hunt putting you at risk for ID theft? The internet has certainly changed the way we find and apply for jobs, both for the good and potentially the bad. The convenience of being able to submit applications online also gives thieves a convenient way to steal information. What can you do? Keep reading for some identity protecting job search tips from the Identity Theft Resource Center.
Carefully Screen Opportunities
In job hunting as well as in life, “If it seems too good to be true, it probably is.” If you see a job offer that offers great pay with little to no effort, its likely a scam. Some thieves use fake job postings to solicit identity information (like name, address, Social Security Number, etc.). If you see a suspicious job posting, contact the company doing the hiring directly and make sure the job is legitimate before you put in an application.
Don’t Provide Bank Information
Never provide your bank account information as part of the job interview process (even after hiring, your employer only needs this information to set up direct deposit if you plan to use it). Jobs that promise to pay you for cashing checks or managing money transfers through your own accounts are almost always scams; avoid them.
Offer First, SSN Second
Be very careful when providing your Social Security Number to a potential employer. You don’t need to provide it with the initial application. If a SSN is needed (for a background check or paperwork after hiring), provide it only after you have a job offer (or conditional offer).
Good luck on your job hunt! May your searches be identity theft and scam free.
Karen Taylor for AllClear ID
President Obama made an announcement that may carry implications for businesses when they are responding to data breaches in the future. At the office of the Federal Trade Commission on January 12th, he introduced the Personal Data Notification and Protection Act stating:
“Right now, almost every state has a different law on this (notification), and it’s confusing for consumers and it’s confusing for companies — and it’s costly, too, to have to comply to this patchwork of laws. So under the new standard that we’re proposing, companies would have to notify consumers of a breach within 30 days.”
The discovery of a breach would trigger what’s being called a “30-day shot clock” for notification. At first glance, this proclamation sounds effective. After all, the public deserves to know as soon as possible when their personal data has been compromised (so say supporters of the bill).
But like all governmental rulings, there are opinions on both sides of the issue. Some supporters feel that requiring companies to notify affected customers within 30 days provides consumers with more time to protect their identities and be on the lookout for fraud. Opponents of the bill, however, say that 30-day notification timeline presents challenges in some instances where the investigation phase takes longer. If a company is forced to notify customers with incomplete or inaccurate information, the response can become complicated and ineffective.
Let’s look at some of the pros and cons swirling around the industry.
Yea! — The 30-Day Rule Protects Consumers
CRM Daily reported the following: “We reached out to Rick Holland, principal analyst, Security & Risk Management, at Forrester, who told us that many companies don’t provide breach notification unless they are compelled to do so via regulatory means. He said that Obama’s proposal would address that issue. It would also reduce the extreme complexity of domestic breach notification laws … ‘A national breach notification law with a high-water mark would be a good step towards better protecting consumers.’”
Brian Krebs from KrebsonSecurity.com finds both benefits and risks in the 30-day ruling. “Depending on what is put in and left out of any implementing legislation, the effort could well lead to more voluminous but less useful disclosure … (however) a federal breach law could produce fewer yet more meaningful notices that may actually help prevent future breaches.”
Ney! — The 30-Day Rule Could Interfere with State Laws
In an article by The New York Times, experts weighted in with concerns about the 30-day national rule. “‘The problem is that the effect will likely be to pre-empt the stronger state laws,’ said Marc Rotenberg, the president of the Electronic Privacy Information Center, who favors disclosure faster than 30 days. ‘We want a federal baseline, and leave the states with the freedom to establish stronger standards.’”
NPR furthered this discussion. “The plan is intended to unify nearly four dozen disparate state data breach disclosure laws into a single, federal standard. But … much rides on whether or not any federal breach disclosure law is a baseline law that allows states to pass stronger standards.”
So what do you think? How will this ruling impact your breach preparedness plans?
Whether you fall on the side of yea or nay on this issue, one key take-away should be that having a proactive incident response plan in place will address every issue this bill is proposed to solve — by notifying consumers with the most accurate information in the swiftest time frame possible, and with an eye to abiding on all state and national requirements.
February 17, 2015
Jackie here. Every time I pop on Facebook, I spot a scam or two. Do you know a Facebook scam when you see one? Keep your eyes open for these red flags and use caution when you see an advertisement or offer on Facebook that looks suspicious. Make Facebook a place for friends and family, not falling victim to ID theft.
You aren’t going to receive free airline tickets just for sharing a post or receive money from a wealthy benefactor by clicking “like”. Free can be risky on Facebook. That doesn’t mean you won’t find the occasional giveaway on the site (many legitimate bloggers and companies use Facebook to spread the word about promotions), but when you do, be cautious. Remember, there’s a big difference between giving away one blender to a single winner and offering a free iPad to anyone that wants one. When in doubt, use caution before entering a contest of giveaway.
If a video promises the answer to becoming an instant millionaire, a sneak peak at a naked celeb, or a high speed car crash destined to be the next viral sensation, don’t watch it. Many of these videos are scams. Click on the video and you’ll be asked to download viewing software (complete with hidden malware). When you need that video fix, head to YouTube instead.
Don’t be fooled by offers to tweak your profile, change your Facebook background, or perform some other service to your account in exchange for your username and password. Your login credentials are yours and yours alone. Never share them with third parties.
Are celebrities sending you friend requests? It’s likely a scam. Choose your friends carefully and be very cautious when friending those you don’t know personally. Double red flag if this new friend asks you to send them money.
Facebook and other social network sites are great ways to stay in touch with friends and family, but that doesn’t mean they are 100% safe. Use caution when you come across offers that seem too good to be true, or when a distant friend asks you to send them money – these are likely scams. Which of these Facebook scams have you seen?
February 11, 2015
Jackie here. Are your cookies spying on you? I’m not talking about that box of chocolate wafers in the cupboard, but rather cookies that websites use to monitor the activity of site visitors. These cookies might not be seen, but that doesn’t mean they aren’t gathering your information.
What Are Cookies?
Do you need a refresher course about cookies? We’ve all heard of them, but how many of us actually understand what these cookies are gathering? We could all use a little reminder about cookies every now and again.
Cookies are small files that websites place on your hard drive. They basically act as an identifier (kind of like a name tag) that alerts the website to your presence and subsequent visits. Cookies aren’t necessarily bad; they bring a lot of convenience and functionality to the internet. Every time your shopping cart remains filled with items when you return to a site, that’s a cookie in action. Cookies also make it easier to use websites where you need to login. Without a cookie, you’d be forced to enter your password a lot more frequently.
Although cookies can be harmless and even helpful in some instances, they carry the potential to gather huge amounts of personal information about you. When you provide personal information to a website (to make a purchase for example) this can be paired with a cookie, letting the website know exactly who is visiting (both that time and each time you return). Cookies can also be used to monitor your web behavior, transmitting information about the sites you visit, the things you buy, etc. to advertisers and others.
Cookies and Your Privacy
Cookies have the potential to compromise your online privacy, but there are things you can do to increase your control.
Privacy Policies Are a Must- Are you reading your privacy policies? These important documents help you to know how your information is being used. This enables you to make smart choices about the websites that you choose to visit and the information you provide. Read privacy policies carefully and often (remember, policies can change).
Clear Your Cookies- Cookies do track your web behavior, but they can be removed (most can at least; some new cookies are unavoidable). You can clear your cookies easily any time you want a fresh start for your browser.
Learn about Your Options- To protect your data from cookies, learn about them. Here is a great resource for understanding cookies.
February 7, 2015
Jackie here. Let’s be honest; keeping up with passwords can be very challenging. Even after countless warnings, people still choose weak passwords to protect their important accounts. While this is not a safe practice, it is understandable as good passwords can be hard to remember. Twitter recently launched their potential solution to the problem, a unique sign in tool called Digits. Let’s take a look.
What is Digits?
Digits is a tool that app developers can use to bypass the password and make signing into apps easier. For users, they will be able to input their mobile phone number instead of a username and password to log in to apps that use this feature. A text is sent for authentication and sign up is complete.
Digits aims to make things easier for both app developers and users. Remembering your phone number is something you probably already do (no more complex passwords). Developers can tap into an easy method for authentication.
What Does Digits Mean for the Password?
Will Digits change the password? Right now Digits only impacts the a select few apps that it is affiliated with, but in time innovative password solutions like this could replace the standard combinations of letters and numbers that we use every day. Think about it… do you go anywhere without your phone? I don’t and I’m guess you don’t either. Mobile devices could someday be a great tool for identification.
There are some potential downsides to this feature, however. Mobile numbers are potentially easier to guess than your passwords. The addition of a verification text will help make this process more secure, but time will tell if Digits increases mobile security while making log-in details easier to remember.
Have you tried Digits? What did you think?
February 5, 2015
Jackie here. Tax season is upon us and for some people that means returns are around the corner. While you’re hard at work preparing your tax documents, thieves are busy too, filing returns and claiming refunds that aren’t theirs. How can you protect your refund this tax season? Here are some tips from Time to get you started.
File Quickly- If you haven’t yet started on your taxes, start as soon as you can. Filing quickly can protect your refund by ensuring that you file under your identity before thieves do. Waiting until the last minute to file can greatly increase your risk of tax identity theft.
Minimize Your Risk- How big is your refund? If you’re getting back thousands this year, you might want to change your withholding to reduce the size of your refund. This won’t protect you from tax ID theft, but will minimize the amount of money that you have at risk should you fall victim.
Protect Your Information- All thieves need to file a fraudulent refund in your name is your birthdate and SSN. Protect these numbers. When possible, have tax forms (like W-2s, 1099s, mortgage interest statements) sent to you electronically. At the very least, bring your mail in as soon as possible; thieves often steal tax forms out of mailboxes at this time of the year.
Get a PIN (when it becomes available)- The IRS is launching a pilot program where taxpayers can obtain a personal identification number (PIN) to protect their identities. This special number must be included on all tax documents. Right now the service is only available to those that filed a return from Washington DC, Florida, or Georgia last year or those that were victims of tax ID theft. Get your PIN here if you qualify. (Once you opt in, you can’t opt out.)
Don’t Use Public Wi-Fi to File- If you file online, use a secure computer and a secure network. Never use public Wi-Fi to file your taxes.
Avoid Scams- Tax themed scams are rampant this time of the year. Remember, the IRS isn’t going to call you on the phone – they communicate via snail mail. Be very careful with the sharing of personal information to keep your tax refund safe.
For more tips about protecting your refund, check out this article from Time Magazine.
February 2, 2015
Karen Taylor for AllClear ID
Judging by the success of increasingly high-scale attacks, it appears 2014 was a rewarding year for cybercriminals — and a rough year for the companies they targeted.
Further, malware with names like Heartbleed, Shellshock, and POODLE grabbed headlines while wrecking havoc in thousands of companies.
Adding to the challenges for the affected companies was a general lack of preparedness in responding to large-scale incidents.
Now, security experts are reporting their early-warning predictions for 2015 — and forecasting an equally rough year ahead, especially with ever-increasing sophistication of old and new versions of malware.
Are you prepared for what’s coming?
Forewarned is forearmed, as they say. So think of this post as an early-warning system about some of the leading malware threats that experts are predicting for the year ahead.
Hindsight is 20/20
Trend reports for 2014 show that it was a rough year for companies — with a growing number of malware types to block from consumer data. This growth trend foreshadows the continuing challenges we’ll face this year in keeping customer data safe.
“From new malware families to PC grade mobile malware, from persistent PC Trojans to cloud based criminal services – cybercriminals have been keeping busy with new and advanced techniques,” according to Security Intelligence.
“Malware banking threats are escalating in sophistication, and financial institutions and bank customers are at increased risk for loss of personal data and wire transfer fraud,” reported Bank Info Security. “According to a survey on data breaches conducted by Verizon in 2014, Citadel is the preferred banking malware among criminals for personal data information theft, while Zeus continues to be the favorite banking malware for stealing money from bank accounts.”
“The growth of malware appears unstoppable,” stated Spanish computer security company Panda Security. “In total, some 20 million new strains were created worldwide in the third quarter of the year (2014), at a rate of 227,747 new samples every day.”
Forewarned is Forearmed
Predications for 2015 are equally grim.
Global computer security software company McAfee predicts trouble ahead from many directions, including ongoing problems from the sophisticated Shellshock malware. “During the second half of 2014, we learned of the Shellshock vulnerability: a weakness in Bash, a command shell found on Unix, Linux, and OS X machines. It lets an attacker perform arbitrary commands on the victim’s machine, which makes it the most dangerous type of vulnerability — rated 10 out of 10 for severity by the U.S. National Vulnerability Database. We are just beginning to understand the scope of this vulnerability.” For businesses and consumers alike, the potential for further harm as a result of Shellshock will likely be a trend that surfaces in 2015.
Attacks are expected to increase from another type of malware spotted in 2014 called CryptoLocker, noted Panda Security. “CryptoLocker operates in straightforward fashion: Once it gets into a computer, it encrypts all types of documents that could be valuable to the user (spreadsheets, documents, databases, photos, etc.) and blackmails the victim into paying a ransom to recover the files…” While this malware relies heavily on paralyzing victims into compliance with the threat of not being able to access files, preventative measures such as creating an external backup of all files can go a long way in preventing the success of such an attack. Nevertheless, many experts predict 2015 will be a big year for CryptoLocker.
According to security solutions company Kaspersky Lab, a malware called Regin was first mentioned at a security presentation in 2012. Regin is a cyber-attack platform which the attackers deploy in the victim networks for ultimate remote control at all possible levels. The platform is extremely modular in nature and has multiple stages.”
Shellshock, CryptoLocker, and Regin are only three of the millions of malware strains roaming the internet today.
Prepare to Mitigate Risk
No matter where threats to your business come from, effective breach preparation is still one of three critical actions companies must take, along with detection and prevention — to thwart and recover from anything the cybercriminals can throw at us. In today’s age of increasing cyber risk, it’s more important than ever for businesses to prepare to respond quickly and effectively to the inevitable data breach. A comprehensive and tested response plan will enable businesses to successfully navigate the constantly evolving cyber risk landscape in 2015 and beyond.
January 31, 2015
Jackie here. Is your password hackable? Often, your password is the only thing standing between thieves and your identity, but most of us aren’t choosing strong ones. Many times we choose passwords that are easy to hack (and easy to remember) and basically hand thieves the keys to our identities. If you want stronger passwords, learn about ways to improve the strength of your passwords and give it a shot. A stronger, more secure password is achievable.
Easy to Remember, Easy to Hack
Are you using your dog’s name as you bank account password? It is human nature to choose easy to remember passwords and hackers often prey on this tendency. Those super simple passwords are some of the easiest to hack. Avoid using common dates (anniversaries, birthdates), names of pets or family members, common words, etc.
While easy to remember passwords aren’t the best choice for your most sensitive accounts (like bank and financial accounts, health accounts, email, etc.), they can work well on accounts where sensitive information isn’t at risk. You don’t need a 16 digit password complete with symbols for every account. Choosing the easier to remember passwords for your less sensitive accounts may save some room in your memory for the complex passwords you need to protect your most important information.
Repeated Passwords- Hack One Get them All
Do you use the same password across multiple accounts? This common password tactic can lead to hacking. Banks and other financial websites often have heavy security that can be difficult to penetrate. Other websites probably don’t have the same level of security. Thieves often take the road of least resistance and breach those easier to hack sites to gain your login credentials to more lucrative, more secure sites. If you’re using the same password for your bank account and your favorite clothing store, you’re making a big mistake.
Making a few little changes to passwords from site to site is also a risky move. Hackers can often figure out the method you’re using and determine your password for other sites too. Never use the name of the website in your password.
You’re Using a Common Password
If your password appears on the list below, change it immediately. These passwords are some of the most common passwords at the moment (and none of them are a good password choice).
- 123456 (or its variations: 12345678, 123123, 87654321, 1234567890, etc.)
- password (or password + a number: password1, etc.)
- iloveyou (also risky: ilovejohn, etc.)
- adobe123 (or Microsoft, photoshop, etc.)
You’re Trying Too Hard
Technically the most secure passwords include upper and lowercase letters, numbers, and symbols, but not every good password has all of these elements. Length has a big impact on how easy your password is to crack. A longer, easier to remember password is often more secure than a shorter password even if it’s packed with symbols, numbers, etc.
To see how secure your passwords are (please don’t use your actual password, try similar passwords instead) try the free tool at howsecureismypassword.net. This password checker will tell you how long it would take a PC to crack your password using a brute force attack. The password mN1@6p would take about 52 seconds to crack while banana bubblegum would take 2 billion years. Which one is easier to remember?
January 26, 2015
Jackie here. It’s Tax Identity Theft Awareness Week. Tax identity theft is growing at astronomical rates (levels tripled from 2011 to 2012 and its just gotten worse from there). We all need to be on high alert for signs of tax ID theft. This week gives us all an excellent opportunity to think about our identities as we roll into tax season.
Help spread the word about Tax ID theft this week and keep your friends and family safe. Here are some simple things you can do in honor of Tax Identity Theft Awareness Week.
Attend a Webinar- Education is one of the best ways to protect yourself from all types of identity theft. On Tues. January 27th the FTC, AARP, and Treasury General for Tax Administration are teaming up for a great free webinar. Find the details here (webinar information is at the bottom of the page).
Share Some Tips- Are you on Facebook or Twitter? Sharing tax ID theft tips is an easy way to share this important message. Don’t worry; you don’t have to create the tips on your own. Use these from the FTC.
Start Working on Your Taxes- Filing early is one of the best things you can do to protect your taxpayer identity. Use this week to start gathering paperwork and crunching numbers so you can file as soon as possible.
How will you protect your family from tax ID theft this year?
Jackie here. If privacy is important to you, do something about it. Data Privacy Day is January 28th and there are many great ways to get involved this year. What will you do?
Data Privacy Day is an annual celebration of all things privacy. It’s a chance to renew your commitment to protecting your privacy and an opportunity to educate and inform others about privacy’s importance. Here are some excellent ways to celebrate Data Privacy Day this year.
Share on Social Media
Take a break from laughing at cat pictures for a minute and do something useful with your social media accounts. Sharing privacy tips is a great way to spread the word about privacy and to give your family and friends a chance to celebrate Data Privacy Day too.
Data Privacy Day on Facebook- The official Facebook page for Data Privacy Day has some easy to share tips about privacy. Pick your favorite and share with your friends.
Join in a Twitter Chat- On January 28th at 10 am EST IBM is hosting a Twitter chat. To join in simply use the hashtag #identitymixer.
Have a “Privacy Talk”
Do your children understand the ins and outs of privacy? A family privacy talk is a wonderful opportunity to reinforce good privacy practices for everyone. Don’t come to your talk unprepared; you’ll find a variety of great resources to use here.
Join a Webinar
There are a couple of informative webinars taking place as part of Data Privacy Day. Both are focused on privacy for businesses and organizations. If you want to step up good privacy practices at your company, these can give you the jumpstart you need.
Reducing Costs and Liabilities Through Privacy Awareness- 35% of data breaches are due to human error and 29% are caused by problems in your business practices. Learn how to reduce your risk and better protect your business.
Both webinars require registration (and some a small fee), so if you want to attend, follow the links and register now.
Pass Along Resources
Spread the word about privacy by sharing some of these tip sheets. Hang one up in your office or display a few on a community message board.
Give Yourself a Privacy Check-Up
How are you doing with privacy? Data Privacy Day is the perfect day to check up on your privacy settings. Find out how here.
How will you celebrate Data Privacy Day?
Jackie here. Do you have a webcam? If you do, there’s one type of malware you need to be aware of: the Remote Access Trojan (RAT). RATs have been used to hack into webcams and spy on their users without their knowledge. It isn’t just celebrities and politicians that are at risk; everyday people have been victims of RAT spying using their webcams and the spying is becoming more common. Here’s what you need to know to protect yourself.
Remote Access Trojans (RATs) – What Are They?
Remote Access Trojans, also known as RATs, are a type of malware that allows for remote control of a device. This malware allows the perpetrator to access your computer files, to view your computer activities (and to obtain account information, passwords, etc.), to alter programs on your computer, and to spy on victims through their webcams (basically anything you can do, the perpetrator can access too). This type of malware is hard to catch as it doesn’t really change how your computer works and doesn’t typically show up in lists of running programs.
Webcam Spying- How Common is the Problem?
RATs are a common type of malware, but it is unknown exactly how prevalent they are since they aren’t easily discovered. Last year, hundreds were arrested for selling access to computers infected with RATs. A recent article on the problem from the Atlantic also mentions cases of school districts, computer stores, and others using RATs to spy on people without their knowledge.
RATs sound scary and they are, but luckily good computer practices can go a long way in protecting your device. If you follow the advice we share often here on the blog, you’ll likely be doing most of the
things on this list already. Here are some important ways to protect yourself from RATs.
Use Antivirus Software- Your computer should always be protected with an up to date antivirus program. Make sure you’re performing your regularly scheduled scans.
Install Your Updates- Updates to software programs might be annoying, but they often include security fixes. Automatic updates are a great way to make sure your computer is always up to date.
Be Careful with Attachments- Be extremely careful when downloading attachments even if they appear to be from someone you know. Legitimate accounts can be compromised, so if an email seems suspicious (even if it’s from someone you know) don’t open the attachment.
Avoid Illegal Downloads- Sites where you can download pirated movies, games, etc. are a big source of malware. Steer clear of illegal downloads.
Cover or Unplug Your Webcam- When you aren’t using your webcam, unplug it or cover it. This applies to both webcams that are part of your computer and those that clip on.
January 23, 2015
Jackie here. We share many scams here on the AllClear ID blog. Each is a little different from the ones before, but many are surprisingly similar. Thieves have their tried and tested scams that they turn to again and again to trick unsuspecting victims. I can’t tell you what scams 2015 will bring, but odds are the majority of them will resemble these scams found on the list top 5 reported scams from StaySafeOnline. Keeping watch for variations of this scam will help you protect your identity this year.
Fake Check Scams
In this scam, you receive a check and are asked to cash it through your account. You get a portion of the money received as ‘payment’ and send the rest off to another bank account or by wire transfer. Turns out, the check is fake. Fall victim to this scam and you’ll be on the hook for the full amount of the check plus any fees.
Internet Merchandise Scams
You buy an item online from a bogus retailer and it never arrives. Spot this scam by looking for deals that are too good to be true – any deal that promises to sell you top shelf items at less than half the cost, for instance. Protect yourself by paying with a credit card (they offer protections against fraud like this).
“You’re a winner!” Only if you fall victim to this scam, you’re not. This scam tells you that you’ve won a prize and asks for money to cover the fees, taxes, etc. There is no prize; pay out and you’ll simply lose the money and won’t receive the promised prize.
Pay a fee and get a loan. This scam offers a line of credit in exchange for a sign-up fee. Once the fee is paid, the loan never materializes and you’re out the money you paid.
You receive an email (often from an organization that you’re associated with) that asks for personal information or asks you to follow a link. Share your info and you’ll likely fall victim to ID theft or fraud very soon. Avoid phishing scams by clicking on email links carefully. If you’re not sure if an email is legitimate, contact the company in question yourself and ask. Most legitimate companies will not ask you to share your personal information over email.
Watching out for scams such as these will help you protect your identity this year. As always, we will keep you updated with new scams as they arise.
January 22, 2015
Jackie here. One of our ID theft predictions for this year is a rise in mobile malware. One big way that malware infects mobile devices is through apps. The best way to protect yourself from this threat during 2015 is to carefully choose the apps you install. Which apps are safe? Here are some tips for choosing the safest apps for your device.
Shop the App Stores
Where you find your apps has a big impact on their potential for being malicious. Both Apple’s app store and Google Play screen apps looking for malicious software before offering them to consumers. Should a malicious app make it through the screening process, it will likely be removed shortly after problems start arising. Shopping in the official app store for your device is one of the easiest and most effective ways to dramatically cut down on malicious apps.
Use Tools to Find Malicious Software
Android users that choose to install apps outside of Google Play do have options for screening malicious apps. The feature is called app verification and can be turned on through the “Security” section of the “Settings” app. To enable app verification, switch “Scan device for security threats” to “On”. App verification will warn you before installing apps outside of Google Play, block known malicious apps from being installed, remove some harmful apps, and recommend uninstalling apps that might be harmful to your computer. This feature can help you find and detect malicious apps earlier and will alert you to potentially harmful apps that you may already have on your phone.
Third party app stores aren’t really a problem for Apple devices, but you’ll want to use caution should you ever install a custom enterprise app. These apps are typically created by companies to provide employees, etc. with custom tools. Use extreme caution when installing this type of app and only install them from your organization’s secure website.
Check Your Apps Often
Finally, check your apps often. Remove any apps you are no longer using. Before installing a new app, make sure you are aware of what information the app will be gathering and how your information will be used and stored. It’s a good idea to recheck this information periodically as policies can change.
Protect yourself from malicious apps this year on all of your devices. A little caution now can save you from potential headaches down the road.
January 20, 2015
For businesses to successfully navigate today’s threat landscape and craft effective response strategies for data security incidents, understanding the true costs associated with data breaches is critical. Please join AllClear ID for a complimentary webinar that will help attendees understand the real cost of a data breach. Industry leaders will explore findings of 117 data breach insurance claims and resulting losses.
Speakers will share perspectives on:
- 2014 NetDiligence Cost of a Claim study
- Tips for cost savings in key areas of breach response
- Insights on cyber insurance, notification, consumer protection and legal services
Register for the webinar here: https://cc.readytalk.com/r/7gmgib66m96c&eom
Speakers include Mark Greisiger of Advisen, Andy Obuchowski of McGladrey, John Mullen of Lewis Brisbois Bisgaard & Smith, Jamie May of AllClear ID, and Vinny Sakore of Verizon Business and ICSA Labs
January 19, 2015
Jackie here. Are you reading your terms or service and privacy notices like you should? With so many documents filled with complicated legal terms it is certainly easy to be tempted to skip reading a few, but this can come with big consequences for your privacy. Reading those documents might be dull, but it will help you know what you’re agreeing to each time you sign up for an account.
What Are You Giving Away?
An interesting article from the ITRC details the real consequences that can come with not reading privacy policies and terms of service agreements. They detail two specific cases where terms of service gave companies some pretty extensive access into users’ lives. The first example involves user emails that were used by the company in a court case. The company in question was able to access private accounts to prove theft of proprietary information due to a provision included in their user agreement.
Another company providing a residency program for authors included provisions in their terms of service that granted them full rights to the author’s work, something that created quite the outrage among some of the program’s applicants.
The lesson to be learned from both of these instances (as well as countless others out there) is to carefully read the policies associated with your accounts to protect your privacy. Terms of service and privacy policies are legally binding documents and not reading them doesn’t make you immune from their provisions. If you struggle with reading the entire policy, at least skim for the clauses that include how your data can be used and accessed.