The 2010 Census is nearly under way, but don’t expect an e-mail from the U.S. Census Bureau asking you personal questions in its head count of America.
If you do get one, it’s a scam.
“Like most large organizations, we have seen e-mail scams and phishing attacks that cite the U.S. Census Bureau,” agency spokesman Neil Tillman wrote in an e-mail.
The Census Bureau stresses that it will not request personal information from you via e-mail, such as PIN codes, passwords, Social Security numbers, credit-card numbers or other financial account information.
A news-based phishing scheme like this one is one of several risks you face online. Cybercriminals have gotten craftier, often looking toward popular trends and events — such as tax season, the mortgage meltdown and the growth of social media — to scam people into giving them sensitive information.
To protect their privacy online, computer users need to stay informed about the criminals’ methods and to learn basic principles of caution.
Online attackers have information on millions of consumers, said Ravi Sandhu, a professor of cyber security at the University of Texas at San Antonio. However, he added, the rate at which they can use that information is considerably lower.
“It’s a bit like a lottery. To have identity theft actually occur against you, you need to have a little bad luck. There is some comfort in numbers,” Sandhu said.
In addition to criminal scams, corporate data breaches can leave your privacy compromised.
As of September 22, there have been 379 data breaches reported by the Identity Theft Resource Center in 2009, affecting more than 13 million records. Companies with data breaches included financial institutions, travel companies, health care operations and schools.
“It’s not one or two companies that are acting irresponsibly with consumer data,” said Andrea Matwyshyn, a law professor who teaches technology regulation at the Wharton School at the University of Pennsylvania. “It’s a large-scale problem where industry norms of care are arguably not adequate to address the challenges of data security optimally.”
Safeguard your Social Security number
Exercising caution before you submit sensitive information can save you a lot of aggravation down the line.
For instance, most businesses really won’t need your Social Security number, the key number for identity theft, so think twice before you provide it online.
Social Security numbers are used “to establish new lines of credit or for tax purposes. How many things are you doing online that have to do with taxes?” said Linda Foley, co-founder of the Identity Theft Resource Center.
So before you share the information, be certain that you are on that Web site of a real company — as opposed to an imposter conducting a phishing scheme. Also, ask yourself why a Web site would need your Social Security number, said Michael Kaiser, executive director of the National Cyber Security Alliance.
“I always encourage consumers to supply the minimum amount of information possible. A lot of times, you get these long forms and you get the little star that’s required, but people are collecting other [data about you],” Kaiser said. “Don’t fill it out if you don’t want to.”
Still, even visiting a legitimate Web site has its share of risks, because online attackers may inject malicious content onto them by hacking them or placing advertisements that deliver malware, Sandhu said.
If a criminal does obtain your Social Security number and creates a fraudulent identity, it can be a much bigger hassle than if he or she uses your credit card number.
Credit card companies often pick up the tab for fraudulent charges, and they send you a new card with a different number. It’s more difficult to get a new Social Security number, and a stolen identity could affect your credit rating.