A. Never participate in anything that asks for even your gender.

B. Provide only what is necessary.

There is no third option, and if you exercise option A then you should get off the Internet bandwagon, as there is nothing for you. But, if you chose option B then you can avail all the benefits offered by the great medium, and also keep your data safe. This is what we will talk about in this blog post.

Honesty is not required

Honesty not always pays; at times it costs very dearly. Consider a situation where you are asked to fill-in a long application form to get access to whatever is there on the other side of the form. You fill in all the required details to the best of your knowledge, and boom. You find you have been duped. The site was not what it was claiming to be, and it is already late. You have given all what it wanted to take.

Did honesty pay?

Consider the alternative. You visit a website, and fill only what is absolute must to get access to the content on the other side of the iron curtain—you did this even to the most trusted of the websites like Amazon, Google, et al. Now, even if you are duped, you have not given it all.

Created Identity

If they are after your identity then give them nuts!

Provide them fake information of a fictitious person whose only reason for existence was to help you get access to data on the inside of the wall. There are services like www.bugmenot.com, which you can use to get ready-to-use login information. You can also use a temporary e-mail ID, which will cease to exist after couple of hours, but will do the needful for you.

Do not be too generous with your personal details. It may not mean anything to you, but it mean a great deal for thieves. And when lost, it will come to haunt you.

As said honesty is not required, and so is the generosity.

Whatever your position on these national windfalls, one thing is for certain: taxpayers aren’t the only ones celebrating. Identity frauds have long perfected the art of posing as banks and financial institutions in the hope of filching unsuspecting peoples’ bank details, and sometimes much more. Add in the prospect of the tax departments planning to pay out to huge swathes of the population in one go, and you get a situation almost custom-made for those skilled at preying on the desperate and naive.

So as you await the good news from your tax department, what can you do to minimise the risk of your most important details falling into the wrong hands?

Essentially, the principle is the same as with any online scam – be extremely careful of what you read and very selective to whom you give your banking/credit card details (If anyone), and restrict your online transactions to well established and easily verifiable sites (Such as Amazon)

This is especially true in an environment like this, where people are expecting good news from an official body; let’s face it, it’s not something that happens very often and people’s excitement means easy money for fraudulent internet operators and phishing scams. Mistrust ANY email asking you to provide your personal information, especially if the reasoning given within the email is vague, or even non-existent. Do a quick internet search for information on the claimed company in the email before even considering replying (Something that is not always advisable in and of itself lest you ‘activate’ your email address for more numerous and severe spam), and if you do reply make it very clear you want the sender’s name and contact details before you consider sending anything.

Any evasiveness or reluctance to comply on the sender’s part should be treated with complete suspicion; report them to your country’s Consumer Affairs department and, if they are posing as well-known and/or official bodies (Such as a major bank or the tax department), notify the real organizations immediately.

Of course, when it comes to Stimulus Time the main principle is far simpler: ignore ANY email or post (Or for that matter any purely electronic means of communication, including SMS) claiming to be from the tax office. If there’s one thing the world’s governmental departments have in common, is that they almost exclusively contact people via posted hard copy, especially in matters involving money. Never assume that would change.

After all, since when have government departments keen to try out new ideas? The answer is, of course, never, and particularly distrust anything that suggests differently at a time when money is meant to be changing hands. Identity frauds rely on the importance of money to people, and their naivety about how technology can affect how it’s dealt; be vigilant, and don’t let these people who aim to capitalise on people’s excitement and concerns, catch you unawares!

The problem becomes more serious if this information shared contains our financial information or social security numbers. In this case, we become victims of primary identity theft. Download our identity theft e-book for further information on types of theft.

To a juvenile mind, there is a solution to this problem: never share any information on the Internet, come may what. I wish, if things had been this simple; it is not. What will happen to our virtual presence on social networking and social bookmarking sites, if we stop sharing information? What will happen to our decision to buy that cool book off Amazon, or purchasing those hard-to-find-in-the-market tracks from iTune store?

We got to share information, if we intend to use the Internet properly, and all the information shared is not vulnerable to phishing, and with a cautious approach you can make your information almost 100 percent secure. And at this point Secure Socket Layer (SSL) certificates come in play.

SSL Certificate: what is it?

SSL protocol was invented by Netscape to safeguard all the transactions between browsers and servers against frauds and data leakages. An SSL certificate uses a highly complex algorithm that cannot be cracked by the hackers. VeriSign is the leader and most trusted SSL certificate provider in the world.

How it works?

When you enter a website address in the address bar of your browser, the browser sends the information entered to the server requesting the desired page and in the background it also verifies the security certificate of the website; if the site you are visiting does not have a valid SSL certificate, your browser will show you a warning about either expired or invalid or wrong certificate depending upon the status of the SSL certificate.

An SSL certificate consists of a public key and a private key. The former is used to encrypt the information being sent from the user’s browser while the later is used to decrypt the received information. Once you enter your personal or financial information on a website that has an SSL certificate, the information gets encrypted as soon as you click send and remain so until it reaches the server where the information is decoded, and you get the desired result back in your browser, again following the process of encryption and decryption.

Before assigning an SSL certificate, the certificate provider like VeriSign conducts a background check of the person or company applying for SSL certificate. Once verified, the owner of an SSL certificate is given a unique ID.

How it identify?

There are two telltale signs of presence of SSL certificate in a website. One is the https:// prefix in the web address and another is the padlock icon in the status bar of your browser.

Apart from these must-have indicators of a secure site; in all most all the cases the website you are surfing must have a logo or a banner of the SSL certificate provider saying, the site is secured by xyz certificate or any similar text announcing the availability of an SSL certificate in the website, if it has an SSL certificate.

Conclusion?

If the website, you are providing your personal or financial information to, has an SSL certificate, there is no chance of any Identity theft, but if you are sharing your critical information on a web site that doesn’t have any SSL certificate, you are at risk. If you have a website and do not have an SSL certificate to provide your customers confidence that their transactions are secure, you could be losing a lot of business.  A resource we found is Gossimer, they allow their customers to purchase SSL and dedicated IP address with every hosting package.