How to stay safe online: Personal Information

social media sites

A report into digital exclusion by the Low Incomes Tax Reform Group in 2012 [pdf], highlighted the pressing need to support people not just in getting online but in the computer literacy levels needed to effectively make use of online services.

As Government continues with its "digital by default" strategy, the LITRG report shows that "significant numbers of citizens are being left behind as a result of government policy and are in danger of falling even further behind in the future".

Amongst sending and receiving email, and finding information online, Go ON UK noted sharing personal information as a basic online skill, particularly in relation to these four activities:

So in this section we'll look at the situations when you might be entering personal information into websites and how to make sure you're doing this safely.

Protecting your information

One of the best ways to stay safe is to be prepared, and often that means knowing what you're likely to come up against before it happens.

In terms of protecting your information online, there are three main things to be really aware of:

  1. Where you could be entering your information into an unsafe website
  2. Where an otherwise safe website could pass on your information
  3. Where an otherwise safe website could expose your information to others

Let's look at those three in more detail.

Entering your information into unsafe websites

Like scam emails, this often means replica or fake websites, that may be offering to sell goods or services and rather than selling you a product will simply collect your information to use or to sell on for fraud.

This is a pretty opaque tactic and the best way to avoid it is to only shop with websites you know and trust.

Sticking to big names like Amazon, Tesco, Marks and Spencer or Debenhams for example, means you're not taking the risk with small retailers or online outfits that you don't really know anything about.

While the Internet is of course full of 'good buys' and 'discounts', often the hassle and potential risk just isn't worth it. Plus, most of the best prices can still be found on big name websites like Amazon - and of course Tesco is just as cheap online as it is in-store.

Like with scam emails, if something sounds too good to be true, you're often going to be better off avoiding it however tempting it may seem.

What help is available

HTTPS and the padlock

Legitimate websites know people are wary about shopping online and security certificates have been introduced to help ensure consumer confidence.

VeriSign is probably the most well known provider, however there are plenty of others which all work more or less the same way.

When you 'check out' on a shopping website you should be transferred to an encrypted connection. You'll know this has happened because the web address in your browser will change from "http" to "https". You should also see a padlock appear somewhere near the address bar too.

marks and spencer secure checkout

HTTPS means that any information you enter will be sent encrypted so hackers can't intercept the data transfer and access your information.

Make sure to look for the "padlock" and check the security certificate of any site you buy goods or services from is valid, do this by clicking on the padlock.

Credit card fraud liability

The majority of credit card providers subscribe to an industry guideline called the Lending Code.

The Lending Code sets out maximum liabilities for cardholders who fall victim to fraud, whether online or otherwise.

The guidelines state that where fraud is committed without a cardholder's knowledge or consent, they cannot be held liable for more than £50.

Some credit card providers go further than this too, by offering 'Internet fraud guarantees' with zero liability where fraud has taken place online.

The effect of this is it's usually always safer to pay by credit card when shopping online if you can.

Purchase Protection
Section 75, a piece of consumer credit law, is another good reason. If you buy something online and it simply fails to turn up, arrives damaged or not as described - the credit card provider is held equally liable with the supplier for the full purchase price.

3D Secure

Whether you pay online by credit or debit card, the fairly recent addition of '3D secure' services by Visa and MasterCard will again offer some protection against fraud online.

These services are not fool proof: in fact, all they're protecting against is unauthorised use of your card with participating merchants.

But it is an extra level of protection, which asks for a preset password as well as your credit or debit card number when shopping online with participating merchants.

PayPal buyer protection

It's worth being aware that PayPal waives Section 75 consumer protection when using a credit card via PayPal, due to adding a third party to the supplier > credit card provider chain.

However, PayPal often comes into its own when shopping on smaller sites and of course eBay.

The main benefit of PayPal is that it hides your payment details from the company or person you're buying from, which means you're keeping your personal information safe.

PayPal also offers its own 'buyer protection', a guarantee of your money back if you run into problems such as undelivered or not as described items.

What you need to do

Safe browsing

As we've covered, safe browsing often means visiting sites you know and trust.

The easiest ways to do this are by manually entering the web addresses of sites you want to visit into your browser, and if you don't know the address use well known search engines like Google, Yahoo! or Bing and search for the company name.

It's not unheard of for some bad websites to slip through the net, but generally speaking search engines are pretty good at detecting spam sites and hosted malware, and Google for example will flag up suspected sites.

Using some of the tools we've mentioned in part two on browsing, such as Norton Safe Search, will help to protect you further.

Double check the web address

It's also worth double-checking the domain name is what you expect it to be too. Make sure you're on "amazon.co.uk" and not "amazona.co.uk" or "amazon.a.com" for example.

Like email phishing scams, you can also come across replica sites occasionally just by browsing in the wrong places too. Sites can be made to replicate trusted online shops, such as Amazon, as well as banks.

amazon secure checkout

Secure your wireless network

Before you start doing next year's Christmas shopping in the sales, it's also worth double-checking that your wireless network - if you're using one - is secure too.

Wireless networks can be hacked into and the information you send and receive whilst online can be intercepted if your network is left open.

Find out more about how to do this in this guide to securing a wireless network.

Where a website could pass on your information

This again is a tricky one to spot and requires a bit of digging around on any site you might have to enter information into.

On the brighter side though, you only have to look in one place: the Privacy Policy.

The Privacy Policy is a document that websites must provide by law, which sets out the way in which it will store and use any information the website collects about you or that you provide.

Of course, fake and scam websites probably won't be sticking to the line of the law, but checking privacy policies is the way to protect your information in the middle ground. Legally operating companies that may be on the borders of being unscrupulous, unethical or just not very consumer friendly.

These websites may otherwise provide a good service, but they may in turn sell on or otherwise distribute your information to partner companies, who may then start contacting you with advertising offers, or in worse case scenarios signing you up to paid services on the quiet.

An example of this was in 2007 when Interflora passed on customer details to a company that automatically signed them up to a shopping discount program which charged £8 a month for membership.

Many customers were completely unaware of this until they noticed the money being taken from their accounts.

It turned out Interflora had hidden away in their privacy policy something which basically permitted them to pass on customer details to a company called Webloyalty, who it seems could basically in turn do as they wished with that information.

At the time, Interflora's privacy policy read:

"If you are a new or existing customer, and where you permit selected third parties (such as Webloyalty, as described below) to use your Personal Information, we (or they) will contact you by e-mail, mail, telephone, SMS or other means.

"Your Personal Information will be transferred to Shopper Discounts & Rewards (a company owned and operated by Webloyalty International Limited (hereinafter, Webloyalty), which is not affiliated with Interflora, if you give your consent to this in the process outlined below:

(i) If you have clicked the 'CONTINUE' or 'CLICK HERE' buttons on the Interflora purchase check-out page displayed once you have submitted an order on the Website, agreeing to view details of the discount voucher offer made in conjunction with Webloyalty, and Webloyalty's terms and conditions of such offer and services; and

(ii) If you have consented to having Interflora transfer your Personal Information to Webloyalty by providing your e-mail address and clicking the button beneath on the Webloyalty webpage, consenting to such transfer.

"If you do consent to your Personal Information being disclosed by us to Webloyalty as referenced above, your Personal Information will be held by Webloyalty for the purposes set out in Webloyalty's privacy policy. Therefore, you are strongly advised to read Webloyalty's privacy policy and satisfy yourself as to the purposes for which Webloyalty will use your Personal Information before agreeing to Webloyalty's terms and conditions. We have no responsibility for the uses to which Webloyalty International Limited puts your personal information."

What you need to do

Check the privacy policy

Check the website/retailer privacy policy before entering any personal information and make sure they say they won't share your details with anyone else.

Personal information we're talking about here includes any one or more of the following:

Where a website could expose your information

The first time you register and create a profile with Facebook anything you post will not only become visible to anyone with a Facebook account, but your profile will be accessible for public search engines to list too.

Considering that research carried out by Consumer Reports in June 2012 revealed 13 million Facebook users in America had never set or were aware of their privacy settings, we're not sure why Facebook doesn't lock more down by default - surely for a 'personal' profile, the opt-in should be on publication, not privacy.

While some write-ups have highlighted 13 million is only actually 8.7% of users, the research also noted how 28% of users were sharing almost all of their posts with more people than just their connected friends.

That could mean people are sharing posts with friends of friends of course, but for just one user that could still mean thousands of people they've probably never met.

Additionally, research from GetSafeOnline found that only 50% of UK Facebook users had secured their personal information using the highest available settings, and just 25% had done so on Twitter.

All in all then - when using social media sites two of the most important things to constantly keep in mind is "who can see this information I'm entering?" and "am I going to be sharing this information with people I don't want to?"

There are plenty of guides online as to how to set Facebook privacy settings, as well as of course Facebook's own dedicated safety centre and privacy settings page.

So we won't go into how to set each setting in this guide. Instead we'll look at a few examples that highlight the importance of learning and using privacy settings in Facebook, as well as simply being aware of the importance of considering what information you are sharing or even publishing in the public domain.

Identity theft

One potential danger of inadvertently exposing too much information on social media sites or personal blogs is identity theft.

Useful Links

A recent article by The Independent highlighted the need for social media users to become more "information vigilant" in light of the hacking of 250,000 Twitter accounts.

The article points out the fact that by these hackers gaining access to social media accounts, they're also accessing enough information to commit identity theft and fraud.

James Jones from credit reference agency Experian is quoted as saying "Criminals typically need just three pieces of data to commit ID fraud so any unauthorised access to an online account is bad news."

Neil Monroe from Equifax is also quoted in the article, "Many people would be shocked to know how little information criminals need to be able to steal an identity."

Put that together with a very public or unprotected social media account and you could be taking risks by exposing too much personal information.

Personal security

It's not just children who are vulnerable to personal security online; criminals, fraudsters and predators can target a whole range of vulnerable or simply unsuspecting adults using the Internet socially.

Don't reveal your location
Hitting the headlines in April 2012 was a new iPhone app called "Girls Around Me".

The App combined information from FourSquare - a social location based reviewing site and Facebook accounts.

The premise of the application was that it "scans your surroundings and helps you find out where girls or guys are hanging out. You can also see the ratio of girls to guys in different places around you."

Even more worrying, it also claimed "In the mood for love, or just after a one-night stand? Girls Around Me puts you in control!"

Unsurprisingly the app came in for a lot of criticism over privacy and personal safety, and FourSquare blocked the app from accessing its location data.

While this is somewhat an extreme example, taken offline by the data providers almost as soon as it was launched, it does highlight the danger of revealing your location on social media sites.

Or that you're going away
Burglars are another good reason not to give away your whereabouts.

Not revealing online when you're out of town, or planning to go on holiday, has been an Internet safety tip since before Facebook was even launched.

Nowadays, even posting photos of your house or tagging its location are Internet safety no nos.

Do you know who you're talking to?
It's not just revealing where you are in real life that poses a danger though. Simply communicating with people you don't know or are meeting whilst online poses a personal safety risk too.

The 2010 'Facebook' film Catfish became popular for highlighting just how little we really know about the people we meet online.

And as this recent, real life story in The Mirror points out, its very easy for people to hide their real identities online, you could easily be speaking to someone who isn't who you think they are and they could even be looking to take advantage of you.

What you need to do

Set Social Media privacy settings

Once you've registered for an account with Facebook or Twitter, before you start posting any information or photos, it's important to check out and set up your security and privacy settings.

In Facebook, hide your profile from search engines, this means it will only be possible to find your profile via Facebook, and not via Google or Yahoo!

Another setting is that you can hide the information you enter from everybody except those people you've confirmed as friends. Again, this setting isn't on by default and so it's worth spending some time here to make sure your social media profile is only visible to people you know and trust.

facebook privacy settings

There are a few privacy settings available on Facebook and some on twitter too - so it's best to check out a dedicated guide to this.

Here are some options:

Are they your friend in real life?

In 2009 Sophos conducted a poll that found that 46% of Facebook users accepted friend requests from strangers.

As we've seen, it can be difficult to know if the people we meet online are who they say they are, and adding people we don't know to our social media accounts can mean we're sharing personal information with people that might take advantage of it.

Stay safe by only connecting with people you know in real life.

There's no benefit in having the most 'friends' on Facebook, and people can often feel like leaving Facebook if they start to feel over-exposed.

Facebook does however offer different levels of settings for different groups of people. So you can always share more information with close family than with the people you went to school with for example.

Be careful about what you post

Aside from being otherwise polite and friendly of course, there are specific things you shouldn't give away on Facebook:

The same poll from Sophos found that nearly 100% of users post their email address, 89% of users in their 20s giveaway their full birthday and between 30% and 40% of users publish data about their family and friends.

All of these can create vulnerabilities to your personal safety and your financial safety: as we've seen criminals only need three pieces of information to steal an identity.

Other things to be aware of not giving too much information away is any information you may otherwise use for passwords or security questions such as with your bank.

High up on the list here is probably your mother's maiden name, the name of your first pet and the street you grew up on, among others.

Choose a strong password

Make sure you choose a strong password whenever creating accounts online.

Strong passwords typically consist of a mixture of upper and lower case letters, numbers, and even punctuation where allowed.

If you're worried about forgetting passwords, or having to create multiple different passwords in order to remain safe, there are secure programs available that can help manage passwords.

Mac OSX has a built in Keychain Access utility, which can remember usernames and passwords for websites and programs and enters them automatically for you. Passwords stored are protected by your main Mac login.

Windows users will have to download a separate program, but there are free options available, such as KeePass.

microsoft password strength tool

Another handy free tool is one provided by Microsoft, it's available here. It's a password strength-checking tool, which will help when having to think up another new password: because of course, each password you use is much more secure when it's unique.

According to CNN, the top 10 worst passwords for 2012 were:

  1. Password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. monkey
  7. letmein
  8. dragon
  9. 111111
  10. baseball

Online harassment

Lastly, if you ever experience online harassment on the Internet, through social media or otherwise, start by blocking contact if you can, tell someone (this is probably the most important thing to do), and keep a record of the communication in case you have to escalate the problem to a mobile or Internet provider or the police.

Please read our full disclaimer for important information that relates to the service we provide and your use of this site.

We aim to provide free reviews and comparisons of consumer products and to keep our editorial content as objective as possible. To keep the site free, we are paid by some providers when new customers take products after they've clicked on our links. We don't allow our editorial content to be affected by those links, however we may not include all of the products available in the market. Finally, we do not submit or process any applications for any products or services and we cannot guarantee that any product or service listed on this website will be available to you. Credit providers make the final decision on whether an application for credit will be accepted.

If you would like to get in touch with us you can contact us here.