Protecting Privacy Campaign
Protecting Privacy Campaign
In recent years, countless scams have convinced millions of people to divulge private information – such as passphrases/passwords, Social Security Numbers (SSNs), personal identification numbers (PINs), credit and bank account numbers – to thieves. The Protecting Privacy Campaign seeks to raise awareness in the UC Davis community about privacy issues and common threats, but the reason for this is not solely to protect the campus or the University. Over-sharing about your daily life, identity, financial accounts, identification numbers and so on, can increase your risk of becoming a victim of a wide range of crimes:
- Responding to an email that threatens to close your banking or credit card account if you don't "confirm" your user ID and passphrase puts you at risk for substantial financial loss. Thieves can use the information you provide to request replacement cards, drain accounts or max out credit cards.
- Writing down or sharing your campus computing account password/passphrase can give someone unauthorized access to your grades or financial aid information. This could also give spammers the information they need to use your email account to send out massive amounts of spam.
- Announcing publicly on Facebook that you are on vacation for a week and out of the country tells people you don't know that your home is unoccupied for a week. An unoccupied home is an easy target for burglars
To protect yourself, take a few minutes to review the topics and information below. Then tell your friends, family, co-workers, classmates and roommates about this page.
Defines privacy and identifies what information is considered private, or personal.What is privacy?
In this context, the term "privacy" refers to the availability of certain pieces of information about an individual. The practice of protecting privacy includes the wide range of actions that can be taken to prevent information about individuals from falling into the hands of those without explicit permission or valid reason to have that information. Also in this context, "private" and "personal" are used interchangeably.
What information is considered private?
In this context, a piece of information is considered private if it can be used to identify, contact or locate a specific individual or if it can be used in conjunction with other information to identify a specific individual.
Private information includes, but is not necessarily limited to:
- Social Security Number (SSN)
- Driver's license or identification card number
- Credit card or bank account numbers
- Medical record information
Sometimes, the following are also considered private:
- Birth date
- Birth place
Avoiding Privacy Pitfalls
Describes some common mistakes people make that put their privacy at risk and how to avoid them.Sharing passphrases/passwords
Over-sharing Social Networking Sites
Sending Private Information Via Email
Email uses clear text messages that can be easily stolen through electronic eavesdropping between the message sender and recipient. When sending private information, you can protect information by creating and encrypting a file attachment rather than sending it in the body of the email message. Microsoft Word and Excel and Apple OS X provide measures that can be easily used to encrypt files. For instructions, see:
- MS Office
- Mac OS X: The OS X Disk Utility, Print Utility or Preview application provide three methods for Mac users to save a file in an encrypted format. The Print Utility and Preview application can be used to save a file in an encrypted PDF format. Disk Utility can be used to create an encrypted folder in which all of the folder contents are encrypted.
Using Printers and Copiers with Hard Drives
More manufacturers are producing printers (including multi-function models) and copiers with hard drives. These drives store images and data copied or printed on the machine. In some cases, the information stored on printer and copier hard drives may include personal identity information (e.g., Social Security Numbers, driver's license numbers, credit or bank account numbers or medical record information). To protect your information:
- Be aware that the document you duplicate may be stored on the device hard drive.
- Ask the owner, manager or service contact about their printer or copier data security policy.
- To prevent unauthorized access to locally stored images, don't use an imaging device for documents containing private information without first confirming the existence of privacy and security controls.
Describes the scams that thieves use to get your personal information and what they can do with it once they have it.Phishing
Phishing scams are email messages that ask you to send or "confirm" sensitive information like your login ID and passphrase, bank or credit account numbers and PINs and often threaten to close your account. These scams sometimes ask the reader to visit a Web site to provide this information. The messages often appear to come from an organization you trust. UC Davis will never ask you for your password/passphrase via email, telephone or non-campus web site. For more information, see http://security.ucdavis.edu/antiphishing or download the sample phishing email.
Identity theft is a form of fraud that happens when someone uses your private information (e.g., name, SSN, credit card number) to obtain credit or benefit in some way. See Cyber-safety Basics: ID Theft for more information.
ATM/Credit Card Skimming
Thieves are able to get information from the electronic stripe of your ATM or credit card by attaching a magnetic card encoder ($300 on eBay) to a real ATM or credit card reader and transferring the card information to a blank mag-stripe card (about $0.13 each). They get your PIN by attaching a small camera to the machine or simply by hovering.
When using an ATM or other electronic reader, be vigilant to examine the device and surroundings BEFORE swiping your card. If you suspect tampering, don't use the machine and contact the bank or retail establishment or your local law enforcement. For more information, see http://www.youtube.com/watch?v=m3qK46L2b_c&feature=related.
Some online gambling sites, such as sites that allow students to bet on their course grades, ask for a campus email address and password/passphrase during the account creation process. You should NEVER use your campus account information to create accounts for other services. Your private account information could be misused or insecurely managed by the requester, or shared with someone that may not have your best interests in mind. If this information is required to create an account or use the service, it is strongly recommended that you not use the service.