Spam refers to unsolicited bulk messages being sent through email, instant messaging or other digital communication tools. It is generally used by advertisers because there are no operating costs beyond that of managing their mailing lists. It could also take place in chat rooms, in blogs and more recently within voice over internet conversation (such as Skype). Beyond being a simple nuisance, spam can also be used to collect sensitive information from users and has also been used to spread viruses and other malware.
Online identity theft is the theft of personal information in order to commit fraud. This can happen through your email account but it can also be a result of online purchases or other situations where you give out sensitive information such as your credit card information or your social insurance number.
A related concern is identity spoofing, in which the victim is impersonated on social networking sites such as Facebook or Twitter. Identity spoofing may also involve spoofing someone’s IP address (the unique number associated to your computer as you surf the internet). The purpose of identity spoofing on social networking sites can range from a simple prank to more serious attacks aimed at shaming or hurting someone’s social networks. Internet Protocol spoofing is used by hackers to cover their tracks or to gain access to places normally closed to them.
Risks relating to online shopping can include overspending or receiving items that do not match their description once you have already paid for them (or not having received any item at all). Because of the distance between the buyer and seller online, shopping on the Internet puts consumers particularly at risk of receiving shoddy goods.
The best defenses to these online scams and frauds generally rely on caution and skepticism when using the Internet. For example:
- You should only open email from trusted senders and use spam filters or anti-spam software (some anti-spam software is available online free of charge, such as Spamfence).
- Verify any request for your personal information online before responding. For example, no reputable financial institution will ever ask you for highly personal information via email: to find out if a request is legitimate, call your bank or navigate to their website (do not follow links in an email claiming to be from a bank or credit card company).
- Don’t give out personally identifiable information (your full name, your age, your address, your social insurance number, etc.) without a good reason.
- Turn any device that uses the Internet to offline mode when they are not in use (most mobile devices have an “Airplane mode” that turns off their Internet functions).
- You can also help to minimize your risk by visiting only trusted sites.
The sections that follow give more detail on these threats and more detailed security tips for each.
