Online Forms: What You Can and Can’t Enter Safely

Melbourne, 13 September 2011 — In the digital world it is becoming much more difficult to know who to trust with access to the valuable information you store in digital form. Things are not always what they seem, and criminals from around the world are creating new and inventive ways to steal data from unsuspecting users. AVG (AU/NZ) Pty Ltd, the distributor of the award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, provides a guide about what information you share and with whom you share it.

Lloyd Borrett, Security Evangelist at AVG (AU/NZ), says: “In the real world, we have a lifetime of experience to help us distinguish between who is trustworthy and who is not. This informed awareness is not yet at the forefront of our activities in the digital world. And it is leaving the door wide open for cyber criminals.”

Online forms: deciding who to trust

AVG (AU/NZ) advises you to check the following before you hit the Submit button for an online form containing your personal information:

Make sure you know what company is operating the web site and whether it is legitimate.

Look for signs that indicate the site has been reviewed by independent site verification organisations, such as VeriSign.

Ensure the padlock symbol is visible in your browser status bar — this means the site is secure and using encrypted (https) communication so nobody can intercept and misuse your data.

Recognising the trouble signs

AVG (AU/NZ) also highlights the following indicators of trouble and warns you should be very careful about providing any information to a site where:

Your security software or web browser shows the page is dangerous.

You accessed the web page through a link in an e-mail message from someone or some company you don’t know — this is spam and you should never be tempted to click through.

You accessed the web page through a link from a company you know but which contains text that tries to scare you into providing important private information such as passwords – this is known as phishing; never give away passwords or other sensitive information.

Your web browser warns you about certificate issues (e.g. not signed by a valid authority, a certificate meant for other URL address or expired). You should also always check that the URL in your browser status bar is correct for the company you believe you are visiting on the web. In particular, look out for these warning signs:

The domain name is totally different from the company name or its area of activities.

The domain name contains characters that can be easily mistaken for other characters (e.g. using a capital ‘i’ in place of a small ‘L’).

The top-level domain name contains an unexpected country code — for example, you believe you are visiting a site in Australia, but the domain is cn (China) instead of au for Australia.

Deciding what kind of information is safe to provide

Borrett says: “By dividing your personal information into three levels of importance or privacy, it will be significantly easier for you to consider how to respond to requests for your details. Careful consideration will then become automatic: do you really want to give your data to this particular web site; and do they really need this kind of information?”

1. Top Secret

The Top Secret category covers all sensitive personal information that can easily be misused by a data snatcher or cyber criminal. If you provide this data, you must be completely sure that the web site is both secure and authorised.

Examples include: login names and passwords; credit/debit card numbers, expiration and 3-4 digit card verification codes; bank account numbers; passport number or other government identity information such as Medicare number or Centrelink details.

2. Risky

Information in this section is not as sensitive as the Top Secret data, and may already be in the public domain, but you should still be careful to whom you provide it, as it could readily be misused.

Examples include: e-mail and postal addresses; phone and fax numbers; personal photos; employer information; income and asset values; car licence plate/registration.

3. Safe

This category contains all information not attached to your name, so it can’t be used to track you as an identifiable individual over the Internet.

Examples include: votes in Internet polls; opinions and blog comments; citizenship or nationality information; age, gender, job description.

Borrett concludes, “It’s far better to err on the side of caution and spend an extra minute or so considering the safety aspects of the web site than to just blindly trusting your personal information to what could be a criminal web site.”

Keep in touch with AVG (AU/NZ)

For breaking news, follow AVG (AU/NZ) on Twitter at twitter.com/avgaunz

Join our Facebook community at www.facebook.com/avgaunz

For security trends, analysis, follow the AVG (AU/NZ) blog at resources.avg.com.au