Online Security

I wondered today about how many of us criticise those that fall victim to identity theft and related crimes without first thinking “Could that have been me?” Its very easy to think that you’re well protected because of all the firewalls and antivirus software you’ve installed on your computers, and you’ve got that antivirus thing on your smartphone and you have that habbit of using one hand to cover the PIN number you’re entering on the keypad at the ATM when you withdraw cash. Surely, only an idiot who doesn’t follow such simple precautionary measures could fall victim to identity theft or cybercrime.

A friend of mine, Jimmy, (he’s a friend and a good client) told me recently of a camera that he had advertised for sale. Jimmy received a call from an interested party who was prepared to pay more than the asking price plus shipping costs on the understanding that Jimmy would ship the camera to a particular foreign destination. Jimmy said he would happily ship the item anywhere in the world once he got payment. The other party offered to pay by PayPal and very soon Jimmy recieved an email saying that there were funds to the value of the offered amount in a holding account ready to be transferred to his own PayPal account as soon as he could use the included link to log in with his PayPal details and supply confirmation that the camera had been shipped to the buyer.

My friend is quite a sharp character and very quickly became suspicious of the email’s authenticity, not least because despite its genuine look it was addressed as “Dear PayPal User”. So, Jimmy phoned PayPal and explained the case. PayPal assured him that there was no such service wherein they would hold funds pending shipping of an item, nor would they send emails addressed so generically as Dear PayPal User.

Needless to say, Jimmy did not follow the email’s instructions and the item was never shipped.

For my own part, the reason I followed this train of thought today was that I was registering my name as a .ie domain (.ie being of course the country code specific to Ireland). Under the governing body’s regulations anyone using their own name as a domain must provide proof of their identity and therefore of their entitlement to the domain. So I duly took my drivers license out of my wallet, scanned it to a pdf and got ready to sumbit it to the registrant’s supporting documents service online.

At that point I hovered over the Submit button and boarded the train of thought that led me to writing this article. I realised that I had done this several times already; freely handing over detailed personal information such as my license when signing up to phone contracts or other services and I wondered then about the wisdom of doing this. Yes, it was always with reputable companies with stringent procedures and policies, but,… the implementation of such procedures and policies is left to individuals.

Now I’m not a particularly cynical or paranoid person but I do realise all too well that no two individuals see things the same or share the same values, so I’m a little sceptical of how robust any organisation’s policies and procedures can be when it really comes down to it.

All that considered… I don’t believe any of us can live in an isolated protected bubble. We’d never get anywhere, do anything or achieve anything. Yes we’ll get burned occasionally without our super-protective layers but we’ll learn from our mistakes and we’ll share them so that others can learn.

So… what did I do with the Submit button?

I thought for a while… then I decided to take things on a case-by-case basis… I’d had registered other domains through this company before with very good experiences… so I clicked submit.