Protecting your online identity means ensuring your personal information is safe and that your accounts are not used by anyone other than you.
Protecting your data
The University takes great care to look after the data we collect about you. You can find out more about data protection, including how the University uses data and your rights, on the Data Protection site (https://dataprotection.leeds.ac.uk/).
The Student Privacy notice tells you what the University can do with this data, where we get it from, how it might be shared and the data security measures we have put in place.
How might accounts be vulnerable?
Spam and phishing emails are the most common way for accounts to be compromised. Neither the University or any other reputable organisation will ever send you emails asking you to input, confirm or validate account and/or personal details. There is more information on spam and phishing emails on the IT website.
Malware (malicious software) is any program or file that is harmful to your computer. Malware can spread easily through websites, peer to peer (P2P) software, email, or on USB sticks.
Not only does malware stop your devices from working properly it can also allow your personal data to be stolen and prevent you getting access to your accounts. Installing updates and antivirus software can help protect your devices from these sorts of attacks.
Sharing your account details, even with friends and family, is against the terms of your account. As well as causing you technical problems such as locking you out from services, you may find that you are no longer in control of your account.
If your account details are compromised someone may use your log in details to send viruses or offensive messages, or to access illegal material which you will be held responsible for. If your personal information is not secure identity thieves can gain access to your bank and other aspects of your life.
Social media posts can also be turned against you. Use sensible security settings, dont announce when you are not going to be home or when you will be somewhere. Good practice is to post after the event and only interact with real friends whose identities you are sure of.
When and where am I at risk?
Accounts can be targeted all year round but there are certain times that you might be at an additional risk.
- When you are out and about, especially if you advertise your whereabouts or schedule on social media.
- Times when you have lots of emails coming in and are not checking them thoroughly.
- During exam periods and dissertation deadlines when you are preoccupied and concerned for your documents.
- Significant dates such as Christmas or holidays when your guard might be down.
It's not just University computers that you need to be careful with, your own laptops, phones and tablets are just as important. Apply the same standards of security across all of your technology and computer usage.
You may find that you're more concerned with security when you are in a strange place, but it's important to be vigilant at home and on campus too.
- Cover up your password or PIN as you type.
- Don't use unknown WiFi connections if possible (and definitely not for online banking or other secure transactions).
- Don't leave devices on display for thieves.
- Don't leave devices unlocked.
Who might target me and why?
There are lots of reasons why accounts may be targeted, including for financial gain, personal abuse of the victim or the amusement of the person doing it.
- Targeted Financial Crimes
- Opportunistic Financial Crimes
- Hacker's Entertainment or Practice
- Personal Revenge or Bullying
- Racism and Bigotry
Because of the opportunistic element, those who target an account don't always have to be particularly technically minded and they're not always as anonymous as you might think.
- A friend or former friend
- An acquaintance
- Your cyber friend that you thought you knew
- Professional hackers
- Criminals looking for financial gain
- Yourself (for making your account attractive to one of the above!)
Prevention is always better than cure and one of the biggest vulnerabilities is your own behaviour. You are responsible for your own safety, so its important to know how to protect your identity online.
- Do not write down log in details to your accounts.
- Do not tell anyone your password, even someone you know.
- Do not share your personal data online, especially the kind of information required for banking.
- Do not click on links in emails that direct you to enter your log in information to verify, confirm or validate your account.