Protecting Yourself When Online

Internet Terms

Basic Technology Terms

Cookies -- Small data files stored in a computer’s memory by some websites a user visits. These data files may contain information the site can use to track things such as user names and passwords, contents of virtual shopping carts, lists of pages visited, and the date a user last looked at a page. Many cookies contain solely a unique number corresponding to an entry in the website’s database containing that information.

Cyber bullying -- The use of e-mail, websites, instant messaging, chat rooms, cell phone text messaging and digital cameras to antagonize and intimidate others.

Cyber shorthand -- A shorthand used in electronic communications (for example, e-mail, instant messaging, chat rooms, cell phone text messaging) made up of keyboard hieroglyphics, alphanumeric combinations, few vowels, little punctuation and virtually no upper case letters. Some examples:

  • ur -- you are
  • j/k -- just kidding
  • brb -- be right back
  • pa -- parental alert
  • k -- okay
  • bf -- boyfriend
  • bff -- best friends forever
  • pos -- parent over shoulder
  • ttyl -- talk to you later
  • asl -- age, sex, location

E-mail -- electronic mail.

Encryption -- Various methods of scrambling data so that information is secure as it is transmitted over the Internet.

Firewall -- Part of a computer system or network designed to block unauthorized access while permitting authorized communications based based upon a set of rules and other criteria. Firewalls can be implemented in either hardware or software, or a combination of both.

Hacker -- a person who uses the Internet to access computers without permission.

Hotspot -- a public venue that provides a wireless Internet connection, either for a fee or free of charge.

Instant Messaging -- The continuous immediate exchange of electronic messages. A user who is instant messaging can ascertain whether a pre-designated individual is connected to the Internet at a given time and, if they are, exchange messages with them in real time.

Internet Service Provider -- A company that provides access to the Internet. Commonly abbreviated as “ISP.”

Pharming -- A scam in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites and without their knowledge or consent. Unlike Pharming, see below, a user does not need to click on a link to fall victim.

Phishing -- In phishing, a scam artist sends out legitimate-looking e-mails appearing to come from trustworthy sites, generally financial in nature, in an effort to obtain personal and financial information from an individual by getting him/her to click on a link to a fake website, which appears identical to the real website. Any information transmitted via the link goes to the scammer.

Social Networking Site -- These sites generally allow a member to connect with other members through various means of communication (chat rooms, e-mail, blogging, instant messaging) and to provide information about himself/herself. On some sites, a member can browse for other members based upon criteria, such as a specific interest or subject matter, while other sites require that a member be introduced to others through a shared connection.

Spammer -- someone who sends mass amounts of unsolicited commercial e-mail.

Spyware -- Software installed without your knowledge or consent that adversely affects your ability to use your computer, sometimes by monitoring or controlling your use.

Virus -- software that spreads from computer to computer and damages or disrupts your system.

Weblog -- Generally a personal website that uses a log format which is updated on a daily or frequent basis with new information on a subject or range of subjects. A weblog is characterized by a journalistic, informal style, is intended to represent the author’s personality or reflects the purpose of the host website. Frequently shortened to “blog.”

Internet Safety Tips

Protect Your Personal Data: Evaluate the sites you visit, and don’t give away personal information on sites that are not secure. Read privacy policies to find out what a site will do with any personal information you divulge.

  • Transmit Sensitive Financial and Personal Data via Secure Sites: During a secure (encrypted) connection, a site’s Internet address will be preceded by “https” and, depending on the browser you use, a closed lock or unbroken key symbol will appear in the lower portion of your window. Make sure both the “https” and either the closed lock or unbroken key appears.
  •  Don’t Fall for Scams: Be aware of attempts to get your personal information through Spamming and Phishing. Spamming is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most Spam is commercial advertising, often for dubious products, get-rich-quick schemes. Phishing occurs when someone sends an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft purposes.
  • Limit Annoying Spam: Use protections offered by your Internet Service Provider (“ISP”). A stand-alone filter. Do not respond to Spam or retaliate – this will only result in more Spam.
  • Avoid Downloading Spyware: Don’t freely click on offers for no-cost software products such as games, music, screen savers or even anti- Spam filters. Educate other users of your computer to follow this rule.
  • Exercise Caution When Shopping Online: Make sure that you shop from reputable websites that use encryption. Look for third party verification, review their privacy policy, and use a dedicated credit card to allow an easy review of purchases. Never use a debit card.
  • Exercise Caution When Banking Online: Make sure that the banking institution is legitimate and deposits are federally funded. Take advantage of all security programs your bank offers, even optional ones.
  • Understand the Security Limitations of Wireless Technology: Criminals can steal data transmitted wirelessly over an unsecured network by, for example, monitoring chat, instant messaging and e-mail. Criminals can also set up “rogue” networks mimicking real ones. Always check the qualities of a network before connecting. Don’t transmit sensitive data in a public hotspot unless you trust it, even if the transmission is encrypted.
  • Don’t Fall Victim to Online Identity Theft: Use complex passwords and change them regularly. Lock your computer when you are not using it. Dispose of old computers properly. If you are a victim, take action.
  • Security Breach Awareness: If data you have transmitted to an online business has been stolen, know your rights about notification under New York State law and other remedies available through the Fair Credit Reporting Act.
  • Be a Smart Computer User: Monitor all computer usage, including that of children. Educate them about proper computer and Internet usage. If you use a computer for word processing, back up files frequently.

Online Auctions

The Internet has opened new avenues for communication, interaction and conducting business. The New York Department of State Division of Consumer Protection provides these tips to inform and empower consumers about how they can be savvy and safe when shopping.

Make Sure Your Connection is Secure

  • BEFORE entering your personal information, check to see that ”https” precedes the Internet address AND a closed lock or an unbroken key symbol is present in the lower portion of your web browser.
  • Don’t transmit sensitive information in a public wi-fi hotspot you don’t trust, even if the transmission is encrypted.

After the Purchase

  • After making a purchase online, be sure to print out the receipt and confirmation information for your records. Also, print, date and save a copy of terms, conditions, warranties, item description and company information from which you purchase the item.
  • Look at your purchase carefully as soon as you receive it. Contact the seller as soon as possible if you discover a problem. Tell the seller in writing about any problems you have, ask for a repair or refund, and keep a copy of your correspondence.

Purchasing Online

  • Carefully choose the online websites from which you purchase. Look for third-party privacy verification.
  • Check for feedback about sellers on auction sites before conducting business. Avoid shady sellers and odd listings.
  • Double check the total price and quantity.
  • Check whether the item has been recalled by visiting the recall pages of the federal Consumer Products Safety Commission (
  • Compare prices and availability for specific items at stores and other sites. Consider carefully whether you are paying too much for an item, especially on auction sites.
  • Make sure you know the shipping and handling, return, and refund policies and that there are no extra shipping or handling costs.
  • Use a dedicated credit card to allow an easy review of purchases.

Information Privacy and Your Computer

  • Find and read the website’s privacy policy to find out what a site will do with any personal information you divulge.
  • Use complex passwords and change them regularly.
  • Periodically delete your web browser’s “cookies.”
  • Make sure you keep your operating system, firewall, anti-virus and anti-spyware programs current by regularly downloading updates which contain security patches.
  • Never respond to e-mails from “sellers” or anyone asking for your passwords, Social Security number or other personal information.

Phishing Scam Prevention Tips

Phishing (also called pharming or whaling) e-mails trick people into sending money or providing personal information such as usernames, passwords, credit card details, and Social Security numbers to unauthorized individuals who hijack their information and use it to commit identity theft.



  • Respond to e-mails, mail, telephone solicitations, raffles or contests from unknown entities. • Answer e-mail warnings that have “undisclosed recipients” in the address line, a blank space next to “Dear,” numerous spelling errors, and/or awkward English.
  • E-mail personal or financial information including credit card or bank account numbers, passwords, Social Security numbers, etc. Most Internet e-mail is NOT secure.
  • Be fooled by legitimate-looking e-mails even if they contain logos, pictures, copyrights or names of legitimate businesses.
  • Reply to e-mails or pop-up messages requesting personal or financial information.
  • Click on links in unsolicited messages which can connect to suspicious websites.
  • Update personal information online in response to e-mailed requests.
  • Cut and paste a link from an unsolicited message into a Web browser, as these links can be made to look like they go to one site, but are actually redirected to another to mine information.
  • Respond to calls from alleged companies or government agencies which use a recorded message and ask you to call a phone number to update account information. Phishing can also occur by phone. Using Voice-over Internet Protocol technology, scammers request personal information, and then redirect calls to steal the information provided.


  • Install, update and use anti-virus and anti-spyware software, as well as firewalls to help reduce the number of Phishing e-mails received. Firewalls are especially important with broadband connections as computers are open to the Internet whenever they’re turned on. Go to or to learn more about how to keep your computer secure.
  • Review financial account statements as soon as you receive them to check for unauthorized charges.
  • Check credit reports regularly. This can be done free of charge three (3) times a year through the three (3) reporting agencies found online at
  • Exercise caution when opening any attachment or downloading any files from e-mails received even from known sources, to avoid the possibility of infecting computers with viruses, malware, spyware or other software designed to impair your computer’s security.
  • Look for the “https” prefix and a closed padlock when entering any financial information for electronic transmission over the Internet.
  • Contact organizations or institutions with whom you do business in response to unsolicited e-mails using their company name by calling the number provided on official company statements.
  • Report suspected Phishing scams to [email protected], to the division of Consumer Protection at, and to the institution or company targeted in the Phishing e-mail. You also may report Phishing e-mails to the Anti -Phishing Working Group at [email protected].
  • Act immediately if you provided personal identifiable information to unknown or unverified parties by notifying the companies with whom you have the accounts and by placing a security freeze or fraud alert on your files at credit reporting agencies.