Skip to content

MiIdentity digital support at your fingertips

MiIdentity offers guidance on protecting your personal data and identity online. Our aim is to help you stay safe while paying bills and browsing the internet.

Circular design with globe, phone, and email icons surrounding it.

Discover our Latest Resources

Review MiIdentity general support information on how to stay safe online. This information will help you maintain your identity and sensitive information while online.

Illustration of person working on laptop with identity based icons above

Email Account

Make sure your email password is not used elsewhere, never reuse a password and never use the same password for more than 1 account. Make sure your password length is longer than 8 characters, and incorporates a mixture of UPPERCASE LETTERS, lowercase letters, numbers (0, 1, 2…), and special characters (#@!). Keep your password(s) safe and secure at all times and do not share it with others. Don’t use famous place names, family names or dates of birth in your password.

Your email service provider (Gmail, Outlook, etc) may provide you with an option to use OTP (One Time Passcode) for secure login, this can be a useful secondary layer of security. The OTP is sent to your phone via SMS and is typically a 6 digit number. If your email provider offers this services its recommended to use it.  

Many email providers have a recovery account option, having a recovery account can help you recover your email account if you forget your password or are locked out. If you don’t have the recovery account enabled and you have the option to use one, it’s advisable to set this up and have it in place.

It’s really important to remember what we use our email for, who we share it with and how long we have owned the account. Most email accounts build up a wealth of information over the years, personal identity documents, bank statements, subscriptions, home addresses, along with personal pictures and other documents we may have shared. It’s a good idea to go back through and delete what is not needed.

Financial Services

Make sure your banking password is not used elsewhere, never reuse your password. Make sure your password length is longer than 8 characters, and incorporates a mixture of UPPERCASE LETTERS, lowercase letters, numbers (0, 1, 2…), and special characters (#@!). Keep your password(s) safe and secure at all times and do not share it with others. Don’t use famous place names, family names or dates of birth in your password.

Your bank will provide you with an option to use OTP (One Time Passcode) for secure login, this can be a useful secondary layer of security. The OTP is sent to your phone via SMS and is typically a 6 digit number. If you do not use this and your bank provides this service, it’s recommended to use it. 

If you use a Mobile Banking App or any financial app on your phone and your phone has Fingerprint Reading capabilities enabling Bio Metrics Scanning for security. Most financial apps and banking apps have this option, and most modern smart phones have the capability. This option is highly recommended for security.  

Review your bank statements regularly and look for unrecognisable transactions. How to spot a unrecognisable transaction or a suspicious transaction? Ask yourself, do you recognise the transaction in your bank statement? Sometimes these are small and frequent reoccurring amounts taken from your account, they can also be infrequent and larger amounts that you do not recognise. If you do not recognise a transaction you should contact your bank.

Your Bank will never ask you for your PIN.

Your Bank will not ask you to transfer your money to another Bank or another account.

If you receive a call, text message, or email and they are claiming to be your bank here are a few things to remember, stay calm and do not panic, do not share any information, if you are on a call ask for a reference number and their name and then hang up. Once you have cut the call, go to your official bank website, locate the number directly from the official website and call the bank. Inform your bank on what happened and what was said, provide your official bank with the information you have collected.

Mobile Phone

Your phone will have multiple securing methods to access your phone, patterns, pin, password, bio metrics, and facial recognition. The most secure options are, facial recognition, bio metrics. Password, patterns and pins are limited and can be guessed or cracked via software. If your phone has the option to use facial recognition and bio metrics for access, it’s recommended to use.

Never click a link from a unknown sender. If you do not recognise the number and the sender, do not engage in conversation and do not reply. Do not download or click anything that is shared from unknown senders. Remember to block the numbers of scammers and unwanted senders. If you receive messages from your bank it’s recommended to delete the text message once you have read it and used it.

Many scammers and fraudsters will call you unexpectedly, your phone may have a feature to detect the call as spam and alert you before you answer, if your phone has this capability its worth enabling. Remember your bank or other financial services will not ask you for money, they will not ask you to send money or transfer money. Stay calm and do not panic, do not share any information with them, you should cross check all information with official sources.

Remember to keep your phone updated with the latest security updates and patches. By regularly updating your phone this will ensure you have the latest security updates for the known vulnerabilities that could impact you. This also extends to the apps you have installed on your phone.

Travel

Charging station can be an opportunity for hackers, although rare, these charging stations can become compromised through multiple methods, one method is by compromising the charging cable by fitting an adapter between the charging cable and the charging point, the adapter will have preloaded malware or designed to automatically download your data and or install malware on to your device. Although uncommon, it’s possible. When travelling the best and most secure option is to use a common wall electrical point using your own charger, or, use your own portable battery charger.

Open and public Wi-Fi networks can be convenient when traveling, but they also pose risks to your online security and privacy. Open Wi-Fi networks lack any form of authentication or encryption, making it easy for someone to intercept your internet traffic and potentially access your sensitive data. Public Wi-Fi networks that require a password or authentication may not guarantee security. You cannot be certain if the network infrastructure is properly maintained and up to date with security patches. Additionally, the way they handle and store your password and data may be inadequate. If possible, connect to a secure mobile hotspot or wait until a secure connection.

Email Account

This is when you receive an unexpected call from an unknown person. Typically, they try to get you to perform an action. There will be urgency to convince complete the requested action. At all times, remain calm. Think clearly about the request they’re asking you to perform and the information they may be asking you for. Your bank will not call from an unknown number, ask you to transfer money, or for your pin number. Remember to block and report the caller.

These messages can be via an email, text message or on a messaging platform like WhatsApp. A phishing message is when a scammer sends a message with a request to action. This might be to reset a password or update account details, or they are claiming you have won some money. Do not reply to these messages, just block, delete and report the sender. Do not click any link or download any content or file that is sent. They may ask you to scan a QR code, do not do that. Just delete the message.

Another phishing example. You may receive an email saying your computer is compromised, claiming they have hacked your personal computer. The message will typically say they know everything about you and have all your personal information. In the message (typically an email) they will be asking for a money transfer or they will leak your information. This is a common scam and a phishing email. Do not reply and do not engage. Block and report the sender. If you are concerned, use a anti-virus software and scan your computer yourself, this software will identity any threats.

You may receive a call from someone claiming to be from FedEx, DHL or another large delivery company. You may be informed that your personal identity has been used to commit crime.

They will claim your details have been used to send illegal items through their services and you are in trouble. They will ask you for all your personal details and official government identities. They will say there is a fee owed in order to resolve the issue and ask you to send money. They may even impersonate a police officer and they will pretend to transfer your call to other companies and departments. Do not engage and hang up. For peace of mind, you can call the company they claim to be from. 

Someone may call you claiming they need to validate the ownership of your vehicle; they will say they’re from an official government bureau or agency and they need to confirm the vehicle ownership. They want your personal information, and they want your official government identity details, they will sell this information or use it to commit crime. Do not provide the information and hang up. You should phone your local or government vehicle office or bureau yourself to validate the request.

All scammers and fraudsters want to scare you, this is their goal. They want you to start thinking irrationally, they want you to be scared and start making quick decisions without thinking clearly. They will tell you there is not enough time to think, and you must take immediate action. Typically, they will be asking for your personal information and be asking to transfer money. If someone is asking for this information or making these requests, it could be a scam. Reputable companies do not do this and will not ask for this information over the phone or through email. Always verify the information and contact official sources yourself.

General Information

The availability of your data and personal information on the web can be surprising and unsettling. Here are several common reasons why this might happen:

  • Public Records: Information like birth records, marriage records, and property ownership is often part of public records, which can be digitized and made available online. Government websites and other databases often provide this information for public access.
  • Data Sharing by Companies: Many businesses collect personal data from their customers for various purposes, such as improving services or marketing. Sometimes, these companies share or sell data to third parties, which may then be used in ways that are not always transparent to the original data provider.
  • Social Media and Online Activity: When you use social media platforms and participate in online forums, any information you share can become public. Even with privacy settings, some of your information might be visible to others or could be shared by people in your network.
  • Data Breaches: If a company with your personal information suffers a data breach, your data might end up exposed on the internet. Hackers often sell or publish stolen data on the dark web or other online platforms.
  • Aggregation by Data Brokers: Data brokers collect information from a variety of sources, including public records, social media, and other online activities. They create detailed profiles that are often sold to marketers, advertisers, and other interested parties.

How Did My Information Get There?

Your information can find its way onto the web through several pathways:

  • Voluntary Disclosure: Information you voluntarily provide online, whether through social media, e-commerce sites, or registration forms, can be collected and shared.
  • Involuntary Collection: Many sites and apps collect information without explicit consent through tracking cookies and other technologies, often without the full knowledge of the user.
  • Third-party Sharing: Companies may share your information with partners, affiliates, or third-party service providers. This sharing is often mentioned in the privacy policy of the websites you use, but it can be easy to overlook.
  • Legal Requirements: Companies might be legally required to disclose certain information to government entities or in compliance with court orders.
  • Contact Website Owners: If your personal information is posted on a website, you can contact the site’s owner and ask for it to be removed. Most websites have contact information for such requests.
  • Utilize Legal Rights: Depending on your location, you may have legal rights to request the removal of your data. For example, under the GDPR (General Data Protection Regulation) in the EU, you have the “right to be forgotten,” which allows you to request that your personal data be deleted under certain circumstances.
  • Search Engines: While you cannot directly delete information from search engines, you can request the removal of specific results if they contain outdated, irrelevant, or sensitive personal information. For instance, Google and Bing have processes for removing personal information under specific criteria.
  • Data Broker Sites: If your information is with data brokers (companies that collect and sell personal data), you can request that they delete your data. Many data brokers have opt-out procedures that you can follow, though the process can be time-consuming and sometimes needs to be repeated.
  • Close Unused Accounts: Over the years, you might have created accounts on various online platforms that you no longer use. Closing these accounts can help reduce the potential for your data to be exposed in the future.

Challenges in Data Removal

  • Persistence of Data: Once information is published online, it can be copied, shared, or archived, making it difficult to track down all instances for removal.
  • Lack of Control: In some cases, data may be held by entities outside your country’s jurisdiction, making legal enforcement of removal requests difficult.
  • Automatic Replication and Backups: Websites and servers often have automated systems for backups and replication, which can inadvertently retain copies of your data even after deletion requests.

Cyber hacks occur when unauthorized individuals gain access to digital systems, networks, or personal accounts. These attacks can take many forms, but they often follow similar patterns:

  • Phishing Attacks: Hackers send emails or messages that appear legitimate, tricking users into providing sensitive information such as passwords or credit card numbers.
  • Weak Passwords: Using simple or common passwords makes it easy for hackers to gain access using brute force methods, where they guess passwords until they find the right one.
  • Software Vulnerabilities: Hackers exploit flaws in outdated or unpatched software to infiltrate systems.
  • Malware: Malicious software can be installed on a user’s device without their knowledge, often through infected websites or email attachments. This software can then steal information, damage files, or create a backdoor for further attacks.
  • Man-in-the-Middle (MitM) Attacks: Hackers intercept communications between two parties to steal data or inject harmful content.

A Virtual Private Network (VPN) offers several key benefits:

  • Privacy Protection: VPNs encrypt your internet connection, which prevents others from intercepting or spying on your online activities. This is especially important when using public Wi-Fi networks, where your data is more vulnerable.
  • Security: VPNs add an extra layer of security by masking your IP address, making it harder for cybercriminals to target your device or determine your geographical location.
  • Access to Restricted Content: Some content on the internet may be restricted in certain regions. A VPN can help you access this content by making it appear as though you are accessing the internet from a different location.
  • Safe Online Transactions: With a VPN, your financial transactions are secured, reducing the risk of cyber theft.

Using a VPN is particularly advisable if you frequently use public Wi-Fi, are concerned about digital privacy, or need to access geo-restricted content.

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Here’s why having a firewall can be beneficial:

  • Protection Against Threats: Firewalls block unauthorized access to your network and devices, protecting against various threats like viruses, worms, and hackers.
  • Traffic Management: Firewalls can control what traffic is allowed into and out of your network, which helps prevent data overloads and potential breaches.
  • Enhanced Privacy: By regulating network traffic, firewalls help protect your private data from external threats.
  • Custom Security Rules: Firewalls can be customized to fit specific security needs, offering flexibility in how protection is implemented.

For both individuals and businesses, using a firewall is a fundamental security measure to protect your digital information and maintain a secure network environment.

A “zero-day” is a cybersecurity vulnerability that is unknown to the software vendor, meaning they have had no time to create patches or advisories to mitigate the issue. The term comes from the fact that the vendor has known about the vulnerability for zero days.

  • Unknown to Vendor: The software or hardware vendor is unaware of the vulnerability, and therefore, there are no patches or fixes available at the time of discovery.
  • Exploitation: Zero-day vulnerabilities are particularly valuable to attackers because they can be exploited to carry out malicious activities without detection. This can include stealing data, installing malware, or gaining unauthorized access to systems.
  • Discovery: These vulnerabilities can be discovered by hackers, researchers, or even by users. Often, they are found by malicious actors who use them to attack systems before the vendor becomes aware of the issue.
  • Disclosure: Once a zero-day vulnerability is identified, the responsible disclosure process involves notifying the vendor confidentially, giving them time to develop a fix before the details of the vulnerability are made public. However, if a zero-day is found being actively exploited in the wild, it often prompts an urgent response from the vendor.

Understanding the Differences

Open web, Deep web, and Dark web?

Illustration of iceberg with labels denoting Open Web, Deep Web, and Dark Web

Whats the difference between the open web, deep web, and dark web?

The terms “dark web,” “open web,” and “deep web” refer to different parts of the internet. Each has its own characteristics, accessibility, and type of content.

Here’s a brief overview of each:

Open Web (Surface Web)

The open web, also known as the surface web, refers to parts of the internet that are publicly accessible and indexed by traditional search engines like Google, Bing, and Yahoo.

Easily accessible through standard web browsers.

Includes everything from blogs, news websites, forums, and social media platforms, to online stores and public government websites.

Sites like Wikipedia, YouTube, Amazon, and other websites you can easily find via search engines.

Deep Web

The deep web consists of parts of the internet that are not indexed by traditional search engines but are still accessible via standard web browsers.

Some areas may require a login, subscription, or other forms of authentication.

Includes academic databases, subscription-based media, medical records,

Online banking websites, email services, and private databases.

Dark Web

The dark web is a subset of the deep web that is intentionally hidden, requiring specific software and configurations to access.

Usually accessible only via specialized browsers like Tor or I2P. A secure VPN should be used when accessing.

Can include illegal activities, but also provides a platform for political activists, journalists, and others to communicate securely and anonymously.

Websites with `.onion` domain extensions, accessible only via Tor.

Differences

Search Engine Indexing: The open web is indexed and searchable, the deep web is not indexed but still accessible, and the dark web is neither indexed nor easily accessible.

Accessibility: The open and deep web can be accessed via standard web browsers, but the dark web requires specialized tools.

Content: The open web is generally safe and legal, the deep web can include sensitive or subscription-based but usually legitimate content, and the dark web may include illegal or highly sensitive content.

Anonymity: The dark web offers a higher level of anonymity and privacy compared to the deep and open web.