Your trusted source for ehealth, telehealth, home health and telemedicine information and networking.

Telehealth: DATA-JACKING PREVENTION FOR THE PSYCHOLOGIST

by: Manny Tau, Psy. D. 08/16/00

Information technology has provided a vast new cyberworld that provides us with a wealth of info-sources, and unfortunately, new avenues of readily obtainable personal information for malicious uses. Data-jacking has many forms, and is currently one of the hottest topics addressed as "online privacy." Sherlock Holmes once said how a suspect always leaves something of himself behind at a crime scene, it's only a matter of finding this clue. A vast majority of psychologists who have access to online resources are not aware of the data-crumbs left behind in the wake of their online travels. These digital footprints yield quite a bit of information.

Stalking use to have a geographical barrier. This is no longer the case. There are numerous search engines on the internet's World Wide Web that access an online "white pages" with information on home address and phone number, email address, and web site. Many of these have linked mapping capabilities that will display an address location and even give directions to the location from an airport. Visit Orange County Psychological Association's web site (www.ocpapsych.com) and you will find links to eight major search engines. Other web sites that are specifically designed for people searches are www.four11.com, www.bigfoot.com, www.switchboard.com, and www.whowhere.com. I highly recommend performing a people search on yourself and find out if your home address and phone numbers are for the world to see, and option to suppress this information. A person's email address can also be used to track down information about a person. It is common with online software (email and web browsers) to enter a return email address, which are stamped onto email messages and can be obtained from surfing the Web. This is evident through the various junk email's (spams) you commonly receive. Performing a search with an email address at www.dejanews.com allows one to find what messages have been posted onto the internet's Usenet Newsgroups. There are over 27,000 different Newsgroups of varying interests. My professional activities include performing threat assessments and developing a behavioral profile. One of the tools is to do such a search of the Newsgroups and see if I am able to obtain any information about the interests of the subject. One can imagine the varying behavioral profiles associated with someone who posts messages onto alt.rec.sports.lakers, versus alt.binaries.erotica.bondage. Psychologists are highly recommended to consider what messages to Newsgroups they post as this information may make a psychologist vulnerable to a malicious person.

Surfing the web is not done anonymously unless you have made a concerted attempt to do such either through a service, software, or altering your email address to something like johndoedeletethis@domain.com. This helps prevent the various web sites from scooping up your email address with their automatic software, and spamming you with various services or products. People sending a reply to you then removes the *deletethis* section of the email address prior to clicking send. Web sites also commonly acquire information about who visits their sites in order for their use. Be cautious about filling out any online forms that require information about yourself. This is commonly done to make you eligible to access other parts of the web site or to notify you of any "specials" offered. A history of the various web sites you have visited is also readily available in your web browser software by simply clicking on the history feature. Web sites may also have a software generated script that obtains information about you as you passively visit their site. Take a look at the cookies.txt file in you web browser's subdirectory and see what type of information the web site leaves on your computer. You will be surprised that even if you are a passive visitor, information is being compiled about you.

There are many considerations regarding the data-crumbs we leave behind and the lack of thoughts about what these may leave us vulnerable to. Email accounts can be easily hacked into, along with any other accounts (banking, phone services, web sites). Consider these questions for yourself. Are you using passwords that involve combinations of your first initial and last name, various names of loved ones, various important dates like birthdays and anniversaries, backwards or forwards order? Are you using the same PIN (personal identification number) on various ATM, banking, credit card, and phone card accounts? A vast majority of people set up passwords to suit their convenience of memory as opposed to security. Yes, there are decryption programs available for hacking passwords.

Many people are creatures of habits, and consistently deal with mail and bills at a particular desk with an adjacent trashcan. Most people, if they tear up sensitive documents (bills, accounts, credit card offers), do such with a one-fold-two tear method. These are not difficult to reconstruct if anyone where to obtain your trash for pertinent information about you. Within 10 minutes, one can completely piece together many papers due to the distinct signatures of the tears and the colors of the various statements! This is a common practice with stalkers and hackers, to go "dumpster diving" in their attempts to gain sensitive data for use in unlawful entry into corporate systems, and with private security professionals investigating individuals. There has been an increase in identity fraud with the most common by initiating a new credit card utilizing the mailed offers, and making address changes. Pertinent support information to initiate the account can be obtained in different ways, such as genealogy web sites for mother's maiden names, or by obtaining your old pages from your personal organizer. I highly recommend a shredder at home and at the office to prevent this. It is very easy to find out when to obtain your trash, and look for the jewels of information contained in it. Some of you even make it easier by using a trash liner for that trashcan by your desk, making it highly recognizable.

One of the most sensitive data-crumbs left behind by psychologist, is that of the retired pages from a personal organizer. People often have their 1997 and older organizer pages, clipped and stored unsecurely. Many folks even have those nice Franklin binders with the old years printed on the spine, containing the organizer pages and sitting on a shelf somewhere in their office. These pages contain the most sensitive data about you regarding people and phone numbers, appointments, cheat sheets on account information, passwords, etc. Destroy these pages or lock them up. Just think, what will I find out about you if I stole these pages from you? How long do you think I have had these pages before you even realized they were missing? Along these lines, I highly recommend that information about your home address and phone number is not laying about in your office, and especially in your waiting room. I have encountered many instances where a psychologist has mail or magazines brought from home sitting on the desk, with the home address displayed on the cover. As I sit in the psychologist's office, I see the home address on some mail sitting on the desk, along with photos of a spouse and kids. I then have an idea of how old the kids are, and now having the home address, can ascertain where they go to school. Imagine what a vengeful hostile borderline patient can do with this information.

So what is my point? Hopefully you've got a smile on your face as you're reading this and saying, "geez, I never thought of that." We do not leave money on the table, nor should we leave data on the table. This day and age of information technology also breed data-jackers who will prey on the naive and unexpecting. We need to take a look at our attitudes and take better care of our "data crumbs" that we leave in our wakes through life. Take off your home phone number and especially that SSN, if you are foolish enough to have them printed on your checks. Give that clerk your work number, not your home number. The last thing you need is a malicious person or stalker at the checkout stand. That $50 personal shredder from Staples does not seem all that expensive now does it? Oh by-the-way, a good password is a minimum combination of 5 upper and lower cased alpha-numerics that can not be found in a dictionary. Well, enough of this for now ... just a thought about confidentiality, ours. Sleep well and be safe!

For more information on this topic, subscribe to one or more of
Dr. Maheu's free email discussion services.

MAIL THIS TO YOUR FRIEND!  Your Email:     Friend's Email: