(1) Personal disclosure. Due to the lack of information security awareness and insufficient attention to their privacy, personal sensitive information was leaked unconsciously.
(2) The Internet, businesses, financial institutions, medical institutions and other units with personal sensitive information were stolen by insiders because of their weak awareness of information security and weak internal information security management.
(3) Internet security vulnerabilities lead to the disclosure of personal sensitive information. Internet security protection measures are not in place, which leads to the stored personal sensitive information being stolen, copied and spread through security protocol loopholes, Trojan virus or unauthorized online transactions.
(4) Specifically, it is mainly divided into real life collection and network virtual life collection:
1, real life:
There are mainly the following channels to illegally obtain personal information: hotel accommodation, insurance by insurance companies, leasing companies, bank accreditation, telecommunications, mobile, China Unicom, real estate, postal departments and other places that need real-name registration of identity documents, and use the convenience of registration to disclose other people's information; Copy shops use the convenience of copying and typing to archive those personal information, bind it into volumes and sell it to the outside world; Stealing citizens' personal information in the name of various "questionnaires".
Merchants claim that citizens can get different prizes by simply filling in detailed contact information, income, credit card information and so on on the "questionnaire", so as to induce citizens to fill in personal information.
In addition, the lottery in shopping may also reveal your personal privacy. Merchants obtain personal information by filling in the name, home address and contact information on the front and back of the lottery; When buying electronic products, vehicles and other items, some informal businesses fill in informal "after-sales service orders" and are used by people; Major supermarkets and shopping malls can easily grasp citizens' personal information by mailing citizens free information and handling membership cards.
2. Online procurement
Several main channels of personal information leakage caused by network security;
The first is to use Internet search engines to search personal information, collect it into a book, and sell it to people who need to buy it at a certain price;
The second is to send spam or telephone inquiries with various "bait" to induce victims to disclose personal information; The third is that the user's computer or mobile phone is hijacked by the technology horse software, that is, the technology horse far away directly controls the user's hard disk;
Fourth, the service provider of the website failed to fulfill the obligation of properly keeping personal information and leaked personal privacy during the use;
The fifth is that personal information is controlled by others when it passes through some transmission channels in the process of Internet transmission.
Many netizens have unconsciously stored their personal information in the server of the website operator.
For example, using instant messaging tools to chat, a lot of information involved in the chat process, including phone calls, emails and more private content, are stored on the server as chat records; Shopping in the electronic mall, including personal bank card, payment password, home address and other information are also stored in the server of the website operator. The anti-virus software familiar to the public focuses on protecting the computer security of the client, which goes beyond the security of data stored on the operator's server.
Coping methods:
(1) Information security outside the Internet:
1, no leakage. Businesses, training courses, banks, telecommunications and other units that need to register personal information for convenience, must protect citizens' personal information and may not illegally transfer or sell personal information.
2, do not leave a bottom. When copying in a copy shop, citizens should ensure that their personal data are not copied later. When printing in the print shop, make sure that the materials are not copied and not put in the recycling bin. At the same time, discarded data must be taken away or disposed of through a shredder.
3. Don't believe it. Don't believe all kinds of informal market research on the street. If you really need to assist in the investigation, don't fill in the real personally identifiable information to avoid being used by strangers.
4. "Save" the use of personal information. If you must fill in personal information, fill in as little information as possible. When using proof materials such as a copy of the ID card, indicate the purpose on the copy of the ID card. Duplicate copy is invalid.
(2) account password security:
1. Please use your personal information carefully when registering your account. If you must fill in personal information, provide as little personal information as possible.
2. Set passwords according to certain standards or patterns to ensure the independence of important accounts. Password settings can be based on the password model.
The criminals sorted out personal sensitive information and made it into a social work library. Using social work library to attack other websites. Database collision attack is based on a large number of personal sensitive information, using the same registration habits of users (the same user name and password) to try to log in to other websites in order to obtain more benefits.
Password model:
(1) is similar to MD5 (MD5 ()+< Website domain name >+<; Salt > This method calculates the password ... There is a chrome plug-in flowerpassword that has this function.
(2) Random+Evidence+Fixed Model.
Fixed refers to the passwords you often use, and a character segment will appear in each password. If you are used to a password and you use it in most places, then put this password as a fixed sequence into your new password;
The so-called "random" means that when you set it, you don't know what characters to set in advance, but change it according to different websites or clients. However, there are rules for change, which you decide by yourself and won't let anyone know;
The so-called "evidence", this basis, is linked to an element of the website. I suggest using the name of the website to make it easier for me to remember. Let me give you an example, and you will clearly understand the characteristics of this so-called "random documented character plus fixed sequence password".
If the password you used in the past was abcde11,this field will also be retained in your new password. Now you define a rule: log in to any website according to the website name, and intercept the first letter (or number) and the last letter (number) of the website name with reference to the website name.
In short, this encryption model is
Fixed: abcde 1 1 1
Random: the first and last letters of the website
According to the evidence, the first letter is capitalized, and the first letter must be placed at the beginning and end of the password, that is, the first letter of the website (capitalized)+abcde11+the last letter of the website.
4. Ensure that each account corresponds to at least one password, and the password group is slightly more complicated. When setting a password, try to avoid using meaningful English words, initials, birthdays, phone numbers and other easily leaked characters as passwords. It is best to use a password with mixed characters and numbers.
5. Classify the accounts, and the mailboxes for password retrieval corresponding to each type of account are as different as possible, and there is no correlation between mailboxes, so as to ensure that the leakage of one mailbox will not be implicated in another mailbox. Such as: the important account is bound to the mailbox A; Ordinary account is bound to mailbox b; Other accounts are bound to mailbox C.
6. Users should get into the habit of modifying and sorting passwords regularly.
7. Users often use security software to kill viruses on their computers when necessary.
8. It is forbidden to lend your account and password to others: Some friends often lend their account and password to others. Although it doesn't matter if they want to borrow it, they don't know that it is quite dangerous. Even if the other person is a close friend, after all, the password is not only known to himself, which may cause the outflow of account numbers and passwords and be used by people to do some illegal things. Therefore, if you have to lend your account number and password to others, I hope you can modify your original password in the shortest time to prevent others from logging into your account with your original password.
9. Don't choose the "Save Password" option for convenience.
Because although the password is stored in the machine in an encrypted way, such encryption is often not safe. Some junior hackers can decipher your password as easily as Google browser, and use the password saving function to save your account password on the network. Once someone else obtains your Google account password, all the saved account passwords will be obtained by the other party almost unimpeded.
10, how to abandon the account you don't want-first, remember to change all your personal data, then register a Microsoft account, change the unique verification method of all accounts to Microsoft mailbox, and then stop using this mailbox (Microsoft mailbox cannot be recycled after cancellation). Well, it's equivalent to the last step of verification, and finally change the password to something you don't remember, so you can't use it yourself and others can't steal it. Perfect.
13. Don't leave more than 1 in one place. Including some websites that require you to enter your email address to register, and you posted your own qq or mobile phone number in your reply.
14. Of course, you can also design another identity for yourself if you can.
Others include (3) clearing irrelevant accounts, (4) file security, (5) network security, (6) mail security, (7) payment security, and (8) virus prevention: installing antivirus software. .. space is limited, so I won't list them in detail. You can find out for yourself.