Monday, August 28, 2006

Welcome to the Internet, Now Go Home.

Have you ever stopped to think about what its like for a person to come on the Internet for the first time? Not even knowing what "http://" means. These people are in for an eye opening experience the first time they get hit by a virus. Even people who have been using the Internet for a long time are not safe, they're getting scammed and their machines infected.

With all the spam, malware (i.e.: viruses, worms, spyware, etc.), scams, pornography and other threats that we encounter everyday, it can almost be overwhelming. For example, it now takes about 5-10 minutes after plugging a new unprotected computer into the Internet for it to become infected. That's like getting carjacked in about 5-10 minutes after buying a new car because you forgot to lock your doors.

The good news is that newer Windows systems running SP2 are more secure then they use to be. The firewall are enabled by default so their not getting infected the first time they're plugged into the Internet. Although, if you don't fortify your defenses right away, you will quickly get infected.

Knowledge is Power
To help protect you, I have listed some of the most common (and some uncommon) threats and scams that everyone on the Internet faces. Then I explain what you need to do to protect yourself.
  • E-mail scams:
    • Don't trust e-mail, because addresses can be spoofed (faked) and it's not a very secure form of communication.
    • Avoiding downloading any e-mail attachments, they can contain malware.
    • Never trust any unsolicited e-mails for products and/or services (AKA spam), they're almost always fake.
    • Beware of authentic looking e-mails from a company that you might do business (such as a financial institution, PayPal, eBay, etc...) asking you to change your password, or revealing any type of private information (such as your credit card or web site account information) for one reason or another. This is known as 'Phishing' scam, these messages will include links to a legitimate looking web site that they will be use to capture your private information .
      • Here is an article about some other types of phishing scams.
    • If someone from a foreign country like Nigeria (and many others) contacts you wanting to give you a lot of money, its a scam. This is often known as 'The Nigerian letter scam', many people have lost their money and lives to these fraudsters.
  • Online scams:
    • Reshipping scams: Have you seen those 'Work at home, handle shipments, make big bucks!' e-mails? This is where an offshore 'company' tries to recruit people inside the U.S. to accept money and goods, who then ship it outside the country. Scammers use stolen credit cards to make online purchases, then have the products shipped to the person who is helping them. After the person receives the package, they then forward these items to the thieves, who resells them. They even use their victims personal bank accounts to launder money through. When the authorities finally catch up with all the illegal activity, the victim is considered an accomplish to the crime for participating in illegal activities, and generally will be the one who takes the fall.
    • Online auction scams: Scammers claim to be selling valuable goods at outrageous discounted prices. The victims generally receive nothing or shoddy knockoffs that aren't worth the asking price.
    • Online job posting sites: Fraudsters are posing as legitimate companies, looking for help. They do this in order to gain access to personal information on their employment applications.
    • Be careful which sites that you trust to download executables, especially screen savers. This is a great way to get viruses, spyware, or other types of malware installed on your computer.
    • Don't install Internet Explorer ActiveX components, or Firefox extensions from web sites that you don't trust. These plug-ins can contain malicious code that will infect your computer or destroy your data.
  • Never trust public computers:
    • Below is a list of things you should never do from the public computers that are available in libraries, airports, etc. You never know when any of these computers might have a keyboard logger installed or other types of malware on them that can grab your private information:
      • Never log into a secure websites that require you to authenticate yourself with a username and password (such as your bank, work, etc.).
      • Never enter private information (such as your social security number, bank account number, credit card number, etc.) from these computers.
Below is a list of suggestions of how to protect yourself online, and advice to make sure that your computer's defenses are strong:
  • Protecting your computer.
    • Make sure your computer's firewall is enabled. This will protect your computer from network based attacks. For more information on this subject checkout this article.
    • Make sure your operating system, applications (including your browser) are patched and/or updated. It is also recommended that if these programs have any automatic notification or update options that you enable it. For more information on this subject checkout this article.
    • Install and run the latest version of an anti-virus and anti-spyware application on your computer, and make sure it has the latest signatures. I would also recommend scheduling daily or weekly scans of your computer, and make sure that you get daily updates of the signature files for these programs.
  • Protecting yourself:
    • You will need some type of e-mail service that has spam filtering, and anti-virus attachments scanning. Most ISPs offer e-mail accounts as part of your Internet service package, but may not offer spam filtering and virus scanning. Although, there are several free e-mail services like Gmail and Yahoo Mail that offer these features.
    • Don't submit your private information (such as: your social security number, credit card number, etc.) to a web site unless you feel that you can trust the merchant. Also make sure that the web site is using an encrypted SSL connection (look for HTTPS:// in the web site's URL, and the lock on your browser's window).
      • Also just because a web site asks for personal or private information, don't give it up unless you're comfortable sending this information over the Internet or giving it to that company.
      • If you're worried about your privacy, and how a web site is going to use your personal information make sure to read its privacy policy. Personally I believe the larger the company, the more I trust what's said in the privacy policy because they know they will get sued if they break it.
    • Create strong passwords for all the web sites that you use a lot. Avoid writing these passwords down, if you can to store them somewhere find a good password manager that you can trust.
    • When making purchases online, use a credit card they offer the best fraud protections. Debit cards and electronic checks don't offer you the same level of fraud protection.
    • Check your credit card statements and credit report online regularly for any unusual activity. If you find some, make sure to report it to your credit card company and credit reporting agency.
    • Backup your computers data regularly. This is going to be your best defense against losing data.
    • Bonus tip: buy a cross-cut paper shredder to destroy personal documents and regular mail that you don't want. This can help protect you against identity thief.
Other resources:
  • Microsoft Security at Home: If you're looking for a site that has easy-to-understand security tips and explanations, this site is one of the better ones that I know about. If you're fairly knowledgeable about computer security you will not find a lot of useful information here that you don't already know.
  • The Different Types of Internet Threats (Part 5): This article contains some more useful information on some of following topics, such as: Staying Up To Date, Testing Your Defenses, and Disinfecting Your Computer.

No comments: