In discussing online security, many people seem to approach it with unnecessary trepidation, when in actual fact its no more complicated than such daily security habits as locking the car or closing the front door.
Here at the Broadband Wales Unit we appreciate just how confronting the online world can be to new users, particularly when trying to decipher the language that comes with it, made up of worms, phishing, trojans, spyware to name but a few. The following article attempts to demystify some of this jargon and highlight the simple and affordable steps you can take to ensure your online security at work and home.
NET NASTIES TO WATCH OUT FOR
SPAM is unsolicited commercial email, and is often used for a wide range of illegal activity and scams, which might be an irritation for you, but is potentially more serious for your children. Whilst SPAM mails are popular with companies promoting pornography online, they are relatively easy to avoid:
- Never give your personal email out on the Internet
- Create a special address for services like newsletters
- Ask your ISP if they provide a filter or purchase your own anti-SPAM software
- SPAM is one of the primary ways viruses are spread, so never open email attachments from a sender you do not know
Viruses (and Worms)
Viruses and worms can infect your computer and potentially destroy all of your files and operating system. A virus checker will protect your computer, but if you are ever unsure about a suspect email or attachment dont open it!
Adware, Spyware and Malware
Adware, spyware and malware refers to unwanted software that gets downloaded and installed on your computer, often without your consent. These can allow websites to collect personal information about you, create unwanted pop-ups and toolbars, change your home page, and even use your computer to send out SPAM. Most big anti-virus software companies now offer products that protect you.
ONLINE FRAUD AND ID THEFT
You may have heard of the infamous Nigerian Scam (otherwise known as the Advance Fee Fraud scheme), which deceived thousands of people into thinking they were getting something for nothing. Believe it or not, US citizens lost $100 million in 15 months!
An email postmarked from Nigeria/ Sierra Leone/ the Ivory Coast is sent to addresses taken from large mailing lists. These letters promise rich rewards for helping officials of that government/ bank/ quasi-government agency/ family out of an embarrassing legal problem by moving money away from the homeland. Typically the pitch includes mention of multi-million dollar sums, with the open promise that you will be permitted to keep a percentage of the funds.
Once you agree to participate in this scam, problems begin to arise delaying receipt of your money, for instance paperwork will go missing, officials will need to be bribed etc.
Other versions of this scam will inform you that youve won the foreign lottery but that you need to pay the facilitation fees in order to collect your winnings.
These scams are increasingly common on the Internet and are often played out in different ways. The below section attempts to outline some of the traps you should try to avoid.
Chat Rooms and Messenger Programs
Instant Messenger programs (such as MSN, Yahoo Messenger, ICQ or AOL Instant Messenger) are growing in popularity, particularly in many businesses as a way for employees to communicate. They allow you to set up buddy lists of friends and family and provide notification when your buddies come online.
Because chatrooms and messenger programs operate with a series of identities, so you never really know who youre talking to, they can be a perfect haven for hackers. A popular form of attack on unsuspecting users is to convince them to run a program or click on a link. This is often a malicious piece of software that can damage your PC.
Chat rooms can also leave you exposed if the default security settings are inappropriate or if the chatroom software has vulnerabilities that attackers can exploit.
To ensure you dont fall prey to one of these situations you should always:
- Evaluate your security settings ie disable automatic downloads and adjust your software settings if they are too permissive.
- Be conscious of the information you reveal. Never list any personal information such as mobile phone numbers or addresses in your profile.
- Try to verify the identify of the person you are talking to in instances where you are following a link or running a program.
- Dont believe everything you read, try to verify the information or instructions from an outside source before taking any action.
- Keep software up-to-date, including chat software, your browser, your operating system and especially your anti-virus software.
Phishing dont get hooked
Phishing is a scam devised to trick recipients into surrendering private information that will be used for identity theft. They often arrive via an urgent email directing users to visit an official looking website where they are asked to update personal information such as passwords, credit card, social security and bank account numbers. The email appears to be sent from a trusted source such as a business or financial institution. However once a recipient enters their details onto the website they are sent directly to a scam artist.
Trojan programs are a favourite of online fraudsters, as a means of gaining access to your bank accountant. The programs capture your details by monitoring your keystrokes.
Trojans can be caught through receiving an email, visiting a website or downloading software, and are targeting many of the UKs leading banks. Generally trojans lie dormant until you try to access an Internet banking account and then send you to a fake website designed to look like the real thing.
Any security details such as passwords and account numbers you type in are then logged by the software, picked up by the hackers and used to remove money from your account or steal your identity.
A common sense way to prevent this from happening to you is to always access Internet banking by typing the banks address into your web browser. Never go to a website from a link in an email and enter personal details. See the following section for additional hints and tips on how to avoid online fraud.
COMMON SENSE SOLUTIONS TO ONLINE FRAUD AND ID THEFT
Choose a good password
You may think that your password (the name of a one-time Star Trek character) is completely un-crackable, but unfortunately this is no longer the case as some of the more popular password crackers now come with dictionaries based on popular films and TV series, like Star Trek.
As a general rule, you should not choose a password that appears in a dictionary. Other common sense tips to keep in mind:
- Do not record your password always learn it as soon as it arrives and destroy the notice.
- Do not give your username and password to anybody. No member of the support staff will ask you for it, as they will never need it.
- Use a mixture of upper and lower case characters, numbers and punctuation symbols.
- Try to avoid words/character strings that may be associated with you. Your car registration number or a combination of your spouse/childs name and birthdate are easily guessable.
- Do not use the same password that you use for online banking at any non-banking sites.
Other hints and tips for your online security
- Dont be deceived by emails offering you the chance to make some easy money.
- Always use up-to-date antivirus software and a personal firewall.
- Be careful of using any PC that is not your own ie Internet caf.
- Never respond to request for personal/ billing information via email. If in doubt, call the company/ organisation that claim to have sent you the email.
- Regularly check your bank statement if you notice anything unusual on your account contact your bank immediately.
- Be wary of any unsolicited emails or calls asking you to disclose your personal details or card numbers. Keep this information secret, as you bank and the police would never contact you to ask for your PINs or password information.
- Ensure that you log-out properly when you have finished banking online.
- Ensure that there is a locked padlock or unbroken key in the bottom right of your browser window before accessing the bank site. The beginning of the bank's Internet address will change from 'http' to 'https' when a secure connection is made. The sites security certificate should also show an Issued name matching the site name.
- Never leave your computer unattended when logged in to Internet banking.
- Report suspected abuses of your personal information to the company which has been spoofed and to the Internet Fraud Complaint Centre at http://www.ifccfbi.gov/
HOW CAN I PROTECT MY COMPUTER?
Software to protect your computer can be downloaded free-of-charge from the Internet, or you can purchase a more powerful version from your high street IT shop/ superstore, or across the Internet. The more up-to-date operating systems are now providing firewalls as standard. Microsofts XP Operating System, especially loaded with Service Pack 2, provides a very effective set of security options, including a powerful firewall.
A firewall is a program or hardware device that filters the information coming through the Internet connection into your computer. It acts as a defence against unauthorised intrusion (such as hackers and viruses) whilst letting you safely surf the net. A firewall can be configured to allow only certain applications to access the broadband connection and to reject certain types of requests from the outside. In this way, it acts as a front door they only let in information that you want to let in.
Hardware firewalls are separate boxes that you connect to your computer to monitor the data coming into your computer. They normally work faster than their software equivalents.
Software firewalls are slightly trickier to set up but are more flexible and look for suspicious data going to and from your computer. This could be useful if a virus has entered your computer via an email or disk and is trying to use your Internet connection to send out information you dont want it to.
The important part of having a firewall is keeping it up to date. The best way to do this is to subscribe to automatic updates that provide downloads and step-by-step instructions on installation.
As of the end of August 2005, more than 200,000 individual computer viruses exist. They infect through emails, websites, CD-ROMs, diskettes, memory sticks and networks. To be safe from these viruses, and the impacts these will eventually have on your PC, it is advisable to install a virus checker. If the virus checker spots a virus hidden in an email message or web page, the software disables the virus and prevents it from damaging your computer. Most anti-virus software will automatically inspect incoming data for computer viruses when you collect your email messages, view web pages or read CD-ROMs and memory sticks.
To ensure you maintain optimum protection, you should update your virus checker on a regular basis. The best way to do this is to subscribe to the automatic update system. If you use Microsoft Windows, you also need to ensure that you use Windows Update to download the latest patch files.