|
The convenience of the internet is inescapable, but maintaining a bit of paranoia while using it will help protect you in the long run. Online fraud takes many forms and fraudsters often combine multiple formats and techniques, including email, web sites, pop-up ads, and malware, to gain access to your system and your information. Understanding the techniques and the indicators of online fraud is crucial to applying safe computing practices and protecting your information.
Threats
The most prevalent threats can be categorized in two general groups: malware and “phishing”. Malware refers to various forms of hostile, intrusive, or annoying software including: viruses, worms, trojans, ransomware, and spyware. Once installed, these programs may install additional malware, send spam, or steal information from your computer. Phishing, or “spoofing”, is an attempt to have you voluntarily provide your personal information to the fraudster.
Delivery Mechanisms
The most common forms of malware and phishing are commonly spread through email. With malware the email content attempts to dupe you into opening the attachment containing the disguised virus or trojan; the email declares: “Check out this GREAT …”
Phishing involves an email request that appears to be from an official business, bank, online payment service, or even a government agency. By following the instructions in the email, you provide the fraudster with your personal information. Often the email will remind you “Never provide your personal information to fraudulent websites…” while the provided link takes you to a fraudulent site designed for this very purpose.
Fraudulent web sites, when operated in conjunction with phishing email, can be difficult for the unsuspecting user to detect. Before you know it, you’ve provided the fraudster with your user identification, password or other personal information. Another technique is to use a Web site address that is similar to that of a reputable business. A common misspelling of the genuine web address may be used to direct you to a phony site intending to gain access to your information.
Pop-ups are unsolicited “advertising” that appear as pop-up windows on your computer. Pop-ups often use misleading images to cause you to click on a hidden link that redirects your browser to a different web site. Pop-ups can be a source of spyware downloaded to your computer or created to look like a web site’s confirmation of your login details or an institution's request for personal information.
Protection
With a basic understanding of some of the dangers of the online world, the following practices will help keep you ahead of the fraudsters.
Protect your computer with a personal firewall, and add a hardware firewall to your configuration if possible.
Make sure that you have anti-virus and anti-spyware programs installed and regularly updated. You may also wish to install additional spam filtering software or contact your Internet Service Provider for support in subscribing to a spam filtering service they may offer.
Email Safety
Never directly open unexpected attachments whether from known or unknown sources. Save the attachment first and scan it for viruses.
Never respond to, or click a link in, a suspicious email. As well as taking you to a fraudulent web site, the process could also install malware on your computer. Even with non-suspicious emails, consider using a pre-saved bookmark or manually entering a web site address you know to be genuine.
Do not respond to unsolicited requests for personal information or requests communicating a sense of urgency or requiring immediate action. Legitimate companies will not initiate official communication in this manner. Contact the company using a telephone number or by manually entering a web site address you know to be genuine. Leave your email client set to NOT automatically download pictures embedded in the email. The process of downloading the images communicates information with a fraudster’s server.
Safe Web Surfing
Only do business with internet companies that use secure connections to capture private information. Review the organization’s security certificate and privacy policy.
To verify your session is secure, look for "https:" instead of "http:" in the web address line; also look for the padlock icon on your browser's status bar or next to the page address.
Be alert for indications of a fraudulent web site: broken graphics, misspellings, poorly written sentences and other grammatical errors; similar look, but with a slightly altered site address; the presence of an "@" symbol anywhere in the page address; an information-collecting page that is not linked to a known home page for the company or that has any sort of “Under Construction” notice associated with it.
Set your browser to block pop-ups and to warn you when a web site attempts to install any add-on software. Also set your browser to warn you if a site you are visiting is a suspected forgery.
Summary
Finally, avoid entering personal information on a public computer; you have no way of knowing what software is monitoring the use of the system. When using a public computer, confirm that the browser is not maintaining a cache, and completely exit the browser when finished.
Protecting your computer and your personal information requires constant vigilance. Apply these safe computing tips to keep your personal information private and your system secure.
|
