Phishing. This is not a typo error. But just the same, there is a bait. Go for it, and you’re hooked. Your identity shall flash before you, and taken away in a zap, You’ll be trapped in an intricate net of identity theft and fraudulent cyber activities, where you are nothing but a hapless victim.
Now to define ‘phishing’ in it’s true essence: Computerworld.com states:
Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.
Scary, isn’t’ it? Yes, indeed, but you can fight it with knowledge and skills as your first line of defense against these deceiving traps, which more often come through those harmless looking emails. Lifehacker.com tells us to look out for and be cautious of the following:
1. Check the URLs
Phishing emails come like wolves in sheep’s clothing. They’re masters of deceit -- looking like ‘official emails’ and ‘official websites’ from actual and legitimate companies. Their email addresses, website urls look slightly different from the actual company that they’re pretending to represent.
As illustrated, check the URL by pointing your cursor on the link requested for clicking. At the bottom of the page, you will see a URL display. Now use your better judgment, if the URL looks doubtful.
How to detect a fake URL? For instance, the URL of paypal is http://www.paypal.com or sometimes you may see http://subdomain.paypal.com. However, if you see something like http://paypal.anotherdomain.com, this should give you a red alert that something is wrong.
2. Always Go Direct
Instead of clicking links sent to you from an email that require you to fill-out forms and divulge your personal data, why not go direct to the website of the company itself. If you don’t find any form related to the service or information you are trying to avail or data required from you by the company, then you’ll know that it’s a phishing scam.
3. What Your Browser Can Do For You
a. Turn Off Form Autofill:
It may be a great web browser feature to auto fill or remember data that you’ve previously encoded in e-forms, that when you fill-out another form, your data easily and automatically pops-out again. If you want to take an extra precautionary measure against phishing, then it would be best to turn-off this feature from your browser.
b. Utilize Browser’s Built-In Tools
http://cache.gawkerassets.com/assets/images/17/2012/01/60ce498b5634acd4c4e6a6e9da64329d.jpg
Browsers like Google Chrome and Firefox come built-in with phishing detection systems that flash warning signs whenever a phishing site is detected. This isn’t turned-on by default. It would be best to set it up for your protection.
c. Bump Up Your Phishing Detection with Web of Trust
Most browsers like Chrome, Firefox, Safari, Internet Explorer, Opera, has Web of Trust as a browser extension. This extension can give an indication whether a website is trustworthy or not. Install it as a browser extension, then a trust rating shall be displayed on the toolbar whenever you open a website.
Now to borrow words of wisdom from an old proverb about teaching a man how to fish: Teach a man phishing detection skills, and keep his life and identity safe and secure.... Got any other phishing scam detection tips?
Believe it or not, your computer could be virus free! Following the heels of our previous blog post about protecting your computer from getting viruses from emails, (see related blog post: You’ve Got Virus in Your Email! 3 Ways How Computer Viruses Enter Through Emails) there are ways and means on how to completely thwart the invasion of viruses and malware on your computer You don’t have to be a geek or a techie dude.
Makeuseof.com recommends these easy to do and follow, 9 simple steps to a virus-worry-free computer and internet usage:
1. Beware of Fake Download / Play Buttons:
Be wary or think twice before hitting or clicking any “play’ or “download” button. Torrent sites or sites where the ‘download’ keyword is often used, fake download / play buttons are usually present in these sites in order to play a dirty trick on site visitors. When in doubt, check the status bar. Makeuseof.com says that “If the domain in the status is different to the site you’re on, it’s probably a malicious advert.” Also use your best judgement or logic. For instance, after you’ve downloaded a software, then you see a ‘play button’ that looks odd and different from the visual style of the website, it’s a sign that it’s unrelated or a fake.
2. Don’t use Internet Explorer:
Internet Explorer has always been a hackers’ easy target, simply because a good number of users don’t bother switching browsers. Don’t be an easy prey. Remember to switch browsers.
3. Hang Up on Cold-Calling Indian Technical Support Agents:
If you get a call that starts with something like this conversation:
“ A: Hi there, I’m from (indecipherable) and we’ve registered an error from your Windows – have you been experiencing any issues with it lately?”
Don’t give in. If you take the call and follow the instructions, you’ll unknowingly give the hacker a “remote control access to your PC”.
4. Ignore Pop-Ups That Have Anything To Do With Security or Viruses:
Makeuseof.com simply advises this basic rule of thumb: “ignore any and all security related messages if you didn’t initiate them yourself...”
This is tricky because if you’ve got your own anti-virus (AV) software, your first instinct would be to think that your AV has detected an infection. Don’t fall into the trap of clicking anything, just ignore. If you get a pop-up message from a windows AV that you’ve never installed, chances are, you’ve already been infected.
5. Avoid Public Torrent Sites Like The Plague:
Makeuseof.com recommends these best new torrent sites. Download from sites with a private tracker.
6. Fake Torrents That Need a Specific Video Player:
If you’ve download a movie from a public torrent site and asks you to download a specific video player in order for you to view the video content, this is already a dead giveaway that you’re being led into the virus black hole. Checking a video content through a VLC player is your best defense. VLC players have built-in codecs that only plays genuine movies or video content.
7. Don’t Open Anything Forwarded To You:
Be wary of emails with attachments that come in the form of flash games, .exe files, or even photos. Most of the time, these emails carry the email addresses of your friends. You know your friends better. If there’s something fishy about the tone of their email messages, never fall into the bait of opening attachments.
8. Don’t search for common utilities in Google:
If you’re searching for common utilities like ‘the best video player’, never do it via Google search. Chances are, you’ll be led to a high ranking site jam-packed with malware. Do more research and ask for expert advice before downloading.
9. Create a non-admin account for general use and family members:
A computer admin account should not be free-for-all. Limit privileges and access by creating a user account for users other than yourself.
The internet is somewhat a dangerous place. Yet, as they say, knowledge is power. Just be armed with these basic knowledge and training, and you’re on your way to the road leading to a virus-free computer haven.
Learn to how spot viruses attached to your emails and block them instantly
Viruses are every computer users’ sworn arch-enemy. Their mission is to replicate, spread, and damage. Just like any other virus on this planet, they populate and multiply by looking for carriers, and pass on from one carrier to the next by modes of interaction. In the computer world, one of the most common ways of interaction is through the harmless little thing that most netizens do -- email. Remember the “I Love You Virus” phenomenon? Indeed, a simple email that had on its subject line the words “I Love You”, caused one of the most devastating and widely spread damage to computer machines and files worldwide. By merely opening a simple email attachment with the filename "LOVE-LETTER-FOR-YOU.txt.", it damaged the machine, files, and multiplied by sending a copy of itself to the first 50 email addresses in a Windows Address Book.
Learn how to spot these innocent-looking and sounding emails. Makeuseof.com has identified the 3 Top Ways People Get Infected by An Email Virus:
1. A Virus As An Email Hoax
Oh how we easily fall for chain letters and do not hesitate on forwarding them to all our contacts. A heartbreaking story of a parent asking for an organ donation of his sick child; a threatening note that says if you don’t forward it to your friends, you will lose your job... we all fall prey to these email hoaxes. Viruses are not always programs. The email is the virus itself. They clog-up our inboxes and mail servers, they make us feel gullible, they waste our time and energy. Think twice before you hit the forward button. Here are sites that could help:
a. About.com: Top 10 lists of latest viruses, virus alerts, and virus hoaxes
b. Hoax-Slayer: get information about email hoaxes, verify credibility of your email sources
2. A Virus In An Email Attachment
The “I Love You Virus” is a classic example. The virus, which comes as an email attachment, has self-replicating characteristics. These attachments that contain viruses are :
a. Executable Programs with file types: .com, .exe, .vbs, .zip, .scr, .dll, .pif, .js
b. Macro Viruses with file types: .doc, .dot, .xls, .xlt
Reading the email won’t do any harm, but opening the attachment opens up the virus for hatching.
So the best line of defense is to read the email, and if it looks suspicious, press delete.
3. A Virus In The Email Body
HTML is now commonly used in email to embed images and links. However, they can also be used as carriers by embedding scripts that can execute a virus and infect your computer. Hence, mail programs block HTMLs and first ask for your consent to display these content and ask you if these come from a trustworthy source. This is a safety precaution that you should always enable.
URLs can also come as wolves in sheeps’ clothing. What seems like a harmless link could either be a doorway that leads to a website of a malicious script, or you may unknowingly download and launch a self-executing virus.
Another basic rule of thumb: Verify your sources. Never open links from suspicious sources.
In a gist, Makeuseof.com recommends you to keep a ‘safety first’ state of mind by doing the following:
- Act smart, not fast.
- Verify the source of any suspicious email before you act.
- Generally, do not blindly forward emails, open attachments and links, or view HTML content.
- Get an antivirus program and regularly update its virus definitions.
- Make sure your mail program is set to not automatically download and open attachments or display HTML content.
]]>
Now flash-forward to this modern day and age, Alibaba has now assumed the name of ‘hacker’, lurking at the back-end of your ‘cave’ (read: PCs) to eavesdrop on your passwords. And lo and behold! He’s also posting nasty status updates on your social network accounts, to boot!
Find out if you are:
- One of the 25% who use first their names as passwords?
- One of the 26% who create passwords containing 6 letters?
- Using dictionary words in any language as your password?
- Using misspelled words, abbreviations or words spelled backwards, as passwords?
- Using a sequence or repeated characters from your keyboard?
- Using personal details such as birthdays, driver’s license numbers, and the like, as passwords?
Now going back to Alibaba’s story…there were forty thieves who guarded the cave and even secured it with magic words. But Alibaba was at the right place and at the right time. So the moral lesson of the story is – there is no safety in numbers…or letters or words.
Find out how you can avoid the most common and dangerous passwords…
If you are part of the above statistics, check out this infographic from dailyinfographic.com.
![Top Hackable Passwords [infographic]](http://dailyinfographic.com/wp-content/uploads/2011/02/password_info.png)
1. Keep yourself organised.Sounds simple, but this is the most important thing you can do – have a logical and consistent layout to where you store your data. Don’t just dump things on your desktop and hope to sort them out later, or save files to whatever random folder a File|Save dialog box offers. Have a directory/folder structure that is organised enough to make sense to you, without being so anal retentive that it drives you nuts and you start to disregard it.
2. Use unique Forgot your password? questions: One of the most frequent ways hackers break into the social networking accounts of celebrities and public figures is by clicking the Forgot your password? link on the signin page. The site verifies the person's identity by posing questions that can easily be answered about most people with a simple Web search: Where did you go to high school? What is your father's middle name? Whenever you can, write your own custom password questions that have answers no one could easily find. If you have to use default questions, make up more-secure answers — just make sure you can remember them!
3. Check privacy policies: Before you provide any data to a website, read its privacy policy. It can be a pain, but it's less painful then being the victim of data theft. The policy must clearly explain what data the website gathers about you; how it is used, shared, and secured; and how you can edit or delete it. If the site doesn't have a privacy policy, don't use it.
4. Use privacy settings: If you use a social-networking site, thoroughly investigate its privacy options and lock down your accounts as tightly as you can. Share only with people you have met in person.
5. Shop only at encrypted sites: Before you enter a credit-card number on a shopping site, check the URL to make sure the site is secure. This site should use a URL that starts with https instead of the more-common http. The s is for secure: if it’s not there, don’t enter your information.
6. Keep your computer safe: According to the Microsoft Security Intelligence report, the single leading cause of data loss continues to be loss of computer hardware. Laptops and other mobile devices get stolen from cafés, airports, public transportation, and almost any other place travelers are likely to be found. If you travel with a computer, treat it like your wallet — it probably has more in it!
Follow these simple tips for protecting your personal data and you're a lot less likely to fall victim to an annoying and potentially costly data theft attack. Got some other tips for protecting your personal data? Let us know in the comments.
]]>
No doubt you would have heard or seen the term 'Phishing' mentioned multiple times over the time you've been using a PC. And for a lot of people it's probably one of those terms you've seen a lot but never actually knew what it meant; well today you're going to learn:Due to the wide use of computers and internet, the dangers that come with their usage is also increasing. Today emails are very useful in many ways, so useful in face that many of us would probably be lost without them. Unfortunately the same technology that makes our life easier can also bring us many problems and make us lose money. I heard a story the other day about a friend of a friend and how he received an email from his bank. He was curious why his bank would send an email to him and opened that email.
In that email it was mentioned that he was selected and had won a car worth $20,000. In order to register the car in his name and deliver to him they wanted some of his personal details. A link was provided in the email to update his particulars. There was also a warning message which said the particulars have to be updated ONLY using the link provided in that email.
Obviously this guy was very happy, as you would be if you thought you'd just won a $20k prize out of nowhere. He clicked on the link. His bank’s home page appeared on the screen. He checked whether it was the same page as his bank. Yes it was. It was the same page as his bank’s page. He was even happier now. His Name, Birth date, Father’s Name, Home Address, Account number, Password, Credit card number and many other details were asked in that page. He happily filled all the details. He was then shown a ‘Thank You’ page which said that the car’s key and the registration papers will be sent to him in a week.
After two or three days he went to the bank to withdraw some money. But the bank clerk said that ‘there was no balance’ in his account. He argued that he did not withdraw any money and asked him to check again. The bank clerk said, you did not withdraw money but you bought a lot of things ‘online’. He then started thinking about how this could've happened, and after a few minutes it dawned: the email that he had received earlier was a hoax and he had been cheated.
This kind of activity is called ‘Phishing’. The email will often disguise itself by claiming to be part of a well known organisation, a link will be provided in the email and it will ask you for your particulars and to update your password and other personal details. If you click the link the page will look very similar to the company’s original website but it's actually not. They bait you with the email and then reel in your details, hence the name 'Phishing'.
How do you protect yourself from 'Phishing'?
- If any email asks for your bank’s login name, password, bank account no, credit card no etc, this should be an automatic warning signal. No bank will ask for these details through email. You can call your bank and check with them.
- If you receive SPAM emails from unknown persons or unknown companies just ignore them and delete them.
- When you visit websites, do not fill in forms and subscribe to insecure websites. You can see whether a site is secure from the LOCK icon displayed in the status bar of the browser, or in the address bar the address starts with ‘https’
- Never click on links contained inside emails.
- If you are an ‘online banking’ user then frequently check your bank balance and transactions. If there is any doubt just call your bank to verify.
- Another thing to remember is ‘there's no such thing as a free lunch’, let alone a $20k car. So if any email claims that you have won a lottery, or someone wants to transfer an amount to your account etc, just ignore it as SPAM.
Got any 'Phishing' stories of your own? Tell us about them in the comments..
]]>While there isn’t much you can do to prevent hackers from reaching your finances if that is their intention (short of reverting to a cash-economy), there are plenty of steps that can be taken to minimize the risk of exposing your secure information online. From making decisions on which websites have the best security, to choosing methods of payment and –crucially –how you save your passwords –we’ll be taking you through the ins and outs of keeping your finances safe online this week. So if you, like the rest of us, can’t keep away from the buzz of shopping on global websites with the Australia dollar pushing beyond parity, follow our Facebook and Twitter feeds to make sure what you think you are buying is all that you end up paying for.
]]>