Phishing For Your Identity

Who hasn’t received an email directing them to visit a familiar website where they are being asked to update their personal information? The website needs you to verify or update your passwords, credit card numbers, social security number, or even your bank account number. You recognize the business name as one that you’ve conducted business with in the past. So, you click on the convenient “take me there” link and proceed to provide all the information they have requested. Unfortunately, you find out much later that the website is bogus. It was created with the sole intent to steal your personal information. You, my friend, have just been “phished”.

Phishing (pronounced as “fishing”) is defined as the act of sending an email to a recipient falsely claiming to have an established, legitimate business. The intent of the phisher is to scam the recipient into surrendering their private information, and ultimately steal your identity.

It is not at easy as you think to spot an email phishing for information. At first glance, the email may look like it is from a legitimate company. The "From" field of the e-mail may have the .com address of the company mentioned in the e-mail. The clickable link even appears to take you to the company's website, when in fact, it is a fake website built to replicate the legitimate site.

Many of these people are professional criminals. They have spent a lot of time in creating emails that look authentic. Users need to review all emails requesting personal information carefully. When reviewing your email remember that the "From Field" can be easily changed by the sender. While it may look like it is coming from a .com you do business with, looks can be deceiving. Also keep in mind that the phisher will go all out in trying to make their email look as legitimate as possible. They will even copy logos or images from the official site to use in their emails. Finally, they like to include a clickable link that the recipient can follow to conveniently update their information.

A great way to check the legitimacy of the link is to point at the link with your mouse. Then, look in the bottom left hand screen of your computer. The actual website address to which you are being directed will show up for you to view. It is a very quick and easy way to check if you are being directed to a legitimate site.

Finally, follow the golden rule. Never, ever, click the links within the text of the e-mail, and always delete the e-mail immediately. Once you have deleted the e-mail, empty the trash box in your e-mail accounts as well. If you are truly concerned that you are missing an important notice regarding one of your accounts, then type the full URL address of the website into your browser. At least then you can be confident that you are, in fact, being directed to the true and legitimate website.

Name, Rank and Social Security Number

Identity theft is the fastest growing crime in the U.S. The U.S. Secret Service has estimated that consumers nationwide lose $745 million to identity theft each year. According to the Identity Theft Resource Center, the average victim spends 607 hours and averages $1,000 just to clear their credit records.

Identity thieves employ a variety of methods to gain access to your personal information. They may get information from businesses or other institutions by stealing it; by bribing an employee who has access to records; hacking into records; or conning information out of employees. Once identity thieves have your personal information, they may use it to commit a fraud or theft in your name.

How can you tell if you have become a victim of identity theft? Some signs include unexplained charges or withdrawals from your financial accounts; bills or other mail stop arriving (the thief may have submitted a change of address); a credit application is denied for no apparent reason, or debt collectors begin calling about merchandise or services you didn’t buy.

Your computer can be a goldmine of personal information to an identity thief. To protect yourself and your computer against identity theft consider:

  • Updating virus protection software frequently. Consider setting your virus protection software to update automatically. The Windows XP operating system also can be set to check for patches automatically and download them to your computer.
  • Not opening files sent to you by strangers, clicking on hyperlinks, or downloading programs from people or companies you don’t know.
  • Using a firewall program, especially if you use a high speed Internet connection like cable or DSL that leaves your computer connected to the Internet 24 hours a day.
  • Providing your personal or financial information through an organization’s secured website only. While not fool proof, a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for secure), may provide additional security.
  • Not storing your financial information on your laptop, unless absolutely necessary.
  • Deleting all the personal information stored on a computer before disposing of it. A wipe” utility program to overwrite the entire hard drive is recommended.
  • Checking with an anti-fraud education organization such as CardCops (www.cardcops.com). Card Cops runs a web site designed to help consumers determine whether their credit card numbers may have been stolen. They monitor Internet "chat rooms" where identity thieves illicitly trade and sell stolen credit card numbers. CardCops turns the information over to law enforcement authorities, but also allows consumers to access their database to see whether individual card numbers may have been stolen. In the first two months of operation, the site identified more than 100,000 stolen credit cards.
As with any crime, you can not completely control whether you will become a victim, but you can take steps to minimize your risk by remaining diligent and by minimizing outside access to your personal information.

Computer Security

How many spyware items are infecting your computer?

I just had, by mistake, a plug-in called Intelligent Explorer attach to my browser. What a nightmare! I have another article on this topic, but this brings home a point. Spyware or adware items are continually infecting computers. Most computers have no protection from them. Most frightening is the frequency of them. From the InfosecWriters web site, "According to a 2004 survey by America Online and the National Cyber Security Alliance, 91% of users questioned were familiar with the term spyware. Only 53% believed their computers were infected, but a scan found that 80% of their PCs had some type of spyware installed on them." It goes on to say, "...The average number of spyware components per computer was 93 with one computer having well over a thousand."

What is Spyware?

Butte College (www.bctv.butte.edu/support/spyware.html) offers this definition:

“The term ‘spyware’ is broadly defined as any program that gets into your computer without permission and hides in the background while it makes unwanted changes to your user experience.
Spyware is generally not designed to damage your computer. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.
At present, most spyware targets only the Windows operating system (Internet Explorer).”

To be fair, spyware can be harmless, for example tracking cookies don’t do much. While such things infringe on your privacy, they don't really harm anything. Others, however, are extremely dangerous.

So what do you do about it?

No spyware program seems to do everything, but there are a lot of goods solutions out there that can help. Here is a list of some of the top Spyware tools to look at:


1) Try Ad-Aware 6.0 Professional from LavaSoft (there is also a free version with less functionality)

2) Spybot Search & Destroy from PepiMK Software


3) Xoftspy form Pareto Logic

5) Spyware Guard from Javacool Software is a free program

4) Pest Patrol (now part of Computer Associates by acquisition)

5) McAfee Anti-Spyware

One thing is for certain: you do need to take spyware seriously. For some reason, too many people out there think anti-virus solutions are the end-all solution. They are not.

And, when all else fails?

Finally, as drastic as it seems, if your computer has been infected with a large number of spyware programs, the only solution you may have is backing up your data, and performing a complete reinstall of the operating system.


Computer Security

Finding the Security Suite that meets your needs

Before proceeding to read this article, it is important that we state something up front. It is essential for the reader to understand and appreciate that there is no such thing as a secure operating system or web browser. While the use of security suites and other complementing products can significantly reduce your risks, they are not magic wands that you can wave to eliminate 100% of your risk. Any product claiming they can do this should be viewed with great skepticism.

With that being said, let’s talk computer security and security suites. There are numerous ways in which the security of your computer can be breached. The most common threats come from worms, viruses, Trojans, phishing, hackers and crackers. Potential security breaches can come in the form of downloading unfamiliar email attachments, being monitored by spyware, maliciously attacked by malware, or probed through port scanning.

Dshield.org (www.dshield.org), a non-profit company, functions as a “dominating attach correlation engine with worldwide coverage”. In short, they work with people and companies to track, among other things, port scanning violations. Port scanning involves a person (referred to as a hacker or cracker) who attempts to break into you computer through the open ports in your system. Once an open port is located, the individual attempts to collect your personal data or install a malware program into you computer. On average, Dshield.org logs over 1.1 billion reported attempts of port scanning each month. What is even scarier is that this is just based on their program participants. You can imagine how many more incidents are occurring each month to the general population of computer users.


Here are a few easy steps you can take to immediately protect your computer:
  1. Don’t run unfamiliar programs on your computer. It sounds like common sense, but many of the most prominent attacks have involved spyware and email attachment worms such as Bagle and Netsky. If you don’t recognize the sender, don’t download its attachments.
  2. Don’t allow unrestricted physical access to your computer. If you have sensitive or proprietary information on your computer, allowing other employees or family members to use your computer can lead to potential breaches in your computer’s security.
  3. Don’t use weak passwords. Use passwords which are difficult for someone to figure out. People frequently use the names of children, pets, anniversary dates, or birthdays. Because there seems to be a password needed for everything, it is not uncommon to see many people using the same password for everything. Big mistake! The use of only one password provides a hacker with easy access to a smorgasbord of personal information. If you have to write your passwords down, it is best not to leave them on a post-it, attached to the screen of your computer. You may chuckle at the absurdity, but it happens more than you think.
  4. Don’t forget to regularly patch your operating system and other applications. Many industry experts believe that most network security attacks would be stopped if computer users would just keep their computers updated with patches and security fixes. Too often, we forget to do this on a regular basis. Remember that every day, new viruses, worms and Trojans are being created and distributed. They are looking for the weaknesses in your computer system. Having outdated software is basically the same as holding the door open and inviting them in for a visit.
  5. Don’t forget to make regular backups of important data. Always keep a copy of important files on removable media such as floppy/ZIP disks or recordable CD-ROM disks. Store the backups in a location separate from the computer.
In most cases, Windows desktop and screen-saver passwords provides adequate protection for normal security concerns. However, if you feel more comfortable taking additional security measures consider obtaining a comprehensive security suite.

Selecting a Antivirus Software

The next question is how do you pick the best product for your needs? You start by asking yourself a series of questions. Do you need password protection for individual files, your desktop, a network, or to block someone’s access to the Internet? Is your computer used only by you or do multiple users have access to the computer? How many users in total do you expect on your computer? What are your system requirements? How much do you want to spend?

Once you are able to answer these questions, you can begin to research which security suite will best meet your needs. Product reviews and user statements provide a great starting point. PCMagaine (www.pcmag.com), Zdnet.com (www.zdnet.com), and Consumer Reports (www.consumerreports.org) are just a few informative sites that offer research on various computer software products.


Computer Security

Fighting Spam

How prevalent is Spam?
According to Scott McAdams, OMA Public Affairs and Communications Department (www.oma.org):
“Studies show unsolicited or “junk” e-mail, known as spam, accounts for roughly half of all e-mail messages received. Although once regarded as little more than a nuisance, the prevalence of spam has increased to the point where many users have begun to express a general lack of confidence in the effectiveness of e-mail transmissions, and increased concern over the spread of computer viruses via unsolicited messages.”

In 2003, President Bush signed the “Can Spam” bill, in December of 2003 which is the first national standards around bulk unsolicited commercial e-mail. The bill, approved by the Senate by a vote of 97 to 0, prohibits senders of unsolicited commercial e-mail from using false return addresses to disguise their identity (spoofing) and the use of dictionaries to generate such mailers. In addition, it prohibits the use of misleading subject lines and requires that emails include and opt-out mechanism. The legislation also prohibits senders from harvesting addresses off Web sites. Violations constitute a misdemeanor crime subject to up to one year in jail.
One major point that needs to be discussed about this: spam is now coming from other countries in ever-greater numbers. These emails are harder to fight, because they come from outside our country’s laws and regulations. Because the Internet opens borders and thinks globally, these laws are fine and good, but do not stop the problem.

So what do you do about this? Her are the top 5 Rules to do to protect from spam.

Number 1: Do what you can to avoid having your email address out on the net.
There are products called “spam spiders” that search the Internet for email addresses to send email to. If you are interested, do a search on “spam spider” and you will be amazed at what you get back. Interestingly, there is a site, WebPoison.org, which is an open source project geared to fight Internet "spambots" and "spam spiders", by giving them bogus HTML web pages, which contain bogus email addresses
A couple suggestions for you: a) use form emails, which can hide addresses or also b) use addresses like sales@company.com instead of your full address to help battle the problem. c) There are also programs that encode your email, like jsGuard, which encodes your email address on web pages so that while spam spiders find it difficult or impossible to read your email address.

Number 2: Get spam blocking software. There are many programs out there for this. (go to www.cloudmark.com or www.mailwasher.net for example). You may also buy a professional version. Whatever you do, get the software. It will save you time. The software is not foolproof, but they really do help. You usually have to do some manual set up to block certain types of email.

Number 3: Use the multiple email address approach.
There are a lot of free email addresses to be had. If you must subscribe to newsletters, then have a “back-up” email address. It would be like giving your sell phone number to your best friends and the business number to everyone else.

Number 4: Attachments from people you don’t know are BAD, BAD, BAD.
A common problem with spam is that they have attachments and attachments can have viruses. Corporations often have filters that don’t let such things pass to you. Personal email is far more “open country” for spamers. General rule of thumb: if you do not know who is sending you something, DO NOT OPEN THE ATTACHMENT. Secondly, look for services that offer filtering. Firewall vendors offer this type of service as well.

Number 5: Email services now have “bulk-mail” baskets. If what you use currently does not support this, think about moving to a new vender. The concept is simple. If you know someone, they can send you emails. If you don’t know them, put them in the bulk email pile and then “choose” to allow them into your circle. Spam Blocking software has this concept as well, but having extra layers seems critical these days, so it is worth looking into.

Computer Security

Fighting of Viruses

Fighting of Viruses: Advancements in Antivirus Software Suites

Protecting your computer from a virus is getting harder and harder each day. While it may border on the paranoid, it goes without saying that you can’t leave your guard down for one second. Even corporate giant Microsoft has found its own systems compromised on more than one occasion.

Remember the “good old days”, before the advent of the Internet and downloadable programs? Life was simple then in terms of computer viruses. With the primary way in which a virus could be transmitted being limited to floppy disks, the ability to catch and eradicate the virus was a lot easier. By today’s standards, it used to take quite a while before a virus was able to infect a computer and slow down the system. The antivirus software of that time was typically able to identify and eradicate viruses before they caused too much damage. Additionally, computer users were pretty savvy on how to protect themselves in terms of scanning all floppy disks before copying them to our desktop.

The Internet helped change all that. The Internet provided a conduit by which viruses could move from host to host with lightening speed. No longer could a computer user just worry about floppy disks as points of entry, but they now had to worry about email, email attachments, peer-to-peer file sharing, instant messaging, and software downloads. Today’s viruses can attack through multiple entry points, spread without human intervention, and take full advantage of vulnerabilities within a system or program. With technology advancing everyday, and the convergence of computers with other mobile devices, the potential of new types of threats also increase.


Protecting Your Computer

Luckily, the advancement of antivirus software has kept pace with current virus threats. Antivirus software is essential to a computer’s ability to fend off viruses and other malicious programs. These products are designed to protect against the ability of a virus to enter a computer through email, web browsers, file servers and desktops. Additionally, these programs offer a centralized control feature that handle deployment, configuration and updating.

A computer user should remain diligent and follow a few simple steps to protect against the threat of a virus:

  1. Evaluate your current computer security system.
  2. With the threat of a new generation of viruses able to attack in a multitude of ways, the approach of having just one antivirus software version has become outdated. You need to be confident that you have protected all aspects of your computer system from the desktop to the network, and from the gateway to the server. Consider a more comprehensive security system which includes several features including antivirus, firewall, content filtering, and intrusion detection. This type of system will make it more difficult for the virus to penetrate your system.
  3. Only install antivirus software created by a well-known, reputable company.
    Because new viruses erupt daily, it is important that you regularly update your antivirus software.
    Become familiar with the software’s real-time scan feature and configure it to start automatically each time you boot your computer. This will protect your system by automatically checking your computer each time it is powered up.
  4. Make it a habit to always scan all new programs or files no matter from where they originate.
  5. Exercise caution when opening binary, Word, or Excel documents of unknown sources especially if they were received during an online chat or as an attachment to an email.
  6. Perform regular backups in case your system is corrupted. It may be the only way to recover your data if infected.

There are numerous applications available to consumers. With a little research, you can pick the program that is right for you. Many programs provide a trial version which allows you to download the program and test its abilities. However, be aware that some anti-virus programs can be difficult to uninstall. As a precaution make sure to set up a System Restore point before installing.

Computer Security

Privacy Policy

Designed by Posicionamiento Web