Iâ€™ve found that a lot of people who spend a couple of hours or more online each day still donâ€™t have a good feel for whatâ€™s safe and what isnâ€™t. So I thought Iâ€™d share some online security tips with you that may help keep your computer from being corrupted, your identity from being stolen or your inbox being inundated with spam.
Everyone doesnâ€™t surf the web, but most of us have an email account or two. And there are some threats you need to be aware of that can pop up in your inbox.
Iâ€™m going to skip over anti-virus and malware protection programs for the moment, as they warrant a post all their own.Â This post will deal more with just plain common sense.
There are three basic types of incoming email threats to be aware of:
1. Spam –
These are unsolicited emails, trying to get you to buy something or visit a page in the hope of convincing you to give them somethingâ€¦ an order, your email address, a subscription sign-upâ€¦ could be a number of things. The point is, you didnâ€™t ask for it, but they sent it to you anyway, and they want you to give them something in return for the favor of gracing you with their presence.
Donâ€™t! In fact, donâ€™t open them, donâ€™t even view them in your preview window. If you know itâ€™s not something you requested, delete it immediately. Some emails have a script embedded in them which will ping the sender when an email is opened. This tells the guy that just sent his garbage to 10,000 random addresses that yours is a valid address. That means your address is no longer a question mark â€“ itâ€™s now inked-in, and you can rest assured, youâ€™ll be hearing more from him, and others, because this is a common ploy when building a â€œverified listâ€ of emails to sell to mass-marketers (spammers, so as not to put too fine a point to it).
2. Spoofs –
These are unsolicited too, of course, but may not be as obvious. It may purport to be from eBay, PayPal, or Bank of America, and the subject line may say something about you winning something, or your account being suspended or otherwise jeopardized, just to get your attention. If you view the email, itâ€™ll often display the logo of the supposed sender, and say that you have to log in to change your password, or verify your detailsâ€¦
Again, donâ€™t! If you click through to what they say is the login link, youâ€™ll be taken to a page that is a copy of the page of the authentic eBay, PayPal or B of A, and when you enter your username and passwordâ€¦ did you hear that? That was the whooshing sound of your account being cleaned out by some giggling fiend on the other side of the monitor.
First of all, if you use Wells Fargo or United Bank, why would you even consider opening such an email from B of A? Obvious, right?
But maybe you do use B of A. So how do you protect yourself? First of all, you should NEVERâ€¦ let me repeat thatâ€¦ absolutely NEVER use the link in ANY email to proceed to a site where security should be a major issue. Type the link into your browser. (DONâ€™T copy and paste itâ€¦ you might as well click on it if you do that!) And itâ€™s a good practice to check links out regardless, so you know if theyâ€™re what they say they are.
For instance, you might receive an email from United Bank saying that theyâ€™ve noticed suspicious activity and need you to verify a transaction. You can hover you mouse over the link, without clicking on it and in your status bar, the actual address of the link will be displayed. If the link address is something like igorsrevenge.ru/ripoff/sept11, itâ€™s a fair bet that Union Bank didnâ€™t send it. Similarly, you can check out the real email address of the sender. No business that Iâ€™m aware of is going to have a hotmail or gmail address.
Some of these folks are slightly brighter than others, so theyâ€™ll make it less obvious. I got one today from someone purporting to be AlertPay. They had gone to some length to hide their siteâ€™s real address by setting up a series of subdirectories, so when I hovered over their â€œClick Here to Verify Your Identityâ€ link, what actually was embedded was:
What that means is that their site URL is actually upweb.ir. They attempted to make it look as though the URL was alertpay.com. And if a person was in a hurry, they might miss it and think it was authentic.
When I come across items like that, at least for businesses I actually use, Iâ€™ll take the time to visit their real site and make them aware of it so they can warn their users.
Even if I hadnâ€™t noticed the phony URL, common sense should warn me that any email so grammatically incorrect as this probably didnâ€™t originate in a reputable business:
Â Dear MEMBER
This EMAIL SENT YOU TO VERIFY YOUR IDENTITY .
- WE HAVE NEW SECURITY SYSTEM SO WE NEED VERIFY YOUR IDENTITY
- CLICK HERE TO VERIFY YOUR IDENTITY
- IF YOU HAVE NOTE VERIFY YOUR IDENTITY WE WILL
- BLOCK YOUR VISA AND MONEY AND ACCOUNTS
- ATTENTION YOU LINK EXPIRE AFTER 24 HOURS
As you can see, good grammar isnâ€™t a prerequisite for thieves.
3. Phishing â€“
This is a slightly more direct approach than the Spoof email. Phishing emails will often try to convince you to enter your private information in an email response to the sender. This one should send up red flags immediately. No reputable business will ask you to submit sensitive information via email. If they do, theyâ€™re really too stupid to do business withâ€¦ find a new vendor!
They may not be so obvious as to ask for your username and password. In fact, theyâ€™ll often come from places you wouldnâ€™t even have an account. What theyâ€™re looking for is any portion of your private information they can get. Maybe itâ€™s your full name, street address, employer, or IM username… youâ€™d probably be shocked to find out how much information already is available online about you. Why help them fill in any blanks, just so they can either sell your data or worse, steal your identity themselves.
Identity theft is a HUGE business, and there are some very astute technical minds at work in the field.
Other clues that should grab your attention include a list of coincidental addressees in the To: field of the email. Do you think this is coincidence, when over 30,000 consecutive names all show up in alphabetical order, as they did in the spoof example above?
TO: david.adams; david.adamson; david.addams; david.benson; david.bentley; david.carlson; etc…
There are many tools at your disposal, to protect you from this sort of activity: antivirus, anti-malware, email filters, firewallsâ€¦ but your best weapon is your head.