Moore Information Systems, LLC Be A Skeptic: Protect Your PC And Identity Online by Steven Moore

For the unsuspecting person, the Internet is a dangerous place. It’s not only dangerous for your PC, it can be dangerous to your bank account, too. Online fraud is real…and it is everywhere. Online security is multi-faceted. You can be diligent in one area of security only to have everything spoiled by poor judgment in another area.

If you have children, buy a 2nd computer. Children could care less if they are potentially exposing your PC to hostile programs or people. Do you use online banking? If so, never let a child use that computer! Suppose you have a young teenager that likes to play online games, steal music, and chat with friends. Are those game and music sites really safe? Almost each “free” game or music site is expecting something in return for their wares. Your child will be prompted to install a small “control” or “key” that will activate the game or allow access to the songs. Sure, it’s free, but what does that “control/key” do? What does that “key” allow onto your computer? Often, those free controls are simply masquerading Trojan programs that set up shop on your PC. These programs monitor your web habits, your keystrokes, and report back to their creators the information gained about you. So, the next time you log onto the Bank Of America website, the Trojan software is carefully logging your username and password, preparing to send it off to someone who will use it to raid your account.

Use unique credentials. If you use eBay or online banking, create unique usernames and passwords for each service. If eBay was to be hacked by criminals, they could learn your username and password. If you use the same username and password for everything you do online, criminals now have the keys to your entire virtual world. You don’t use the same key to enter your house that you do to start your car. Don’t make it easy for someone who gains access to an online key.

Use strong passwords. Never use a word that would appear in a dictionary. Hackers routinely use “dictionary attacks” against computers to gain access to information. If your password is contained in a dictionary, you’ve made it easy for the criminal. Mix up your passwords with case sensitive characters and numbers. “Te1ePhoNe” is a ton more secure than “telephone” as a password. Better yet, use a “pass phrase” (a small sentence) instead. “1SmaLLStepFORman1969” That would be pretty hard to crack!

Use multiple email addresses. Set up multiple email addresses and use them according to the job they will perform for you. Create and use one secure email address for online banking. Create and use another for logging into shopping websites. Maintain yet another email address for use amongst your closest friends or family. Create a “throwaway” email address that you can give to everyone else. Have a brother-in-law that forwards twenty joke emails a day from his computer? Give him the throwaway address. When it starts piling up a hundred pieces of junk email a day, delete it and create a new one. If you started to receive dozens of threatening phone calls at home (representing junk emails in this analogy), you’d probably have to change your number to get the harassment to stop. Think of all of the trouble it would be to notify everyone of your new number. Instead, if there were such a thing as a “harassment line” in your home, you could simply disconnect it, leaving your home line undisturbed. Eventually, every email address will start collecting spam. It’s only a matter of time. By selectively using your email identities, you’ll keep important matters secure.

Simply because there is an online option, should you really use it (or trust it)? You’ve just found out that you can go on a trip overseas next summer with your son’s 10th grade class. You need a passport. You go online and look up “How to get a passport”. One of the sites returned boasts an offer to get you a “guaranteed passport in 48 hours, delivered to your door for only $99”. What a great deal, right? Well, only the US Government can issue legal passports. Does the US Government own this “$99” website? Actually, who does own this website? Is it a group of criminals in eastern Europe or Asia? You could go to their website, fill out all of the personal information and give them a credit card. Congratulations! You’ve just handed your identity over to thieves…and given them a live credit card number to boot! Placing an order for merchandise online with reputable retailers using a major credit card is usually not a problem in itself. But, placing an order online and giving out extremely personal information like your Social Security number, your date of birth, your mother’s maiden name (all of the things that would be required in getting a passport) is incredibly irresponsible. My advice would be go down to the Post Office instead. Be skeptical of online offers!

Don’t click on links or attachments in email. You’re at home, and an email from an online greeting card company has arrived. You’ve received an “eCard from a family member”. Inside is a link to view the card. On the other side, in reality, is a terrible piece of software waiting to be installed on your PC. What family member sent this to you? What “Class Mate”, “Neighbor”, or “Secret Admirer” cares enough to send you this gift? No one you know really sent this to you. Your curiosity and desire for love (wink) is a tempting thing. Delete the email. You’ll be disappointed when you find out that the “card” isn’t from someone you know, and you’ll be extra disappointed to know that your PC has been hijacked.

You bank will never want you to “update your profile”. Under no circumstances should you respond to a request to “update” or log in to your online banking or commerce website. Millions of “phishing” emails are sent daily trying to trick people into entering their personal information into a fake website. Great care is taken by criminals to create a realistic web page mimicking every detail of a legitimate website. As you enter your banking username and password, you’re given a “Thank You” page for your time. But, that fake website is simply harvesting the usernames and passwords that are entered. Later that evening, your bank account will be emptied. No, your bank will never want you to “re-register”. eBay will not want you to “help them with an ongoing fraud investigation”. No, you really do not have to “verify your identity” to keep your account open. No matter how official the email or website looks, don’t fall for this trick.

Never help a Nigerian get his cash out of the country. There has never been a wealthy Nigerian needing an American to help him legitimately get his money transferred to America. There is no life saving surgery needed for his little son, either. There’s no one on this planet that will give you a kickback for helping them move currency. No matter how intriguing, delete the message and think nothing of it again. Why would you be receiving such an email? How would someone in Nigeria know your email address?

Never “unsubscribe” from unsolicited junk email. Three months ago, you signed up for a quilting email newsletter. Today, you realize that you hate quilting. In this case, since you are the person who added your name to the email list, go ahead and take advantage of the “unsubscribe” offer at the bottom of the email message. But be careful! Never use this feature on email that you did not solicit. Are you getting junk email (often called Spam) from unknown groups or senders? Don’t be tempted to use the unsubscribe feature. Those spammers don’t know if your email address is legitimate or not. They have no idea if anyone reads their messages. But, if you take the time to hit the “unsubscribe” link, you’ve just made it perfectly clear to them that there is a live human being attached to your email address. Tomorrow, there will be 300 pieces of Spam waiting for you. If you would have done nothing, they would have never known you exist.

Never give out personal information online. Make sure your children know not to use personal and identifying information online. Don’t list your real name on MySpace. Don’t post your email address to chat rooms or web pages. Don’t post photos with identifying shirts or hats of your school. Don’t brag about your cheerleading squad winning first prize in the US Nationals. All a criminal has to do is “Google” the US National Cheerleading Competition. He then sees the “Red Valley High School Eagles” as first place winners this year on their website. Red Valley High School returns hundreds of hits as being located in Swamp City, South Carolina. Bingo! Google Maps provides him a driving route to the school. How easy is this?! Heck, with Google Earth, if you know someone’s address, you can look at a satellite photo of their home and street! You can tell which cars are parked in the driveway. You can tell if there’s a pool in the back yard. You can tell how many trees are in the front yard. With so many information resources online, why make things easy for someone with bad intentions?

Be the Parent. Remind your children every day that you are the parent and they are the child. If you allow your children to have a Facebook account, create one for yourself, too. Make sure that they add you as a “friend”. Make it clear to them that their lives are your responsibility, and you plan to monitor their online behavior. Make it mandatory that all email accounts, Facebook accounts, and anything else needing a username and password be available to the parent at any time. Test the accounts by logging onto Facebook, their Instant Messaging programs, and their PCs. Look for offensive or inappropriate material. Tell their friends (do it in person, its extremely effective), that you will be peeking into your kid’s computers and Facebook pages on a regular basis. Make sure that their friends know that if you find objectionable material, you’ll be contacting their parents by phone. Make a rule that if a supplied username and password do not work for you at any time, the computer gets taken away for a month or two (or three).

	Be a complete skeptic online. Don’t trust anything without checking it out. Check email rumors through www.snopes.com. If you are prompted to install software to “properly view this web page”, don’t! Just because someone sends you something in email does not mean you have to open it. Check things out before you make a painful mistake online.