|
|
Table of Contents
Introduction
Although computer viruses and spyware are certainly hazardous to
your computer and pose a risk to the security of your personal
information, many people do not realize that "mal-ware" of this sort
usually requires the user's assistance at some point in order to be
installed. If fact, much of the fraud and "data mining" that goes on
in connection with the internet occurs in direct transactions with
users, without the assistance of either viruses or spyware.
Spam, Spam, Spam. . .
For those who are lucky enough not to know what it is, Spam is the
internet version of junk-mail. Though it is almost impossible to
avoid completely, the following is a list of precautions to help you
identify it and avoid getting more than your fair share of it:
- Most spam is readily identifiable. It usually comes from
someone that you don.t know, and may contain extremely vague or
nonsensical subject lines. For example if you get an email from
"Carrie Downs" or "Zeiyneiyb", and you don't know anyone by those
names, then they are most likely spam. Likewise, the subject
matter may be something like "Re: your order" or "Fwd: You've got
to see this!" (Spammers often like to use Re: because it
sometimes fools anti-spam software into thinking you are getting a
response to an email you sent.) Don't worry if you feel that
these guidelines are vague: If you use email for any significant
period of time you will become adept at identifying most spam
immediately.
- Keep a "spam" account. Signing up for services online often
requires an email address. Though one would like to believe that
this information is kept confidential, it is not wise to assume
that this is true. Many companies pay money for lists of valid
email addresses, so you can expect that once your email is on even
one list, it will soon find it's way to many more. It is
extremely easy to get a free email account online, which you can
use for signing up for things and such. You will have to go in
and clean it out about once a week (it will fill up fast) but at
least it saves you from having to sort through 20+ messages a day
on the accounts that you actually use. Any account that you wish
to keep free of spam should never be given out to any company or
individual that you do not trust implicitly.
- Never reply to junk email, even if there is a link or a
procedure to follow to "remove you from their mailing list." This
only alerts the sender to the fact that your email is both active
and used by you. Though you may not get any more email from that
particular site, it's almost a given that your email will be
flagged and sold to other spammers.
Beware the "Phish"!
"Phishing" is one of the most frequently encountered internet
pitfalls, and can be one of the most damaging. Rather than trying to
design a software package to infect your system to obtain personal
information (such as credit card numbers, IP addresses, etc.)
Phishing is an attempt to get you to supply your personal information
directly. Phishing usually involves email (SPAM!) requesting personal
data or directing the recipient to click on a web-link. Although this
may appear to be easily recognizable and avoidable, these messages can
be extremely convincing. Keep the following in mind whenever you use
email:
- Many phishing emails appear to be from sources that are
familiar to the user. There are any number of ways for your email
address to be linked with another user or company, so just because
an email claims to be from someone you know does not necessarily
mean that you can trust it.
- Always be suspicious of any links or "action objects" such as
buttons that are provided in an email. Whenever you visit a
website, you provide information such as your IP address and email
address to the website you visit. This verifies the validity of
your email for future "junk" email suppliers, and may open up your
system to security risks. It is true that most IP addresses are
dynamic in nature. DSL and Cable connections, however, only
change their IP address when their "Modem" is restarted, if they
change at all. In any case, once your IP address is known, it
opens your computer to hacking to a greater extent.
- Although recent software is "safe" concerning display of
pictures and such in email, Windows software has (in the past)
enabled your system to run viruses that were bundled into graphic
objects such as jpeg or gif files or even masquaraded as a multimedia
or flash animation. It is advisable that you do not open email unless you
are fairly confident that it is coming from a reputable source.
Many email programs have preference settings automatically
"previewing" an email message when you select the header. It is
generally safest to disable this option, so that the user must
actually open an email in order to view it.
If the option is present
in your mailer, you should disable the ability to display html and images
from within the body of the message.
- Always (ALWAYS) be suspicious of any email you receive that
requests your personal data in any way. There is NO reason why a
company that you have an account with should ever need you to
verify your account number or require your assistance to update
their records. If you have an account in good standing, no
company is going to cancel that account when you don't
"confirm" your information by some date. If there is any doubt in
your mind, contact the company directly rather than clicking on a
link from the email. Needless to say, don't trust contact
information given from the email. You should open a new web-browser
and go to the company's web-site to obtain contact information instead
.
- To test your skills and see some very good examples of
phishing, visit The
Phishing Quiz. You will quickly see why it's important to be
careful while responding to email. (Don't despair if you do
poorly on the quiz; some of these emails are very deceptive.
)
![[HMC home]](http://www.hmc.edu/comp/cis/image/home.gif)
![[computing]](http://www.hmc.edu/comp/cis/image/computing.gif)
Harvey Mudd College Computing and Information Services
|
