Computer Safe Practices
SeniorNet
Longmont, Colorado
Special Presentation at Senior Center
March 18, 2008
Note: This presentation is written for Microsoft Windows XP users; however, most
information is general in nature and can apply to other operating systems such as
Microsoft Windows Vista
Prepared and presented by Henry Spencer, a volunteer in
the Longmont SeniorNet program
Contents
Topic
Starting page
Plan for Emergencies
3
About Viruses
4
How to Protect Yourself Against Viruses
13
Hoaxes
18
Privacy – Your Personal Data
20
Spam
25
Phishing (Brand Spoofing)
28
Firewalls
32
Security Packages
34
Identity Theft
43
Computer Maintenance
59
Glossary
60
2
Plan for Emergencies
•
Anything can happen at any time, for example:
– Head crash on hard disk
– Computer virus
•
•
You may have to reconstruct your computer
Saving your data
– Hard drive: Use “My Documents” to store all of your data in one place
– Folders – use within “My Documents”
– Backup (removable) media: floppies, CDs, DVDs, flash drives,
external hard drive (connects through USB port)
– Backup (non-removable) media: second hard disk drive if you have one
– Saving special data and settings: Favorites, address lists (if stored on computer)
•
Saving software
– Installation CDs or key if downloaded
•
Restoring your software
– “System restore” or re-format hard drive (c:) and re-install software
•
Restoring you data
– Copy from backup media to hard drive (“My Documents” or other)
3
About Viruses
• A virus is a program that reproduces its own code by attaching itself to
other executable files in such a way that the virus code is executed
when the infected executable file is executed. A virus program inserts
the damaging piece of code without your knowledge
• All computer viruses are manmade
• Viruses can simply be a nuisance or can be very dangerous
• A computer virus can do anything from popping up a short message to
destroying key files so your computer doesn't work
• The most dangerous type of virus is one capable of transmitting itself
across networks and bypassing security systems.
• There are over 66,000 computer viruses in existence, with a new one
detected every 18 seconds
• You can have a virus in your computer and not even know it
4
Example 1
This story was printed from ZDNN, located at http://www.zdnn.com.
Variant of NetSky virus takes flight.
Reuters, March 1, 2004, 1:00 PM PT
A new computer worm dubbed NetSky.D was clogging e-mail systems around the world after
emerging Monday, a security expert said. The worm is particularly difficult to root out,
because it lands in e-mail boxes using a number of different subject lines, such as "re:
details" or "re: here is the document.“ "It arrives with an attached PIF (program information
file) file, and it's already extremely widespread," said Graham Cluley, senior technology
consultant at Sophos.
Cluley said experts do not think the new virus is as big as MyDoom, which brought havoc to
computer users and targeted Microsoft's Web site, but that the full extent of NetSky.D's spread
would be known, as North America logged on throughout the day.
When opened, the virus PIF file will rapidly replicate itself, slowing down computers and e-mail
bandwidth.
"We suspect people are more laid back about PIF files, because they may not have heard of them
and may not realize they can contain dangerous code," Cluley said. "The best thing to do with
this file is to delete it. Don't open it."
NetSky.B, an earlier variant of the latest worm, was rated the third-worst computer virus in
February after MyDoom.A and Sober.C, according to Sophos, which writes antivirus and
antispam software.
Story Copyright © 2004 Reuters Limited. All rights reserved.
5
Example 2
New Bugbear spreading fast by Ian Ferguson and Matthew Broersma
ZDNet (UK) June 5, 2003, 9:12 AM PT
A new variant of the Bugbear virus--Win32.Bugbear.B--has emerged and threatens corporate and home
computer systems, according to anti-virus experts. Messagelabs, which runs outsourced e-mail servers
for 700,000 customers around the world, has labeled the worm "high risk" and reports more than
31,000 infections in 120 countries.
Computer Associates expert Jakub Kaminsky on Wednesday confirmed the company's anti-virus
laboratories had received their first sample of the variant from an Australian user late on Thursday
afternoon, Australian time. Other security firms have also discovered the new worm "in the wild", or
affecting computers outside the lab. IDefense first found Bugbear.B in Australia and the United States
on Wednesday, and said it has since gained ground rapidly.
The first Bugbear worm spread rapidly last autumn, creating about 320,000 infected messages in its
first week, according to MessageLabs. This week has already seen another significant virus threat
emerge with the spread of W32/Sobig.C-mm, which has generated about 30,000 infected messages per
day this week, according to MessageLabs.
6
Example 2 (Cont.)
Like the first worm, Bugbear.B is a mass-mailing virus that infects Windows PCs. After it
infects a PC, the virus searches the machine for email addresses and sends a message out
to each address, with a copy of itself attached. Bugbear also grabs a random address from
those found in the email program on the PC and uses it in the "From:" line of the
messages it sends. This disguises where the actual emails are coming from and makes it
difficult to alert someone that their system is infected. The virus also attempts to spread by
copying itself to other computers that share their hard drives with the infected system.
Bugbear also searches for any of a long list of security programs or antivirus programs
and halts them if they are running on the victim's machine. In some cases, Bugbear can also
cause printers on a network with infected PCs to start printing a large amount of raw binary
data.
More dangerously, the virus installs a keylogger that records what the user types--a
method of capturing passwords--and a Trojan horse backdoor, communicating on port 1080,
which allows an attacker to take control of the system.
The virus uses a flaw in the way Microsoft Outlook formats email using MIME (multipurpose
Internet mail extensions). The flaw, if left unpatched, allows the virus to automatically execute
on a victim's PC if Outlook displays the text of the message. While the flaw and its patch are
more than two years old, some users have still not fixed the problem.
7
Example 2 (Cont.)
Computer Associates' Kaminsky said that reporting of the virus was likely to increase over the
next few hours as European and United States residents awoke and accessed their email
inboxes. "Probably tomorrow, we should have more records from Australian users," he told
ZDNet Australia .
He predicted that the variant--also known as W32/Kimjo.A-mm and W32.Shamur--would
spread widely over the next couple of days, before increased consumer awareness, anti-virus
vendors updating their offerings and users subsequently installing new patches slowed its
progress.
While home users face the greater individual threat from the variant, the infection of a large
corporate network would see it "truly spread like wildfire" due to its propensity to try to
propagate through email addresses found by searching through specific files, and to spread over
a network, Kaminsky said. However, most companies who are up to scratch with their virus
defenses automatically block the file extension types through which the variant is delivered-.pif, .scr and .exe.
Kaminsky said blocking any executable attachment--particularly with double extensions,
which characterize both the original BugBear and its variant--was "a good idea" and a natural
precaution for companies.
CNET News.com's Robert Lemos contributed to this report.
8
More on the BugBear.B Virus
New BugBear worm still spreading
MSNBCJune 6 — Several antivirus companies remained on high alert Friday after the continued spread of a
new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a
worm released last year, installs keylogging software, back-door software, and in some cases even
attempts to control infected computers’ modems. Some of the worm’s functions are designed to specially
target financial institutions.
THE NEW WORM spread to 164 countries in the first 24 hours after its release Thursday morning,
according to antivirus firm MessageLabs.
There was hope that the worm’s spread would slow at the end of the workday Thursday, but it continued to
hit computer users worldwide on Friday. Symantec Corp. raised its risk rating to 4 on a scale of 1 to 5,
joining a host of other firms which described the program as a high risk to both home and corporate Internet
users. Vincent Weafer, senior director of security response at Symantec, said the firm had received 3,000
submissions from customers who received BugBear. That means the worm is growing faster than Klez, last
year’s most virulent computer worm — and it might turn out to be the biggest e-mail virus outbreak in the
past two years.
“This thing is still growing,” Weafer said. UK-based MessageLabs said it had trapped 150,000 copies of
the worm by Friday. About 1 in every 135 e-mails scanned by MessageLabs was carrying the worm.
“Just like with the original BugBear, the first day was slower than second day. We’ll probably see this thing
peak today and slow down over the weekend,” said Tony Magallanez, assistant engineer with F-Secure.
9
More on the BugBear.B Virus
STANFORD HIT
Among the victims: Stanford University. A notice on the school’s Web site says the school was
“severely impacted” by the worm, and school administrators shut down outgoing e-mail for part of the day
yesterday.
The school’s computer Security Services indicated it had stemmed a potentially embarrassing incident for
Stanford. One of BugBear’s components involves attaching random Microsoft Office documents from one
infected machine and sending them along to other users as the worm spreads. According to the school’s Web
site, computer administrators “intercepted messages containing salary and bonus spreadsheets, personal
data, and other files that are highly confidential” for the worm could send them to other e-mail users.
“The exporting of confidential information is a much more significant event than just an infection,” Weafer
said. “It involves the potential loss of privacy. People are a lot more concerned about that.”
BugBear.B is jam-packed with other malicious tactics. Infected corporations will even find their networked
printers spewing out pages of nonsense, as the program sends bad data around the network. In an attempt to
avoid detection, BugBear attempts to turn off all antivirus programs, and it shuts down other security
software. In addition, it uses a particularly nasty flaw in Microsoft’s Internet Explorer program and
its implementation by Microsoft’s Outlook e-mail reader that allows the virus to infect machines
whenever a victim simply previews an e-mail message loaded with the program.
10
More on the BugBear.B Virus
FINANCIAL INSTITUTIONS TARGETED
Kevin Haley, group product manger at Symantec Security Response, said the worm contains a list of 500
domains which belong to financial institutions around the world. If the virus realizes it’s infected a computer
on one of those domains, it goes to great lengths to connect with the virus author.
First, it installs so-called back-door software on infected machines, which would allow anyone with
knowledge of the back door to break into the computer later. But if a network connection isn’t present,
BugBear then goes searching for a modem, enables it, then tries to get the computer to dial out, probably to
reach the virus author.
(The virus writer) really wanted to get into those machines,” said McAfee Fellow Jimmy Kuo. McAfee is a
division of security firm Network Associates Inc. U.S. financial institutions probably aren’t at risk from this
technique, Kuo said, because most don’t have modems attached to their critical computers any more. But
“less technologically-advanced countries might,” he said.
The list of financial institutions is thorough: it includes banks from dozens of countries around the globe,
including Spain, Argentina, Iceland, Slovakia, Korea, and South Africa. “I can’t say it has or it hasn’t hit a
financial institution,” Magallanez said. Financial institutions are tight-lipped about the security they have on
their systems.”
But the virus writer employed other methods to steal financial information, Mark Sunner, chief technology
officer at F-secure, said. “Particularly worrying is the fact that not only can Bugbear leach confidential
information from an infected machine, but it may also leave a backdoor wide open for hackers to take
control of the machine and misappropriate passwords, credit-card details or for some other nefarious
purpose,” he said.
11
More on the BugBear.B Virus
SOCIAL ENGINEERING TRICKS
Given its various tactics, BugBear.B appears to be the work of a sophisticated programmer — and unlike
most viruses, it seems isn’t only after attention — he or she is after money. “There is more of an ulterior
motive here,” Belthoff said. “It will be interesting to see if there is continued activity in this line (from other
virus authors).”
The program’s social engineering tricks are probably the reason it’s spreading, Belthoff said. BugBear has
the ability to detect an incoming e-mail message and reply to it with an infected e-mail, attacking computer
users when their defense are lowest. “You are certainly less likely to be suspicious of a message that is a
reply to a message you’ve sent,” Haley said.
BugBear spreads via e-mail and local networks. It’s hard to warn users what to watch for — the subject
line, message body, and attachment are all selected from a random list, or chosen from file names
already in the target computer’s “My Documents” folder. The infected file itself has either a .exe, .scr,
or a .pif extension — blocking those extensions will protect e-mail users against infection, according to
Ken Dunham, senior intelligence analyst with iDefense.com. Many companies have done that, Weafer said,
so by Friday, 90 percent of infections reported to Symantec came from home users, who are often
slower to react to virus warnings. Once BugBear hits a machine, it can be hard to remove, Weafer
said, because the worm disables antivirus products that consumers normally use to “clean” infected
computers. Antivirus firms are offering special cleaning instructions on their Web sites. But that feature
means consumers will probably be dealing with BugBear for a while.
“The original BugBear is still in our top 20 list,” Weafer said. “This one will be around for a long time.”
12
How to Protect Yourself Against Viruses
• Be sure to install an anti-virus software program to guard against virus
attacks. Also, be sure you turn on the scanning features. It can't
protect you if it's not enabled.
• Update the signature files often (turn on “automatic updates”, if
available)
• Practice caution when working with files from unknown or
questionable sources.
• Do not open e-mail attachments if you do not recognize the sender
(though you may also receive viruses from people you know or they
may be spoofed). Scan the attachments with anti-virus software before
opening them.
• Be especially wary of attachments that end in .exe, .vbs, .pif, .bat, .dat,
.inf or ANY attachment that has a name with double extensions (such
as “filename.jpg.exe”)
13
How to Protect Yourself Against Viruses
• Make sure you can see file extension names!
– Go to Windows Explorer, Tools, Folder Options, View, uncheck “Hide file
extensions for known file types”)
• Keep your operating system up to date with latest Microsoft patches
– Go to Windows Update web site… or, preferably set for automatic update
• Go to Control panel, Security Center, Automatic updates
• Configure your browser to use a higher security setting
– In Internet Explorer, choose Tools, Internet Options and select the Security
tab. Make sure that the Internet Zone is configured to Medium Security or
above.
• Scan your hard drive for viruses frequently (such as every Friday
morning at 3AM).
• Download files only from reputable Internet sites, and be wary when
exchanging diskettes or other media with friends.
• Scan ALL floppy disks, CDs, etc. you receive from other people.
Believe it or not, most viruses come from removable media, not the
Internet!
14
Commercial Virus Protection Software
Best know and most widely used for personal computers are
Symantec’s Norton Anti Virus
PC Magazine (9/2001)
Editor Rating:
5/5
Member Rating: 2.5/5
Consumer Reports (9/2006)
80 out of highest score of 87
McAfee Virus Scan
PC Magazine (11/2001)
Editor Rating:
4/5
Member Rating: 2/5
Consumer Reports (9/2006)
77 out of a highest score of 87
15
How/where to Obtain Anti-Virus Software
•
You can purchase Symantec’s Norton Anti-virus or McAfee Virus Scan at
any business supply store – Office Max or Office Depot, WalMart, etc.
– Approx. cost $30-$40
•
•
•
•
•
•
You can buy on the Internet – but make sure you get installation CDs
Try a Google search Norton Antivirus or McAfee Virus Scan
Can get comparison prices at many sites (e.g. www.pricegrabber.com)
You might not need a security “package” which contains other tools in
addition to anti-virus software… (However, Norton, McAfee and MSN all
have products that are integrated, easy to use and fairly inexpensive compared
to buying just anti-virus protection…. See section later in presentation)
P.S. Don’t forget the annual subscription fee for virus definitions that start one
year from the purchase (about $30/yr. for Norton and McAfee)
Note: There are FREE anti-virus packages!!!… e.g., see
– www.grisoft.com/ww.product-avg-anti-virus-free-edition
– www.avast.com/eng/avast_4_home.html
•
Another note: Many ISPs such as Comcast, Qwest, AOL, Earthlink and MSN
offer free anti-virus and other security features
16
If You Suspect That You May Have A Virus
• You have opened a suspicious e-mail attachment, your computer is
suddenly crashing or running slowly, you receive error messages
whenever you start up your computer or try to launch an application, a
friend or colleague has warned you that they have received an infected
e-mail attachment from you…
• Do not use your e-mailing until the problem is resolved or you have
otherwise verified that you do not have a virus (could be a hoax?)
• Check to see if your virus protection is up to date and scan your hard
drive for viruses
• Check antivirus software vendors’ sites for more details and removal
instructions, e.g.,:
– http://securityresponse.symantec.com (let’s look here for latest threats)
17
Hoaxes
• A computer virus hoax is a fake warning about a computer virus, usually
sent to you from a well-meaning friend (I’ve been caught on this too!)
• Examples:
–
–
–
–
Congressional bill that wants to charge for all emails
“Teddy Bear” or Jdbgmgr.exe (Java debugger) virus (need to delete the file)
“SULFNBK.EXE” virus (need to delete the file)
WTC Survivor virus (wipes out your hard drive)
• Some hoaxes don’t mention a virus, they are myths or “urban legends”
• Examples:
– Microsoft giving away $800 (very new)
– Craig Shergold (dying child collecting business cards)
– Person who wakes up in hotel bathtub, packed in ice, with both kidneys gone!
18
How Do I Know If It Is a Hoax?
• It may be a hoax if:
–
–
–
–
An email that urges you to send it to all of your friends
The story is frightening
Something that is unrealistic (e.g., ability to trace all recipients of email)
Credible-sounding but vague technical language (e.g., “nth-complexity
infinite binary loop”)
• Where can I check to see if it is a hoax or myth?
– Hoaxbusters: http://hoaxbusters.org
– Vmyths: http://www.vmyths.com
– Symantec’s Hoax Site: http://www.symantec.com/avcenter/hoax.html
• (Look here for $800 offer from Microsoft)
– Urban Legends: http://urbanlegends.about.com
– Scambusters: http://www.scambusters.org
19
Privacy – Your Personal Data
• NEVER give out your passwords to anyone (even your Internet Service
Provider)
• Use safe passwords (no real words or names, mix letters and numbers,
upper and lower case)
• Be careful about who you give any information to…. Is this a trusted
source? (Example: $18M estate… see next page)
• Don’t log onto sites that you don’t know anything about, even if they
advertise something for free
• Buying online: Buy from trusted sources and insure that the connection is
encrypted (https). Note: Credit card numbers are safer here than in your
typical store or restaurant
• Cookies: Clean up and delete from time to time. You can disallow
cookies, but this will make some Internet use more cumbersome
20
$18M Estate
Dear sir/madam: As you read this,I don't want you to feel sorry for me,because I believe everyone will die someday.
My name is Ahmed Mohammed,a merchant in Dubai,In the U.A.E, I have been diagnosed with esophageal cancer,It
has defiled all forms of medical treatments,and according to medical experts, I only have about a few months to live, I
have not particularly lived my life so well,as i never really cared for anyone(not even myself) but my business.
Though I am very rich,I was never generous,I was always hostile to people and always focused on my business as that
was the only thing I cared for. But now I regret all these as I now know that there is more to life than just wanting to
have or make all the money in the world. I believe that when Allah gives me a second chance to come back into this
world,I would live my life a different way from how i lived it. Now that Allah has called me ,I have willed and given
most my properties and assets to my immediate and extended family members as well as a few close friends. I want
Allah to be merciful to me and accept my soul when i die. I have decided to also give to charitable organizations,as I
want this to be one of the last good deeds i have done on earth so far, I have distributed money to some charitable
organizations in the U.A.E, Algeria and Zimbabwe. Now that my health has deteriorated so badly, I can not do this
myself anymore. I once asked members of my family to close one of my accounts and distribute the money to some
charitable organizations in Bulgaria and Pakistan,they refused and kept the money to themselves. Hence,I do not trust
them anymore,as they seem not to be satisfied with what i left for them. The last of my money which no one knows
about is a huge cash deposit of EIGHTEEN MILLION UNITED STATES DOLLARS (US$18,000,000.00) that i have
in the vault of a finance company abroad. I will want you to collect this fund on my behalf and dispatch it to
charitable organizations of your choice. Please endeavour to reply me through my direct and private e-mail address
for confidentiality so that i can give you further information on the project. I will be checking my personal e-mail
awaiting your quick response. For your time and honesty, I am willing to offer you 20% of the total fund. May Allah
be with you.
Ahmed Mohammed E-mail:mohammedmoh2@yahoo.co.uk
21
Privacy – Someone is Spying on You!
• Have you ever noticed your “Home” page has been changed?… or, have
you noticed some software has been installed on your computer that you
didn’t install? These can be caused by “free” downloads or responses to
popups that you make.
• Adware: installs an additional component that feeds advertising to you or
points your browser homepage to sites feeding advertising
– It’s not only annoying, but it can alter the way your computer operates, slow
it down or interfere with the correct operation of some of your programs
• Spyware: Adware often contains another hidden component that tracks
web usage. This creates “traffic data” and can:
– consist of rather benign cookies showing time spent on certain sites
– more often it also obtains your system's unique numerical hardware ID
(MAC address) and IP address, combines it with your surfing habits and
correlates it with any personal information you provided when the "free"
program was downloaded
– worse, it trades this information with affiliate advertising, building an
increasingly complex dossier on who you are and what you like to do on the
Internet.
22
What do I do about Adware and Spyware?
•
•
•
These types of programs can be difficult or almost impossible to remove from
your computer
The BEST protection is prevention
Be very careful about the software that you download… regardless whether it is
from a “trusted” site or not, READ the terms and conditions of their privacy
policy
–
•
•
Never click on “Run this program” or “OK” or “Yes” or anything like this unless
you understand completely what is going to happen
Install one or more Adware/Spyware detection/removal programs:
–
–
–
–
–
–
•
You may find out that they are both collecting and selling your information
Ad-Aware SE Personal: www.lavasoftusa.com (“Ad-Aware 2007 Free” under “Home”) ( free)
Windows Defender: www.microsoft.com/athome/security/spyware/software/default.mspx (free)
Spybot Search and Destroy: www.safer-networking.org/en/index.html (free but asks for donation)
Yahoo! Toolbar Anti-Spy: For link, search for “Yahoo! toolbar anti-spy” in Google (free)
Spy Sweeper: www.webroot.com (buy)
Anti-spyware features in packages such as McAfee Virus Scan
If you have adware or spyware installed on your computer and cannot remove it,
you can at least block access to your computer with a firewall
23
Spyware Example
• Article in New York Times by their computer expert… someone wrote to
him saying that “something called Xupiter took over my Web browser’s
start page and I can’t change it”… and, why didn’t his anti-virus program
catch it?
• Response from J.D. Biersdorfer (the column’s author):
– It wasn’t a virus so the anti-virus program couldn’t do anything about it
– The person’s Web browser was “kidnapped” by the aggressive marketing
software used by Xupiter, a search engine company
– The person may have inadvertently clicked on a link from a pop-up ad or
website that invited Xupiter to reset his browser’s start page to itself
– Or, he may have inadvertently installed the program along with some
shareware
– This is an example of “adware” or “spyware”
– Spyware Info, an online journal has an informative article on the practice of
hijacking at www.spywareinfo.com/articles/hijacked
•
(Let’s go look at this!… info only…. some advertisements in here!)
24
Spam
• Junk email – some experts say that in 2004, 60% of all email was spam
• Pain in the neck!… I suggest you just delete them… if you respond or
even ask to be deleted from their address list, then they know you exist
and might send you more (exception: a legitimate, big company will
usually let you “opt” out)
• Junk mail filter for Hotmail users (incl. MSN)
–
–
–
–
–
–
Go to http://www.hotmail.com
Sign on (if you have MSN mail, add “@msn.com” to your email address
Click on “Options”
See heading “Junk e-Mail ”
Click on “Filters and reporting”
Choose your level of junk mail filtering and options for junk mail
• Most ISPs offer free spam blockers, including MSN, Google Mail and
Earthlink
25
Question
26
Five Ways to Cook Your Spam
from article written by Barbara Basler, Feb. 2004 issue of AARP Bulletin
1.
2.
3.
4.
5.
Don’t open spam – just delete it. Opening it just confirms there is a
working address.
Keep your primary email address private. Give it only to those you
trust.
Have an alternate email address. If you buy products online, register
for free offers or sign up for email newsletters, set up a second email
address with your ISP or with one of several email services (e.g.,
Hotmail)
Always check the privacy policy of websites you visit. Opt out of
receiving mail from their partners.
Devise an email address with numbers as well as letters. A
complicated address is harder for spammers to find.
27
Phishing (Brand Spoofing)
Definition from www.whatis.com
•
On the Internet, phishing (sometimes called carding or brand spoofing) is a scam
where the perpetrator sends out legitimate-looking e-mails appearing to come
from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo,
BestBuy, and America Online, in an effort to phish (pronounced "fish") for
personal and financial information from the recipient.
•
Phishers use any number of different social engineering and email spoofing ploys
to try to trick their victims. In a recent case before the Federal Trade Commission
(FTC), a 17-year-old male sent out messages purporting to be from America
Online that said there had been a billing problem with recipients' AOL accounts.
The perpetrator's e-mail used AOL logos and contained legitimate links. If
recipients clicked on the "AOL Billing Center" link, however, they were taken to
a spoofed AOL Web page that asked for personal information, including credit
card numbers, personal identification numbers (PINs), social security numbers,
banking numbers, and passwords.
28
Phishing, or Brand Spoofing (Cont.)
•
•
•
Phishing is a variation on the word fishing: fishers (and phishers) set out hooks, knowing
that although most of their prey won't take the bait, they just might entice someone to bite.
The FTC warns users to be suspicious of any official-looking e-mail message that asks for
updates on personal or financial information and urges recipients to go directly to the Web
site of the company to find out whether the request is legitimate.
If you suspect you have been phished, forward the e-mail to uce@ftc.gov or call the FTC
help line, 1-877-FTC-HELP.
NEVER click on a link (URL) in an email that looks like it goes to a trusted
site (such as your bank). Instead, use your browser to take you directly to the
trusted site. This insures* that you are not going to a “spoofed” site.
(A “spoofed” URL in an email will probably look exactly like the real
URL, but if you click on it in the email, it will take you to a fake site.)
* A similar but newer threat to “phishing” is “pharming” (for definition see http://en.wikipedia.org/wiki/pharming). The end result of “pharming” is
the same as “phishing” but is more difficult to detect because it can take you to a spoofed site even if you go there directly from your own browser! In
the “phishing” case, even though the URL looks correct on the web page, the actual code on the web page which is hidden from view takes you to the
wrong site. In the “pharming” case, an internal table in your computer has been “hacked” to take you to the wrong site! The best protection against this
is to insure that you have a firewall running on your computer. Luckily the threat of “pharming” is much less than “phishing” because it happens much
less frequently and would take a “bad guy” to hack into your individual computer; thus, the need for a firewall to prevent this.
29
From Kim Komando, January, 2004
• A NEW TRICK FROM THE SAME OLD PEST
The people behind MiMail.P have found a new way to sneak into your
computer. Clicking on a spam attachment does not start the program.
Rather, it sends your computer to Russia to download the virus. This
enables it to escape anti-virus programs that scan e-mail. MiMail.P
tries to trick you into disclosing passwords, credit card numbers and
other private information. Avoid the trickery by not clicking the
attachment on the spam. If MiMail.P gets into your computer, don't fall
for it.
• KEEP AN EYE ON 'PHISHING' EFFORTS
Phishing e-mails are constructed to look like the real thing. For
instance, MiMail.P presents you with a message that looks like it came
from PayPal. You are asked for your personal information. That can be
used to steal your identity, among other things. An anti-phishing group
has put together a site to educate the public and curb phishing. Check
it out at: www.antiphishing.org
30
Example
(from www.antiphishing.org)
Wells Fargo Bank "Please verify your Wells Fargo account“
9-Mar-2004
Email title:
"Please verify your Wells Fargo account"
Scam target:
Wells Fargo account holders
Email format:
HTML email
Sender:
Wells Fargo Customers Support
[wells@WellsFargo.com]
Sender spoofed?
Yes
Scam call to action:
"Please note that if you don't verify your
ownership of account in 24 hours we will block it
to protect your money."
Scam goal:
Capture bank account information.
Call to action format:
URL link
Visible link:
http://www.wellsfargo.com/verify/
Called link :
http://68.104.255.61:82/verify/
Resolved URL:
http://68.104.255.61:82/verify/
31
Firewalls
•
•
•
•
•
A firewall is a program or set of related programs, located on a personal computer
or at a network gateway server, that protects the local resources from users from
other networks
Important software to install on your home PC if you are permanently connected
to the Internet (DSL or cable modem)
Once installed on your PC, the firewall can protect you from intrusion from
unwanted external sites (e.g., adware or spyware sites)
Firewall lets you “allow” or “disallow” connection to/from certain Internet
locations or allow you to be prompted for each requested connection
Check out this web site!… www.firewallguide.com
–
•
•
Free firewalls include Sunbelt (was Kerio at www.321download.com/LastFreeware/page7.html) and
Comodo at www.personalfirewall.comodo.com
Before installing personal firewall software on a Windows XP computer, be sure
that the firewall built into Windows XP is turned off. Never use two software
firewalls at the same time.
You can use the firewall built into Windows XP, but it does not monitor
“outbound” traffic, just “inbound”. Other firewalls monitor traffic going both
ways.
32
To enable or disable Internet Connection Firewall in XP
•
•
If you have not applied Service Pack 2 (SP2)
1.
Open Network Connections by clicking Start, click Control Panel, and then double-click
Network Connections.
2.
Click the Dial-up, LAN or High-Speed Internet connection that you want to protect, and
then, under Network Tasks, click Change settings of this connection.
3.
On the Advanced tab, under Internet Connection Firewall, select one of the following:
o
To enable Internet Connection Firewall (ICF), select the Protect my computer and
network by limiting or preventing access to this computer from the Internet
check box.
o
To disable Internet Connection Firewall, clear the Protect my computer and
network by limiting or preventing access to this computer from the Internet
check box.
If you have applied Service Pack 2 (SP2)
1.
Click Start, click Control Panel, and then double-click Windows Firewall
Note: If you see the Windows Firewall icon in the Control Panel, you do have Service Pack 2.
2.
•
On General tab, click On or Off.
Note: See Help and Support Center (Click Start, click Help and Support and
search for Firewall for more detailed information on the XP firewall)
33
Security Packages
•
•
There is a trend towards “packages” of security features such as anti-virus,
anti-spyware, spam protection, etc. which are offered by major vendors
MSN Live One Care (http://onecare.live.com)
– $49.95/yr. for up to 3 computers
– 90-day free trial
– Includes:
•
•
•
•
•
•
•
•
Anti-virus
Anti-spyware
Anti-phishing
Firewall (2-way)
Performance Tune-ups
Backup and restore
McAfee (following)
Norton (following)
34
McAfee
• McAfee Total Protection with SiteAdvisor Plus 2008
– 12-in-1 protection
– $59.99 for 3 users (on McAfee site*)
• McAfee Internet Security Suite with SiteAdvisor 2008
– 10-in-1 protection
– $39.99 for 3 users (on McAfee site*)
• McAfee Virus Scan Plus with SiteAdvisor 2008
– 6-in-1 protection
– $34.99 for 1 PC (on McAfee site*)
* Current promotion
35
36
If you have DSL High Speed Internet Access with
Qwest/MSN, you can download and install a free copy of
McAfee security software.
Start Internet Explorer, go to http://membercenter.msn.com
38
39
Install these
40
Norton
• Norton 360 Version 2.0 Premier Edition
– $99.99 for 3 users (on Norton site*)
• Norton 360 Version 2.0 All-in-One Security
– $79.99 for 3 users (on Norton site*)
• Norton Internet Security 2008
– Anti-virus, firewall, anti-spam, parental control, anti-spyware, antiphishing
– $59.99 for 3 users (on Norton site*)
• Norton Anti-virus 2008 with Anti-spyware
– $39.99 for 1 PC (on Norton site*)
* www.symantec.com - for local purchase, check Wal-Mart
41
Norton 360 Version 2.0 Premier Edition
Norton 360 Version 2.0 All-in-One Security
Norton Internet Security 2008
Norton Anti-virus 2008 with Anti-spyware
42
Identity Theft
(Computer and otherwise)
How can I prevent identity theft from happening to me?
As with any crime, you can't guarantee that you will never be a
victim, but you can minimize your risk. By managing your personal
information widely, cautiously and with an awareness of the issue,
you can help guard against identity theft.
• Don't give out personal information on the phone, through the mail or
over the Internet unless you've initiated the contact or are sure you
know who you're dealing with. Identity thieves may pose as
representatives of banks, Internet service providers (ISPs) and even
government agencies to get you to reveal your SSN, mother's maiden
name, account numbers, and other identifying information. Before you
share any personal information, confirm that you are dealing with a
legitimate organization. You can check the organization's Web site as
many companies post scam alerts when their name is used
improperly, or you can call customer service using the number listed
on your account statement or in the telephone book.
43
Identity Theft (Cont.)
• Don't carry your SSN card; leave it in a secure place.
• Secure personal information in your home, especially if you have
roommates, employ outside help or are having service work done in
your home.
• Guard your mail and trash from theft:
• Deposit outgoing mail in post office collection boxes or at your local post
office, rather than in an unsecured mailbox. Promptly remove mail from
your mailbox. If you're planning to be away from home and can't pick up
your mail, call the U.S. Postal Service at 1-800-275-8777 to request a
vacation hold. The Postal Service will hold your mail at your local post
office until you can pick it up or are home to receive it.
44
Identity Theft (Cont.)
• To thwart an identity thief who may pick through your trash or recycling
bins to capture your personal information, tear or shred your charge
receipts, copies of credit applications, insurance forms, physician
statements, checks and bank statements, expired charge cards that you're
discarding, and credit offers you get in the mail. If you do not use the prescreened credit card offers you receive in the mail, you can opt out by
calling 1-888-5-OPTOUT (1-888-567- 8688). Please note that you will be
asked for your Social Security number in order for the credit bureaus to
identify your file so that they can remove you from their lists and you still
may receive some credit offers because some companies use different
lists from the credit bureaus’ lists.
• Carry only the identification information and the number of credit and
debit cards that you'll actually need.
• Place passwords on your credit card, bank and phone accounts. Avoid
using easily available information like your mother's maiden name,
your birth date, the last four digits of your SSN or your phone number,
or a series of consecutive numbers. When opening new accounts, you
may find that many businesses still have a line on their applications for
your mother's maiden name. Use a password instead.
45
Identity Theft (Cont.)
• Ask about information security procedures in your workplace or at
businesses, doctor's offices or other institutions that collect personally
identifying information from you. Find out who has access to your
personal information and verify that it is handled securely. Ask about
the disposal procedures for those records as well. Find out if your
information will be shared with anyone else. If so, ask if you can keep
your information confidential.
• Give your SSN only when absolutely necessary. Ask to use other
types of identifiers when possible. If your state uses your SSN as your
driver's license number, ask to substitute another number. Do the
same if your health insurance company uses your SSN as your
account number.
• Pay attention to your billing cycles. Follow up with creditors if your bills
don't arrive on time. A missing bill could mean an identity thief has
taken over your account and changed your billing address to cover his
tracks.
46
Identity Theft (Cont.)
• Be wary of promotional scams. Identity thieves may use phony offers
to get you to give them your personal information.
• Keep your purse or wallet in a safe place at work as well as any copies
you may keep of administrative forms that contain your sensitive
personal information.
• Cancel all unused credit accounts.
• When ordering new checks, pick them up at the bank, rather than
having them sent to your home mailbox.
47
Identity Theft (Cont.)
What should I do if someone has stolen or scammed my
personal information or identification documents?
If your information or identification documents were stolen or
scammed, you have an opportunity to prevent the misuse of that
information if you can take action quickly.
• For financial account information such as credit card or bank account
information: Close those accounts immediately. When you open new
ones, place passwords on these accounts. Avoid using your mother’s
maiden name, your birth date, the last four digits of your SSN or your
phone number, or a series of consecutive numbers.
• For SSNs: Call the toll-free fraud number of any one of the three major
credit bureaus and place a fraud alert on your credit reports. This can
help prevent an identity thief from opening new credit accounts in your
name.
• To replace an SSN card: Call the Social Security Administration at 1800-772-1213 to get a replacement.
48
Identity Theft (Cont.)
• For driver's license or other identification documents: Contact the
issuing agency. Follow their procedures to place fraud flags and to get
replacements.
• Once you have taken these precautions, there really isn't anything
more you need to do except to check for the signs that your
information is being misused. You don't have to file an identity theft
report with the police or with the FTC until you find out if your
information is actually being misused. If another crime was
committed, such as theft of your purse or wallet or your house or
car was broken into, report that crime to the police.
49
Identity Theft (Cont.)
I have a computer and use the Internet. What should I be
concerned about?
If you're storing personal information such as SSNs, financial
records, tax returns, birth dates, or bank account numbers in your
computer, the following tips can help you keep your computer and
your personal information safe from intruders:
• Update your virus protection software regularly, or when a new virus
alert is announced. Computer viruses can have a variety of damaging
effects, including introducing program code that causes your computer
to send out files or other stored information. Be on the alert for security
repairs and patches that you can download from your operating
system's Web site.
• Do not download files sent to you by strangers or click on hyperlinks
from people you don't know. Opening a file could expose your system
to a computer virus or a program that could hijack your modem.
50
Identity Theft (Cont.)
• Use a firewall program, especially if you use a high-speed Internet
connection like cable, DSL or T-1, which leaves your computer
connected to the Internet 24 hours a day. The firewall program will
allow you to stop uninvited guests from accessing your computer.
Without it, hackers can take over your computer and access your
personal information stored on it or use it to commit other crimes.
• Use a secure browser - software that encrypts or scrambles
information you send over the Internet - to guard the security of your
online transactions. Be sure your browser has the most up-to-date
encryption capabilities by using the latest version available from the
manufacturer. When submitting information, look for the "lock" icon on
the browser's status bar to be sure your information is secure during
transmission.
51
Identity Theft (Cont.)
• Try not to store financial information on your laptop unless absolutely
necessary. If you do, use a strong password - a combination of letters
(upper and lower case), numbers and symbols. Don't use an
automatic log-in feature which saves your user name and password so
you don't have to enter them each time you log-in or enter a site. And
always log off when you're finished. That way, if your laptop gets
stolen, it's harder for the thief to access your personal information.
• Before you dispose of a computer, delete personal information.
Deleting files using the keyboard or mouse commands may not be
enough because the files may stay on the computer's hard drive,
where they may be easily retrieved. Use a "wipe" utility program to
overwrite the entire hard drive. It makes the files unrecoverable. Most
local computer stores have utility programs to do this.
• For more information, see Protect Yourself and NASA Before Getting
Rid of That Old Home Computer
(http://www.hq.nasa.gov/office/oig/hq/identity.html) from the National
Aeronautics and Space Administration (NASA).
52
Identity Theft (Cont.)
• Look for Web site privacy policies. They answer questions about
maintaining accuracy, access, security, and control of personal
information collected by the site, as well as how information will be
used, and whether it will be provided to third parties. If you don't see a
privacy policy, consider surfing elsewhere.
How can I prevent companies from using my personal
information for marketing?
More organizations are offering consumers choices about how
their personal information is used. For example, many let you "opt
out" of having your information shared with others or used for
marketing purposes.
53
Identity Theft (Cont.)
When should I provide my Social Security number?
Your employer and financial institution will likely need your SSN for
wage and tax reporting purposes. Other businesses may ask you
for your SSN to do a credit check, like when you apply for a car
loan. Sometimes, however, they simply want your SSN for general
record keeping. If someone asks for your SSN, ask the following
questions:
• Why do you need it?
How will it be used?
How do you protect it from being stolen?
What will happen if I don't give it to you?
• If you don't provide your SSN, some businesses may not provide
you with the service or benefit you want. Getting satisfactory
answers to your questions, though, will help you to decide whether
you want to share your SSN with the business.
54
Identity Theft
More
GOOD ADVICE AGAINST THEFT
An Attorney's Advice Free!
A corporate attorney sent the following out to the employees in his company:
The next time you order checks have only your initials (instead of first name) and
last name put on them. If someone takes your checkbook, they will not know if you
sign your checks with just your initials or your first name but your bank will know
how you sign your checks.
When you are writing checks to pay on your credit card accounts, DO NOT put the
complete account number on the "For" line. Instead, just put the last four numbers.
The credit card company knows the rest of the number and anyone who might be
handling your check as it passes through all the check processing channels won't
have access to it.
55
Identity Theft
More (Cont.)
Put your work phone # on your checks instead of your home phone. If you have a
PO Box use that instead of your home address. Never have your SS# printed on
your checks (DUH!) you can add it if it is necessary. But if you have it printed,
anyone can get it.
Place the contents of your wallet on a photocopy machine, do both sides of each
license, credit card, etc You will know what you had in your wallet and all of the
account numbers and phone numbers to call and cancel.
Keep the photocopy in a safe place. I also carry a photocopy of my passport when I
travel either here or abroad. We have all heard horror stories about fraud that's
committed on us in stealing a name, address, Social Security number, credit cards,
etc.
Unfortunately, I, an attorney, have firsthand knowledge because my wallet was
stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell
phone package, applied for a VISA credit card, had a credit line approved to buy a
Gateway computer, received a PIN number from DMV to change my driving
record information online, and more.
56
Identity Theft
More (Cont.)
But here's some critical information to limit the damage in case this happens to you
or someone you know: We have been told we should cancel our credit cards
immediately. But the key is having the toll free numbers and your card numbers
handy so you know whom to call. Keep those where you can find them easily.
File a police report immediately in the jurisdiction where it was stolen, this proves
to credit providers you were diligent, and is a first step toward an investigation (if
there ever is one).
But here is what is perhaps most important: (I never even thought to do this).
Call the three national credit-reporting organizations immediately to place a fraud
alert on your name and Social Security number. I had never heard of doing that
until advised by a bank that called to tell me an application for credit was made
over the Internet in my name.
The alert means any company that checks your credit knows your information was
stolen and they have to contact you by phone to authorize new credit. By the time I
was advised to do this, almost two weeks after the theft, all the damage was done.
57
Identity Theft
More (Cont.)
There are records of all the credit checks initiated by the thieves' purchases, none
of which I knew about before placing the alert. Since then, no additional damage
has been done, and the thieves threw my wallet away this weekend (someone
turned it in). It seems to have stopped them in their tracks.
The numbers are:
Equifax: 1-800-525-6285
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
58
Computer Maintenance
• Keep your operating system up to date (use Windows Update)
• If you use the XP operating system, apply Service Pack 2 (SP2) if it not
installed and use its built-in firewall if you don’t have another one and
also specify automatic updates
– Click Start, click Control Panel, double click Security Center, see Manage
Security Settings at bottom
• Microsoft Internet Explorer:
– Tools, Internet Options (or if SP2 applied, select under Manage Security
Settings as described above):
• General tab: Change, default home page, delete cookies and temp files, clear
history
• Security tab: At a minimum, choose default level (medium)
• Privacy tab: Cookies controls (and also a popup killer in latest security release)
• Content tab: Content advisor, certificates
• Keep your virus protection signature files up to date
• Security check software: http://security.symantec.com
– Scans your computer and makes recommendations for security improvements
(closing unnecessary ports such as NetBIOS, etc.)
59
Glossary
•
•
•
•
•
•
Anti Virus Program - A utility program designed to search hard disks for viruses and
remove any that are found. Most antivirus programs include an auto-update feature that
enables the program to download profiles of new viruses so that it can check for the new
viruses as soon as they are discovered.
Backup - Backing up data allows users to restore important data if the computer encounters
a computer virus or if the data happens to be destroyed or corrupted. It is wise to back up
your files regularly.
Brand Spoofing – see “Phishing”
Bug - An error or defect in software or hardware that causes a program to malfunction.
According to folklore, the first computer bug was an actual bug. Discovered in 1945 at
Harvard, a moth trapped between two electrical relays of the Mark II Aiken Relay
Calculator caused the whole machine to shut down.
Cookies - A cookie is information that a Web site puts on your hard disk or browser so that
it can remember something about you at a later time. Typically, a cookie records your
preferences when using a particular site. Cookies do not act maliciously on computer
systems. They are merely text files that can be deleted at any time.
Digital Signature - An electronic signature that can be used to authenticate the identity of
the sender of a message or the signer of a document, and possibly to ensure that the original
content of the message or document that has been sent is unchanged.
60
Glossary
•
•
•
•
•
•
Download - To copy something from a primary source to a more peripheral one, as in
saving something found on the Web (currently located on its server) to diskette or to a file
on your local hard drive.
Encryption - Is a programmatic translation of data into a secret code. Encryption is the
most effective way to achieve data security.
Firewall - A combination of hardware and software that provides a security system, usually
to prevent unauthorized access from outside to a personal computer, an internal network or
intranet.
Hoax (Virus) hoax is a false warning about a computer virus. Typically, the warning arrives
in an e-mail note or is distributed through a note in a company's internal network. These
notes are usually forwarded using distribution lists and they will typically suggest that the
recipient forward the note to other distribution lists. If you get a message about a new virus,
you can check it out by going to one of the leading Web sites that keep up with viruses and
virus hoaxes.
ISP – Internet Service Provider (such as AOL, MSN)
Offline Storage - Term used to describe a type of storage that cannot be accessed by the
computer all the time. A good example of offline storage is a floppy disk. Offline storage
allows a user to store or backup information so that it will not be affected by computer
viruses or hardware failure.
61
Glossary
•
•
•
•
Phishing - On the Internet, phishing (sometimes called carding or brand spoofing) is a scam
where the perpetrator sends out legitimate-looking e-mails appearing to come from some of
the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America
Online, in an effort to phish (prounounced "fish") for personal and financial information
from the recipient.
Public-Private Key Encryption - a public key is a value provided by some designated
authority as an encryption/decryption key that, combined with a private key derived from
the public key, can be used to effectively encrypt and decrypt messages and digital
signatures.
Security - refers to techniques for ensuring that data stored in a computer cannot be read or
compromised. Most security measures involve data encryption and passwords. Data
encryption is the translation of data into a form that is unintelligible without a deciphering
mechanism. A password is a secret word or phrase that gives a user access to a particular
program or system.
Spam is unsolicited e-mail on the Internet. From the sender's point-of-view, it's a form of
bulk mail, often to a list culled from subscribers to a Usenet discussion group or obtained by
companies that specialize in creating e-mail distribution lists. To the receiver, it usually
seems like junk e-mail. In general, it's not considered good netiquette to send spam. It's
generally equivalent to unsolicited phone marketing calls except that the user pays for part
of the message since everyone shares the cost of maintaining the Internet.
62
Glossary
•
Spam (cont.) - Some apparently unsolicited e-mail is, in fact, e-mail people agreed to
receive when they registered with a site and checked a box agreeing to receive postings
about particular products or interests. This is known as both opt-in e-mail and permissionbased e-mail. A first-hand report indicates that the term is derived from a famous Monty
Python sketch ("Well, we have Spam, tomato & Spam, egg & Spam, Egg, bacon &
Spam...") that was current when spam first began arriving on the Internet. Spam is a
trademarked Hormel meat product that was well-known in the U.S. Armed Forces during
World War II.
Spoofing - E-mail spoofing is the forgery of an e-mail header so that the message appears to
have originated from someone or somewhere other than the actual source. Distributors of
spam often use spoofing in an attempt to get recipients to open, and possibly even respond
to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who
might prefer to disguise the source of the e-mail include a sender reporting mistreatment by
a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing
anyone other than yourself is illegal in some jurisdictions.
Although most spoofed e-mail falls into the "nuisance" category and requires little action
other than deletion, the more malicious varieties can cause serious problems and security
risks. For example, spoofed e-mail may purport to be from someone in a position of
authority, asking for sensitive data, such as passwords, credit card numbers, or other
personal information -- any of which can be used for a variety of criminal purposes. The
Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass
spam mailings. One type of e-mail spoofing, self-sending spam, involves messages that
appear to be both to and from the recipient. (See also “Phishing”)
63
Glossary
•
•
Spyware - Also called adware, spyware is any software that covertly gathers user
information through the user's Internet connection without his or her knowledge, usually for
advertising purposes. Spyware applications are typically bundled as a hidden component of
freeware or shareware programs that can be downloaded from the Internet. Once installed,
the spyware monitors user activity on the Internet and transmits that information in the
background to someone else. Spyware can also gather information about e-mail addresses
and even passwords and credit card numbers.
Virus - Software program, script, or macro that has been designed to destroy, modify, or
cause other problems with a computer or software program that would otherwise not be
there. Viruses can be prevented by getting a virus protection program.
64