Split your emails
Rather than linking Facebook, Twitter, newsgroups, forums, shopping and banking sites to one email address, use multiple addresses. As a minimum, use one for social activities and one for financial business.
Your social address will rightly draw more attention than your business one – that's the way you want it to be. If the former is hacked, it won't be as nightmarish as losing control of your financial address.
Take care on public networks
Never, under any circumstances, use a public network for financial transactions. Only send your personal and financial details over a network you've set up yourself, or one you know to be secure. Who knows what horrors are lurking on the hard disk of that internet cafe machine, or somewhere between it and its internet access point?
Hackers have also been known to set up laptops to broadcast networks with names such as 'Free Internet Access' in hotels. They'll let you pass internet traffic through them and harvest any juicy details as you type. Virtualise
The truly paranoid should virtualise. The idea is simple: create a virtual PC, use it to surf the internet and, when you've done, destroy it, along with any viruses that may have infected it while you were online.
Running a virtual version of Ubuntu from within Ubuntu is likely to be the easiest way of achieving this style of computing, and it's likely to be very safe too.
Anatomy of an iffy shop
By making online shops look slick, official and safe, online criminals hope to dupe us into disclosing credit card details. Fake shopping sites, like much online criminality, rely on social engineering.
There are, however, some tell-tale signs that should help you spot an iffy shop. First, avoid sites that ask for cash, cheque or virtual cash payments only – only do business with sites that accept credit cards.
Next, ensure that the shop has a physical address, ideally in the UK – shopping abroad throws up more potential problems.
Be wary of Facebook
There are two key areas of social networking security – the technical sphere and the human one. Technical security is about setting up your profile correctly – your favourite site will explain how, so follow its guides. Next is the human aspect of security and our old friend, social engineering.
No quantity of settings and checkboxes can prevent a user from willingly complying with the bad guys, and this is what they depend on. There's one simple rule to follow here: don't do or say anything online that you wouldn't do or say in real life.
Choose your flexible friend
Never be tempted to use or enter details from your debit card – always use a credit card. Section 75 of the Consumer Credit Act (1974) make credit card companies liable to pay if you're the innocent victim of fraud.
Card companies may, however, avoid paying out if you're proved not to have taken 'reasonable' care with your card – doing something like writing down your PIN, for example.
Credit cards themselves also offer different levels of fraud insurance, so shop around before choosing a card and make sure you read the terms and conditions closely.
Pump and dump
Don't be tempted to follow unsolicited dead-cert share tips. The senders will probably hold a lot of them. When you and other victims buy, the price will go up. They'll then sell, leaving you holding the baby.
Just like that
A common online action site scam is to sell goods that are 'like' top brand goods. Your new watch may be like a Rolex insofar as it ticks, but that could be your lot.
We've found a virus
Bogus security experts call unsuspecting PC owners claiming they've found a virus on their hard drive. All you need do is pay a fee and they'll remotely remove the nasty.
In reality, the scammers are just working through phone lists, planting the seeds of fear and then collecting bucketloads of cash.
Ditch IE6
If you're still using Internet Explorer 6, shame on you. Not only are you likely to be getting less from the internet – Google and YouTube have now stopped supporting the ageing browser – but it's also riddled with security flaws. Do yourself a favour and download a newer browser.
Check out Virus Total
If you've received a file and are worried about its provenance, upload it to www.virustotal.com. The site will run the file through a number of virus-scanning engines to find any hidden malware. It'll also send you a handy report document.
Listen to Bruce Schneier
Renowned security expert, blogger and self-styled security guru Bruce Schneier has a thing or two to say about every aspect of the topic, ranging from the virus right up to national security policy. Visit his blog at www.schneier.com and add it to your bookmarks.
Check firewall logs
Firewalls keep logs of traffic they've rebuffed. Check these and look for patterns – maybe a particular IP address is pinging your network or a certain port on your setup is spewing out too much traffic. These sorts of things can suggest a viral infection.
Stop redundant services
The more software and services you're running, the greater the risk you could be compromised. Be ruthless – delete or deactivate applications and services you don't use. This will reduce the number of ways into your machine that are available to hackers.
Be cautious
If you must use file sharing, do so with the utmost paranoia about security. When you've downloaded a file, isolate it and, if possible, execute it from a virtual environment to ensure it's safe before letting it into your true computing environment.
Update software
Windows 7 and most major apps are happy to update themselves automatically, but you should still run their update systems manually to ensure they're working. Smaller apps may need updating manually, so check their makers' sites for updates.
Enter your own URLs
Never follow links to URLs emailed to you and don't Google your bank's address. Google can be tricked into moving spoof sites up its rankings table by criminals looking to entice people to sites designed to harvest logon details. Enter important URLs yourself.
Check site safety
Download McAfee's excellent SiteAdvisor from www.siteadvisor.com. The browser plug-in has a traffic light system that shows dangerous sites in search results. Following its green, yellow and red site rating icons will help you to avoid compromised web locations.
Test your system
Test your antivirus system using the Eicar string. It's a text file that all antivirus engines should pick up, no matter how it's wrapped or compressed. Get it from www.eicar.org. It's completely safe and won't land you in legal hot water.
Rather than linking Facebook, Twitter, newsgroups, forums, shopping and banking sites to one email address, use multiple addresses. As a minimum, use one for social activities and one for financial business.
Your social address will rightly draw more attention than your business one – that's the way you want it to be. If the former is hacked, it won't be as nightmarish as losing control of your financial address.
Take care on public networks
Never, under any circumstances, use a public network for financial transactions. Only send your personal and financial details over a network you've set up yourself, or one you know to be secure. Who knows what horrors are lurking on the hard disk of that internet cafe machine, or somewhere between it and its internet access point?
Hackers have also been known to set up laptops to broadcast networks with names such as 'Free Internet Access' in hotels. They'll let you pass internet traffic through them and harvest any juicy details as you type. Virtualise
The truly paranoid should virtualise. The idea is simple: create a virtual PC, use it to surf the internet and, when you've done, destroy it, along with any viruses that may have infected it while you were online.
Running a virtual version of Ubuntu from within Ubuntu is likely to be the easiest way of achieving this style of computing, and it's likely to be very safe too.
Anatomy of an iffy shop
By making online shops look slick, official and safe, online criminals hope to dupe us into disclosing credit card details. Fake shopping sites, like much online criminality, rely on social engineering.
There are, however, some tell-tale signs that should help you spot an iffy shop. First, avoid sites that ask for cash, cheque or virtual cash payments only – only do business with sites that accept credit cards.
Next, ensure that the shop has a physical address, ideally in the UK – shopping abroad throws up more potential problems.
Be wary of Facebook
There are two key areas of social networking security – the technical sphere and the human one. Technical security is about setting up your profile correctly – your favourite site will explain how, so follow its guides. Next is the human aspect of security and our old friend, social engineering.
No quantity of settings and checkboxes can prevent a user from willingly complying with the bad guys, and this is what they depend on. There's one simple rule to follow here: don't do or say anything online that you wouldn't do or say in real life.
Choose your flexible friend
Never be tempted to use or enter details from your debit card – always use a credit card. Section 75 of the Consumer Credit Act (1974) make credit card companies liable to pay if you're the innocent victim of fraud.
Card companies may, however, avoid paying out if you're proved not to have taken 'reasonable' care with your card – doing something like writing down your PIN, for example.
Credit cards themselves also offer different levels of fraud insurance, so shop around before choosing a card and make sure you read the terms and conditions closely.
Pump and dump
Don't be tempted to follow unsolicited dead-cert share tips. The senders will probably hold a lot of them. When you and other victims buy, the price will go up. They'll then sell, leaving you holding the baby.
Just like that
A common online action site scam is to sell goods that are 'like' top brand goods. Your new watch may be like a Rolex insofar as it ticks, but that could be your lot.
We've found a virus
Bogus security experts call unsuspecting PC owners claiming they've found a virus on their hard drive. All you need do is pay a fee and they'll remotely remove the nasty.
In reality, the scammers are just working through phone lists, planting the seeds of fear and then collecting bucketloads of cash.
Ditch IE6
If you're still using Internet Explorer 6, shame on you. Not only are you likely to be getting less from the internet – Google and YouTube have now stopped supporting the ageing browser – but it's also riddled with security flaws. Do yourself a favour and download a newer browser.
Check out Virus Total
If you've received a file and are worried about its provenance, upload it to www.virustotal.com. The site will run the file through a number of virus-scanning engines to find any hidden malware. It'll also send you a handy report document.
Listen to Bruce Schneier
Renowned security expert, blogger and self-styled security guru Bruce Schneier has a thing or two to say about every aspect of the topic, ranging from the virus right up to national security policy. Visit his blog at www.schneier.com and add it to your bookmarks.
Check firewall logs
Firewalls keep logs of traffic they've rebuffed. Check these and look for patterns – maybe a particular IP address is pinging your network or a certain port on your setup is spewing out too much traffic. These sorts of things can suggest a viral infection.
Stop redundant services
The more software and services you're running, the greater the risk you could be compromised. Be ruthless – delete or deactivate applications and services you don't use. This will reduce the number of ways into your machine that are available to hackers.
Be cautious
If you must use file sharing, do so with the utmost paranoia about security. When you've downloaded a file, isolate it and, if possible, execute it from a virtual environment to ensure it's safe before letting it into your true computing environment.
Update software
Windows 7 and most major apps are happy to update themselves automatically, but you should still run their update systems manually to ensure they're working. Smaller apps may need updating manually, so check their makers' sites for updates.
Enter your own URLs
Never follow links to URLs emailed to you and don't Google your bank's address. Google can be tricked into moving spoof sites up its rankings table by criminals looking to entice people to sites designed to harvest logon details. Enter important URLs yourself.
Check site safety
Download McAfee's excellent SiteAdvisor from www.siteadvisor.com. The browser plug-in has a traffic light system that shows dangerous sites in search results. Following its green, yellow and red site rating icons will help you to avoid compromised web locations.
Test your system
Test your antivirus system using the Eicar string. It's a text file that all antivirus engines should pick up, no matter how it's wrapped or compressed. Get it from www.eicar.org. It's completely safe and won't land you in legal hot water.
No comments:
Post a Comment