Sat, October 25, 2008
How to Avoid Identity Theft - Part 3: Turn On, Tune In…Get Hacked?
It looks like this week's discussion on identity theft will probably overflow into next week a bit, because I'm finding new information to share. Having discussed some of the social engineering-based approaches to stealing your private information, today I'd like to take a brief look at how you can protect your computers against more subtle forms of attack.
If you have an Internet connection that’s on continuously, such as one provided via DSL or cable modem, you are especially vulnerable to being attacked by hackers who may access information on your computer or who otherwise hijack your computer by copying malicious programs directly to it. Dial-up connections are less vulnerable because they are unlikely to be on long enough for an attacker to discover them, but they are not impervious to this type of attack. The best protection is to make your computer a difficult target, so that a hacker will choose to break into connections that are less secure than yours.
To protect access to your computer, the most common solution is a “firewall,” which can either be software or a device. If you have a broadband router, you already have a firewall that will block unwanted incoming Internet traffic. If your computer uses either the Windows XP or the Mac OS X operating system, you already have a firewall that blocks unwanted incoming connections. However, neither of these solutions will protect you from malicious software that you download inadvertently or that you activate by opening an infected e-mail attachment.
Once such a program is running on your computer, it can establish its own outgoing connection and send personal information found on your computer to a thief. If you want protection from unauthorized outbound Internet traffic, you need a software firewall, such as ZoneAlarm Firewall or one of the Norton Internet software products. If you need to buy protection software and don’t understand the difference between spyware, viruses, and firewalls, ask a geeky friend for assistance, or try using one of the resources at the end of this article. To check the vulnerability of your computer’s Internet connection, try the free testing software available at Gibson Research Corporation, but be forewarned: this site is not for technophobes.
For added protection, it’s important to keep your antivirus software updated regularly. If you have a Windows-based computer system, be sure to keep up with the frequent security patches issued by Microsoft in order to keep your computer protected from attacks. As more attacks are being launched from web sites containing malicious code, you should consider buying software like Norton Internet Security, Norton 360, or McAfee’s Site Advisor to provide a further layer of protection.
P.S. This morning I received a great example of a social engineering-based attempt to steal my personal information. Here’s the e-mail:
------------------
From: Melrose Cooperative Bank
Sent: Friday, October 24, 2008 7:55 AM
Subject: Congratulations!
Congratulations!
You have been selected by Melrose Cooperative Bank Online Department to take part in our quick and easy reward survey.
In return we will credit $150 to your account - Just for your time!
Helping us better understand how our customers feel, benefits everyone.
With the information collected we can decide to direct a number of changes to improve and expand our services.
The information you provide us is all non-sensitive and anonymous. No part of it is handed down to any third party groups.
It will be stored in our secure database for maximum of 3 days while we process the results of this nationwide survey.
To access the form, please click on the link below:
[bogus link deleted]
Note:
* If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP
* For security reasons, we will record your IP address, the date and time.
* Deliberate wrong inputs are criminally pursued and indicted.
-----------------------------------------------------------------
Interestingly, this one was sent to an address that must have been hand-copied from my web site. I don’t have an account with Melrose Cooperative Bank, so this was easy to spot. My incoming spam filters didn’t catch it, though. This is a clever one; who could resist getting $150 just for completing a survey? The warnings at the end add a note of authenticity, too. Nice try....
RELATED POSTS:
How to Avoid Identity Theft - Part 1
How to Avoid Identity Theft - Part 2: Avoiding Online ID Theft
How To Avoid Identity Theft - Part 4: Passwords, Online Shopping, etc.