Internet Scams &
Computer Security Topics
Giving or throwing that computer away?
Many computers and hard drives, especially those in Europe and specifically
those from the U.K. wind up for use in developing and 3rd world countries. Yes,
even Nigeria and other homes of the 419 scam. Even if you have deleted all
files, the data on the hard drive can still be retrieved. So how can you be
relatively certain that no one can retrieve your data? If you are really
concerned (as well you should be) and you want to be doubly sure your personal
files cannot be retrieved, try either of these:
Fully reformat the hard drive and reinstall the operating system only.
There are many free disk-wiping utilities that will make it virtually
impossible to get any data at all from your old hard drive.
SDelete from Sysinternals or
DBAN Boot & Nuke from SourceForge which can do it from a floppy. Either
will do the what you need.
Phishing & Vishing - How not to get caught
Email Phishing: You receive an official looking email from your bank,
financial institution or other established legitimate enterprise in an attempt
to scam you into surrendering private information that would be used for
identity theft. The e-mail directs you to visit a website where you are asked
to update personal information, such as passwords and credit card number,
social security number, bank account numbers and so on, that the legitimate
organization already has. The web site is faked, usually using graphics
from a legitimate website and was set up only to steal the your information.
For a more lengthy description visit PC Magazine's
Let's Go Phishing
Vishing (Voice Phishing - Indirect):
The attack involves an actual phone number and a voice-response system to
collect personal information. You receive an email either stating that there is
an issue with your account, someone tried to log on to their website as you, or
some other bogus reason and ask you to call a special phone number. If you
call, you will either hear a real person or a Voice Recognition System asking
you for private information.
Vishing (Voice Phishing - Direct):
Somehow they got your name, address and possibly even your account number, ATM
or credit card number. You get a phone call from someone at "Security" asking
you to verify the information. After you have done so, they will ask you for
the last digits of the security number (called CVC2 for MasterCharge, CW2 for
Visa) on the back of your card. Anyone who holds a credit card is a potential
victim of this type of fraud.
What should I do about these?
In a word, DON'T. Trust no one over e-mail or phone unless you initiated
it and even then be cautious. If they're asking you for critical personal info,
call the company in question or visit their official website directly
(don't click the link on the email). If someone calls you and you have caller
ID, write down the number. Do not give out any private information over the
phone. In the event that someone has your details, call the real institution
immediately. Your identity has been compromised!
Pharming is used to fool your computer into connecting to a legitimate web site
when in fact it's sent to a phony one. Like phishing, the login screen is
intended to collect your username and password for the genuine site, but unlike
phishing, in pharming the address bar at the top of the window will show the
correct address! This is accomplished by unleashing a virus or Trojan on your
system that tampers with the address translation. Your computer will truly
believe that you are accessing www.yourbankname.com but you will be at a
phishing web site.
To prevent pharming, keep your antivirus and spyware checkers up-to-date,
downloading updates on at least a monthly if not weekly basis. Without the
virus, traditional pharming can't happen.
Drive-by Pharming: If your computer is connected to the Internet through
a router (many broadband customers are), you may be vulnerable to "drive-by"
pharming. In drive-by pharming, a malicious web site reprograms your router so
that any computer in your home that connects to the Internet will think that
when you ask for www.yourbankname.com, you want to access a phishing web site.
Your computer's web browser won't warn you because it's done in a way that
appears egitimate. For an animated (and more technical) explanation, go to http://www.symantec.com/avcenter/reference/drive-by-pharming-animation.html
To prevent drive-by pharming, change the setup password on your router to
something difficult to guess. Visit the web site for your router's manufacturer
if you need help changing the password.
Spyware - Who is watching you?
Software that covertly gathers your user information through your internet
connection without your knowledge is Spyware. While this is usually for
advertising purposes, it can do far worse. Spyware is typically bundled as a
hidden component of freeware or shareware programs that can be downloaded from
the Internet. Once installed, the spyware monitors your surfing activity on the
internet and reports that information somewhere.
What should I do about these?
Purchase or download legitimate freeware anti-spyware software and run it