Internet Scams &
Computer Security Topics

Giving or throwing that computer away?

Many computers and hard drives, especially those in Europe and specifically those from the U.K. wind up for use in developing and 3rd world countries. Yes, even Nigeria and other homes of the 419 scam. Even if you have deleted all files, the data on the hard drive can still be retrieved. So how can you be relatively certain that no one can retrieve your data? If you are really concerned (as well you should be) and you want to be doubly sure your personal files cannot be retrieved, try either of these:

• Fully reformat the hard drive and reinstall the operating system only.
• There are many free disk-wiping utilities that will make it virtually impossible to get any data at all from your old hard drive. SDelete from Sysinternals or DBAN Boot & Nuke from SourceForge which can do it from a floppy. Either will do the what you need.

Phishing & Vishing - How not to get caught

Email Phishing: You receive an official looking email from your bank, financial institution or other established legitimate enterprise in an attempt to scam you into surrendering private information that would be used for identity theft. The e-mail directs you to visit a website where you are asked to update personal information, such as passwords and credit card number, social security number, bank account numbers and so on, that the legitimate organization already has. The web site is faked, usually using graphics from a legitimate website and was set up only to steal the your information. For a more lengthy description visit PC Magazine's Let's Go Phishing article.

Vishing (Voice Phishing - Indirect): The attack involves an actual phone number and a voice-response system to collect personal information. You receive an email either stating that there is an issue with your account, someone tried to log on to their website as you, or some other bogus reason and ask you to call a special phone number. If you call, you will either hear a real person or a Voice Recognition System asking you for private information.

Vishing (Voice Phishing - Direct): Somehow they got your name, address and possibly even your account number, ATM or credit card number. You get a phone call from someone at "Security" asking you to verify the information. After you have done so, they will ask you for the last digits of the security number (called CVC2 for MasterCharge, CW2 for Visa) on the back of your card. Anyone who holds a credit card is a potential victim of this type of fraud.

In a word, DON'T. Trust no one over e-mail or phone unless you initiated it and even then be cautious. If they're asking you for critical personal info, call the company in question or visit their official website directly (don't click the link on the email). If someone calls you and you have caller ID, write down the number. Do not give out any private information over the phone. In the event that someone has your details, call the real institution immediately. Your identity has been compromised!

Pharming

Pharming: Pharming is used to fool your computer into connecting to a legitimate web site when in fact it's sent to a phony one. Like phishing, the login screen is intended to collect your username and password for the genuine site, but unlike phishing, in pharming the address bar at the top of the window will show the correct address! This is accomplished by unleashing a virus or Trojan on your system that tampers with the address translation. Your computer will truly believe that you are accessing www.yourbankname.com but you will be at a phishing web site.

To prevent pharming, keep your antivirus and spyware checkers up-to-date, downloading updates on at least a monthly if not weekly basis. Without the virus, traditional pharming can't happen.

Drive-by Pharming: If your computer is connected to the Internet through a router (many broadband customers are), you may be vulnerable to "drive-by" pharming. In drive-by pharming, a malicious web site reprograms your router so that any computer in your home that connects to the Internet will think that when you ask for www.yourbankname.com, you want to access a phishing web site. Your computer's web browser won't warn you because it's done in a way that appears egitimate. For an animated (and more technical) explanation, go to http://www.symantec.com/avcenter/reference/drive-by-pharming-animation.html .

To prevent drive-by pharming, change the setup password on your router to something difficult to guess. Visit the web site for your router's manufacturer if you need help changing the password.

Spyware - Who is watching you?

Software that covertly gathers your user information through your internet connection without your knowledge is Spyware. While this is usually for advertising purposes, it can do far worse. Spyware is typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors your surfing activity on the internet and reports that information somewhere.

Purchase or download legitimate freeware anti-spyware software and run it frequently.

• Spyware Doctor from PCtools (recommended)
• Spy Sweeper from Webroot Software
• AdAware LE Personal from LavaSoft (freeware)