[I'm a] PC Site

Phishing and Computer Network Security

As computers become more a part in people’s lives, their safety and personal information are placed at risk. There are loads of people out there that want to trick you and try to steal your personal information for their own benefit. This is done through all sorts of methods, including programs known as “spyware” that steal your information, and “Phishing” scams that trick you into giving away your information. Many people may think that these are unavoidable occurrences and just happen, but what they don’t realize is that the way they use their computer is as big a threat as those scams that are out there. Sure, spyware scanners and things like that may help, but what’s more effective is for the user to just pay attention and know what they’re doing on the Internet.

Phishing is a large and growing crime on the Internet today and causes over $3.2 in damage to nearly 3.6 million victims per year. [1] Phishing is exactly what it sounds like; a hacker throws some user appealing, “bait” onto the web and the gullible user will “bite” only to be hooked and pulled into a trap or scam that may cost them tons of money or even their identity. In most cases, a phisher will draw a user into a page claiming to be a contest, or some sort of free give-away and to “receive” your prize you need to enter your name, address, phone number and possibly further information[2]. Once a user enters their information on that kind of page and hits submit, they’ve pretty much doomed themselves because the phisher can now do whatever they want with the information that they just received. Such a simple crime, but it has major impacts.

Myspace these days is an example and growing source of phishing crimes [2]. A user will go onto their “friend’s” pages and post something like, “Hey, check out my new MySpace!” and with a link that will bring the user to a page that looks exactly like Myspace’s log in page, except the URL is different; something like login.my51.com or something. When the affected person clicks the link and enters their login information, that first phisher who posted the link will receive the credentials they entered. With these, the phisher will be able to access that account and post more links and now even advertisements leading to more harmful phishing sites on their friends’ pages.

These days, there are all sorts of various plug-ins available for your web-browser to help protect you from Phishing. [2] These plug-ins will check the address of the site you’re on against a list of known and community-rated sites to see whether or not they can be dangerous and threaten you or your computer. If the site you’re on is flagged for Phishing scams, you’ll be immediately redirected out of there. Microsoft developed their own Anti-Phishing Filter, which they released with “Internet Explorer 7.” However, a wise alternative is McAfee SiteAdvisor. (http://siteadvisor.com) SiteAdvisor is far more helpful than Internet Explorer’s built-in filter because it’ll also warn you if the site is potentially dangerous. A small bar will display in your web-browser that will change colors depending on how the site was rated by other users and SiteAdvisor staff. (Green: Good, Yellow: Potential Threat, Red: Malware or other insecurities) It also adds icons to search engine pages such as Google to tell you if a site you looked up in a search is dangerous before you click it.

Other works of phishing can be seen through pop-ups and e-mails. There are an insane amount of e-mail scams out there, and most of them are quite obvious however others may require a second look to verify whether or not the e-mail is true. Anything within an email can be forged, including its sender, address and body. [3] For example, a phisher may use Paypal’s customer support address and make the body look like something Paypal would usually send. [4] However, something may seem a little strange, like the wording is a little off or it doesn’t seem like they know what they’re talking about. If you get an e-mail is claiming there’s something wrong with your account and you need to “log in” via this site they give you in the e-mail, hover your cursor over the link and a small message should appear, giving you the URL it’s leading to. If it’s a forged page, the URL will look something like how it should, but there will be a few extra or strange characters in it. (Example: paypal.com.dllsll2.us) If you’re unsure whether or not the e-mail is a scam, go to the company’s real site yourself and log in there. If you get in just fine and there aren’t any warnings in your dashboard or anything, disregard the email, it’s junk.

Another very important piece of software you should have running on your computer if it has an Internet connection is a firewall. A firewall is a program that monitors your network connection and checks through the “packets” that are being sent through it. A packet it a small file sent over the Internet that contains information regarding what it is you are trying to do. [2] For example, your web browser (Internet Explorer, Firefox, etc.) will send a packet to a server containing information on what page or file you want that server to return to you. Firewalls will scan through these packets to make sure that no malicious data that can attempt to harm your computer or steal your personal information had slipped into them. If any malicious data is found, the firewall will block the packet and delete the data it contained. Most routers that people use with their broadband internet services have their own built-in firewalls so downloading one for your computer may not be completely necessary but it is still a good idea because if you have opened any “ports” it won’t do you much good.

Imagine a large hallway with many (thousands) of doors that all lead to a grand hallway. So in this analogy, a port is pretty much a door that will lead to your computer. By default, routers have all the ports closed, but some applications may be programmed to send information through certain ports and you’ll have to open them in return. Now that you have a port open, that’s an open-door to your computer and anything, including the program you’re running can pass information through there, which is why you should still have a firewall, to make sure nothing bad is coming through there.

Firewalls (and ports) do however have their downsides here and there. For example, some firewalls may accidentally block a “friendly” application or friendly packets from that program, which will prevent it from running because it won’t be able to communicate with its server. [2] You can however choose to unblock/allow the program to send/receive data and/or open the required ports for the program on your router.

Lastly for your personal security on the Internet is to have a spyware scanner. Most people don’t take spyware into consideration; they think that the only risks online are to get a computer virus or to have a hacker break in. However, there’s something much more common than hackers and viruses and that is “Spyware.” Spyware is another type of malicious software and is designed to quietly sneak into your hard-drive and record your activities on your computer and return them back to its creator. A lot of files that are considered spyware don’t really do that much and may as well just be duds because they record one URL and then are done. Others however will steal information you enter on your computer and some can even be associated with a virus and give that an open door to your computer resulting in a remote takeover of your machine. Probably among the best Spyware scanners to have on your system is “Spybot – Search and Destroy.” (Safer-Networking.org) It can detect almost all spyware out there and disinfect most of them that it finds. If the program can’t disinfect it, Spybot is backed by a huge Internet community with highly trained spyware experts that can help you remove what Spybot can’t.

Free software especially is something you should be cautious about. Now, most the free software out there is fine and you don’t have to worry at all about it, however some users may come across one that in order to install the main program, you have to install affiliated software. Programmers bundle in this affiliated software to make money and not worry too much about your safety, which is rather a shame. [3] For example, “Daemon Tools” which is a popular virtual CD/DVD mounting program (mainly used by software pirates and people making back-up CD’s but we won’t get into that) is bundled with extra software you’re forced to install that is spyware. Now, “Daemon Tools” is legit software that is safe for your computer, but because it’s free, the developers try and make some money by distributing it with the highest-bidding software. There are other installers that just require you to install or upgrade some library files or, “run-times” but those are fine; without those files the program won’t be able to function properly. There are just those few that prompt you to install entirely separate software that you should be wary of and research what the program is before you proceed.

As people begin to use computers more in their everyday lives, they must also take important note of their privacy and personal information. There are many methods out there that may trick the user into sacrificing their personal information to someone they wouldn’t want to, without them knowing. There are many tools out there to help and protect the user while on the Internet, but another important method to preserve their safety is just for the user to pay attention and know what they are doing.