Viruses, Spyware, and Malware
Viruses
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. Viruses spread by being attached to files or other programs and can cause your computer to crash, erase your hard drive, or do other damage.
Take caution before you download files and programs off of the Internet to your computer – games, movies, music, unusual e-mails, etc. – and install up to date virus protection software for your system. If it is infected with a virus, your computer may run particularly slowly or exhibit other strange behavior such as crashing or restarting on its own, freezing or not responding to commands. You may receive error messages you have not seen before or see distorted dialog boxes or menus, or you may receive returned emails that you did not send. Symantec maintains a list of Virus Definitions & Security Updates that is updated daily; McAfee also maintains a list of current virus threats and definitions.
If you think your computer is infected with a virus, use your virus protection software to scan your computer and disinfect or delete any infected files.
Spyware and Malware
Spyware is software that secretly gathers information about a user while he/she navigates the Internet. Short for malicious software, malware is a program or file that is designed to specifically damage or disrupt a system. Malware and spyware can be either viruses (programs which piggyback on legitimate programs to spread and operate), or worms (which are programs that actively transmit themselves over a network to infect other computers).
Malware is created and used by individuals with malicious intent. It should not be confused with legitimate software that has bugs. People who are writing malicious code are often using it to profit by collecting credit card numbers, social security numbers, or other personal information.
Protect Your Computer
You should periodically scan your computer to detect any malicious programs (viruses or spyware) that may have been installed on your computer unbeknownst to you and are designed to collect sensitive information about you or to misdirect you to fraudulent websites. If your operating system offers free security software upgrades, you should install them as they become available.
Invest in virus protection software from a reputable source, and be sure to check for updates every few weeks. Avoid programs from unknown sources and stick to commercial software. Set secure passwords for your email and online accounts, and always be sure to use a secure connection when accessing the Internet wirelessly. Do not click on email attachments, instead, download all files and use virus protection software to scan files or documents before opening. Be sure to check your online accounts regularly.
Hacking
Hacking is unauthorized use of computer and network resources. While this term originally referred to a clever or expert programmer, it is now more commonly used to refer to someone who can gain unauthorized access to other computers.
Computer hacking is difficult to define. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages, or software. The impact of computer hacking varies from simply being invasive and annoying to illegal. For more information from the federal government about hacking and cyber crimes, visit the FBI Cyber Investigations website, or the US Department of Justice Computer Crime & Intellectual Property Section website.
Phishing
If you have received a suspicious email claiming to be a legitimate business, government agency, or financial institution, and are being asked to supply personal information over email, please use extreme caution before you take action.
Banks and other financial institutions will never ask for your personal information via email no matter how official the email may look. To verify any links that may be included in an email, do not click them, but use your mouse to hover over them to view and visibly verify the web link. If you do click any of the links in the suspicious email, you may become the victim of phishing.
Phishing is an attempt to steal personal data where a thief sends an email claiming to be from a legitimate business, a government agency, or a financial institution like your bank or credit card issuer. The website or email often asks you to confirm or update your account information, or may ask for your social security number, credit card information, personal identification number, password or user name, or other sensitive personal information. The thief then can use your personal information to commit identity theft or other fraudulent activities.
Phishing scams often rely on placing links in email messages, on websites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site. You may also receive them in a Facebook message or Twitter Direct Message where it may look as though a friend is sending you a link or video. These websites or emails may mimic legitimate ones very successfully. If you think your bank or other organization requires your information, call customer service, or type the organization's Web address into your browser directly.
Recently, phishing scams ask for money or financial information in the form of an email from someone purporting to be a family member in an emergency situation. These emails might say they are from a family member on vacation who has found themselves in danger and in need of help. If you receive one of these, call the family member or their close friend first to try and verify the information.
Laptops and Wireless Security
Protecting Your Laptop
With the added portability of a laptop comes the increased risk of theft, and with that, the potential loss of irreplaceable data and personally identifiable information and files. Never leave your laptop unattended: Lost or stolen laptops and mobile devices are the most frequent cause of a data breach, accounting for 49 percent of data breaches involving personal information.
When your laptop is not in your immediate possession, ensure that it is securely locked up. Always use password protected access to your computer and back up your data regularly, either with an external hard drive or through a cloud storage service. You may consider installing an asset tracking and recovery tool to track and recover computers that are lost or stolen.
Wireless Internet Connections
With ubiquitous and accessible wireless Internet, continue to express caution about the networks you choose to join. In some cases, unless proper safeguards are taken, users may find their wireless access account breached by hackers using your Internet connection to conduct illegal activities, which may include the theft of your sensitive personal and financial information.
According to www.staysafe.org, there are some simple precautions you can take to increase your level of wireless Internet security. If you're not sure how to implement them, ask someone, such as the person who installed your wireless network, to help you.
- Place the wireless router in a central location in your house. Avoid placing it near exterior walls and windows to help decrease the signal strength outside of the intended coverage area.
- Install anti-virus software and anti-spyware on your computers and keep it up-to-date. Stay current with the security programs and alerts by visiting trusted computer security companies and websites. If your current operating system does not have one, add a firewall to each computer in your home. Use automatic updates to ensure that your operating system and related security tools are up-to-date.
- Require authentication for any computer that logs on to your wireless network and change the default authentication password once every three months. Set up your wireless router to accept information from only the computers in your home by using Media Access Control (MAC) addresses.
- Avoid storing sensitive materials on your computer, including credit card numbers, social security numbers, or other personal information.
- Encrypt all information transmitted over your wireless network. If you cannot enable encryption, connect to the Internet with a network cable when sending financial or other critical information over the Internet.
Passwords
When accessing websites online or using various online services, you are often asked to create a unique user name and password. A password is a unique identifier of letters and/or numbers which allow a computer user to gain access to a computer and all of its files. In addition, most online activity (such as shopping, participating in an online discussion or simply signing up to receive a coupon or an electronic newsletter) now requires the selection of a user name and a password.
Secure Passwords
Ideally, a secure password is one which no one else can guess and which is resistant to being hacked, that is, having one's online information breached, and thus leading to the danger of having one's identity, credit card information and/or money stolen. In order to make your passwords less susceptible to compromise, you should seek to create passwords that avoid dictionary words and use six or more characters with a mix of letters and numbers and upper-case and lower-case letters to create the strongest password possible. You should also create a new password for each site on which you engage in online commerce, avoid using the same password for all of your online accounts - and never share these passwords with anyone.
Since users are being asked more and more to think of unique user names and/or passwords, many are resorting to less than creative solutions. For example, many users will choose easy to remember passwords (such as admin, 12345, their own first name or year of birth or even the word "password") to make this process more manageable. Unfortunately, these solutions are risky as they make one much more susceptible to being intercepted by a computer hacker. Avoid the use of obvious passwords such as your birthday, nickname, mother's maiden name, phone number or the name of your pet.
Many Internet service providers now offer guidance on strategies to select a password which is less likely to be hacked. These strategies include:
- Choose a long password (12 or more characters) rather than a short one
- Instead of a single word, use a combination of upper case and lower case letters, numbers and/or symbols
- Avoid using dictionary words
- Use a phrase for a password such as "mydogsnameisfluffy."
- Create a password which is actually an acronym for a phrase that only you would know, such as: "My favorite food is the Chicago style pizza they have at 19 Main Street" becomes the password: MffitCspth@19MS.
- Take advantage of free password selecting software located via any Internet search engine.
Storing Passwords
Some websites provide the user with an option to allow the computer to remember usernames and/or passwords. Although this is a convenient feature, in general, it is more prudent not to rely on these options. It is recommended that you use the "Delete stored passwords" feature (typically found under "tools" and then "Internet options"), available through most Internet browsers, to increase your password security.
Spam
Spam is the abuse of email technology to send large quantities of unsolicited communications; this could be either commercial or malicious software such as viruses. Spammers harvest and compile bulk listings of email address by automated scanning of popularly used websites or by intercepting the transmission of electronic mailing lists.
Spam is illegal: The Federal Trade Commission (FTC) outlawed spam in the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) and has established strict protocols for the commercial use of bulk email. Most Internet service providers are working hard to protect their users from spam, but there are things you can do to reduce the amount of spam (malicious or otherwise) that you receive.
Avoid Spam
The very best way to prevent spam from arriving in the first place is to protect your email address. Placing your email address on everyday locations like a group bulletin board, on social media websites, or by forwarding jokes, stories, and chain letters, all provide ample opportunities for spammers to retrieve addresses. Avoid posting your email address on websites where you are selling a product such as Craigslist. Many of these sites will give you the option of masking your email address with a seller’s address for the posting details. Consider this as an option so potential buyers do not have direct access to your email. Consider using a "disposable" email address for all of your online activity, which can forward your mail to your "real" email address but has many features which filter and eliminate the spam from getting through.
It is also important that when registering your email address with a website, read all website privacy notices carefully and watch carefully for any prefilled in checkboxes giving your permission to be contacted by third parties for more information about their products and services. If you are not satisfied with the privacy policy, do not register for the site.
Another way to avoid spam altogether is to ignore it. By responding to these messages, marketers may realize that yours is a "live" email account and this may result in even larger amounts of spam. Contact your Internet Service Provider (ISP), as most offer filtering functions and may also be able to shield you from receiving offers from a particular source, especially if you find them offensive.
Reporting Spam
To forward unwanted or deceptive spam to the FTC send it to spam@uce.gov, and be sure to include the full email header.
If you think you have been taken advantage of by a spam scam, file a complaint with the FTC online at www.ftc.gov. Complaints will help the FTC find and stop those who are using spam to defraud consumers.