Wednesday, November 14, 2007

Phishing and Spying

         Today’s topic actually applies to general email and Internet usage, but it is very important and ties into personal and financial safety. Internet criminals have found a way to take advantage of users of popular shopping websites through email. Such emails are referred to as “phishing." They imitate the icons and format of popular websites and attempt to obtain very personal information from you to use to steal your identity or your money. They do it through both links to their website or a form embedded in an email. Because of this it is very important to never provide personal information including login names and passwords through an email. Additionally, never click on links in emails, always type the address into the location field of your Internet browser.

         Along a similar line, a lot of websites deposit harmful or sneaky software on your computer as you visit their site and surf around the Internet. These are called spyware and often report to an external entity what you do on your computer. Sometimes individual programs can be quite harmful, and if you get too many of these sneaky programs on your system, it will slow it down and make it buggy. It is very important to prevent the installation of these programs and clean out the ones that manage to get through. The easiest way to prevent these is to limit the use of cookies and pop-up ads. Also the various “Toolbar” accessory software are often major contributors to the problem (Google and Yahoo are just a couple examples). As helpful as they may seem, they are spyware, so beware. To clean these programs off there are a few major reputable programs: Spybot Search & Destroy, Ad-Aware, AVG Anti-Virus and Anti-Spyware and CCleaner. It is important to use a couple different programs because they all detect different things. Additionally, it’s important to understand that these programs can only detect and remove spyware that they know of. If you manage to pick up something they don’t know about yet, then there’s no way for these programs to detect it or remove it. Companies develop new spyware every day and these programs must update their databases to account for each of these new spyware programs. Before running a scan, you should remember to download these updates. The average Internet user needs to run a scan at least once a week to keep up with the accumulation of these programs. There’s one other thing to be concerned about with regard to this cleansing process. There are companies in existence who have taken advantage of the “spyware craze” and takes advantage of the uneducated browser. If you ever see a pop-up in your browser about a website offering a free scan for harmful software, ignore it! If you click on this, it will likely actually install a bunch of spyware software instead of removing them for you.

         So there are wonderful things about shopping online, and there’s a few things you need to consider. Ultimately, the Internet is a wonderful invention and I wouldn’t be able to live without it. Happy shopping, and stay safe out there!

3 comments:

Anonymous said...

I work full time as a fraud prevention analyst with Bank of America and it's so sad to have to contact customers who have been victimized in this way...This is really important information and I'm glad you took the time to cover it - even offering the links to those useful programs and info on the fake credit card number option (we call it "shopsafe" at B of A)...If more people were aware of these scams and how they operate, it would be a lot harder for these criminals to get personal info! Thanks for posting this!

Mellyagaunce said...

Anna,

Great post by the way. One huge phishing scam going around right now is through a eBay account authorization.

Supposedly eBay sends out emails telling you that an item you've recently bid on is being disputed. For most people eBay is something they use regularly. And a recent bid could be a daily activity. Well, for me, it's not, and I've recently been receiving emails at my work email address. An email address I've never registered.

It's very important for people to just use common sense when using the internet. Microsoft will never send you an email. EBay only has the email address you originally registered. And for goodness sake, no one wants you to embezzle one million dollars from England!

Ana said...

Mellyagaunce,

Have you sent copies of those phishing emails to the support depart at eBay? They've got a procedure for reporting those sorts of emails so they can track down the culprits.

I wanted to cover the money embezzlement type emails, too... but I didn't think they applied to shopping. They are certainly important to watch out for, though! Don't ever give out personal information like bank accounts numbers and what not through email.