|
|
|
|
 |
|
Browsing Online Browsing the Internet should be fun as well as informative. Unfortunately, there are websites designed to trick you in many different ways, with many different reasons. When you access a website, you are accessing a server that allows you to enter or doesn’t allow you to enter. In the same respect, before you can access that website, your computer has to allow that server to access your computer. Downloading As mentioned before, if you want to view a website, there has to be an agreement between your computer and the server that is hosting that website. Assuming that access is granted, your computer starts downloading data into a temporary folder, and then you are able to view that website. Certain files are stored on your web browser for the purpose of a recall, these are called cookies. [1] A “cookie” is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. This is useful for having the browser remember some specific information. These cookies store information regarding your preference on a particular website; such as your username. Cookies were able to steal data from your hard drive, but this has been fixed. What you need to know about cookies is this; [2] Cookies are simple pieces of text data that affect the operation of a web server, not the client / your computer. They are not viruses or spyware. There are numerous software / programs that you can download free of charge. These range from screensavers, games, to system utilities that clean your Operating System. It’s ok to download files from the Internet, but you have to play it safe. People who develop software or design programs have multiple motives. Some sincerely want to help you and some sincerely want to destroy your computer and steal from you. Let’s say you downloaded this 3D screensaver. Before you were able to install this bad boy, you were presented with a user agreement in which you had the option to agree or disagree to. For one, if you disagree you know you wouldn’t be able to install this amazing screensaver. However, you agreed to the contract but did you read the contract before saying yes to it; probably not. Reading the agreement is time consuming, boring, and full of lawyer talk; imaging reading a 3 day script of CNN. So, click yes, I agree and Install… Congratulations! You have just allowed malicious data to infiltrate your computer. Yoo-hoo! Another one bites the dust! What you allowed to install on your computer, we’ll cover in a different chapter. Not to blame you completely, the person who packaged that screensaver installation that you installed was playing the odds that you would not read the agreement. If you would have taken the 10 years needed to read that agreement, you would have noticed that you were about to install some form of malware. [3] According to Lavasoft.com, 63% of people that accept End User License Agreements don’t read the text. Now that you allowed bad stuff on your computer, you probably don’t know about it, unless you have a good Anti-Virus or Anti-Spyware program, and if you don’t you will never know what has just happened. However you will notice a decrease in computer speed, an increase in pop-ups, and web pages changing on their own; as if it were possessed. You will probably think this is normal activity and will more than likely continue purchasing items online by entering your credit card information, and even continue banking online. Of course nobody wants this to happen to them, and it’s important to be knowledgeable about the dangers of using the Internet. Identify Legitimate Sites If you are inputting personal information online, (your name, address, credit card information, identification numbers, etc.), it is important to acknowledge the security and credibility of that website before you submit personal information. Even with the websites you trust, you should first identify, before typing in your personal information, that the website is legit. In order of importance, let’s first look at just entering you name and email address and then cover financial information. Reason being, just about every website you can sign up for membership by entering your name and email address. However, you should proceed with caution. Signing up on forums or becoming a member to receive emails regarding content information that holds your interest, usually only requires a name and email address. You are provided the option to input your date of birth, address, where you used to live, where you were born, your hobbies, occupation, salary, interest, etc. This may seem like innocent information but it isn’t. Entering a full social history about youself is not only viewed by the public from around the world, but it becomes fruitful in the hands of a person who wants to steal your identity. Giving this much information about yourself makes a hacker’s job easy; like taking candy from a baby. There is nothing wrong with signing up for memberships; just provide as little information as possible. Usually information that is mandatory will have asterisk (*) beside the input form. Sites should never ask for your social security number, and if a web site does ask for your social security number, make sure you know what that site is all about. Let’s say you are a member of a website, whether this is an email account, forum or blog such as Facebook, MySpace, or Yahoo. Before you can make changes to your personal settings, post a blog, or check your email, you have to sign it. This means you have to type your username and password at the logon page. People who want to do harm to your account or just want access to your account; they need you to give them your username, and most importantly, your password. Any time you have to enter a username and password, the location where you input this information will be secured by an encrypted connection to that server. In the Uniform Resource Locator (URL) the address should begin with (HTTPS) which stands for Hypertext Transfer Protocol over Secure Socket Layer. [4] HTTPS is a combination of the Hypertext Transfer Protocol and a cryptographic protocol. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. If you are using Internet Explorer and you are on, or supposed to be on, a secure site, you’ll also notice an image of a lock to the right of the URL field; to include the HTTPS at the beginning of the address. Look at the image below, you can see the HTTPS at the beginning in the URL and the Lock image to the right. 
Email Dangers What in the world is this? [6] E-mail spoofing is a term used to describe fraudulent e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. Alright true story: I was on myspace.com checking my email. I received a number of emails from a friend with the subject stating provocative and lewd comments. I knew this friend would never send stuff like this, instead of opening the email I sent an email asking what the deal is. The reply stated, “What are talking about, I wouldn’t talk to you in that manner. I didn’t send those emails.” Evidentially this was happening all across MySpace due to administrative messages tell members to change their passwords. My friend thought it would be cool to enter her email address on this website with the promise to achieve more friends on MySpace. Instead my friend was used as a marketing tool for that website by spreading their information to all of her friends. If I were to open up that email, I probably would’ve had to enter some required information that they need to continue they chain, and in return they would promise a chance to win a million bucks –or something that will never happen. Spam No! Not the meat; the electronic Spam. We should all know by now what spam is. Assuming that you don’t, here’s a definition, [7] Spam is the abuse of electronic messaging systems (including most broadcast mediums, digital delivery systems) to send unsolicited bulk messages indiscriminately. To correlate a bit with email spoofing, did you know your email address is being sold without you getting paid? If you have ever entered your email address online you can pretty much bet that your email is being sold to people all over the world. What the hell for your ask? Calm down, catch your breath; it’s going to be ok –I think... Anyways, your email address: yourname@domin.whatever, if picked up by certain people, is put into a file with hundreds of thousands of other email addresses and sold to spammers. The purpose of this is so spammers can email people advertisements. This is a cheap marketing tool. Your email address probably costs .01 cents. Here’s the kicker, the people who sell these email addresses are the same people who have our trust. Once again, if we read the small print, the End User License Agreements (EULA) before submitting ANY information, we would have learned how our personal information will be shared with third-party groups. If you open a spam email and click on what they want you to click on, you could initiate a malware download, but will most always let the spammer know that you fell for the trap. If this happens I guarantee you will receive much more spam than before. The best thing to do with spam is to NOT OPEN IT but DELETE IT. Preventively, be careful where your put your email address and do your best to read the EULA. Phishing If you were to logon to your email account, taking the above picture for example, the URL stated: http://yahomail.com or http://YahooMail.com chances are you are about to logon to what is called a phishing site. [5] Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. The fake addresses provided above are to show the similarity between legitimate addresses and phake addresses. This is one of the easiest scams that people fall prey to. Luckily companies are taking these scams seriously and usually provide a free anti-phishing filter with your Internet browser that blocks and warns you of a phishing scam. |
|