In this challenging economic environment, you may be concerned about job, retirement or general financial security. Eager to take advantage of your legitimate concerns, a varied group of scammers and con artists are targeting your money and your personal information using a variety of online tactics. By taking a few simple steps you can protect yourself from even the latest ploy. This month's report describes the most common scam methods and describes steps you can take to avoid being caught.
Dangers to your computer and personal information
Scammers continually change their tactics in order to steal your personal information. Malware, phishing attacks, and email scams are the primary tactics that they use.
Malware is software that has a malicious intent. Types of malware include but aren't limited to viruses, spyware, and keystroke loggers. Scammers use many ways to get you to install malware on your computer. These include enticing websites, pop-up messages, downloads, and email. For example, one perennially popular pop-up announces “dangerous spyware detected on your computer” and asks you to get more info. You click “yes” and particularly damaging malware is instantly downloaded to your computer.
Protect Yourself by Practicing Safe Computing
Viruses are programs that copy themselves to your computer without your permission. They can cause damage by deleting data and program files from your computer or fill up your hard drive by making copies of themselves. They will also copy themselves to any drive (USB, external hard drive, and network drives) they find connected to your computer. They may also send themselves to other computers using email addresses it finds on your computer.
Spyware is software that has been installed on your computer without your consent or without your knowledge and controls or monitors your computer use. Indications that spyware might be on a computer include a torrent of pop-up ads, the browser goes to sites you didn't specify, toolbars or icons that appear on your computer screen, random error messages, keys that don't work, and sluggish performance. But most spyware is “invisible”—you can’t tell you’ve got it unless you use a screening/detection program.
Keystroke loggers monitor the keyboard input to intercept usernames, passwords, bank account numbers, credit card numbers, and other information. The logger then sends that information to the scammers.
Phishing is a scam that is seeking your personal and financial information primarily through email or pop-up messages. Phishing has also occurred over the phone or through mail.
Phishers impersonate legitimate financial institutions—banks, credit unions—and businesses. The phishers cast a wide net that's likely to find persons that do business with the impersonated financial institutions and businesses. For example, in recent weeks there has been a flood of emails that appear to come from the FBI or FBI executives and claiming to be an “official order” that you should respond to by clicking on a link. The problem: The FBI (and other government agencies) never use this type of email. As tax deadlines near in the next few months, we anticipate a flurry of scam emails that appear to come from the IRS. Again, the IRS never sends such emails. During the recent holidays there were fake “shipping” notices that appeared to be from legitimate shippers such as FedEx or UPS saying there was a problem delivering a package—if you clicked on the link, malware was downloaded.
Email and pop-up messages may have a link to click or a phone number to call. In the case of a link, it usually goes to a fake website that mimics a legitimate site. If you want to check a message out, look up the contact info on a statement or legitimate directory.
There are many scams that show up in email messages. The most common spam messages include bogus product offers, pleas for help to get money out of a foreign country, foreign lotteries, work-at-home schemes, investment schemes, pay-in-advance credit offers, debt relief, and fraudulent promotions. Variants are endless but typically they offer something that’s too good to be true. Others like the “sick grandparent” scam or disaster scams try to get you to give money by pulling at your heartstrings.
Practice safe computing
Security software alone isn't sufficient to protect your computer and your personal information. These measures require discipline but following them will help keep you computer clean and your personal information safe.
Install and keep up to date a security suite. These programs typically include a firewall, antivirus, and antispyware at a minimum. Highly rated suites include Norton Internet Security 2009, Trend Micro Internet Security Pro 2009, and ZoneAlarm Internet Security Suite 2009. Make sure that full systems scans are scheduled for at least once a week and make sure the computer is on at the scheduled time. Even though a security suite may seem expensive, it is a small price to pay for protecting your identity and financial information.
Keep your operating system up to date by applying the latest security updates and fixes. Most operating systems have the capability to automatically check and install the latest updates.
Keep your browser, browser plug-ins, readers, and media players up to date. Flaws in these programs can be used by scammers to get into your computer. Most browsers, readers and media players can automatically check for updates.
Use alternative programs for web browsing, such as Firefox or Opera, for viewing pdf files, and for media players. There are many alternatives which work as good or in many instances better than well known products. These alternatives tend to be less bloated and have fewer problems than the well known products.
Don't open email attachments from unknown sources. Even if you know the source, don't open an email attachment unless you are expecting it.
Don't click on links in emails, particularly from unknown sources. Don't click on links in email that asks for personal or account information or is warning of a problem with an account. Reputable companies and financial institutions, like your credit union and bank, NEVER, EVER send e-mails asking for personal information and account number information they already have on file.
Don't click on links in pop-up messages. Pop-up messages, particularly those that look like error messages, are a favorite way for scammers to get you to download malware.
Download programs only from trusted sources. Some free software programs have other software bundled with it including malware.
Set your browser security settings to high. Also set your browser to notify you if a site wants to download and install software. This will help minimize "drive-by" downloads, that is, software that is downloaded and installed without your knowledge.
Keep your wits and commonsense about you. Vigilance is your best defense. Don’t respond to emails from strangers. Don’t click on weblinks or links within emails (even when they appear legitimate). Ignore pop-ups or, better yet, screen them out. If it appears too good to be true, remember that it is. Check out charities independently before you give. These sensible responses can be your first line of defense and support all the security software you use.
For more information
Check out the articles in the FoolProof Consumer Privacy Rights section.
OnGuard Online has tips from the federal government and the technology industry to help you secure your computer, protect your personal information, and to protect yourself from Internet fraud. Topics include malware, spyware, phishing, email scams, computer security, and much more.
Looks to Good to Be True.com describes many scams on their fraud page.
Originally published: February 2009