Staying Safe On-Line
You wouldn’t write your credit card number on a post card to be sent through the mail — anyone who handled the card obviously could read it. Dangers on-line are similar, but less apparent since we can’t see what happens inside the computer.
Don’t Send Confidential Information by E-Mail. When you send e-mail, it travels through public wires from your computer to your ISP, then to the recipient’s ISP, and finally to the recipient’s computer. Anyone with access to any system along the way can read the message just like a postcard. The message will probably also be saved by one or more of those systems.
E-mail can be encrypted and often is for sensitive data, but that takes more effort than people typically want to make for personal messages. For confidential communications with your bank or Amazon, use the customer service forms on their secure web sites since those forms have the same security as the ones through which you process on-line transactions.
Keystroke Logging. It used to be that hackers were mostly “geeks” trying trying to prove their technical prowess. Today they are professional criminals out to steal data for profit.
One of their favorite tools is keystroke logging. They sneak software or hardware onto a victim’s computer which then records every key pressed and sends this information to the hacker. Thus when a victim logs into a bank account, the crooks know victim’s user ID and password.
Often this spyware is secretly loaded onto a computer by seemingly innocent software the victim downloads. Anti-spyware programs try to detect and disable such threats, but the best defense is not to install anything unless you know exactly what it is and that it comes from a trustworthy source.
Phishing. This is where someone is tricked into voluntarily giving confidential information to a fake web site. Typically the crook sends an official-looking e-mail asking the recipient to click a link in the message and log into his bank or other account. The link goes to a log-in screen at the fake web site. If the victim submits an account ID and password through the form, the information is sent to the thieves.
Vigilance is the only real protection here. don’t click on anything from your bank unless you know what it is and were expecting it. Legitimate bank communications typically give a phone number you can call to verify the message’s validity. Some also include identifying information, such as the date and time of your last log-in, which imposters probably wouldn’t know.
This article originally appeared in our free semi-monthly newsletter. To receive future issues, please add your name to the subscription list.