Take care with “official looking” emails

 

A new spat of phishing emails has started hitting email clients this week. The subjects range from tax investigations, legal notices and formal complaints. All of these email have one thing in common … they will scam you in some way if you give them a chance.

 

Most of these emails are sent from (probably) innocent domains and accounts via hijacking so complaining to the ISP or domain controller will not resolve any issue you may have due to clicking inside the email although they may well thank you for bringing the issue to their attention.

 

A typical example:

 


Hello,

 

Here with the Better Business Bureau would like to inform you that we have been filed a complaint (ID 90934870) from a customer of yours with respect to their dealership with you.
Please open the COMPLAINT REPORT below to obtain more information on this case and suggest us about your point of view as soon as possible.

 

We are looking forward to your prompt reply.

 
 

Sincerely,
Gerard Johnson

 

Dispute Counselor
Better Business Bureau

 

As you can see, the email is sent to no-one, just a hello (always a sign of a phishing scam). The inclusion of a reference number is a nice touch BUT any formal complaint letter would include the complainant’s ID and the address of the agency dealing with it, a contact land line number and usually, a department and extension number. A real letter would not contain an unidentified hyper-link!

 

There are many of this type around at the moment, don’t be fooled and DON’T click the links these mails contain!

 

Look for official styling (logos and signatures, full contact details and enough information that would allow you to positively identify the sender. Remember, a real letter of complaint or official warning document would not contain hyper-links and would almost certainly be sent as an attachment in either .pdf format or as a .txt document … never download or open .exe files from email.

 

Happy surfing and enjoy the weekend :)

 

Old (new) email phishing scam

 

Most of us these days buy items from the internet, eBay, Amazon, etc.

 

You decide which item(s) you want, go through checkout, make payment and await delivery.

 

How will your goods arrive? Royal Mail, UPS, FedEx … there are dozens of shipping agents and you can rarely be certain which one will be used. You trust in the good reputation of the seller or company to select a suitable and reliable method of delivery and simply wait for the goods to arrive in your post box.

 
 

The Scam

 

You recieve an email explaining that your shipment – hoping that you have recently ordered something for delivery to your address – has been returned to the agent since the address was either incorrect or could not be found by the delivery agent.

 

The email contains an attachment which, the email text explains, is a printable form to allow you to arrange collection of your parcel. On clicking the attachment you will notice that the attachment is not a .pdf or .txt (essentially, a document) but is in fact an executable file, .exe

 

This executable file is malware which can infect your system, strip information from your files or even allow the scammer to access your PC by remote and do whatever they like.

 

If you do double-click on the file you may not see anything happen or you may get program dialogue box appear. Close this immediately and run your anti-virus software.

 

If you are ever in any doubt regarding the nature of an attachment you can run the file inside a protected area known as a SANDBOX. There are several free utilities which can be used for this purpose, one of the most popular is call Sandboxie and is available for free here.

 

REMEMBER. Always download software and utilities from a reliable source and do read reviews before installing a new program.

 
 

Precautions

 

If you have not ordered something recently or think that a delivery could not possibly have been attempted yet, simply delete the email immediately.

 

Check the sender address, this will often be a well known shipping company. If you select view all headers you will see the sender address is actually different to the one displayed.

 

Right click the attachment and look at the file type (the three letters after the full stop “.”), if the file ends in .exe delete the email immediately – a shipping agent will never send an executable file to you when a simple document is required.

 

When ordering, ask the vendor to send you details of the shipment. If the package is to be tracked they will send you a tracking number and delivery agent (ie. Royal Mail RD1234 5678 90GB). If the package is to be sent without tracking or insurance since it is a low value item they may simply say it will be sent “first class” or “parcel post”.

 

Never agree to having more expensive items sent normal mail, always make sure you have tracking and insurance or the loss could be yours to bear.

 

Be safe when shopping online

 

With the growing number of opportunities to shop online is it any wonder that fraud based on this has increased?

 

There are ways to limit the potential damage when shopping online, some of these options are well known. Online payment providors such as Paypal and NoChex have been providing safer shopping for many years even though some people would prefer not to use this type of service.

 

What other options exist? The new trend for using pre-pay credit cards has seen internet fraud reduce dramatically since, few people would transfer significant funds to one of these cards unless they were about to make a purchase … the window of opportunity for the thief is very small.

 

Pre-pay cards are now available from most banks as well as The Post Offices and other high street outlets. A simple web interface allows you to transfer funds from you bank account to the pre-pay card to make purchases online without revealing you main card details.

 

Is it worth the expense? From as little as FREE to get the card and no monthly charges … of course! There are dozens of cards available, with different options and different benefits, look around and see what suits your needs.

 

Be aware that some cards do have a charge for use. Please read the terms and conditions carefully to ensure you understand the costs involved with using the card. Monthly maintenance charges, charges to use ATMs and withdraw cash, some even charge to use the card in stores. On the other hand, some cards offer discounts at certain stores and outlets, free cinema tickets, discounted dining. Do the research and choose what suits you and your lifestyle.

 

Most high street banks also offer a virtual credit card, this electronic version of a prepaid card allows you to shop online in safety. The “card” is actually only the relevant numbers such as card number, expiry, CCV, etc. there is no physical card to lose or have stolen. These cards are ideal for online use. Please do check to see if your lender’s card offers the same protections as the plastic version …

 
 

Public Wi-Fi, security and staying protected

 

So, you have a great little netbook and are off to the local shopping center. At least when you get a little stressed you can drop in to the coffee shop, enjoy a cuppa and take a look around the internet … right?

 

There are great many public Wi-Fi hotspots around, coffee shops, McDonald’s, Starbucks, the list is almost endless. Most of the bigger chains have some security enabled but what about the local establishments? Many smaller businesses simply cannot afford to secure their Wi-Fi since all they get, all day long, are requests for the password (and occasionally, having to help someone actually get connected). It is much easier and cheaper (for them) to simply leave the connection open.

 

Why should this bother you? Well, when the connection is open it allows anyone to jump on the network and possible access your machine. Is your firewall enabled? Have you disabled sharing? (most home users will have enable sharing if they own more than one computer). Have you password protected your personal information? The answer to these questions is often a resounding NO.

 

So how can you be safe when using a public connection? First, make sure you have turned off file sharing and enabled your firewall. It is also a good idea to keep any sensitive information (stored passwords, card details, PINs, etc.) in an encrypted file or folder. You never know when you may need the information BUT you definitely don’t want it in someone else’s hands. You can easily encrypt information using WinRar, a utility mainly used for compressing files. When compressing the files you need to set a password, use a password comprising numbers, letters and symbols to make the password difficult to break. Also, remember to select encryption as this make breaking into the file far more difficult for hackers.

 

Most of the larger sites have the option to connect using SSL (a secure type of connection). This can be identified in the address bar with the addition of an “s” after the http. Facebook Gmail and Yahoo have the option to use these services under SSL as do many others.

 

One of the safest ways to use public hotspots is via VPN (Virtual Private Network). A VPN is a secure, private connection routed through the internet. This allows you to use a public hotspot as if were your own secured network. Although you can easily setup a VPN yourself, for those with less technical knowledge it is often easier and less stressful to use a service providor for this.

 

Windows has a built in VPN client which is relatively easy to configure. Simply launch the setup and follow the instructions. The only information you really need is the IP address of your home network.
Another alternative is a VPN service. Perhaps the best known of the free VPN services is Hotspot Shield, a small utility designed to allow even novice computer users to enjoy the benefits of a VPN.

 

There a few rules you should ALWAYS follow …

 

… always turn off file sharing and resource sharing

 

… make sure that your firewall is enabled and updated

 

… use SSL (https) connections whenever possible

 

… turn off your Wi-Fi when you’re not actually using it

 

… make sure Bluetooth is disabled if not being used

 

… avoid sending emails if the connection is not secured

 

If any of our blog readers have suggestions for making public internet use safer we would love to hear from you.

 

Keep your kids safe online

 

The internet and all of its associated connections is a truly wonderful place for both adults and children. The potential for learning, expanding your horizons, improving your manner in social situations and general entertainment are vast. Unfortunately, so are the dangers …

 

Most people are very aware of the fact that children’s safety online is currently a big issue. There are software suites, advice guides, even hardware add-ons to help you to accomplish a safer experience for your kids. Although many of these additions offer some value the very best way to maximise the chances of your children enjoying the web safely is EDUCATION.

 

Many parents are actually less well informed about the internet than they should be. After all, it’s difficult to impart knowledge you don’t have. We have compiled some useful tips to help keep users safe online and although these general guidelines are helpful the guide below is more concerned with your child’s safety.

 

Educate your kids to be safer online

 

Be sure to explain to your kids that the Internet is a real community of people who are connected by computers, so treat people that you don’t know on the Internet as strangers that you might meet in a street. They wouldn’t tell a stranger at the bus stop all about themselves so why do it online?

 

Do not give out any personal information related to your family, friends or yourself like full names, addresses, telephone or mobile numbers or those of your parents. Other information like the name and location of your school or details of school activities can also identify you to others, whether you are in a chat room, message board or newsgroup. Sometimes there are people who watch out for such information, and they can put together a picture of your activities over a period of time that could be several weeks. So be careful with what you say, and never give out your personal details. Even if you think you are only telling your friends other users will almost certainly be able to see the same information.

 

Be aware when choosing your chat username or email username not to pick a provocative name as you would be more likely to be sent provocative emails or harassed online. Use a name you can easily remember, use a name that you would feel comfortable explaining to Nan or Grandad, use a name that DOES NOT identify you.

 

Never agree to meet someone whom you’ve met through the Internet, in real life without your parent’s permission, and if they agree, never go alone, but go with a trusted adult. Allow your parents to “vet” the new friend, perhaps speak to them on the ‘phone. If the new friend is as they appear you have nothing to lose and much trust to be earned of your parents :)

 

Use common sense. Someone you are chatting to may not be who they say they are. Just because the screen name is “Jenny_13” doesn’t mean the person your are chatting to is called Jenny, or that she is 13 years old, OR EVEN THAT “SHE” ISN’T A 50 YEAR OLD MAN!

 

Do not fill out forms online without consulting your parents or teachers. There are websites which seek personal information and which use this information for marketing or other commercial purposes. If you are unsure ALWAYS ASK.

 

Do not open an email from someone you do not know as you may download viruses (which even come from people you do know), or it may have contents that can upset you. Email is fairly unregulated and un-moderated so the contents could be anything. Apart from other concerns, opening that email may just stop your PC from working, why risk it?
Many chain emails or emails with virus warnings are hoaxes. Before you forward virus warnings to your friends and family, check that it is not a hoax. Unless you are completely sure that the email is genuine NEVER forward an email which has attachments or embedded pictures.

 

Never send pictures of yourself or any other personal material to a friend you met online without consulting your parents first. It is always the safest option never to post pictures of yourself on any public forum. If you want to share pictures on Facebook please set your privacy correctly so that ONLY your friends can see them.

 

Always tell your parents/teachers if you come across stuff on the Internet which makes you feel uncomfortable, or if someone on the Internet harasses you or threatens you. If every piece of offensive material were reported there would be much less of this type of content available. If someone tries to harass, threaten or intimidate you, let your parents or teacher know immediately. This is often referred to as CYBER BULLYING which we will cover in detail in an upcoming post.

 

Never respond to provocative, rude, obscene or threatening messages (whether in chat, newsgroups or message boards) which make you feel uncomfortable. Tell your parents or teachers about such messages and where possible, save a copy of the message so that your parents or teachers can forward it to your Internet Service Provider, or use it to make a police report.

 

Always consider the information you read on websites. Because its on the Internet does not mean that its always truthful information, especially when it comes to health issues, or when you are doing research for homework. Check that the website you are getting your information from is a reliable and reputable one, not one built on hearsay or rumor. If you aren’t sure regarding the trustworthiness of a website please ask your parents or teachers.

 

When subscribing to public newsletters or programs like media plugins or downloads that require you to give out an email address, use a separate email address from your personal one. This will lessen the number of unwanted emails that you receive. Hotmail, Yahoo and Gmail offer free email accounts, to name just a few.

 

Help yourself and your kids to enjoy the internet without worry. Most people will find that many of the tips above are common sense whilst others only become obvious after the fact. Be safe and make the most of the world’s biggest information resource!

 

Stay safe when browsing the web

 

10 tips on how to stay safe on the net

 

1. Use secure passwords
Avoid using simple passwords such as 1234 or qwerty. Any password made up of just lowercase letters such as names can be easily cracked or guessed. Another popular, but very daft password commonly used is password – often used by newer users because the field may say “Type password here!”.
Good passwords should consist of letters (upper and lower case) numbers and symbols, the more random the better.

 

2. Use a firewall to protect your computer
A Firewall is an essential tool for helping to keep you safe when browsing. This device, whether software or a physical device, can filter harmful data before it gets to your machine. It can also be used to limit access to certain sites and types of communication. Most home users with broadband will have a router, the point of connection to the outside world. This device will almost certainly have its own firewall as well, make sure it is enabled and configured. There are a number of software firewalls available, some of which are free.

 

3. Make sure you have an antivirus suite installed
Most users are aware of the need for anti virus, anti malware and rootkit protection. The biggest single failing in this area is not the absence of the software but the fact that it is not updated regularly. Make sure your AV suite is up to date at all times.
MYSecurityCenter offer an all-in product to protect users against virus, malware, nagware, spyware and rootkit threats. Take a look at MYInternetSecurity GOLD and feel safer online today!

 

4. Take care when shopping online
If you use the internet to buy items or services make sure that you use direct links (not links from emails) and that the security of the site is intact. Look for the small padlock in the lower section of the browser window. Another good rule of thumb is to check the web address in the address bar, if it starts with http:// you are viewing a non secured site whereas https:// indicates the page is secure.
You can further protect yourself when shopping online by using virtual or prepaid credit cards. These cards need only be charged with funds when you need to make a purchase, ensuring your account and card details remain private.

 

5. Be wary of unsolicited emails
Not all emails you receive will be from friends or colleagues. Some will be marketing shots, some forwards, others junk mail. Occasionally these unrecognised emails will be phishing or scam emails and should be deleted. For more information about these types of emails and how to avoid becoming a victim please read our earlier blog post on the subject.

 

6. Take care with your online privacy
Many people think nothing of posting about themselves on Social Networking sites such as Facebook, Twitter and MySpace. These sites are prime targets for scammers and identity thieves since, what you post about yourself (and what others, in return, post about you) can give away far more information than you might think. Try to avoid posting specific information about yourself such as where you live, when you go to work, holidays and pastimes that might take you away for periods of time. Never post your telephone numbers or email address to public forums.

 

7. Check you bank and card statements regularly
Even when you ARE careful, you can still become a victim. Make sure to keep an eye on your finances by checking your transactions frequently. If you find a transaction you do not remember or believe may be fraudulent CONTACT YOUR LENDER IMMEDIATELY. You may have simply forgotten the purchase but be safe rather than sorry.

 

8. Popups and ad frames
Many legitimate websites use popups and pop-unders in order to advertise special offers and new products. For the most part, the worst to be said of these is that they can be annoying. Less scrupulous websites use the same technology to capture information from unsuspecting users. To be safe, make use of one of the many blockers available for the mainstream browsers (IE, Firefox, Safari, etc)

 

9. Avoid pirate software/video downloads
Although it may be very tempting to get the latest Adobe product or new release movie for nothing beware … scammers know that these are popular pass times and target these sites accordingly. You may think you are downloading something for nothing only to discover that your PC has been compromised and all of you personal information has just been siphoned off. A Trojan can be any unwanted program which adversely affects your machine but generally these are used to steal user information, spread malicious emails or disable your security.

 

10. Remember the Golden Rule
If it looks too good to be true … IT PROBABLY IS!

 
 

Although the above is great advice for anyone using the internet we have also compiled a great Kid’s Safety guide to complement this.

This is NOT Microsoft calling ….

 

 

Be aware of a new scam that has been making the rounds recently

 

Thieves are calling over the phone and posing as employees or agents of the Microsoft Corporation or its affiliates, scaring victims into paying for bogus services and stealing their credit card information.

 

The hackers call saying they are from Microsoft Customer Service and that a new threat capable of wiping out all the data on your PC has come to light or some other worrying threat. This new threat will not be caught by any of the current antivirus suites on the market so Microsoft has decided to take direct action. This neatly negates any counter argument the victim may have made about using a premium anti virus suite or application.

 

They are then told that this new threat can be corrected immediately in a few simple steps, if only you pay a small fee to cover the cost of expenses. The fee is always so small that many potential victims would not consider the call to be fraudulent – after all, what thief would go to this much trouble to steal 5 or 10 Pounds? The caller is invariably good at the spiel and will often try to create a feeling of trust – this is a very common tactic used by fraudulent sales agents and scammers.

 

Once the potential victim has been convinced that this new threat is real and that “Microsoft” is actually trying to help, the caller will explain how the nominal fee can be paid (usually through an internet payment gateway). These payment gateways are the method often used to capture your card details since you would, naturally, input all of the required details required to authorise a transaction.

 

Besides this, they may also try to get you to install a utility (virus) on your PC so they can abuse it in the future. They will explain that this utility is designed to catch any further infections of this type and could end up saving you time, money and hassle. Don’t be fooled, anything you install will almost certainly result in the exact opposite!

 

They will often instruct users to visit a website with a complex URL (web address) or even offer to take remote control of the PC to show the problem. Either of these methods can be used to identify, clone or delete information held on your computer. Many people currently hold vast amounts of important information on their PC including bank account details, online payment system passwords, email usernames and passwords, contact lists and appointment schedules to name just a few.

 

All of this information is of value to the crooks on the other end of the ‘phone. With enough information they can even steal your identity and impersonate you on and off line.

 

How can you deal with this?

 

Microsoft (or any other large corporation or company) will NEVER call a customer regarding an account or consumer issue without prior consent.

 

 

A company will NEVER ask for credit card or user account details over the telephone. If you are in any doubt, ask the caller for information they should have access to such as your customer number, account ID or billing cycle date. Ask for their name and company contact details and simply check the details out through Google.

 

 

All legitimate companies will identify themselves and also identify you as the correct point of contact (“Am I speaking with Mr. John Smith?”) and will never use a generic form of address such as customer or subscriber

 

 

All legitimate companies will be happy to supply you with a means of checking that the call is genuine such as a direct contact number or postal address.

 

If you receive a call from anyone claiming to be an employee or agent of Microsoft and you have not requested such a call, simply hang up the phone!

 

You have won an online lottery …

 

It is pretty much guaranteed that you have received at least one email with this kind of title in the past. The online lottery scam is one of the best known and most used around the world … and still people get caught out.

 

This old scam is reaching new ground at the moment, mainly due to the fact that pretty much everyone is struggling for money. The idea of a windfall coming just when you need it can be a tempting idea. Unlike other email scams (Nigerian 419 scam, Spanish Prisoner scam and other frauds) the lottery scam idea has a wide appeal to many Brits with the popularity of the National Lottery and Scratchcards being so well publicised.

 

The email lottery scam is a type of ADVANCE FEE FRAUD which uses the promise of (usually) quite large amounts of money for simply covering the costs of transaction or transfer. You will be asked to send an amount of money in order to cover legal expenses, banking fees, money release orders, etc.
Any money you send will never be seen again.

 

To avoid being scammed with one of these emails simply keep an eye open for the telltale signs:
The sender email address is a public server such as Hotmail, Yahoo or Gmail.
Poor spelling and grammar are a dead giveaway.
If the email is addresses to “Dear Winner” or some other generalisation…
Just because the email appears to have been sent from a large company, don’t be fooled – check the sender email address to see if the address matches the company; you may have entered a competition with Coca Cola for instance and forgotten about it … (jeremy.d.scott@gmail.com seems dubious while jeremy.d.scott@coca-cola.co.uk is what you should expect to see).

 

You cannot win a lottery you didn’t enter – companies do run free lotteries but they do so for promotional purposes, not selecting random email addresses. Most often these companies will collect some piece of information for your entry (an email address, telephone number, etc.) and you will almost certainly receive a ticket or receipt that will be needed in the event of a claim.

 

If you have taken the required steps and still think the email may be genuine PLEASE do a little research. Check the names and telephone numbers supplied, even by using Google. Look up the lottery name and see what others have said, or even if it exists. Think how you might be entered into a lottery you have never heard of.

 

Finally, remember the golden rule … “There is no such thing as free lunch, ever!”

 

HELP … my PC was stolen …

 

What would you do if the worst happened …?

 

First, a few questions:
How much did you pay for the computer you are using?
How much did the software cost you have installed?
What did you pay for the peripherals such as printers and scanners?

 

now …..

 

What price would you assign to the data you have created and stored on that machine?

 

For most people, the real world cost of the data stored on your PC is priceless. It may contain cherished snapshots of family, friends and loved ones. A project you have spent weeks or months working on. All of your contacts from telephone, email and even physical addresses. Your schedule. YOUR LIFE.

 

The insurance company will almost certainly replace the hardware and software if your machine were stolen or destroyed but what about all that data …?

 

The simple answer is BACKUP.

 

When should you backup? How often? In what format?

 

Always look for a simple solution, a useable solution and one you feel comfortable using.

 

Most PC owners would experience some difficulty using many of the current backup solutions. Windows has a backup and restore system built-in, did you know? Many do not and even when they do discover it, find the operation and functionality daunting.

 

So what options do you have?

 

You can backup your data to CDs and DVDs but for many us, this isn’t practical due to the large volume of data we have. 100Gb of data would require 20+ DVDs and then you would need to update this store as your data changed.

 

The latest trend is online backup solutions. There are many offerings, with different levels of storage, useability and flexibility. Which one is best for you?

 

MYSecurityCenter in partnership with Mozy, one of the world’s largest and most respected vendors of online backup storage, has an unbeatable offer for you to try.

 

Pay-as-you-go online storage, fully scalable to your needs, completely secure and starting from less than 3 Pounds a month.

 

Take a look at this amazing introductory offer, try MYOnlineBackup for three months and pay for only 1 month, as a great bonus you also get MYPCSupport FREE for three months. MYSecureOnlineBackup Super Offer

 

Take advantage of our special offer above and feel more secure about the future of your data for less than £1 per month!

 

Jargon Buster – Know what a threat really is

Viruses

A software virus is a parasitic program written intentionally to alter the way your computer operates without your permission or knowledge.

A virus attaches copies of itself to other files such as program files or documents and is inactive until you run an infected program or open an infected document. When activated, a virus may damage or delete files, cause erratic system behaviour, display messages or even erase your hard disk.

A virus may spread through email and instant messenger attachments, through infected files on floppy disks or CD-ROMs, or by exploiting a security flaw in Microsoft Windows.

Macro Viruses

Macros are simple programs that can be written to automate repetitive tasks in a document or make calculations in a spreadsheet. Macros can be written in documents created by Microsoft Word, in spreadsheets created by Microsoft Excel and in many other kinds of documents.

Macro viruses are malicious macro programs that are designed to replicate themselves from file to file and can cause damage to the files on your computer. They spread whenever you open an infected file.

Trojan Horses

Trojan horses are programs that appear to serve some useful purpose or provide entertainment, which encourages you to run them. But these programs also serve a covert purpose, which may be to damage files, to place a virus on your computer or to allow a hacker to gain access to your machine. More commonly these days, you can be enticed into running a Trojan by clicking a link on a viral web site or in an email.

Trojans that allow a hacker to gain access to your machine, called Remote Access Trojans (RATs), are particularly prevalent at the moment. Over 50% of all spam (unsolicited email) is sent from home or work computers that have been compromised by RATs.

A Trojan horse is not a virus because it does not replicate and spread like a virus.

Worms

Worms are programs that replicate and spread, often opening a back door to allow hackers to gain access to the computers that they infect.

Worms can spread over the Internet by expoiting security flaws in the software of computers that are connected to the Internet. Worms can also spread by copying themselves from disk to disk or by email.

Zombies

A Zombie is a dormant program that lies inactive on a computer. It can be activated remotely to aid a collective attack on another computer. Zombies don’t normally damage the computer on which they reside but can damage other computers.

Zombies often arrive as email attachments and when the attachment is opened they install themselves secretly and then wait to be activated.

Phishing

A Phishing attack is when you are are sent an email that asks you to click on a link and re-enter your bank or credit card details. These emails can pretend to be from banks, Internet service providers, on-line stores and so on, and both the email and the web site it links to appear genuine. When you enter your bank or credit card details they are then used fraudulently.

You can download our extensive PDF guide to PHISHING and how to avoid becoming a victim here

Internet Based Attacks

While your computer is connected to the Internet it can be subject to attack through your network communications. Some of the most common attacks include:

  • Bonk – An attack on the Microsoft TCP/IP stack that can crash the attacked computer.
  • RDS_Shell – A method of exploiting the Remote Data Services component of the Microsoft Data Access Components that lets a remote attacker run commands with system privileges.
  • WinNuke – An exploit that can use NetBIOS to crash older Windows computers.

Viral Web Sites

Users can be enticed, often by email messages, to visit web sites that contain viruses or Trojans. These sites are known as viral web sites and are often made to look like well known web sites and can have similar web addresses to the sites they are imitating.

Users who visit these sites often inadvertently download and run a virus or Trojan and can then become infected or the subject of hacker attacks.

Spyware, Adware and Advertising Trojans

Spyware, Adware and Advertising Trojans are often installed with other programs, usually without your knowledge. They record your behaviour on the Internet, display targeted ads to you and can even download other malicious software on to your computer. They are often included within programs that you can download free from the Internet or that are on CDs given away free by magazines.

Spyware doesn’t usually carry viruses but it can use your system resources and slow down your Internet connection with the display of ads. If the Spyware contains bugs (faults) it can make your computer unstable but the main concern is your privacy. These programs record every step that you take on the Internet and forward it to an Ad Management Centre which reviews your searches and downloads to determine your shopping preferences. The Ad Management Centre will build up a detailed profile of you, without your knowledge, and can pass this on to third parties, again without your knowledge. Some Spyware can download more serious threats on to your computer, such as Trojan Horses.

Virus Hoaxes

Virus hoaxes are messages, usually sent by email, that amount to little more than chain letters. They pretend to alert you to the latest “undetectable” virus and simply waste your time and Internet bandwidth. The best course of action is to delete these hoaxes – they can cause genuine fear and alarm in the disabled, elderly and other vulnerable groups.

Unsecured Wireless Access Points

If a wireless access point, e.g. an ADSL (Broadband) Router, hasn’t been secured then anyone with a wireless device (laptop, PDA, etc) will be able to connect to it and thereby access the Internet and all the other computers on the wireless network.

Bluesnarfing

The act of stealing personal data, specifically calendar and contact information, from a Bluetooth enabled device.

Social Engineering

Tricking computer users into revealing computer security or private information, e.g. passwords, email addresses, etc, by exploiting the natural tendency of a person to trust and/or by exploiting a person’s emotional response.

Example 1: Spammers send out an email about victims of child abuse and provide a link to click in the email for further information or to help the victims. When the link is clicked the spammers know the email address is “live” and add it to their live list which they then use to target their spam.

Example 2: A company computer user is tricked into revealing the network password by someone on the telephone who is impersonating the voice of an employee in authority and who has a story of distress.

Microsoft Office Document Metadata

The average Microsoft Word, Excel, etc document includes hidden metadata with details of who created it, who has worked on it, when it has been amended and quite possibly the text of all those changes as well. Viewing a Word document in a text editor can reveal the metadata in plain text at the start and finish of the document.

Getting Help

MYSecurityCenter offers a range of products to help protect you from these threats and can make using the internet and computers a safer experience. Feel free to contact our customer support department if you require any advice.