Protecting Yourself Online, Part 2 – Malicious Emails and Websites
September 15, 2009
Malicious emails and websites can take many forms, but with some basic information you can have a better chance of recognizing/avoiding them.
Malicious Emails often take the form of a “phishing” message, that’s a message where the bad guys are ‘fishing’ for information. Examples include:
1) Emails that appear to come from your paypal account or your bank or any other legitimate account that you may have. They will often ask you to verify your account or that the matter is ‘urgent’. Be on the lookout for any messages that appear to come from a legitmate source but that ask you for personal information (Social Security #, Credit Card #, bank account #, etc..), or send you to a website that asks for personal information. If asked to give personal details, call the institution in question prior to filling out any form or email. Your bank, paypal, ebay, etc… will never ask for personal information via an email.
2) Emails that appear to come from someone you know but seem just a little too vague. Common names first names are often used, or the email might be crafted to appear to come from your boss or colleague. Again, if any personal information is requested, do not provide it.
3) Lookout for misspellings, bad grammar and generic introductions. An example might be “Dear Customer, I am informed that you recently perchased from us. Please fill this form so that we may send you rebate”.
4) A link in the mail is different from the web address you are directed to when you click on it. For example, if a link indicates that you are clicking on it to go to paypal.com, but instead takes you to something entirely different – be suspicious. You can determine the actual address before clicking on the link by hovering your mouse over the link briefly before clicking.
5) If it is too good to be true it typically is. Be wary of emails telling you that you have unclaimed money, that you’ve won the lottery, that provide a link to unlimited free games or software, that offer a heavily discounted mortgage rate or that offer you thousands of dollars to assist in transferring money from an offshore account, etc…
Malicious websites are becoming more and more common. Grisoft research (the makers of the popular AVG Antivirus suite) estimate that 1 in every 1000 websites is currently infected or has malicious intent. They are often used in conjunction with malicious emails as noted above. There are things you can do to avoid them however:
1) Purchase a current antivirus/antispyware application. If you have an antivirus suite from a couple of years ago, chances are it’s not doing enough to protect you. Look at products such as Vipre from Sunbelt Software, or the AVG Internet Security Suite (there are many others but those are 2 of our favorites).
2) Upgrade your browser. User Internet Explorer 8 or Firefox 3. Both have features that are designed to help you avoid malicious websites.
3) Be on the lookout for typos in the domain name. For example if you thought you were visiting www.mybank.net but instead your address bar showed www.mybnk.net, that’s a sure sign that you’re not on the website you thought you were.
If you think you’ve been pray to either a malicious email or website, first contact any institution that might have been referenced (such as your bank or paypal). It’s also a good idea to call a computer professional who can scan your computer with several tools to insure that you are not currently infected. A good technician will also give you further information on how you can avoid these pitfalls in the future.
Comments
Got something to say?
