Windows Getting Safer, but Study Finds that 1 of Every 14 Programs Downloaded is Later Confirmed as Malware

June 7, 2011

With all the news about Mac malware making Apple devices more vulnerable, Microsoft has announced that Windows is getting safer – particularly if you’re using Windows 7.

There are some pretty interesting discoveries in Microsoft’s most recent Security Intelligence Report covering the second half of 2010, and it’s worth the full read if you’re at all technically inclined.  Here are a few points I found particularly interesting:

  1. It really pays to upgrade your Windows OS to increase your security. A Windows 7 64-bit system (their most recently released Windows client) has the lowest infection rates at 2.5 infections per thousand computers.
    In comparison:
    1. Windows 7 32-bit systems have infection rates of 3.8 per thousand computers.
    2. Windows Vista SP2 32-bit PCs have a rate of 7.5 infections per thousand computers.
    3. Windows XP SP3 32-bit machines have an infection rate of 15.9 for every thousand computers.
  2. Malware infections are a global scourge – but not all parts of the globe are equally plagued.  The US, Mexico and Central and South America, France, Spain, Parts of the Arab world and Russia are hardest hit. This map paints a clear picture of the problem areas.
  3. The prevalence of various types of malware threats changes based on country factors.  For example, the U.S., England and Russia have significant issues with Miscellaneous Trojans, but are less likely than other countries to struggle with password stealers and backdoors.
  4. Though most phish scams target financial sites, it’s the phishes through social networks that get most of the impressions – an impression is measured as a single instance of a user attempting to visit a known phishing site with Internet Explorer. Phishing impressions that targeted social networks increased from a just 8.3% of all impressions in January to a whopping 84.5% of impressions in December. This trend was especially stark in the last four months of the year.Also note the increased focus on targeting gaming sites early in the year, the report suggests that with the tremendous success of phishing via social networks, the focus on gaming declined, but they expect to see this increase again when social networkers become more savvy to the attacks and new methods of delivery need to be found.

  5. Adding to our understanding of the phishing threats covered in MSFT’s security report is an article on the IEBlog that talks about how the company’s SmartScreen technology in IE9 is helping to block social engineering attacks.  The following are excerpts from the blog:

For context, recent studies show that despite the headlines that exploits of software vulnerabilities get, people browsing the Web are more likely to face a socially engineered attack. Recent articles have compared different approaches to protecting people. Application Reputation is a natural extension of the current protections introduced in IE7 & IE8 that block phishing sites and sites that distribute malicious programs.

…User-downloaded malware is a huge problem and getting bigger.

…IE blocks between 2 and 5 million attacks a day for IE8 and IE9 customers. Since the release of IE8, SmartScreen has blocked more than 1.5 billion attempted malware attacks. From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware.

These reports paint a very sobering picture on the state of internet security, but there are clear steps you can take today to decrease your chances of malware infections – not matter which operating system, browser, or device type you are using.

Here’s a 12 point checklist to get you started on the road to Internet security and safety. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.

    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  3. Review the privacy terms and settings. This needs to be done for every social site you use. Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
  4. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  5. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  6. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  7. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  8. Periodically review your internet contacts, and online activities.   Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
  9. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax.
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  10. Block people you don’t want to interact with.   You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone.  YOU get to choose who, how, and when you are contacted.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. If you are exploited, it is not your fault.   Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal.  You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.

For even more information and help, check out these two blogs:

Linda

Advertisements

Every 3 Seconds an Identity is Stolen – Don’t Be Next

June 5, 2011

Between careless clicks, falling for scams, and companies’ data breaches, your identity is under escalating threat as crooks find ever more ways to use your information.  In fact, the onslaught is so aggressive that a new Javelin Research 2010 Identity Fraud Survey calculated that a new identity is stolen every 3 seconds.

You are worth a lot of money – even if your wallet is feeling the economic pinch.  It’s not just your financial identity criminals are after, they may also want to impersonate you, steal your medical identity, or go after the identity of your children.

The results of having your identity stolen can be devastating. The FTC’s website lists the following ways in which they are seeing ID thieves use consumers’ personal information:

  • They may call your credit card issuer to change the billing address on your credit card account. The imposter then runs up charges on your account. Because your bills are being sent to a different address, it may be some time before you realize there’s a problem.
  • They may open new credit card accounts in your name. When they use the credit cards and don’t pay the bills, the delinquent accounts are reported on your credit report.
  • They may establish phone or wireless service in your name.
  • They may open a bank account in your name and write bad checks on that account.
  • They may counterfeit checks or credit or debit cards, or authorize electronic transfers in your name, and drain your bank account.
  • They may file for bankruptcy under your name to avoid paying debts they’ve incurred under your name, or to avoid eviction.
  • They may buy a car by taking out an auto loan in your name.
  • They may get identification such as a driver’s license issued with their picture, in your name.
  • They may get a job or file fraudulent tax returns in your name.
  • They may give your name to the police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.

In addition to these losses, you may have also your social security or other government benefits stolen, your reputation damaged, and your medical records hijacked.

The good news is that you can beat the odds of falling victim with a few basic preventative steps.

What this means to you

Here’s a 12 point checklist to get you started on the road to ID theft protection. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.

    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  3. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  4. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  5. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  6. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s identity online and set rules that reflect your choices. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  7. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  8. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  9. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  10. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian – http://www.experian.com/consumer-products/triple-advantage.html, Equifax – http://www.econsumer.equifax.com, TransUnion – http://www.truecredit.com/?cb=TransUnion&loc=2091
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. Shred sensitive documents. Do not just throw bank statements, bills, or other sensitive material in the garbage.

If your identity has been stolen or compromised, take action.

If your identity has been stolen or compromised, act immediately.

  1. Contact your credit card companies and financial institutions of all affected accounts. Monitor your accounts closely for any fraudulent charges or withdrawals and notify the companies immediately.  Check to ensure charges are removed from your account, and retain documents of the incidents.
  2. If your Social Security number has been compromised, contact the Social Security Administration Inspector General, they will determine if you need to get a new number.
  3. Alert the credit bureaus and request a fraud alert be placed on your accounts. This will require that companies call you before opening a line of credit.
  4. Report the incident to the police. You should be asked to fill out an identity theft report, and you’ll want to keep a copy of that report as you may need to show this to prove to creditors that your identity was indeed stolen.
  5. If the problem is large, consider hiring a service that helps restore your credit.
  6. Recognize the emotional impact ID theft may have on you.  Given the severity of an incident, and whether you knew the person who stole your identity or not, the emotional toll of dealing with ID theft can be high. Be sure to take care of yourself and to reach out to others for support if needed.

Additional Resources:

Linda


Symantec Delivers Threat Report and Excellent Tools that Explain Risks to Consumers

April 18, 2011

A newly released Symantec  Internet Security Threat Report shows the company recorded over 3 billion malware attacks in 2010, and found that these threats not only skyrocketed in volume, they had also made substantial advances in their level of sophistication.

According to the report, the 5 biggest threats are:

  1. Targeted attacks against companies attempting to steal information.
  2. Social networking threats in which information about individuals is collected through the internet and social networks and leveraged to earn victims trust or masquerade as friends.
  3. Zero-Day exploits that exploit vulnerabilities within operating systems and services.
  4. Attack kits that bring advanced technical exploits to common crooks that otherwise wouldn’t have the skills to create online exploits – think of these like attack-in-a-box packages.
  5. Mobile threats that extend the basic business model behind cybercrimes to mobile devices as phones reach the capability and mass adoption necessary to make the exploits profitable.  Learn more about mobile threats in my blogs: It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, and McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks

The Report Made Easy

For consumers, Symantec’s report can be easily be understood through two great tools:

  • A nice info-graphic they put together to illustrate 2010’s year in numbers:

 


What this means to you

Here’s a 12 point checklist to get you started on the road to Internet security and safety. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  3. Review the privacy terms and settings. This needs to be done for every social site you use. Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
  4. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  5. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  6. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  7. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  8. Periodically review your internet contacts, and online activities.   Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
  9. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax.
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  10. Block people you don’t want to interact with.   You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone.  YOU get to choose who, how, and when you are contacted.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. If you are exploited, it is not your fault.   Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal.  You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.

Linda


Fifteen Steps To Internet Safety for Women

November 12, 2010

Here’s a quick checklist to get you started on the road to Internet safety. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.

  1. Secure your computers with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
  2. Choose a safe online name.
    Use e-mail addresses, IM names, chat nicknames, and other such names that don’t give away too much personal information. Pick a name that doesn’t help identify you (your age, for example) or locate you. Avoid flirtatious or provocative names that may cause unwanted attention.
  3. Use strong, unique passwords for every site to reduce the risk of someone breaking into your account.
    1. Secure passwords do not have to be hard to remember, just hard to guess. It is easy and can actually be fun, and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information.
    2. Use unique passwords for each site or service. This way, if your password is discovered on one site, the rest of your services aren’t at risk.
    3. Avoid passwords with personal information, dictionary words in any language, words spelled backwards, abbreviations, and sequences or repeated characters (“abcdefgh” or “12345678”).
    4. Use a phrase. “2BorNot2B_ThatIsThe?” (To be or not to be, that is the question.)
    5. Incorporate shortcut codes or acronyms. “CSThnknAU2day!” (Can’t Stop Thinking About You Today!)
    6. Play with your keyboard. Use your keyboard as a canvas to draw on. For example, “1qazdrfvgy7” is just the letter “W.”
  4. Discuss online safety with your family and friends.
    Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  5. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  6. Pay attention to the risks of e-mail.
    1. Think twice before you open attachments or click links in e-mail-even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to e-mail asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in email, unless you are sure of the sender. Instead, use a search engine to find the site yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  7. Never, ever meet in person someone you’ve only met online without taking somebody else along and meeting in a public place. Remember, people are not always who they say they are. Women often feel uncomfortable setting safety boundaries because they don’t want to offend someone; but good people will understand and encourage you to set safety requirements, its the crooks who want you to feel guilty about it.
  8. Know the Privacy Policy and Terms of Service of any service you use.
    Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
  9. Learn how to report abuse on any service you use – No one has the right to embarrass, shame, threaten, or make you feel uncomfortable in any way.  Ever. If something negative occurs speak out by getting reporting the incident to the website company. Reporting issues is what responsible Internet citizens do to help stop illegal activity, harassment, and predatory behavior of online bullies and criminals. If you ever feel physically threatened, contact local law enforcement immediately.
  10. Don’t trade personal information for “freebies.”
    Online freebies come in two forms: 

    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  11. Periodically review your internet contacts, and online activities.
    Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
  12. Check your credit reports.
    Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax

    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  13. Block people you don’t want to interact with.
    You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone.  YOU get to choose who, how, and when you are contacted.
  14. Trust your instincts.
    Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  15. If you are exploited, it is not your fault.
    Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal.  You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.

To receive monthly internet safety tips, download Internet Safety Calendar App by LOOKBOTHWAYS and Microsoft

Microsoft has sponsored the creation of a new, free, Internet Safety Calendar application, that consumers can download to their Internet Explorer browser (Note: only IE is supported at this time).

The calendar provides relevant monthly advice to help you increase your online safety whether you’re looking out for your own safety, or you are a parent watching over your family’s safety. The calendar also includes reminders for recurring those safety actions you know you should be doing, but that frequently get forgotten in the rush of day-to-day activities. To access the new Internet Safety Calendar application, go to Microsoft’s http://www.microsoft.com/protect/resources/addon.aspx.

You may also be interested in the following internet safety brochures created by  LOOKBOTHWAYS and Microsoft. Download by topic area: (https://ilookbothways.com/publications)


Fifteen Steps To Internet Safety for Women

November 12, 2010

Here’s a quick checklist to get you started on the road to Internet safety. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.

  1. Secure your computers with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
  2. Choose a safe online name.
    Use e-mail addresses, IM names, chat nicknames, and other such names that don’t give away too much personal information. Pick a name that doesn’t help identify you (your age, for example) or locate you. Avoid flirtatious or provocative names that may cause unwanted attention.
  3. Use strong, unique passwords for every site to reduce the risk of someone breaking into your account.
    1. Secure passwords do not have to be hard to remember, just hard to guess. It is easy and can actually be fun, and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information.
    2. Use unique passwords for each site or service. This way, if your password is discovered on one site, the rest of your services aren’t at risk.
    3. Avoid passwords with personal information, dictionary words in any language, words spelled backwards, abbreviations, and sequences or repeated characters (“abcdefgh” or “12345678”).
    4. Use a phrase. “2BorNot2B_ThatIsThe?” (To be or not to be, that is the question.)
    5. Incorporate shortcut codes or acronyms. “CSThnknAU2day!” (Can’t Stop Thinking About You Today!)
    6. Play with your keyboard. Use your keyboard as a canvas to draw on. For example, “1qazdrfvgy7” is just the letter “W.”
  4. Discuss online safety with your family and friends.
    Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
  5. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  6. Pay attention to the risks of e-mail.
    1. Think twice before you open attachments or click links in e-mail-even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to e-mail asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in email, unless you are sure of the sender. Instead, use a search engine to find the site yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  7. Never, ever meet in person someone you’ve only met online without taking somebody else along and meeting in a public place. Remember, people are not always who they say they are. Women often feel uncomfortable setting safety boundaries because they don’t want to offend someone; but good people will understand and encourage you to set safety requirements, its the crooks who want you to feel guilty about it.
  8. Know the Privacy Policy and Terms of Service of any service you use.
    Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
  9. Learn how to report abuse on any service you use – No one has the right to embarrass, shame, threaten, or make you feel uncomfortable in any way.  Ever. If something negative occurs speak out by getting reporting the incident to the website company. Reporting issues is what responsible Internet citizens do to help stop illegal activity, harassment, and predatory behavior of online bullies and criminals. If you ever feel physically threatened, contact local law enforcement immediately.
  10. Don’t trade personal information for “freebies.”
    Online freebies come in two forms:

    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  11. Periodically review your internet contacts, and online activities.
    Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
  12. Check your credit reports.
    Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax.

    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  13. Block people you don’t want to interact with.
    You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone.  YOU get to choose who, how, and when you are contacted.
  14. Trust your instincts.
    Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  15. If you are exploited, it is not your fault.
    Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal.  You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.

To receive monthly internet safety tips, download Internet Safety Calendar App by LOOKBOTHWAYS and Microsoft

Microsoft has sponsored the creation of a new, free, Internet Safety Calendar application, that consumers can download to their Internet Explorer browser (Note: only IE is supported at this time).

The calendar provides relevant monthly advice to help you increase your online safety whether you’re looking out for your own safety, or you are a parent watching over your family’s safety. The calendar also includes reminders for recurring those safety actions you know you should be doing, but that frequently get forgotten in the rush of day-to-day activities. To access the new Internet Safety Calendar application, go to Microsoft’s http://www.microsoft.com/protect/resources/addon.aspx.

You may also be interested in the following internet safety brochures created by  LOOKBOTHWAYS and Microsoft. Download by topic area: (https://ilookbothways.com/publications)


Respect Others When Sending Email to a Group

May 27, 2010

Any time you send or forward e-mail to a group of people who don’t know each other, the correct etiquette is to put everyone’s e-mail addresses on the Bcc (or Blind Carbon Copy) line. This has the advantage of making your message look as if it were sent to each person individually, but more importantly, it protects your friends’ e-mail addresses from spammers and keeps their e-mail address private from everyone else on the list.

Finding the Bcc: Line

Every e-mail program has a Bcc: option.
Search in your e-mail program’s Help if you can’t find it readily.

Example: In Windows Live Mail, Hotmail, or MSN mail, to display the Bcc: (and Cc:) line, click Show Cc &Bcc in an e-mail message (as shown below).

Tip:
You may also want to include a message like the one below at the bottom of your e-mail messages as a reminder:

Note: Please protect my privacy. Do not expose my e-mail address to others. If you’re
sending e-mail to a group of people that includes me, please put my e-mail address on the Bcc: line only.

How crooks use exposed e-mail addresses

If you are forwarding an e-mail with a cute thought, picture, survey, or something similar, ask yourself what motivated the original sender? Criminals specifically start many such e-mail threads because they know people will forward them — and they have embedded a piece of code that essentially works like a hidden Bcc line so that the thread including all the e-mail addresses automatically come to them for harvesting.

In the past, criminals were just after e-mail addresses for their own use or to sell to other spammers. Now, criminals also use this tactic to map your social networks and create smarter spam scams using social engineering. We are more likely to fall for a scam if a friend or family member is also on the “To:” line because it seems more legitimate.

Protect your friends and acquaintances email privacy and ask that they respect yours.

Linda


E-mail

November 1, 2009

Sending and receiving e-mail

 

E-mail is shorthand for the term electronic mail and people use it to get and send messages and attachments like photos, music, or videos. Unfortunately, e-mail’s usefulness is under attack because of spam and spam scams (also known as phishing).

Read on to find out how to defend yourself against some of the hazards of e-mail.

Ten safety tips for sending and receiving e-mail

  1. Choose a safe e-mail address that doesn’t give away personal information.
    1. Pick one that doesn’t help identify or locate you. For example, SusieDoe_14_small_town@google.com.au reveals enough for someone to find Susie-her name, age, and small town in Australia.
    2. Avoid using flirtatious names like “2sexy4U” or “I_like_handcuffs” which may cause unwanted attention and expose you to greater risk.
    3. Make sure your full name is not exposed by your e-mail service and, therefore, on e-mail messages you send. .
  2. Don’t share sensitive personal information in e-mail.
    1. Never share passwords, social security number, credit card information, and the like.
    2. Pay attention if you use an automatic e-mail signature. This is a handy feature for friends because it typically provides your full name, address, and phone numbers. But if it’s inserted automatically in all your e-mail responses, you might unwittingly reveal more information than you intended with people you don’t know.
  3. Consider who you want to e-mail with. Remember: a friend of a friend is a stranger.
    Some people only want to send or receive e-mail with close friends and family; others use it much more openly. Decide what you are comfortable with and set appropriate limits. Remember, just because someone sends you an e-mail doesn’t mean you need to receive it. Block messages from specific senders, or restrict your e-mail from anyone not specifically on your contact list.
  4. Think twice before you open attachments or click links in e-mail-even if you know the sender.
    Sending photos, documents, and links in e-mail is an easy and convenient way to share with others, but the bad guys can use these to slip spam and viruses onto your computer.

    1. If you don’t know the sender, delete the message; if you do know the sender, double-check that an attachment or link is safe to open. If you can’t confirm, your best bet is delete the message.
    2. If anyone sends you inappropriate material, report it. Don’t shut down the computer; instead turn off the monitor and walk away. Tell your parents, your ISP, and the police, if appropriate.
  5. Don’t be fooled by phishing.
    Be very skeptical if you receive an e-mail that looks like it is from your bank, broker, or other trusted company but asks you to verify or re-enter sensitive personal or financial information through e-mail, a Web site they direct you to, or a phone number they provide. It is quite likely a scam. It’s better to type in your own link to the bank or company or look up the phone number yourself.Phishing scams that are trying to trick you into divulging sensitive personal information can come in many guises—you’ve won the lottery, you’ve been selected to receive something free, and the like.
  6. Avoid typing sensitive information into a public computer.
    This includes your name and phone numbers, account numbers and passwords, or home or e-mail addresses. An industrious thief might install a kind of spyware that records your every keystroke for the crook. Never select the feature that automatically logs you on to e-mail when you start the computer, or accept a “Remember My Password” option.
  7. Be cautious about meeting in person someone you know only through e-mail.
    Everything someone tells you about themselves and their motivation for meeting you may be completely true – or none of it could be. They may feel like a close friend, but they are still a stranger. If you decide to meet someone, never go alone make sure others know where you’re going, and have your cell phone handy.
  8. Consider what you’re saying and sharing in e-mail and how you would feel if the information was shared.
    Anything you say in e-mail can be forwarded to others – or perhaps monitored by your employer.
  9. Report harassment or bullying.
    As in real life, this is unacceptable behavior and in some cases can be illegal. Report harassment or abuse to your service provider. (Every service should have a clearly visible Report Abuse function; if it doesn’t consider switching providers.)
  10. Help protect children using e-mail.
    1. For younger children, use a service that allows you to limit your child’s contacts (so they can only e-mail people you both know) and allows you to monitor who they’re talking to.
    2. With teens, have a discussion about who they communicate with and what they talk about. Set boundaries that match your family’s values and their age, reassessing these boundaries periodically as they mature. Caution them not to list their e-mail addresses publicly , or respond to e-mail from strangers; if they wouldn’t tell the person their street address, they may well not want to give their online address.

Sending e-mail safely to a group

Any time you send or forward e-mail to a group of people who don’t know each other, the correct etiquette is to put everyone’s e-mail addresses on the Bcc (or Blind Carbon Copy) line. This has the advantage of making your message look as if it were sent to each person individually. But more importantly, it protects your friends’ e-mail addresses from spammers and keeps their e-mail address private from everyone else on the list.

Finding the Bcc: Line

Every e-mail program has a Bcc: option.
Search in your e-mail program’s Help if you can’t find it readily.

Example: In Windows Live Hotmail, to display
the Bcc: (and Cc:) line, click Show Cc &Bcc in an e-mail
message (as shown below).

    bccline

Tip:
You may also want to include a message like the one below at the bottom of your e-mail messages as a reminder:

Note: To help protect
my privacy, please do not expose my e-mail address to others. If you’re
sending e-mail to a group of people that includes me, please put my
e-mail address on the Bcc: line only.

How crooks use exposed e-mail addresses

If you are forwarding an e-mail with a cute thought, picture, survey, or something similar, ask yourself what motivated the original sender? Criminals specifically start many such e-mail threads because they know people will forward them — and they have embedded a piece of code that essentially works like a hidden Bcc line so that the thread including all the e-mail addresses automatically come to them for harvesting.

In the past, criminals were just after e-mail addresses for their own use or to sell to other spammers. But now criminals also use this tactic to map your social networks. Using automation, they send spam to you and a couple of others in your social network. We are more likely to fall for a scam if a friend or family member is also on the “To:” line because it seems more legitimate. (It’s also possible that your spam filter is less likely to catch junk mail when it is addressed to more than one person.)

Back to top

Keeping your full name from showing up in e-mail

Before you follow the directions below, make sure that you send e-mail to all of your friends and tell them what your new e-mail name will be. Otherwise they won’t recognize your new name and might delete your messages, thinking you’re a spammer.

Find out how to do hide your full name for these e-mail programs:

Scroll down to see an illustration of these steps.

  1. In MSN, at the top of your screen, click Help and Settings.
  2. Click Settings on the list that drops down.
  3. On the left, click Personal information.
  4. Under Personal Information settings, click Windows Live ID information.
  5. Change the information in the first and last name fields.
    Pick a name (like your first name) that doesn’t expose your identity or leave it blank. You can use of any alphanumeric character (A-Z; 0-9) and any of the special characters on your keyboard except for : < > ; ( ) ” $ !
  6. Once done, click Save, and sign out of MSN.
  7. Go to www.hotmail.com, and sign in to refresh your account information.It may take 5 to 10 minutes for the changes to take effect.

Scroll down to see an illustration of these steps.

  1. At the top right of your screen, click Options.
  2. Click More options at the bottom of the list.(Note: If you’re using the classic version of Windows Live Hotmail, you will automatically be redirected to the Options page after clicking the Options button).
  3. Under Manage your account, click View and edit your personal information.(Note: If you’re asked to provide your password, type your password, and then click Sign in.)
  4. Click Settings on the left side of the page.
  5. Click Registered information under your name and e-mail address.
  6. Change the First name and Last name.Pick a name (like your first name) that doesn’t expose your identity or leave it blank. You can use of any alphanumeric character (A-Z; 0-9) and any of the special characters on your keyboard except for : < > ; ( ) ” $ !
  7. Click Save at the bottom of the page to save your changes.

bccexample1

  1. Click Mail Classic to switch to Classic View. If you don’t see this, skip to Step 2.
    You can’t hide your real name if you’re using new Yahoo! Mail.
  2. YahooStep1

  3. Click Options (red dot #1) in the upper right hand corner , and then click General Preferences (red dot #2).
  4. YahooStep2

  5. Erase your name from the From name field. Replace it with a name (like your first name or a nickname) that doesn’t expose your identity. (Or you can leave the box blank.).You can use of any alphanumeric character (A-Z; 0-9) and any of the special characters on your keyboard except for : < > ; ( ) ” $ !
  6. YahooStep3

  7. Scroll down and click the Save button at the lower left corner of the screen. Then send yourself an email. Your full name will no longer show up.To restore Yahoo! Mail to the “new” view, click All-New Mail in the upper right corner of your screen.
  8. YahooStep4