Today we’re continuing our interview with Anne P. Mitchell, Esq. that we began in last week’s issue called:
7 Dangerous Things You Do on the Internet That Don’t Seem Dangerous at All.
Last week we focused on the newest dangerous thing people do on the Internet. If you haven’t seen that issue on evil twin problems, you can find it here.
Today we’ll cover the other 6 dangerous things people do on the Net. Time to begin…
7 Dangerous Thing People Do on the Internet That Don’t Seem Dangerous at All
I’d like to re-introduce our guest today, Anne P. Mitchell, Esq. Anne is a Professor of Internet Law at Lincoln Law School of San Jose, and the President and CEO of the Institute for Spam and Internet Public Policy.
Audri: Welcome back, Anne. I know our subscribers found last week’s issue fascinating. Today we’ll pick up the pace and talk about the other 6 dangerous things people do on the Internet that don’t seem dangerous at all. Let’s get right to it!
Now that we’ve covered the newest dangerous thing, what would you say is the *single* most dangerous thing people do on the Internet that doesn’t seem dangerous at all?
Anne: I think that I would have to say that it is responding to phishing attempts.
Audri: Yes, phishing was #2 on our list of Predictions for the Top 10 Internet Scams in 2005. We’ve talked a lot about phishing in different issues of ScamBusters — for example, newer subscribers can read about phishing scams here.
Why don’t you do a brief overview of phishing?
Anne: Sure. Phishing is when someone attempts to trick you into revealing personal information, such as your social security number, credit card information, or passwords to financial sites.
They do this in a number of ways, although perhaps the most widely employed phishing tactic is to pretend to be a financial institution such as a bank or PayPal.
And some of these phishers are very good at what they do, Audri. They will send you email which appears to come from PayPal, and ask you to “update your account,” or even warn you that your account is about to be suspended, creating a sense of urgency.
When you click on the link which the phisher has provided in the email, the site to which it takes you *looks* like the real PayPal site — but it isn’t. And when you type your account information in at that site — gotcha!
The phisher now has your PayPal account information, and of course with that they have access to all other kinds of information about you, which can include your bank accounts.
Because some of these phishing scams are so realistic, we always tell users to never trust an email which comes out of the blue appearing to come from a site with which they do business and which asks them to click a link which takes them to a prompt for a password or other sensitive information.
Instead, when you get an email like that, go to that company’s website manually — in other words, type their website address into your browser, and access your account that way. If they really did need you to attend to something with your account, you’ll be notified when you log in.
Many companies no longer send email alerts, for this very reason, but even when they do, that same information will be there waiting for you at the website, and that is the information which you can trust.
Audri: Let’s move on to #3: what would you say is the most dangerous thing people do with respect to email that doesn’t seem dangerous at all?
Anne: Along with clicking on links which come in phishing email, it has to be, hands down, opening attachment files which come in email.
Here’s the problem, Audri: when it comes to attachments which come from strangers, people know not to open them. Your average user, even a fairly novice user, isn’t going to open an attachment which comes in email from firstname.lastname@example.org.
But guess what? The spammers and virus writers know that. That’s why they write viruses which infect one person’s computer, and have that person’s computer send out copies of the virus in email as an attachment, “from” that computer’s owner!
For example, if a virus got onto my computer, it would email copies of itself to all of the people who are in my mail program’s address book. So when it sent one to you, you would get email “from” Anne, and you would probably think “Wow, Anne sent me a file! I wonder what it is? Maybe it’s a picture of the company Christmas party!” Click, click – ZAP!
Even worse, some viruses will even select a random email address from the infected computer’s email address, and pretend to send from that email address. That means your friend who is not infected by a virus will get complaints that they are sending out viruses.
Audri: Any advice about attachments?
Anne: If you are not 110 percent sure that an email you receive with an attachment was really intentionally sent by the person it appears to be from, don’t open it.
Write to them or call them and ask them “did you just send me a file?” You know, you may think that you are pestering them, but they’d much rather you “pester” them that way than by opening a virus file and then having *your* computer send the virus to *them*!
By the way, Audri, this virus cycle is one of the main reasons that people will suddenly start getting email messages from postmaster at other sites saying that the email they sent could not be delivered. The user is left wondering “Huh? I never sent email to this person!”
You may not have, but your computer may have. So if you start getting those sorts of email notices, it’s time to update and run your virus checker.
Audri: Good point. What dangerous thing do people do with respect to shopping online that doesn’t seem dangerous at all?
Anne: Not making sure that the site at which they believe they are shopping is really the site at which they wish to be shopping. For example, you ended up on the site as the result of a phishing email. And not making sure that the payment pages for the website are secure.
If the pages are secure, then the data you send over the Internet, such as your credit card information and address, are generally very safe, as the data is encrypted (scrambled in a code).
But if the pages are not secure pages, then the data you are sending is not encrypted, it is plain text, and anyone who is electronically eavesdropping on what you are doing can read and steal that information.
The best way to be sure that you are on a secure site is to look at the security level indicator on your web browser. For the majority of all web browsers, it will either display an intact key for ‘secure’ and a broken key for ‘not secure,’ or a locked padlock for ‘secure’ and an open padlock for ‘not secure.’
Audri: Most people don’t bother to check this — great advice. Also make sure that the URL begins with https:// rather than http://.
Moving on to the fifth dangerous thing: how about chat rooms? A lot of dangerous stuff certainly happens in chat rooms.
Anne: I tend to lump chat rooms and instant messenger programs together, because a lot of what is dangerous about them has to do with social interactions and social engineering.
“Social engineering,” these days, means manipulating people so that they reveal otherwise confidential information.
And this happens all the time in both chat rooms and in instant messenger, because there is an immediacy and an intimacy which is not present in email, which has a time latency.
Another issue in both, and particularly in instant messenger programs, is the dreaded attachment. It is not at all uncommon for someone to pretend to be a friend of yours, and send you an instant message saying something like “Hey, look at this cool link!” and of course the link is actually to a virus which is downloaded onto your computer.
Audri: Thanks, Anne. There is so much to talk about this that I think we need to do a ScamBusters issue on this topic.
Time for #6: What dangerous thing do people do with respect to surfing that doesn’t seem dangerous at all?
Anne: In addition to the above behaviors, it’s really important for people to be aware of spyware.
Audri: Agreed. We’ve written about spyware a lot. In fact, subscribers can check out our Anti Spyware Resource Center here.
Again, why don’t you just do a quick overview?
Anne: Spyware is software which gets downloaded to the user’s machine, either without their consent, or with their consent but without knowledge of what it actually does.
When it is without consent, spyware is almost always — not always — but almost always, installed on an unsuspecting user’s machine as they are browsing around on unfamiliar sites, clicking on interesting sounding links.
The reason it is called spyware is because it literally spies on the user, and reports back to whomever is behind it on various aspects of the user’s computer use. For example, where they surf, where they shop online, etc.
If you have ever suddenly had a popup ad show up on your computer when you are browsing on a similar, but unrelated website, the odds are good that spyware is behind that popup.
Audri: Good. Another common indicator is you get sent to an alternative search engine.
Time for #7: what one last thing do people do on the Internet that doesn’t seem dangerous at all?
Anne: Are you ready for this Audri? Because it’s something people don’t even think about as a “behavior,” and yet it is so dangerous.
They believe everything they read on the Internet.
Even when it is blatantly untrue. When it couldn’t possibly be true. Even when the very website at which they are reading it *tells* them that it is not true. I can’t tell you how many times people have quoted that very popular satire and humor site, The Onion, to me as gospel!
Audri: I love it! You are so right. That is a very important point.
We’re almost out of time. What question didn’t I ask that would have been useful for our subscribers if I had?
Anne: “What are the best resources for users to keep up on how to keep themselves safe online?”
Audri: Great question!
Anne: And the answer to that is, first and foremost, your wonderful ScamBusters site!
Audri: Thanks, Anne.
Anne: Also Aunty Spam, while a bit more editorial, has a great deal of good information.
Audri: It’s an excellent site — I highly recommend subscribers visit:
Anne: Also, go to your own bank’s and other financial institution’s websites on a regular basis, as many of them keep their users up-to-date on the latest phishing scams.
And finally, always always always keep your anti-virus software up-to-date, and check your anti-virus vendor’s website from time-to-time, as they usually have the latest news about new viruses and worms. Also, you need to keep your system software updated, and your anti-spyware software updated — and of course, use them.
Audri: Again, great advice. What one thing would you like everyone to remember from this interview?
Anne: Well, Audri, we’ve talked a lot about dangers on the Internet, but it’s important to remember that if you are smart, use your common sense, and don’t take unnecessary online risks with your personal information, using the Internet can be a safe and enriching experience. There is no other resource like it anywhere in the world.
Anne, I’d like to thank you on behalf of all of our subscribers. These two interviews have been terrific. You’ve shared some very important information that can help our subscribers protect themselves from clever scammers.
Thanks, Anne — this has been a lot of fun.
Anne: Thanks, Audri.