How to safeguard your online security

The bad guys know you're social networks like crazy, and they're gunning for you.

Social networks are fun to use, helpful for job hunting, and great for keeping in touch with friends, business contacts, and relatives. The downside: The bad guys know you're using these networks like crazy, and they're gunning for you.

Other online security threats may come from credit card exposure and the Google privacy factor.

Social Networking Traps

Why You Should Care: Sneaky sociopaths are using social network sites to infect, phish, and spam you.

Scenario: A message from one of your friends shows up in your inbox, sent via a social network site that you use regularly, such as Facebook.

The message promises a big laugh, and points to a Web site you've never heard of. You think you can trust it, so you click the link--and the next thing you know, your PC is misdirected into a phishing page that steals your log-in details or to a drive-by download site that infects your system with a password-stealing Trojan horse. Your friend says she never sent you the message.

Whether the culprit is a fake LinkedIn profile page that serves up dangerous URLs or a bogus Twitter message that purportedly comes from our friends, social networks are rapidly becoming the newest medium for malware attacks. As operating systems and applications became harder to hack directly, online criminals realized that it was much easier to fool people into clicking bad links, opening dangerous files, and running malicious software. And the best place to exploit the trust between friends and colleagues is in the mechanisms of the social network itself.

By now, most Internet users are savvy enough to recognize spam e-mail. But what about a spam tweet that seems to come from someone in your circle of friends and takes you to a page that looks almost exactly like the one you use to log in to Twitter? A week may go by, and suddenly the data thieves who now control your account begin sending messages with URLs--some of which perform drive-by downloads and infect the recipients' PCs with malware--to everyone in your social network.

Facebook and MySpace users have already had to deal with a number of worms and other nasties that spread independently of any action taken by the account holder. Expect more of these automated attacks in the future.

Fix: If you think that your social networking account details have been compromised or stolen, report your suspicions to the site's support team immediately. Change your password frequently, and avoid clicking links that purport to send you back to the social network site. Instead, type the site's address directly into your browser (or follow a bookmark you've previously saved) to get back to your account.

Credit Card Exposure Online

Why You Should Care: Resolving fraudulent credit card charges can be a messy, time-consuming process.

Scenario: Scanning your e-mail, you see a message from a large online retailer notifying you that an order you recently completed is ready to ship--but you didn't order anything. You follow a link in the message that supposedly leads back to the site's log-in page, which contains a Web-based form that lists the wrong credit card number and address for your account and requests that you fill in the correct information so that the company can initiate its dispute resolution process.

So you enter the card number, the card's expiration date, your billing address, the card verification value (CVV) number printed on the back, your birth date, and your dog's favorite flavor of Milk Bone. In your rush to correct the "mistake," you've just delivered your card details right into the hands of savvy phishers.

Since consumers are never liable for more than US$50 of fraudulent credit card charges, you may wonder whether having your credit card information stolen is such a big deal. The answer is yes. You may not pay for the fraud directly and immediately, but all credit card users bear the burden in the form of fees and interest rates that factor in the cost of fraud to the credit card issuer.

In addition, you'll spend considerable time canceling credit card accounts, getting new cards issued, checking your credit reports, and changing the numbers in various accounts if you use them for automatic payments.

Fix: Some larger banks still offer single-use, "disposable" credit card numbers--you log in to your bank's Web site and identify the total amount of your purchase from the relevant online shop, and the banking site responds by spitting out a "credit card" number that can be used only for that amount and at that online store. Bank of America's ShopSafe, Citibank's Virtual Card Numbers, and Discover's Secure Online Account Numbers are still going strong, though American Express killed off a similar service years ago.

Google and Your Privacy

Why You Should Care: Any business that maintains so much information about you puts you at risk of having that data abused.

Scenario: Google seems to be everywhere these days. Aside from running an exemplary search engine, the company offers services for sending e-mail, receiving news feeds, and shopping. Furthermore, many of your favorite Web sites probably use Google to serve ads, syndicate content, or even track their own performance. Your Google account is like a diary of everything you do online: It can track your surfing behavior and even show you trends that you may not be aware of.

The sheer breadth of information that Google handles for people is startling: e-mail, instant messaging, VoIP phone calls, photos, maps, finance and investment portfolios, home and work addresses, reading preferences, video interests and assessments, online purchases, most frequent searches, and clicked-on search results. Can you trust a commercial enterprise that has so much valuable information about you at its disposal to live up to its "Don't be evil" corporate mantra? That remains to be seen.

Fix: You can partly extricate yourself from Google, but don't assume that the big G isn't still all around you. Change the default (Google) search settings in Firefox if you must; stop using Gmail, iGoogle, and your Google Account if you're really concerned. But so many sites now incorporate the company's AdSense, Analytics, and syndication components that going off the Google grid may be virtually impossible for anyone who uses an Internet connection.

Tags security

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

PC World (US online)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?