In-Depth: Gone Phishing
“Dear sir or madame, I am the financial minister of a small country you have never heard of. For reasons that don’t really make sense, I need to give someone $10 million. I have chosen you. Please send me your bank account number so that I can give you these funds. Thank you.”
This is just one of the many ways criminals use phishing to try to get personal information from their victims and phishing is only one of the many ways personal security is under attack on the Net.
“Phishing is often trying to make the sender of an e-mail out to be a credible source, like a bank, and have you confirm specific information that they want,” Nate Crookston, a senior in electrical engineering who does Web programming as a side job, said.
The information phishers are often looking for include account numbers, user names and passwords. According to a pamphlet from USU network and computer services, companies will never ask for such information through e-mail.
Kyle Waters, a senior studying government and technology and assistant to the computer specialist for the College of Agriculture, recommends people be extra careful using public computers, such as the ones in on campus computer labs, because of the possibility of keyloggers.
“Keyloggers are programs that record every keystroke made,” Waters said. The records produced can be used by the writer of the program to gather important information.
Josh Karren, a sophomore in computer science and a computer lab attendant on campus, said all lab computers are put back to their original states to remove all programs installed by students and this process is done between every day and every week, depending on the computer.
Karren warns that students often unknowingly save personal passwords on to a public computer. By going into the settings section of a browsers, students can set it so that passwords are not saved.
Another way that identity thieves can get information while their victims are at home is through spyware.
Spyware, according to Microsoft’s Security at Home section, is any kind of software that installs itself onto another computer and changes settings, often without the owner’s knowledge.
Spyware is often used for advertising or more destructive purposes such as seeking out personal information. Signs that spyware has been installed on a computer can included an increase in pop-up advertising, slower operation in general and an increased number of system crashes.
Many programs that “pop up” while is surfing the Web offer prizes or other incentives to entice the user to click on them, allowing the programs to install spyware or another form of dangerous software
Experts recommend a healthy bit of paranoia to avoid spyware and other malicious programs. “If it sounds too good to be true, it probably is, so don’t click on it,” John Hanks, the associate director of the USU Center for High Performance Computing, advised.
Offering free iPods or other prizes are not the only ways spyware programs attempt to persuade people to click on them, which launches the installation. Many pose as updates or messages from the computer’s operating system.
Crookston recommends knowing the difference between a browser window and one that an operating system would use.
Crookston also recommended users keep their eyes open from the line “Javascript console.” Javascript is a computer language that is often used for online programming. A program being written in Javascript doesn’t mean it’s necessarily dangerous, but it is coming from the Web and not your computer itself.
Waters said he uses Linux to keep his own system clear of spyware. Linux is a free operating system that has strong spyware defense.
For users of the more widely distributed Windows, for which most spyware programs are written, Waters recommended a combination of Ad-Aware and Spybot Search and Destroy.
Ad-Aware and Search and Destroy are programs that will hunt out spyware that has been installed and remove it. Both are free to download and can be found at www.lavasoftusa.com/software/adaware and http://www.safer-networking.org/en/download. Frequent updating is recommended for best results.
In November of 2004, USA Today did a special report on Internet security in which they made a suggestion for users to avoid spyware by using the Firefox Web browser.
While Firefox is his browser of choice, Crookston reminds Web surfers that it, alone, can’t guarantee safety,
“I recommend Firefox because it make my life as a Web programmer much easier,” he said. “It is more secure, but security really depends more on safe browsing.”
Waters, who is also a member of the USU Free Software and Linux Club, reminds students to be careful with downloading new software. “Be careful what you install; make sure it’s clean.”
“Not everything free is full of spyware, though,” he said.
Firewalls are another important step in keeping safe online. According to Microsoft’s FAQ section, a firewall is a piece of software built to protect computers against hackers, viruses and other security threats.
The newest version of Windows and the Mac Operating System as well as many versions of Linux are already equipped with built in firewalls with plenty of others available online for people using older systems.
“Turn on the Windows Firewall right now. Seriously, go turn it on right now. Next time you install Windows, turn it on before you connect to any network,” Hanks said in an e-mail.
Free firewalls for those without one in their system can go to http://www.free-firewall.org.