Today’s online dangers are more likely to come from organised criminal gangs than script-writing hacker kids. A malware infection could empty your bank account and damage your computer. These crooks are hunting down your private information, which includes much more than just your bank details. Login details for websites can give away enough information to get an identity theft underway. For this reason, you’d be wise not to include your real-world address or date of birth on Facebook profiles or other publicly accessible websites.
To stay safe online, you need to use the common sense you apply to the real world.
Traditional PC viruses are becoming less of an issue. Of the new malware strains Panda Labs found in the third quarter of 2011, 77 percent were Trojan horses, against 12 percent for viruses. Trojans are software designed to take control of your PC, whether to forward spam and phishing messages or to return data to a hacker’s server.
Trojans have been gaining ground for some time – a trend that’s unlikely to change in 2012.
- See Group test: what's the best antivirus?
- See Group test: what's the best security software?
- See Protect youself against mobile malware in 2012
But there are other dangers that you might never even notice. A web-connected computer can be conscripted into a ‘zombie network’ of machines that collectively run distributed-denial-of-service (DDoS) attacks on websites or servers. Such software might drain the batteries more quickly than usual on a laptop or other mobile device, but you might not notice any other changes while your computer is busy working for a criminal gang. If you do notice a change in how your machine or phone is behaving, be sure to investigate using an appropriate scanner.
Don’t be fooled into clicking a link in the pop-up to download software that purports to remove a supposed infection – you’ll either end up forking out for unnecessary software or malware will be loaded on to your PC.
To stay safe online, you need to use the common sense you apply to the real world. Instruct less experienced users to trust their gut instincts. If something about a website or email looks or feels wrong, even if they can’t put their finger on exactly why, it probably is – or, at the very least, further investigation into its credibility is required.
Here are a few useful tips to keep you on the straight and narrow:
- Your bank will not email you if someone attempts to access your account.
- Her Majesty’s Revenue and Customs will not email you news of a huge tax rebate.
- Young, beautiful Russian girls do not want to meet you (or, indeed, marry you).
- None of these old threats is going away any time soon, and 2012 is set to bring new online dangers. Keep your wits about you.
Facebook and friends
Social networking’s primary danger is that you might give away enough information about yourself to make identity theft possible. If your profile includes your date of birth and address, an ID thief is well on his way. A ‘happy birthday’ message to your mum could lead to her maiden name, which is a common security question for many services.
Start with the basics and dig into Facebook’s security and privacy settings. Turn off everything, then start thinking about what you want to allow rather than the other way around. Look again at what information you are giving away and who can see it.
Remember that your privacy depends on your friends, too. It doesn’t matter how private your profile is if a friend with weak security settings tags you in a picture.
Facebook is also increasingly used as a medium for virus and spam transmission. Requests to join game networks or sharing platforms that apparently come from friends might in fact come from criminals. Even if they are genuine, it’s not imperative to accept the request and hand over more information than you’re happy with.
Some of these services might be scams, but many exist to collect your information and make money from selling it on. Be aware that it might be a corporation rather than a hacker after your data, then consider what happens to that information once it’s collected and whether it’s properly discarded when it’s no longer needed.
Twitter is another service on which it’s all too easy to over-share information. A rapper tweeted about his bling gold necklace and how much he was looking forward to wearing it at his next gig. Someone saw the tweets, went to that gig and relieved him of his chain. Burglary is nothing new, but telling the world via Twitter when, for example, you’re going on holiday, makes crooks’ lives much easier.
Bulletin and message boards
However much you’ve talked to someone online, and however much you might trust the community of a particular forum, you don’t know who someone is until you’ve met them and their mum. Don’t be fooled into giving away too much information.
Emails and other messages
Scammers often rely on old tactics, tweaking them for new platforms and methods of communication. Facebook messages, instant messages and texts can be used just like email for spam and phishing scams.
New technology can make a scammer’s messages more convincing. Emails are increasingly targeted at individuals or businesses. A business receiving an email invoice in the correct format from a regular supplier for an amount in line with usual costs might pay the bill. And an email apparently from a desperate friend stuck without money in a country she regularly travels to might suck you in.
Appeals for sick children or other charities or pleas to sign online petitions should be checked for authenticity.
Google is a good first port of call, after which you could try specialist scam sites such as Snopes.com.
Fake surveys with promises of gifts, perhaps tailored to you personally, are another way of tricking you into lowering your defences. A job offer that references every skill on your CV and promises to pay a six-figure sum could be genuine – or perhaps someone’s read your CV on a professional networking site.
The danger of this type of fraud is that it becomes more convincing as more and more information about us is leaked online. Cybercrooks don’t always want your money, sometimes they’ll be satisfied with a few details they can sell on or the opportunity to install malware on your PC.
Fake antivirus software is a threat that shows no signs of slowing. Scammers are able to exploit people’s security fears using pop-up ads that claim to have detected a virus on their PC. Only they can fix the problem, they say. Never install ‘security software’ this way.
Buying and selling online
‘Buyer beware’ might work in the real world, but online sellers need to be aware of dangers too. The usual warnings apply, but with some additions. Scammers are now targeting regular users of some auction and classified sites. They use a site’s reputation rankings to effectively blackmail sellers by threatening to leave negative feedback if a discount or even free goods are not given. Given how hard it can be for a seller to get their reputation restored, many will give in, keeping the fraud alive.
If you’re selling anything online, be aware of the site’s terms and conditions and how its complaints procedures work. Keep an eye on seller message boards, too.
Watch out for companies trying to sell you services that are freely available, such as government services. For example, in some countries a search for a visa will return several paid-for services above the government’s own site. With more and more government services finding their way online, the problem is set to become bigger.
For most people, however, the biggest threat comes from ordinary online purchases. Tread carefully, bargain hunters: online shopping promises price transparency and savings for all, but there are pitfalls to dodge.
The costs of saving
Saving £10 on a £500 laptop might seem like a steal, but what if you’re left waiting a month for delivery? Check whether the model you want (with the exact same specification) is available from an e-tailer you’ve used before. Then weigh up your £10 saving against the peace of mind you’ll get from dealing with a company you know.
Of equal importance is the choice of courier or delivery service. Tales of new laptops left in wheelie bins or taken miles away to depots for you to collect are less online dangers and more real-world pains.
Think twice before buying from a site you don’t know. Google the company name with the word ‘problems’. Have a look on consumer complaint forums. Look for a real-world address and phone number on the website. Be particularly careful if you’re in a hurry – sorting out Christmas presents, for instance, or shopping while you work.
Twitter offers criminals a simple and increasingly popular way to infect your PC via short URLs. If no preview feature is available, it can be impossible to guess where you’re going. Be as suspicious of these links as you would of downloading an unchecked email attachment. If you’re worried, ask the friend who sent you the link to check it’s genuine.
If a URL shortener has a preview service, use it. For example, the tinyurl.com service we use in the pages of PC Advisor lets you see where you’re being redirected simply by inserting ‘preview.’ before the tinyurl. McAfee also offers a secure URL-shortening service.
New film and music releases have been infected by malware, both by hackers and media companies themselves in order to discourage illegal file-sharing. If you must download torrent files (although we don’t condone it), take extra care. Most sites spare little cash on security, and they make no claims for the cleanliness of the files they’re offering.
The days of ‘good’ and ‘bad’ porn sites are over. Malware can now be found on respectable sites as we as dodgy. Although some hackers will use smut to tempt surfers, plenty more take security seriously. The truth is such sites are just as likely to harbour malware as any other type of website, and avoiding porn sites isn’t enough to protect you online.
Downloading video content, whether or not it’s of an adult nature, will often leave you open to attack. There are dozens of different media players, yet most will require you to download a separate add-on or codec. This is where the problem lies, and Adobe Flash has long been a favourite vehicle for hackers to infiltrate your machine – always ensure you’re running the latest version.
Any new technology brings new dangers, yet most are simply tweaked versions of the threats that have kept us on our guard for years. As we’ve discussed in this feature there are many things you can do to keep safe online, with the most important being to use your common sense and remain alert at all times.
The important message for new users is that staying safe online goes beyond installing an internet security suite on a new PC and promptly forgetting about it. Such products are useless unless they’re regularly updated – every day, if that’s how often you use your computer to get online.
Malware is getting smarter and now targets specific platforms and users. The biggest threat for 2012 is expected to be directed to smartphones, with more of us using them to get online. Just like on a PC, we need to install security software on our mobile phones and use our common sense when downloading software. We’ve never had to worry about mobile security in the past, so how many of us will be caught out?
Next year could well see the first widespread, damaging attack on mobiles. And if you sync your phone with your computer, here’s another potential avenue of attack. Keep an eye on these forthcoming threats, but don’t forget about the traditional viruses, worms and adware either.