StopSign®

Today’s kids are spending more and more time online in chat rooms, texting via cell phone, and using every digital gadget available to them to communicate with their friends. Not only are they chatting with friends from their schools and neighborhoods, but they’re also meeting new people online and talking with them, too. In most cases the chats are fun and friendly, but there is a growing concern over a dark side of these digital discussions: cyberbullies.

What is cyberbullying?

The National Crime Prevention Council defines cyberbullying as: “Online bullying, called cyberbullying, happens when teens use the Internet, cell phones, or other devices to send or post text or images intended to hurt or embarrass another person.”. Emails, IM’s, Twitter posts, text messages, MySpace pages… any digital resource can, and likely has been, used for the purposes of cyberbullying.

Warning signs of cyberbullying and harassment.

There’s a large variety of ways that a bully can harass a victim online. A few examples are creating or altering photos in a suggestive manner, continually sending the victim hateful messages, rallying a larger group of people to humiliate someone, and spreading false rumors in order to hurt or embarass the target.

Everyone reacts differently to harassment, but there are some classic warning signs that somehing is wrong. The victims of cyberbullying may:

• Become uncharacteristically withdrawn or antisocial
• Have trouble sleeping, or possibly have nightmares
• Avoid going online or using their cell phone
• Unexpectedly shut down a computer when others come near
• Ask questions about revenge, death, or suicide

At the first sign of any of these, or other unusual behavior, parents, teachers, and other responsible adults should take note and talk to the child. Catching these things early is a key to prevention. And if you come across any bullying, make sure to save any evidence (save emails, print the screen with chats, etc.).

Cyberbullying in the news.

In recent years there have been several high-profile stories in the press regarding cyberbullying. Not only do these stories bring to light the wide-ranging impact of cyberbullying and other forms of digital harassment, but they also illustrate that it’s not just teens bullying other teens. Here are a few examples:

• Adults targeting children in revenge schemes via Craigslist
• Online predators using an online game to find a victim
• Groups of kids and adults harassing an individual with tragic results, such as the MySpace suicide of Megan Meier

How do we stop cyberbullies?

Early detection of harassment is key, though it’s not always easy to find. Staying on top of your child’s internet and cell phone usage is one way to be in the loop. And don’t worry about keeping tabs: it’s not snooping or invading their privacy, it’s looking out for their well being!

We’ve come up with a short list of 5 cyberbullying prevention tips to help parents and their children stop cyberbullying in it’s tracks:

1. Report cyberbullies:

   As with any bully, make sure that your kids know that it’s not OK for this to happen to them. They should also tell a responsible adult: parents, teachers, etc. Parents and other adults should take the information seriously and should report any instance of harassment to the authorities (police, school administrators, etc.)

2. Education = prevention:

   Talk with your kids and let them know the ramifications of cyberbullying: fear, embarassment, and other negative reactions.

3. Consider a contract:

   There are plenty of examples of fair use contracts between parents and children online that have clear, concise rules of internet and cell phone usage. Find a few examples and discuss them with your kids so that they know what is expected of them and get a written promise of compliance.

4. Look for warning signs:

   Red flags that show up when a child is the victim of a cyberbully include (but aren’t limited to): being nervous when downloading emails or IM’s, becoming angry when online (or just after going offline), being uncharacteristically withdrawn from friends and family, the unexpected absence of any cell phone usage, and avoiding any time online.

5. Get informed, stay informed:

   Keep an open door policy with your kids so that they know they can come to you at any time to discuss problems that may arise both online and offline.

“What’s in a name? That which we call a rose
By any other name would smell as sweet.”

From “Romeo and Juliet“, by William Shakespeare

The creation of a username (or user ID) for any online service or account is often overlooked as a topic of internet safety. Although the username you create for your bank’s website may not be viewed by many people, your email, social network, and instant message (AKA “IM“) usernames will be viewed by dozens, hundreds, or maybe thousands of people (depending on your popularity online and/or the openness of the service).

When choosing a username it’s best to not take any chances. Crooks, predators, fraudsters, scammers… anyone with ill intentions might be able to wedge their way into your life to cause problems. There are 3 types of personal information found in many usernames that might be useful to the bad guys, which we’ll discuss below.

Note: In the sections below we use various usernames as examples. These are not intended to be the usernames of actual people, and any similarity is purely coincidental.

Age

This is especially important for children, as their usernames can be displayed to all kinds of unsavory characters online, from sexual predators to cyberbullys. When helping your child select a username for themselves, be careful not to reveal their age.

Here are some examples of age-defining usernames:

• Little15 Shows the age of the user.
• Bobby1997 The full year of the users birth.
• Kewl95Dude The partial year of the users birth.

Location

Area codes, city/county names, zip codes, phone prefixes… there are many ways to give a crook or scammer information on where you live. Remember the movie “You’ve Got Mail“? Tom Hanks’ character used his building number in his username (”NY152″). Rich guy, building in his username… there’s some quick and easy info for a baddie to pick up on. Don’t be that guy (or gal).

Here are some examples of location-defining usernames:

• Alice90210 The zip code of the user
• Derrick212 The area code of the user
• KingCoKyle The county of the user. (e.g. “King County”)

Gender

Whether you’re a man or a woman, it’s easier to identify people when you know more things about them. If, for example, someone wanted to cyber-stalk you, it would be easier to pick you out in a crowd if they could eliminate half of the group by only looking for one sex vs. the other.

Here are some examples of gender-defining usernames:

• LadyInRed
• MisterMan
• MrsHotPotato

A few things to note

We’re detailing suggestions, not absolutes. If you’re 87 years old and decide that HappyGramps87 is the username for you, then you’ll probably be fine since age is much more of an issue for children. And, of course, there are things that shouldn’t need to be said like putting things like your PIN or Social Security number in your username. Just use your best judgment and do what you think is right. And safe.

Social networks such as Facebook, Twitter, and MySpace are wonderful ways to connect with friends and family. Unfortunately they also provide excellent resources for online crooks to gain sensitive information via social engineering, a term synonymous with con games in the world of computer security. By learning what social networking is, you can protect yourself from would-be (virtual) attackers and keep your data safe.

What is “social engineering”?

Social engineering is a non-technical intrusion using human interaction (thus, the “social” in “social engineering”) to gain information which directly, or indirectly, leads to a scam of some kind. The information compromised can be of any variety: passwords, access to computers and/or networks, account information, or anything else that can lead to additional data, money, identity theft, hacked accounts, or other problems for the victims. It’s considered a safer and easier way to run a con since the scammer rarely has to be physically present in front of the victim, so the internet provides an excellent medium for these kinds of scams.

How does social engineering affect my social networking accounts?

Attempts to phish for information are notorious online, and you should learn how to protect yourself from phishers. Instant and direct messages, emails, chat… all forms of online communication have the potential to be tapped, spoofed, or intercepted. Whether it’s email, a social networking site, or something else, all it takes is one unsecure account and a bit of luck in order to gain access from hundreds, if not thousands, of other users. With access to one unsecured account, the scammer now has the trust of all of their friends and followers of the real account owner. The flood gates are now open for additional phishing attempts, data loss, and other forms of digital mischief.

Social engineering is very simple and very effective. The weakest link in any computer security scenario will always be a human, and social networks are chock full of them. With enough patience it’s only a matter of time before a scammer finds a victim.

How can I protect myself from being a victim?

The easiest way is to be skeptical of offers presented in emails, online, and over the phone. Social engineering attempts prey on every aspect of human behavior (greed, compassion, fear, love, etc.) and can even exploit outside events such as natural disasters and current news topics in order to extract information from the victim. Here are a few specific things you can do:

• Ensure the legitimacy of anyone claiming to be a representative of a company, government office, or organization.
• Never reveal personal information unless you are certain of their need for the information and that the information will be held in the strictest confidence.
• Keep your passwords and other account access data secure. No company or it’s representatives should ever ask for your password, no matter how convincing the story they give you.
• When entering sensitive information online, make sure you’re really on the website you think you are on. Read our “How to Spot a Fake Website” post to learn more.
• Never send sensitive and/or personal information via email or instant message to anyone, even friends and relatives. Spoofing emails and IM information is too easy.

If you come across a social engineering attempt, make sure to contact the service you used when the attempt occurred. Most social networking sites, companies, and organizations have a computer security team that handles these issues and you can help stop the spread of these attacks. Listed below are some resources for a few online services regarding safety, abuse, reporting, and/or support. To find out how to report on other sites, check their Help or Support links.

• StopSign: http://support.stopsign.com/
• Facebook: http://www.facebook.com/safety/
• Twitter: http://help.twitter.com/
• MySpace: http://www.myspace.com/index.cfm?fuseaction=cms.viewpage&placement=safety_pagehome
• Bebo: http://www.bebo.com/Safety.jsp
• Second Life: http://secondlife.com/policy/security/

We’re often asked “What is spyware?”, but the answer isn’t always cut and dry. In theory, spyware is any software installed on your computer, typically without your knowledge, which is used to track your computer usage, change your PC’s configuration without telling you, and/or display unwanted advertising. In practice, however, many types of software could be loosely defined as spyware without being malicious.

Spyware is computer software that can be customized to monitor anything you type, any website you go to, or any habits you have when you use your computer. Because of this, the inference is that any piece of software that monitors any aspect of your computing can be considered spyware if you take it to the extreme. However, some software by it’s very nature needs to monitor your computer usage, files opened, and software downloaded. Malware and other scam software packages aren’t likely to tell you about their installation, much less any changes they make to your system. Because there are so many rogue applications out there, you should evaluate any piece of software that you download and install in order to come to an informed decision of whether they are using the information gathered, and any system changes, for good or bad.

Symptoms of a computer with a spyware infection include, but are not limited to:

• Increased amounts of unwanted popups, generally for advertising purposes. These popups may also occur when you’re not surfing the web.
• Uncharacteristically slow computer response, especially when opening, closing, or saving files.
• A sudden, unintentional change in your browser’s homepage. This will often occur even after repeated attempts to reset your homepage back to your original one.
• New browser toolbars, desktop icons, bookmarks, or applications installed without your knowledge.
• A “hijacked browser” that takes you to websites other than those you typed into your address bar.

In some cases, however, you may experience no symptoms at all, especially if the spyware installed is only monitoring your usage and not actively directing you to websites or advertisements. That’s where some basic internet security comes in, by having antivirus, antispyware, and firewall software installed, updated, and running 24/7 to help protect you against the real spyware that’s out there.

Online fraud can come come in a variety of ways; forged emails from financial institutions, fake websites that look like a legitimate brand’s domain, and even in the form of instant messages. When a crook uses a computer to try to get you to reveal sensitive information to them it’s called “phishing”, and the really good phishers make it very difficult to tell the difference between them and the real thing.

Phishing is an example of social engineering, which is any social or interpersonal communication used for fraud of some kind. A phisher works by passing himself off as a legitimate source, often by mimicking a well-known source (a company, a friend, etc.). Under the pretense of being a trustworthy representative, the phisher crafts a message to potential victims that seems authoritative. And while most people won’t click through on these messages, a very small percentage of people is all that is necessary for the phisher to make money and/or wreak havoc.

It’s not just credit cards, bank accounts, and Social Security numbers that they’re seeking. They’ll take usernames, passwords, email addresses, URL history, cookie data… anything and everything that they can get their hands on that might get them closer to parting you and your money. We’re going to show you how to detect the 3 most common online frauds: email, fake websites, and instant messages.

Emails

Email is probably the most common method of phishing attempts. The price is right for spamming (basically free), and distribution of an email can go world-wide in a matter of minutes. A common tactic used by phishers to spread their “bait” is to write an email and use forged email addresses of major banks to inform you that there is a problem with your account. Another trick they employ is to tell you that you’ve won a prize. The safest thing is to not click on any link from an email that you aren’t 100% sure is from a real person or company. Also remember that no company should ever ask for the password to your account in an email! That’s a sure sign of a scam.

Fake websites

If the spam emails don’t ask you to reply back with your account data to “verify” you, they will usually have a link in the email that takes you to a website where you will be prompted enter this information. These phishing websites can look very convincing, too, especially since it’s quite easy to clone another website. Many major ecommerce websites such as PayPal, eBay, and Chase.com have been cloned into a fake website used for phishing purposes.

Fake websites come in a variety of forms, but they all usually have tell-tale signs of being a scam: using an IP address (http://127.0.0.1) vs. a regular domain name (http://example.com/), having a URL that isn’t on the actual domain (for example, http://blog.stopsign.example.com would not be our blog; but at first glance it looks like it), etc. For more information about fake websites, read our blog post on how to detect fake websites.

Instant messages

The scam methods used in IM’s are similar to those from emails. But instead of trying to get you to directly enter information, they usually just provide a link to a website that does all the dirty work for them. It’s best to ignore and/or block unknown users whenever they try to get to you.

Bonus tip: Alternate ways phishers try to catch you

As with most fraud schemes, phishing is a growing resource for crooks and it’s always changing. One alternate method phishers use to scam you is to use a real website to phish. In fact right around the time this post was being written, a Twitter phishing scam made it’s way around the Twitter using their Direct Message (DM) system and tweets, causing a lot of buzz about phishing on the immensely popular service (we even have a StopSign Blog Twitter account). You’ve got to be on your toes all the time to keep yourself safe, but with the tips we’ve written about, you should be able to recognize some of the more common scam methods.

A popular method used by phishers (scam artists who try to get you to reveal sensitive information like credit card numbers, bank accounts, etc.) to scam you is to hire a web developer to create a fake website to do all of the phisher’s dirty work. Because it’s relatively simple for a decent web developer to copy another website, it’s easy to be fooled with a fake website. These fake sites are even more convincing when you see the name of your bank or some other online service in the URL (commonly know as the internet address, or “website”); but there are simple ways to spot a fake website.

Common URL set ups

All HTTP URLs (i.e. your basic website) follow a common format:

http://domain.tld/

For example:

http://example.com/

The “domain” is the actual domain name (e.g. “example”) and the “tld“, or top level domain, is the “com” portion.

The actual domain and the tld (e.g. “.com”, “.net”, “.org”, etc.) will always be the last parts of the URL before the first single forward slash (”/”) or a question mark (”?”) in an internet address.

It’s important to note that a domain can have sub-domains before the “domain.tld“, such as our own http://blog.stopsign.com/, but only the real domain owners will be able to use the domain.tld format as described above to build/use their website.

Spotting a fake/scam website

Spotting a fake URL is as simple as looking for the domain.tld (in the right place) in the URL. If your bank is Chase, then you would expect to see http://www.chase.com; but if you saw http://www.chase.com.example.com/ then you know that you’re not really on chase.com; you’re on example.com.

Examples of valid example.com URLs:

• http://www.example.com/
• http://example.com/
• http://blog.example.com
• http://www.example.com/blog/
• http://www.example.com?string

Examples of invalid example.com URLs:

• http://www.example.fakeurlgoeshere.com/
• http://example.fakeurlgoeshere.com/
• http://www.example.com.fakeurlgoeshere.com?string

Did you see how all of the valid URLs have “example.com” before the first single forward slash and/or the first question mark? That’s the key to knowing what is real and what is a scam.

This month, October 2009, marks the 6th anniversary of National Cyber Security Awareness Month (NCSAM) in the United States, and President Obama has issued a presidential proclamation regarding this event. The use of technology has been a staple of the current administration’s public discussions, and online security concerns have been a part of the conversation from the beginning. President Obama spoke about the the need for securing the US cyber infrastructure during a speech in May of this year, noting:

America’s economic prosperity in the 21st century will depend on cybersecurity.

Clearly internet security will continue to be an important topic for American families, businesses, and government networks now and in the future. As part of the information campaign surrounding National Cyber Security Awareness Month, the Department of Homeland Security website lists 3 core practices they recommend, which include topics we discussed in our blog post regarding the basics of internet security:

• Install antivirus and antispyware programs and keep them up to date,
• Install a firewall and keep it properly configured, and
• Regularly install updates for your computer’s operating system.

There are many events planned for National Cyber Security Awareness Month on a national as well as a state level, and we encourage you to attend and/or view them online and use that information as a base to evaluate your current cyber security level and update if necessary. For more information on National Cyber Security Awareness Month or government recommendations on cyber security, please visit StaySafeOnline.org.

Why do I need internet security software?

In a world where nearly 25% of the world’s population actively uses the internet (including over 74% of North America), it shouldn’t even be a question that you need to protect yourself from online predators with a suite of internet security software. In order to illustrate why, we’ve come up with a few examples. This article touches on a few key areas that can be easily remedied with software so that you don’t even have to think about what you need to do to stay safe: you’re just protected.

Viruses, spyware, and hackers, oh my!

Facts are facts: there are a lot of bad people out there who like to write computer viruses, worms, rootkits, and all manner of malware. Computer viruses have plagued users and administrators since as early as 1971, and there’s no sign of a slow down.

Antispyware and antivirus software are key components to keeping unwanted spyware and problem-causing viruses off of your computer and/or network. Using automated threat scanning, antispyware and antivirus software seek and destroy anything that isn’t welcome, which leaves you free to run your computer worry-free.

Don’t you want to keep your private data private?

According to the Social Security Administration, identity theft is one of the fastest growing crimes in America, making it a very real, very serious problem. Many of the methods used to steal personal information are offline, but since spyware tracks your computer usage and can even be written to send data back “home” to the person or group who created the spyware in the first place, making a leap to the digital world isn’t that difficult for crooks.

In the current world economy hackers and crackers around the globe are feeling a pinch in their pocketbooks just like everybody else, so they are devising crafty new ways to separate you from your private, personal information and your hard-earned money. If you do your taxes on your computer, keep a file with passwords stored on it, or have anything else that may contain sensitive information, it is completely possible that a spyware application can find or sniff out that information and relay it to the hacker.

But what if I’ve never had a virus (or spyware, etc.) before?

Unfortunately the reality is that even if you’ve never had to deal with malware in the past, the longer you use your computer and the internet it’s only a matter of time before you become infected with a virus or some spyware if you are running your computer without some kind of protection. Why take chances when there’s a simple, safe, and inexpensive solution?

It’s better to be safe than sorry, so we recommend that you install, use, and keep updated, an internet security software package like our own (cue the shameless plug) StopSign Internet Security software.

Windows 7, Microsoft’s newest operating system, is set for release on October 22nd, 2009, and we are proud to announce that StopSign® Internet Security is now compatible with Windows 7. (With a month to spare!) Our software development teams have been working overtime to ensure that our loyal customers who upgrade, or buy a new PC with Windows 7, can rest assured that they will be able to use StopSign immediately.

For all the good that the internet brings to us, it can also be a dangerous place if you’re not careful. Identity theft, burglars reading blogs, and many other issues can catch you in their web if you’re not careful. Because of this we have a few suggestions to help keep you and your family safe both off- and online.

Keep Personal Information Private

It’s easy to reveal too much information on social networking sites like Facebook, Twitter, and MySpace. These sites usually have online forms where you can input your email, phone number, and even home address. Keeping spam out of your inbox is one thing, but with today’s sophisticated criminals and increased use of the internet by organized crime, you have to be careful with your home and family information.

Remember that anywhere you publish your home address might provide an opportunity for a burglar looking to case a neighborhood to find his or her next victim. Just as you wouldn’t put your Social Security number anywhere for the general public to see, keep as much personal information under wraps as possible: home address, work address, home phone number, etc.

Watch Those Pictures and Videos

Sharing pictures and videos with family and friends is great, especially with the ease of use that most gizmos and gadgets have today; but be careful not to let anything personally identifiable leak out accidentally. Pictures of your home are fine, but make sure that nothing that can identify you or your family is visible. For example, anything like a street sign near your home or the name of the school that your kids attend can be dangerous to post since they can be used to track you down in real life. The same goes for your cars. Even news and entertainment shows blur out license plates for the sake of privacy and security. If your pictures have any elements like that, it’s a good idea to cut- or blur-out those things.

Don’t worry though, because you’re not going to have to spend a lot of cash to buy a photo editing software package like Photoshop (a wonderful, albeit expensive, piece of software). If you don’t have photo-editing software, you can find plenty of free online tools that let you blur, clip, or pixelate pictures without emptying your wallet. A few good ones are Pixlr and Picnik.

Don’t Reveal Too Much

Be sure not to give away too many details about your daily activities. Most people have a general pattern they follow day-to-day as they go to school or work, and criminals can use that information to their advantage. If you post info online about going on vacation, a ball game, or even the grocery store, then those who might use that information against you could be given a perfect opportunity to slide in when you step out. Instead, try posting your activities after the fact, with the added benefit of being able to show pictures of the fun you had (keeping in mind the photo safety tips above).

One Last Thing…

Don’t get us wrong.. it’s not like posting a picture online is going to immediately ruin your life. Well, not any family-friendly photos, at least. Some of the examples given may seem extreme, but they happen, and you need to be aware of them. But like with most things in life, it’s better to be safe than sorry. Exercising a little extra caution before clicking that “submit” button can help curb any potential hazards and keep you and your information safe.