StopSign Internet Security Blog

We’re often asked “What is spyware?”, but the answer isn’t always cut and dry. In theory, spyware is any software installed on your computer, typically without your knowledge, which is used to track your computer usage, change your PC’s configuration without telling you, and/or display unwanted advertising. In practice, however, many types of software could be loosely defined as spyware without being malicious.

Spyware is computer software that can be customized to monitor anything you type, any web site you go to, or any habits you have when you use your computer. Because of this, the inference is that any piece of software that monitors any aspect of your computing can be considered spyware if you take it to the extreme. However, some software by it’s very nature needs to monitor your computer usage, files opened, and software downloaded. Malware and other scam software packages aren’t likely to tell you about their installation, much less any changes they make to your system. Because there are so many rogue applications out there, you should evaluate any piece of software that you download and install in order to come to an informed decision of whether they are using the information gathered, and any system changes, for good or bad.

Symptoms of a computer with a spyware infection include, but are not limited to:

• Increased amounts of unwanted popups, generally for advertising purposes. These popups may also occur when you’re not surfing the web.
• Uncharacteristically slow computer response, especially when opening, closing, or saving files.
• A sudden, unintentional change in your browser’s homepage. This will often occur even after repeated attempts to reset your homepage back to your original one.
• New browser toolbars, desktop icons, bookmarks, or applications installed without your knowledge.
• A “hijacked browser” that takes you to web sites other than those you typed into your address bar.

In some cases, however, you may experience no symptoms at all, especially if the spyware installed is only monitoring your usage and not actively directing you to web sites or advertisements. That’s where some basic Internet security comes in, by having antivirus, antispyware, and firewall software installed, updated, and running 24/7 to help protect you against the real spyware that’s out there.

Online fraud can come come in a variety of ways; forged emails from financial institutions, fake websites that look like a legitimate brand’s domain, and even in the form of instant messages. When a crook uses a computer to try to get you to reveal sensitive information to them it’s called “phishing”, and the really good phishers make it very difficult to tell the difference between them and the real thing.

Phishing is an example of social engineering, which is any social or interpersonal communication used for fraud of some kind. A phisher works by passing himself off as a legitimate source, often by mimicking a well-known source (a company, a friend, etc.). Under the pretense of being a trustworthy representative, the phisher crafts a message to potential victims that seems authoritative. And while most people won’t click through on these messages, a very small percentage of people is all that is necessary for the phisher to make money and/or wreak havoc.

It’s not just credit cards, bank accounts, and Social Security numbers that they’re seeking. They’ll take usernames, passwords, email addresses, URL history, cookie data… anything and everything that they can get their hands on that might get them closer to parting you and your money. We’re going to show you how to detect the 3 most common online frauds: email, fake websites, and instant messages.

Emails

Email is probably the most common method of phishing attempts. The price is right for spamming (basically free), and distribution of an email can go world-wide in a matter of minutes. A common tactic used by phishers to spread their “bait” is to write an email and use forged email addresses of major banks to inform you that there is a problem with your account. Another trick they employ is to tell you that you’ve won a prize. The safest thing is to not click on any link from an email that you aren’t 100% sure is from a real person or company. Also remember that no company should ever ask for the password to your account in an email! That’s a sure sign of a scam.

Fake websites

If the spam emails don’t ask you to reply back with your account data to “verify” you, they will usually have a link in the email that takes you to a website where you will be prompted enter this information. These phishing websites can look very convincing, too, especially since it’s quite easy to clone another website. Many major ecommerce websites such as PayPal, eBay, and Chase.com have been cloned into a fake website used for phishing purposes.

Fake websites come in a variety of forms, but they all usually have tell-tale signs of being a scam: using an IP address (http://127.0.0.1) vs. a regular domain name (http://example.com/), having a URL that isn’t on the actual domain (for example, http://blog.stopsign.example.com would not be our blog; but at first glance it looks like it), etc. For more information about fake websites, read our blog post on how to detect fake websites.

Instant messages

The scam methods used in IM’s are similar to those from emails. But instead of trying to get you to directly enter information, they usually just provide a link to a website that does all the dirty work for them. It’s best to ignore and/or block unknown users whenever they try to get to you.

Bonus tip: Alternate ways phishers try to catch you

As with most fraud schemes, phishing is a growing resource for crooks and it’s always changing. One alternate method phishers use to scam you is to use a real website to phish. In fact right around the time this post was being written, a Twitter phishing scam made it’s way around the Twitter using their Direct Message (DM) system and tweets, causing a lot of buzz about phishing on the immensely popular service (we even have a StopSign Blog Twitter account). You’ve got to be on your toes all the time to keep yourself safe, but with the tips we’ve written about, you should be able to recognize some of the more common scam methods.

A popular method used by phishers (scam artists who try to get you to reveal sensitive information like credit card numbers, bank accounts, etc.) to scam you is to hire a web developer to create a fake web site to do all of the phisher’s dirty work. Because it’s relatively simple for a decent web developer to copy another web site, it’s easy to be fooled with a fake web site. These fake sites are even more convincing when you see the name of your bank or some other online service in the URL (commonly know as the Internet address, or “web site”); but there are simple ways to spot a fake web site.

Common URL set ups

All HTTP URLs (i.e. your basic web site) follow a common format:

http://domain.tld/

For example:

http://example.com/

The “domain” is the actual domain name (e.g. “example”) and the “tld“, or top level domain, is the “com” portion.

The actual domain and the tld (e.g. “.com”, “.net”, “.org”, etc.) will always be the last parts of the URL before the first single forward slash (“/”) or a question mark (“?”) in an Internet address.

It’s important to note that a domain can have sub-domains before the “domain.tld“, such as our own http://blog.stopsign.com/, but only the real domain owners will be able to use the domain.tld format as described above to build/use their web site.

Spotting a fake/scam web site

Spotting a fake URL is as simple as looking for the domain.tld (in the right place) in the URL. If your bank is Chase, then you would expect to see http://www.chase.com; but if you saw http://www.chase.com.example.com/ then you know that you’re not really on chase.com; you’re on example.com.

Examples of valid example.com URLs:

• http://www.example.com/
• http://example.com/
• http://blog.example.com
• http://www.example.com/blog/
• http://www.example.com?string

Examples of invalid example.com URLs:

• http://www.example.fakeurlgoeshere.com/
• http://example.fakeurlgoeshere.com/
• http://www.example.com.fakeurlgoeshere.com?string

Did you see how all of the valid URLs have “example.com” before the first single forward slash and/or the first question mark? That’s the key to knowing what is real and what is a scam.

This month, October 2009, marks the 6th anniversary of National Cyber Security Awareness Month (NCSAM) in the United States, and President Obama has issued a presidential proclamation regarding this event. The use of technology has been a staple of the current administration’s public discussions, and online security concerns have been a part of the conversation from the beginning. President Obama spoke about the the need for securing the US cyber infrastructure during a speech in May of this year, noting:

America’s economic prosperity in the 21st century will depend on cybersecurity.

Clearly internet security will continue to be an important topic for American families, businesses, and government networks now and in the future. As part of the information campaign surrounding National Cyber Security Awareness Month, the Department of Homeland Security website lists 3 core practices they recommend, which include topics we discussed in our blog post regarding the basics of Internet security:

• Install antivirus and antispyware programs and keep them up to date,
• Install a firewall and keep it properly configured, and
• Regularly install updates for your computer’s operating system.

There are many events planned for National Cyber Security Awareness Month on a national as well as a state level, and we encourage you to attend and/or view them online and use that information as a base to evaluate your current cyber security level and update if necessary. For more information on National Cyber Security Awareness Month or government recommendations on cyber security, please visit StaySafeOnline.org.