StopSign Internet Security Blog

There’s a threat lurking on your computer right now. A presence so fraught with security holes that to expose it to any malicious element on the Internet would likely result in things such as identity theft, spyware, hacked accounts, and worse. What’s this problem? The problem, my friend, is you.

“Only amateurs attack machines; professionals target people.” Bruce Schneier (computer security expert)

So you’re a danger to yourself and others around you when it comes to Internet security… don’t feel bad. We’re all guilty of it. As humans, we’re notoriously good at being bad: we forget to pick up the milk even though our significant other reminded us, we skip a meal and eat way too much later that night, and we certainly get complacent when it comes to Internet security. And that last thing, that’s what we’re talking about. You can deal with your SO and your doctor on those first two. :)

We’ve talked about social engineering before, which is an easy way for hackers and phishers to get information out of you. Instead of breaking into your computer they attempt to break into you, using emails, instant messages, and in some cases even phones or talking to you in real life (both of which are much more rare, but still possible). Once they have gained your trust they begin to break down walls and get at what they really want: your sensitive information. Passwords, account numbers, access codes… anything they can get their hands on that might prove valuable.

In order to stop these people from breaking into your life, you have to train yourself to jog your brain out of complacency when it comes to Internet security. Three of the easiest ways to lock out the bad guys are:

1. Strong passwords:

   Maybe we’re sounding like a broken record here, but a good password is one of the easiest, and best, deterrents to attacks ranging from account privacy to identity theft. Build yourself a better password.

2. Trust but verify:

   We’re not suggesting that you live your Internet life in a bubble, just use the same precautions you’d use in the real world. Use some of the tips we wrote in our blog post “5 Simple Tips to Staying Secure Online” and that should cover your bases.

3. Lock down accounts:

   Your privacy is one of your most important assets online. For every service you use, from your bank to Facebook, make sure that you understand how their security and privacy policies affect you and lock down information such as your physical address and home phone number so that only people you want contacting you can do so.

Reducing the amount of information publicly available about you and keeping up with a few easy Internet security tips will go a long way to keeping you safe… from yourself. :)

Keep on the lookout for a scam regarding the Verified by Visa program; a legitimate security layer set up to provide increased protection for your data for online purchases. Internet scam artists are sending out spam linking to fake versions of the program that do nothing to protect you.

The Verified by Visa program is part of the 3-D Secure protocol (developed by Visa), with similar programs adopted by Mastercard (SecureCode) and JCB (J/Secure). These programs provide an additional authentication step (i.e. a password request) for your online purchases through participating Internet retailers. This added step is set up to help ensure your identity at the time of purchase. Here’s the official word from Visa:

In addition to our other ways of preventing, detecting, and resolving fraud, we offer Verified by Visa, a free, simple-to-use service that confirms your identity with an extra password when you make an online transaction.

Phishers are casting their lines and looking for new victims. The bait they’re using is usually an email that looks like the real deal, but ultimately leads to a scam website that tries to get you to submit your credit card number and other information under the guise of the Verified by Visa program. Luckily we’ve got three suggestions for you to protect yourself from getting caught by this scam:

1. Scrutinize your email:

   Most phishing attempts start with an official-looking email that requests you to join. However, Visa isn’t sending out emails to customers in order to get them to sign up. The usual way you’d get the Verified by Visa sign up option is through a participating retailer as you begin the checkout process on their website. If you receive one of these emails, call your Visa provider and ask them to verify if the email is legit. Chances are it’s not.

2. Watch where you’re surfing:

   If you do happen to click on the link from your email, be careful. Phishers and other scam artists are great at copying real websites and making their scam version look legitimate. Check the URL, or web address, that you’re on to make sure you’re on the real site. See our blog post entitled “How to Spot a Fake Website” for more information.

   Download StopSign Internet Security software and become a member today. StopSign includes antivirus & antispyware, firewall, and more to help protect you online.
   
   
3. Go to the source:

   If you’re interested in signing up for the program or learning more about it, visit the official Verified by Visa FAQ.

As always, be wary of emails in your inbox asking you to sign up for anything or giving you a link to click on to enter any of your information.

As parents, the topic of Internet safety isn’t always one that’s always easy to navigate, but it’s certainly one of the most important things to integrate into our lives. For many of us, computers and the Internet aren’t things that were ever-present while growing up; at least not like they are today. These days it seems like every kid in Kindergarten knows how to access the web, and most teens have some kind of Facebook or MySpace account.

Because it’s tough to know where to start, we’ve got a few suggestions to help make the process of making the Internet a safe place to visit (at least in your home) an easier task. While this is by no means an exhaustive list, it’s a good starting point to use or modify to fit the needs of your family.

• Keep Internet-enabled computers out in the open:

  Allowing a computer to be used in private isn’t necessarily a bad thing, but it’s not necessarily a good thing, either. Whether or not your kids are viewing inappropriate websites or their chat/email conversations are getting out of hand, keeping computers in an open space allows you to periodically check up on your children to make sure they’re handling the responsibility of Internet usage properly.

  We suggest that you keep any computers that can access the Internet to be in plain view of everyone. Bringing a laptop to the kitchen table, setting up a desk in the living room, or anything else that will keep the screen of the computer easily visible are all good starts.

• Set times limits for casual Internet usage:

  It’s a good idea to set time limits for children to be able to check their email, IM with friends, or update their Facebook pages. Time limits ensure that your kids get to have a bit of fun, but not get so wrapped up in the Internet that things like homework or family time get pushed aside.

  Whether you set up limits on daily usage (e.g. no more than 2 hours per day), or whether you set up a specific block of time (e.g. between 7:00PM and 9:00PM), a schedule helps everyone understand when the appropriate time to surf the web is, and to schedule other events around it. It also ensures that you know when you’ll be able to check your Facebook page, too. :)

• Verify browser settings and check their history:

  Setting up an appropriate browsing environment is especially important for younger children, but even teens and young adults can benefit from some added safety settings. Make sure that the security settings on your browser aren’t set too low, making it easier for malicious software (“malware”) to get onto your computer. Also make sure that the browser history is left intact so that you can periodically review where your kids have been browsing.

• Know who your kids are chatting with online:

  Just like you want to know who your kids are friends with in real life, the same should go for their online friends. Who they are and what they talk about are important pieces of information for a parent to know.

  More than likely their friends are other family members or kids from school, but the Internet is a big place, and not everyone is who they say they are. Things to check for should include sending photos of themselves to strangers, arranging to meet anyone they don’t know in real life, and inappropriate chat/email conversations.

• Talk to your kids about Internet safety:

  Above all, make sure that you sit down and talk with your kids about Internet safety, your expectations, and what is appropriate and inappropriate for your kids and your family to view or search for online. Curiosity or accidentally clicking on a bad link are one thing, but actively searching for illicit materials or engaging in dangerous or inappropriate behaviors are another. Set firm boundaries so that there are no questions regarding what’s OK and what’s not OK.

If you have any additional tips or suggestions, or even how you’ve set up a safe Internet environment in your home, we’d love to hear from you. Just leave us a comment below and share your story.

botnet (bot·net) noun A collection of software robots that’s normally associated with malicious software. Botnets are notorious for being platforms for spam distribution.

The term botnet can refer to any group of software “robots” and normally consists of a collection of compromised (“zombie”) computers running the botnet software. In most cases the PCs running the botnet software are turned into zombie computers unknowingly, usually through drive-by downloads (software that is downloaded and automatically installed through exploited browser vulnerabilities, or by software worms, Trojan horses, or other malware). Botnets are usually controlled remotely by a botmaster using a central command-and-control interface on his or her computer.

A really good botnet can be installed on a user’s machine and never arouse any suspicion to the user through normal means of detection such as computer performance slowdowns, increased bandwidth usage, pop-ups, etc. It’s possible that a PC can be the unknowing accomplice to a number of blackhat operations, including:

• Spam:

  By utilizing it’s network of zombie computers, a botnet can be a powerful spam distribution platform. Millions of spam emails are sent out by botnets every day.

• DDoS:

  With enough infected computers, issuing a Distributed Denial of Service Attack (flooding a website with enough bogus traffic to bring it down) can easily be done with a botnet.

• Spreading malware:

  A zombie PC in a botnet can also be set up to not only self-propagate onto other unsuspecting computers, but it can also be a delivery system for other forms of malware, too. (viruses, spyware, Trojans, etc.)

• Information collection:

  Sometimes the only job of the zombies in a botnet is to collect information about the human host: what they click on, who they email, their passwords, etc.