In my last message, I talked about the problem of adware and keystroke tracking programs infesting your computer.  These programs make it possible for someone to steal information about you or to direct you to sites that they want you to see instead of allowing you to go to the sites you wanted to go to.  As well as stealing information about you, these programs also make money for their originators.  Each time you click one of these URLs, the program’s owner gets paid a small amount of money.  So you definitely want to make sure that you get rid of all adware and keystroke tracking programs on your computer as even inadvertently clicking on the URL will only encourage the practice.

Internet Problems (Part 2)

This week I’ll talk about the problem of phishing emails that spoof a bank, credit card company, department store or Internet e-tailer.  While these emails have legitimate looking logos and pictures, in reality, they will take you to sites that only look like they are legitimate.  The phisher’s page will look just like a legitimate website.  It will show logos and other displays stolen from the real site to mimic the website they are faking.  But, it was set up specifically to steal information from you.

How do they do it?  Through the URLs they use.

URLs stand for clickable text called Uniform Resource Locators and when you type in or click on the URL, you are actually telling the computer to use that name to look up a number in one of many databases around the world.  This number is an address to a specific computer connected to the Internet.  Every computer connected to the Internet, including yours, has an IP address.  Websites, mail servers and other devices connected to the Internet all have IP addresses.  With the exception of some very special addresses, the URL that you click on can be traced to a specific web hosting service.  The difference between a website’s IP address and yours is that your IP address will change every day or so.  If you are on dial-up service, you will have a different IP address every time you log on to the service.

Spammers and spoofers will use phishing emails that contain URL shortcuts.  They read one address but send you to a different web site.  For example, I can have the URL shortcut http://www.google.com which looks like it should take you to the Google Search Engine.  If you click on that URL, it will actually take you to the search engine on yahoo.com which is a competing company.  The malicious website will display an IP address in the form of http://64.26.22.66/creditcardcompany/passwordupdate.html.  Even though it may seem you are confirming your information or changing your password, the information you provide may be used to steal your money or identity.  Be especially suspicious of these sites that do not display a name, only an IP address as the first part of the address, they definitely have something to hide.

The phishers can use this information to order items from an Internet e-tailer.  Or, they could request a new credit card or other credit line that will not be sent to your address but to a dead letter address.  You will not know that this account exists until the credit card company or credit service tracks you down to your real address and starts dunning you.

These sham web sites can be created, changed or moved in a moment.

• Install a good spam blocker.  Free programs from the Internet don’t help.  They could even make the problem worse.
• Purchase a program from a legitimate source.
• Don’t depend on your Internet service provider to provide spam blocking and/or phishing protection.
• Don’t use URLs from any emails from businesses that end up in your inbox.  You can’t trust that the website you’re directed to by these URLS is safe for your personal information.
• Manually type in all URL addresses, don’t use ones contained in emails.
• Make sure that the site has the security feature that protects your information from being viewed by someone who shouldn’t be able to see it. If the address bar starts with “https://” instead of “http://”, you can assume that it’s safe.

If you want to check on the legitimacy of an email, you can contact the bank via another means to verify that it is a valid communication.  Don’t just assume it is valid.  Check it out first.

My next newsletter will talk about Firewalls.  How they protect you, why you need one and how to get one.  If you have Windows XP, you already have one and it may need to be configured.

Do you have a suggestion for the subject of a newsletter?  Do you have questions you’d like answered?  Just let me know.   And if you’d like to forward these newsletters on to friends or colleagues, please feel free to do so.