Internet Safety

Ok, it is not strictly HGPG related, but you are obviously reading this on the internet, so might need some advice to keep you safe:

Never believe anything you read just because you read it on the Internet

examples

Just like you shouldn't believe everything you read in the papers. Any idiot can put a web page up.

Never trust an email you receive

It is very easy to fake the from address of an email. For example, a common virus might send emails to you from webmaster@wessexhgpg.org.uk. Looks OK you might think, but "webmaster" is just a common email address so it can be pretty sure that it will work with most domain names. Because we are aware of this problem we have never used "webmaster".

Here's one I received supposedly from Paypal:

You have received this email because we have strong reasons to believe that your PayPal account has been recently compromised. In order to prevent any fraudulent activity from occurring we are required to open an investigation into this matter. To speed up this process, you are required to verify your PayPal account by following the link below.

http://www.paypal.com.page-onlineinformation.info

(To complete the verification process you must fill in all the required
fields)

....

Oh, yes, so you can transfer all the money out of my account!

Straight away I can see that the actual link is to a domain called www.page-onlineinformation.info (the paypal bit at the front is just a sub-domain off it. ) If I allowed my emails to be viewed as html, I probably wouldn't spot that.

Also, if I check the email header (View menu,Options in Outlook), it will tell me the path the email took:

Return-Path: <service@paypal.com>
Delivered-To: lbesoftware-mail@lbesoftware.com
Received: (qmail 4954 invoked by uid 68); 3 Dec 2005 09:39:01 -0000
Delivered-To: lbesoftware-support@lbesoftware.com
Received: (qmail 4951 invoked by uid 1024); 3 Dec 2005 09:39:01 -0000
Received: from service@paypal.com by server28.donhost.co.uk by uid 1002 with qmail-scanner-1.22
( Clear:RC:0(64.12.138.10):.
Processed in 0.047389 secs); 03 Dec 2005 09:39:01 -0000
Received: from unknown (HELO rly-ip06.mx.aol.com) (64.12.138.10)
by 192.168.147.22 with SMTP; 3 Dec 2005 09:39:01 -0000
Received: from smtp-frr04.proxy.aol.com (smtp-frr04.proxy.aol.com [195.93.61.82])
by rly-ip06.mx.aol.com (8.12.11/8.12.11) with ESMTP id jB39clY2025252;
Sat, 3 Dec 2005 04:38:48 -0500
Received: from paypal.com (ACB4B33E.ipt.aol.com [172.180.179.62])
by smtp-frr04.proxy.aol.com (8.12.11/8.12.11) with ESMTP id jB39cedV023481;
Sat, 3 Dec 2005 04:38:41 -0500
Message-Id: <200512030938.jB39cedV023481@smtp-frr04.proxy.aol.com>
From: PayPal <service@paypal.com>
Subject: *Important Security Notice
Date: Sat, 03 Dec 2005 03:38:11 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
X-Scanned-By: MIMEDefang 2.43

The important bit is highlighted. It says "Received: from paypal.com " but the machine name "(ACB4B33E.ipt.aol.com" is definitely someone on AOL. Even if they take the trouble to spoof the machinename, I can reverse lookup the IP adddress "172.180.179.62" and it won't be a Paypal domain.

Don't send virus or scam warnings

Here are some typical ones:

"You receive a missed call on your mobile... If you call back it costs you £50 per minute..."

"A little girl in bolivia is trying to beat the Guiness book of records for the most postcards received..."

"Microsoft will pay 5cents to everyone who sends this email on..."

"Please pass this onto all your friends..."

In 99.99% of the time, these are hoaxes. By passing them on all you are doing is being conned and adding to the static on the Internet. In most cases, all you have to do is go to www.google.com and enter a few pertinent words from message to see that it is a hoax.

Never click on a link in an email

It is very easy (especially if your email client is set to show html mail) to present a link that looks OK, but actually takes you to another site. So e.g. your bank sends you an email, asking you to click on a link, you get there, enter your banking username and password and pretty soon you find your money gone. Always type an address into the browser yourself unless you are absolutely sure it is not somewhere that will get you to divulge personal information.

Never open an attached file

Unless you are ABSOLUTELY sure you know the sender AND what the file is. Be especially wary if the file is in an attached zip and they send you a password to open the zip. Often virus writers put their virus in an encrypted zip so that virus scanners can't see it.

Don't install freebies from the net

Screen savers, animated cursors, basically any eye-candy which purports to be free usually contains spyware (see below) or worse.

There is lots of good free stuff on the Internet, but you must do a search on www.google.com just to be sure it isn't going to screw you.

Install Anti-virus, a Firewall and anti-spyware

It is reckoned that on average, an unprotected PC attached to the Internet will be compromised within 12 minutes.

Main threats:

Trojans: Allows a remote user to take control of your machine. Lists of compromised machines are sold to spammers who use them to do their mailing for them.

Viruses: Designed to damage your computer in some way, delete files, steal sensitive information, change your dial-up connection to a premium rate number, etc.

Key loggers: Record keystrokes in order to capture banking passwords etc.

Spyware: Tracks where you visit on the web. Might include a key logger or trojans

It needn't cost you anything to keep protected. Some free products are:

Avast Antivirus

AVG antivirus

Clam Antivirus

Zonelabs firewall

Spybot Search and Destroy spyware removal

Ccleaner - CCleaner is a system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space.

Mailwasher anti-spam. Trojans and viruses often come via spam emails.

Make sure you switch on the automatic updates!

Consider whether you really need a computer

A computer brings a lot of benefits, but some security risks. Like flying, you need to consider the risks/rewards ratio.

If you are not technically competent or interested in keeping safe, perhaps you should use a friend's computer or an internet cafe, or the one in the library instead?