What is spyware?

What is spyware?

Whether it’s at a party with friends or on a phone call with one of our members, we’re often asked “What is spyware?“, but the answer isn’t always cut and dry. In theory, spyware is any software installed on your computer, typically without your knowledge, which is used to track your computer usage, change your PC’s configuration without telling you, and/or display unwanted advertising. Think of it like a digital spy camera, but instead of taking a picture of you, it’s taking snapshots of what you’re doing on your computer. In practice, however, many types of software could be loosely defined as spyware without being malicious. This makes keeping up with what is, and isn’t, spyware all the more difficult.

What we can all agree on is that spyware is computer software that’s more often than not set-up to monitor any activity on your PC, including (but not limited to) what you type, any websites you visit, or any habits you have when you use your computer. Because of this, the inference is that any piece of software that monitors any aspect of your computing can be considered spyware if you take it to the extreme. However, some software by it’s very nature needs to monitor your computer usage, files opened, and software downloaded. Malware and other scam software packages aren’t likely to tell you they’re installing themselves onto your system, much less tell you about any changes they make to your computer. And because there are so many rogue spyware applications out there you should evaluate any piece of software that you download (and ideally before you install) to have an informed decision regarding whether the software is using the information gathered, and any system changes, for good or bad.

Symptoms of a computer with a spyware infection include, but aren’t limited to:

  • An increase in unwanted popups, generally for advertising purposes. These popups may also occur when you’re not surfing the web, visiting Facebook, or streaming movies.
  • If your PC has become uncharacteristically slow, especially when opening, closing, or saving files, you may have a spyware infection. (Of course, a really old or un-optimized computer may act the same way)
  • A sudden, unintentional change in your browser’s homepage is a classic sign of spyware infection, especially if you’ve repeatedly attempted to reset your homepage back to your original settings.
  • New browser toolbars, desktop icons, bookmarks, or applications installed without your knowledge also herald the arrival of spyware onto your system.
  • A “hijacked browser” that takes you to web sites different from what you typed into your address bar is another classic example of things spyware will do.

In some cases, however, you may experience no symptoms at all, especially if the spyware installed is only monitoring your usage and not actively directing you to web sites or advertisements. That’s where some basic Internet security comes in, by having antivirus, antispyware, and firewall software installed, updated, and running 24/7 to help protect you against the real spyware that’s out there.

Image courtesy of x1brett

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

The 411 On How to Prevent Phishing.

Online fraud can come come in a variety of ways; forged emails from financial institutions, fake websites that look like a legitimate brand’s domain, and even in the form of instant messages. When a crook uses a computer to try to get you to reveal sensitive information to them it’s called “phishing”, and the really good phishers make it very difficult to tell the difference between them and the real thing.

Phishing is an example of social engineering, which is any social or interpersonal communication used for fraud of some kind. A phisher works by passing himself off as a legitimate source, often by mimicking a well-known source (a company, a friend, etc.). Under the pretense of being a trustworthy representative, the phisher crafts a message to potential victims that seems authoritative. And while most people won’t click through on these messages, a very small percentage of people is all that is necessary for the phisher to make money and/or wreak havoc.

It’s not just credit cards, bank accounts, and Social Security numbers that they’re seeking. They’ll take usernames, passwords, email addresses, URL history, cookie data… anything and everything that they can get their hands on that might get them closer to parting you and your money. We’re going to show you how to detect the 3 most common online frauds: email, fake websites, and instant messages.

Emails

Email is probably the most common method of phishing attempts. The price is right for spamming (basically free), and distribution of an email can go world-wide in a matter of minutes. A common tactic used by phishers to spread their “bait” is to write an email and use forged email addresses of major banks to inform you that there is a problem with your account. Another trick they employ is to tell you that you’ve won a prize. The safest thing is to not click on any link from an email that you aren’t 100% sure is from a real person or company. Also remember that no company should ever ask for the password to your account in an email! That’s a sure sign of a scam.

Fake websites

If the spam emails don’t ask you to reply back with your account data to “verify” you, they will usually have a link in the email that takes you to a website where you will be prompted enter this information. These phishing websites can look very convincing, too, especially since it’s quite easy to clone another website. Many major ecommerce websites such as PayPal, eBay, and Chase.com have been cloned into a fake website used for phishing purposes.

Fake websites come in a variety of forms, but they all usually have tell-tale signs of being a scam: using an IP address (http://127.0.0.1) vs. a regular domain name (http://example.com/), having a URL that isn’t on the actual domain (for example, http://blog.stopsign.example.com would not be our blog; but at first glance it looks like it), etc. For more information about fake websites, read our blog post on how to detect fake websites.

Instant messages

The scam methods used in IM’s are similar to those from emails. But instead of trying to get you to directly enter information, they usually just provide a link to a website that does all the dirty work for them. It’s best to ignore and/or block unknown users whenever they try to get to you.

Bonus tip: Alternate ways phishers try to catch you

As with most fraud schemes, phishing is a growing resource for crooks and it’s always changing. One alternate method phishers use to scam you is to use a real website to phish. In fact right around the time this post was being written, a Twitter phishing scam made it’s way around the Twitter using their Direct Message (DM) system and tweets, causing a lot of buzz about phishing on the immensely popular service (we even have a StopSign Blog Twitter account). You’ve got to be on your toes all the time to keep yourself safe, but with the tips we’ve written about, you should be able to recognize some of the more common scam methods.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

How to Spot a Fake Website

How to Spot a Fake Website

Have you ever been surfing the web and seen something that warns you that an account of yours, like your bank, has been hacked? Or maybe you were checking your email when you see a message from a department store you shop at that warns you of changes to your account that you need to verify?

These are just a few examples of the kinds of trickery a phisher (scam artists who try to get you to reveal sensitive information like credit card numbers, bank accounts, etc.) will use to get your sensitive, personally identifiable data from you. And they’re great at it.

One of the more popular method used by phishers to scam you is to hire a web developer to create a fake web site to do all of the phisher’s dirty work. Because it’s relatively simple for a decent web developer to copy another web site, it’s very easy to be fooled with a fake web site if you don’t know what to look out for. These fake sites are even more convincing when you see the name of your bank or some other online service in the URL (commonly know as the Internet address, or “web site”); but there are simple ways to spot a fake web site.

Common URL set ups

All HTTP URLs (i.e. your basic web site) follow a common format:

http://domain.tld/

For example:

http://example.com/

The “domain” is the actual domain name (e.g. “example”) and the “tld“, or top level domain, is the “com” portion.

The actual domain and the tld (e.g. “.com“, “.net“, “.org“, etc.) will always be the last parts of the URL before the first single forward slash (“/”) or a question mark (“?”) in an Internet address. Find that, and you’ll immediately know if you’re where you think you are online.

It’s important to note that a domain can have sub-domains before the “domain.tld“, such as our own http://stopsign.com/blog/, but only the real domain owners will be able to use the domain.tld format as described above to build/use their web site.

How to spot a fake or scam web site

Spotting a fake site is as simple as looking for the domain.tld (in the right place) in the URL. If your bank is Chase, then you would expect to see http://www.chase.com; but if you saw http://www.chase.com.example.com/ then you know that you’re not really on chase.com; you’re on example.com. This is one of the most important ways to tell a fake website from a real website!

Examples of valid example.com URLs:

  • http://www.example.com/
  • http://example.com/
  • http://blog.example.com
  • http://www.example.com/blog/
  • http://www.example.com?string

Examples of invalid example.com URLs:

  • http://www.example.fakeurlgoeshere.com/
  • http://example.fakeurlgoeshere.com/
  • http://www.example.com.fakeurlgoeshere.com?string

Did you see how all of the valid URLs have “example.com” before the first single forward slash and/or the first question mark? That’s the key to knowing what is real and what is a scam.

Learning how to spot a fake website is relatively simple, will save you a ton of frustration, headaches, and maybe even money. Make sure you know what you’re really clicking on, or you could wind up as the victim of a phisher or an identity thief.

Image courtesy of geekandpoke

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

National Cyber Security Awareness Month 2009.

This month, October 2009, marks the 6th anniversary of National Cyber Security Awareness Month (NCSAM) in the United States, and President Obama has issued a presidential proclamation regarding this event. The use of technology has been a staple of the current administration’s public discussions, and online security concerns have been a part of the conversation from the beginning. President Obama spoke about the the need for securing the US cyber infrastructure during a speech in May of this year, noting:

America’s economic prosperity in the 21st century will depend on cybersecurity.

Clearly internet security will continue to be an important topic for American families, businesses, and government networks now and in the future. As part of the information campaign surrounding National Cyber Security Awareness Month, the Department of Homeland Security website lists 3 core practices they recommend, which include topics we discussed in our blog post regarding the basics of Internet security:

  • Install antivirus and antispyware programs and keep them up to date,
  • Install a firewall and keep it properly configured, and
  • Regularly install updates for your computer’s operating system.

Special Offer: During National Cyber Security Awareness Month we are offering our StopSign Internet Security software (which includes antivirus, antispyware, and an available firewall) at a discount of 20% off with the coupon code “NCSAM” at our shopping cart https://www.stopsign.com/shop/. (The site will open in a new window.) Please note that the discount will not be applied to the StopSign CD box.

If you don’t see the coupon entry form right away, click on the coupon code link in “Step 2″ on the cart to enter your coupon code before you order!

 

There are many events planned for National Cyber Security Awareness Month on a national as well as a state level, and we encourage you to attend and/or view them online and use that information as a base to evaluate your current cyber security level and update if necessary. For more information on National Cyber Security Awareness Month or government recommendations on cyber security, please visit StaySafeOnline.org.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.