Archives for 2009

How to Identify and Prevent Cyberbullying.

How to Identify and Prevent Cyberbullying.

Today’s kids are spending more and more time online in chat rooms, texting via cell phone, and using every digital gadget available to them to communicate with their friends. Not only are they chatting with friends from their schools and neighborhoods, but they’re also meeting new people online and talking with them, too. In most cases the chats are fun and friendly, but there is a growing concern over a dark side of these digital discussions: cyberbullies.

What is cyberbullying?

The National Crime Prevention Council defines cyberbullying as: “Online bullying, called cyberbullying, happens when teens use the Internet, cell phones, or other devices to send or post text or images intended to hurt or embarrass another person.”. Emails, IM‘s, Twitter posts, text messages, MySpace pages… any digital resource can, and likely has been, used for the purposes of cyberbullying.

Warning signs of cyberbullying and harassment.

There’s a large variety of ways that a bully can harass a victim online. A few examples are creating or altering photos in a suggestive manner, continually sending the victim hateful messages, rallying a larger group of people to humiliate someone, and spreading false rumors in order to hurt or embarass the target.

Everyone reacts differently to harassment, but there are some classic warning signs that somehing is wrong. The victims of cyberbullying may:

  • Become uncharacteristically withdrawn or antisocial
  • Have trouble sleeping, or possibly have nightmares
  • Avoid going online or using their cell phone
  • Unexpectedly shut down a computer when others come near
  • Ask questions about revenge, death, or suicide

At the first sign of any of these, or other unusual behavior, parents, teachers, and other responsible adults should take note and talk to the child. Catching these things early is a key to prevention. And if you come across any bullying, make sure to save any evidence (save emails, print the screen with chats, etc.).

Cyberbullying in the news.

In recent years there have been several high-profile stories in the press regarding cyberbullying. Not only do these stories bring to light the wide-ranging impact of cyberbullying and other forms of digital harassment, but they also illustrate that it’s not just teens bullying other teens. Here are a few examples:

How do we stop cyberbullies?

Early detection of harassment is key, though it’s not always easy to find. Staying on top of your child’s internet and cell phone usage is one way to be in the loop. And don’t worry about keeping tabs: it’s not snooping or invading their privacy, it’s looking out for their well being!

We’ve come up with a short list of 5 cyberbullying prevention tips to help parents and their children stop cyberbullying in it’s tracks:

  1. Report cyberbullies:

    As with any bully, make sure that your kids know that it’s not OK for this to happen to them. They should also tell a responsible adult: parents, teachers, etc. Parents and other adults should take the information seriously and should report any instance of harassment to the authorities (police, school administrators, etc.)

  2. Education = prevention:

    Talk with your kids and let them know the ramifications of cyberbullying: fear, embarassment, and other negative reactions.

  3. Consider a contract:

    There are plenty of examples of fair use contracts between parents and children online that have clear, concise rules of internet and cell phone usage. Find a few examples and discuss them with your kids so that they know what is expected of them and get a written promise of compliance.

  4. Look for warning signs:

    Red flags that show up when a child is the victim of a cyberbully include (but aren’t limited to): being nervous when downloading emails or IM’s, becoming angry when online (or just after going offline), being uncharacteristically withdrawn from friends and family, the unexpected absence of any cell phone usage, and avoiding any time online.

  5. Get informed, stay informed:

    Keep an open door policy with your kids so that they know they can come to you at any time to discuss problems that may arise both online and offline.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

3 Things Your Username Shouldn’t Say About You.

“What’s in a name? That which we call a rose
By any other name would smell as sweet.”

From “Romeo and Juliet“, by William Shakespeare

The creation of a username (or user ID) for any online service or account is often overlooked as a topic of Internet safety. Although the username you create for your bank’s web site may not be viewed by many people, your email, social network, and instant message (AKAIM“) usernames will be viewed by dozens, hundreds, or maybe thousands of people (depending on your popularity online and/or the openness of the service).

When choosing a username it’s best to not take any chances. Crooks, predators, fraudsters, scammers… anyone with ill intentions might be able to wedge their way into your life to cause problems. There are 3 types of personal information found in many usernames that might be useful to the bad guys, which we’ll discuss below.

Note: In the sections below we use various usernames as examples. These are not intended to be the usernames of actual people, and any similarity is purely coincidental.

Age

This is especially important for children, as their usernames can be displayed to all kinds of unsavory characters online, from sexual predators to cyberbullys. When helping your child select a username for themselves, be careful not to reveal their age.

Here are some examples of age-defining usernames:

  • Little15 Shows the age of the user.
  • Bobby1997 The full year of the users birth.
  • Kewl95Dude The partial year of the users birth.

Location

Area codes, city/county names, zip codes, phone prefixes… there are many ways to give a crook or scammer information on where you live. Remember the movie “You’ve Got Mail“? Tom Hanks’ character used his building number in his username (“NY152”). Rich guy, building in his username… there’s some quick and easy info for a baddie to pick up on. Don’t be that guy (or gal).

Here are some examples of location-defining usernames:

  • Alice90210 The zip code of the user
  • Derrick212 The area code of the user
  • KingCoKyle The county of the user. (e.g. “King County”)

Gender

Whether you’re a man or a woman, it’s easier to identify people when you know more things about them. If, for example, someone wanted to cyber-stalk you, it would be easier to pick you out in a crowd if they could eliminate half of the group by only looking for one sex vs. the other.

Here are some examples of gender-defining usernames:

  • LadyInRed
  • MisterMan
  • MrsHotPotato

A few things to note

We’re detailing suggestions, not absolutes. If you’re 87 years old and decide that HappyGramps87 is the username for you, then you’ll probably be fine since age is much more of an issue for children. And, of course, there are things that shouldn’t need to be said like putting things like your PIN or Social Security number in your username. Just use your best judgment and do what you think is right. And safe.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Social Engineering: A Digital Con Game.

Social networks such as Facebook, Twitter, and MySpace are wonderful ways to connect with friends and family. Unfortunately they also provide excellent resources for online crooks to gain sensitive information via social engineering, a term synonymous with con games in the world of computer security. By learning what social networking is, you can protect yourself from would-be (virtual) attackers and keep your data safe.

What is “social engineering”?

Social engineering is a non-technical intrusion using human interaction (thus, the “social” in “social engineering”) to gain information which directly, or indirectly, leads to a scam of some kind. The information compromised can be of any variety: passwords, access to computers and/or networks, account information, or anything else that can lead to additional data, money, identity theft, hacked accounts, or other problems for the victims. It’s considered a safer and easier way to run a con since the scammer rarely has to be physically present in front of the victim, so the Internet provides an excellent medium for these kinds of scams.

How does social engineering affect my social networking accounts?

Attempts to phish for information are notorious online, and you should learn how to protect yourself from phishers. Instant and direct messages, emails, chat… all forms of online communication have the potential to be tapped, spoofed, or intercepted. Whether it’s email, a social networking site, or something else, all it takes is one unsecure account and a bit of luck in order to gain access from hundreds, if not thousands, of other users. With access to one unsecured account, the scammer now has the trust of all of their friends and followers of the real account owner. The flood gates are now open for additional phishing attempts, data loss, and other forms of digital mischief.

Social engineering is very simple and very effective. The weakest link in any computer security scenario will always be a human, and social networks are chock full of them. With enough patience it’s only a matter of time before a scammer finds a victim.

How can I protect myself from being a victim?

The easiest way to guard against social engineering is to be skeptical of offers presented in emails, online, and over the phone. Social engineering attempts prey on every aspect of human behavior (greed, compassion, fear, love, etc.) and can even exploit outside events such as natural disasters and current news topics in order to extract information from the victim. Here are a few specific things you can do:

  • Ensure the legitimacy of anyone claiming to be a representative of a company, government office, or organization.
  • Never reveal personal information unless you are certain of their need for the information and that the information will be held in the strictest confidence.
  • Keep your passwords and other account access data secure. No company or it’s representatives should ever ask for your password, no matter how convincing the story they give you.
  • When entering sensitive information online, make sure you’re really on the web site you think you are on. Read our “How to Spot a Fake Website” post to learn more.
  • Never send sensitive and/or personal information via email or instant message to anyone, even friends and relatives. Spoofing emails and IM information is too easy.

If you come across a social engineering attempt, make sure to contact the service you used when the attempt occurred. Most social networking sites, companies, and organizations have a computer security team that handles these issues and you can help stop the spread of these attacks. Listed below are some resources for a few online services regarding safety, abuse, reporting, and/or support. To find out how to report on other sites, check their Help or Support links.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

What is spyware?

What is spyware?

Whether it’s at a party with friends or on a phone call with one of our members, we’re often asked “What is spyware?“, but the answer isn’t always cut and dry. In theory, spyware is any software installed on your computer, typically without your knowledge, which is used to track your computer usage, change your PC’s configuration without telling you, and/or display unwanted advertising. Think of it like a digital spy camera, but instead of taking a picture of you, it’s taking snapshots of what you’re doing on your computer. In practice, however, many types of software could be loosely defined as spyware without being malicious. This makes keeping up with what is, and isn’t, spyware all the more difficult.

What we can all agree on is that spyware is computer software that’s more often than not set-up to monitor any activity on your PC, including (but not limited to) what you type, any websites you visit, or any habits you have when you use your computer. Because of this, the inference is that any piece of software that monitors any aspect of your computing can be considered spyware if you take it to the extreme. However, some software by it’s very nature needs to monitor your computer usage, files opened, and software downloaded. Malware and other scam software packages aren’t likely to tell you they’re installing themselves onto your system, much less tell you about any changes they make to your computer. And because there are so many rogue spyware applications out there you should evaluate any piece of software that you download (and ideally before you install) to have an informed decision regarding whether the software is using the information gathered, and any system changes, for good or bad.

Symptoms of a computer with a spyware infection include, but aren’t limited to:

  • An increase in unwanted popups, generally for advertising purposes. These popups may also occur when you’re not surfing the web, visiting Facebook, or streaming movies.
  • If your PC has become uncharacteristically slow, especially when opening, closing, or saving files, you may have a spyware infection. (Of course, a really old or un-optimized computer may act the same way)
  • A sudden, unintentional change in your browser’s homepage is a classic sign of spyware infection, especially if you’ve repeatedly attempted to reset your homepage back to your original settings.
  • New browser toolbars, desktop icons, bookmarks, or applications installed without your knowledge also herald the arrival of spyware onto your system.
  • A “hijacked browser” that takes you to web sites different from what you typed into your address bar is another classic example of things spyware will do.

In some cases, however, you may experience no symptoms at all, especially if the spyware installed is only monitoring your usage and not actively directing you to web sites or advertisements. That’s where some basic Internet security comes in, by having antivirus, antispyware, and firewall software installed, updated, and running 24/7 to help protect you against the real spyware that’s out there.

Image courtesy of x1brett

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

The 411 On How to Prevent Phishing.

Online fraud can come come in a variety of ways; forged emails from financial institutions, fake websites that look like a legitimate brand’s domain, and even in the form of instant messages. When a crook uses a computer to try to get you to reveal sensitive information to them it’s called “phishing”, and the really good phishers make it very difficult to tell the difference between them and the real thing.

Phishing is an example of social engineering, which is any social or interpersonal communication used for fraud of some kind. A phisher works by passing himself off as a legitimate source, often by mimicking a well-known source (a company, a friend, etc.). Under the pretense of being a trustworthy representative, the phisher crafts a message to potential victims that seems authoritative. And while most people won’t click through on these messages, a very small percentage of people is all that is necessary for the phisher to make money and/or wreak havoc.

It’s not just credit cards, bank accounts, and Social Security numbers that they’re seeking. They’ll take usernames, passwords, email addresses, URL history, cookie data… anything and everything that they can get their hands on that might get them closer to parting you and your money. We’re going to show you how to detect the 3 most common online frauds: email, fake websites, and instant messages.

Emails

Email is probably the most common method of phishing attempts. The price is right for spamming (basically free), and distribution of an email can go world-wide in a matter of minutes. A common tactic used by phishers to spread their “bait” is to write an email and use forged email addresses of major banks to inform you that there is a problem with your account. Another trick they employ is to tell you that you’ve won a prize. The safest thing is to not click on any link from an email that you aren’t 100% sure is from a real person or company. Also remember that no company should ever ask for the password to your account in an email! That’s a sure sign of a scam.

Fake websites

If the spam emails don’t ask you to reply back with your account data to “verify” you, they will usually have a link in the email that takes you to a website where you will be prompted enter this information. These phishing websites can look very convincing, too, especially since it’s quite easy to clone another website. Many major ecommerce websites such as PayPal, eBay, and Chase.com have been cloned into a fake website used for phishing purposes.

Fake websites come in a variety of forms, but they all usually have tell-tale signs of being a scam: using an IP address (http://127.0.0.1) vs. a regular domain name (http://example.com/), having a URL that isn’t on the actual domain (for example, http://blog.stopsign.example.com would not be our blog; but at first glance it looks like it), etc. For more information about fake websites, read our blog post on how to detect fake websites.

Instant messages

The scam methods used in IM’s are similar to those from emails. But instead of trying to get you to directly enter information, they usually just provide a link to a website that does all the dirty work for them. It’s best to ignore and/or block unknown users whenever they try to get to you.

Bonus tip: Alternate ways phishers try to catch you

As with most fraud schemes, phishing is a growing resource for crooks and it’s always changing. One alternate method phishers use to scam you is to use a real website to phish. In fact right around the time this post was being written, a Twitter phishing scam made it’s way around the Twitter using their Direct Message (DM) system and tweets, causing a lot of buzz about phishing on the immensely popular service (we even have a StopSign Blog Twitter account). You’ve got to be on your toes all the time to keep yourself safe, but with the tips we’ve written about, you should be able to recognize some of the more common scam methods.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

How to Spot a Fake Website

How to Spot a Fake Website

Have you ever been surfing the web and seen something that warns you that an account of yours, like your bank, has been hacked? Or maybe you were checking your email when you see a message from a department store you shop at that warns you of changes to your account that you need to verify?

These are just a few examples of the kinds of trickery a phisher (scam artists who try to get you to reveal sensitive information like credit card numbers, bank accounts, etc.) will use to get your sensitive, personally identifiable data from you. And they’re great at it.

One of the more popular method used by phishers to scam you is to hire a web developer to create a fake web site to do all of the phisher’s dirty work. Because it’s relatively simple for a decent web developer to copy another web site, it’s very easy to be fooled with a fake web site if you don’t know what to look out for. These fake sites are even more convincing when you see the name of your bank or some other online service in the URL (commonly know as the Internet address, or “web site”); but there are simple ways to spot a fake web site.

Common URL set ups

All HTTP URLs (i.e. your basic web site) follow a common format:

http://domain.tld/

For example:

http://example.com/

The “domain” is the actual domain name (e.g. “example”) and the “tld“, or top level domain, is the “com” portion.

The actual domain and the tld (e.g. “.com“, “.net“, “.org“, etc.) will always be the last parts of the URL before the first single forward slash (“/”) or a question mark (“?”) in an Internet address. Find that, and you’ll immediately know if you’re where you think you are online.

It’s important to note that a domain can have sub-domains before the “domain.tld“, such as our own http://stopsign.com/blog/, but only the real domain owners will be able to use the domain.tld format as described above to build/use their web site.

How to spot a fake or scam web site

Spotting a fake site is as simple as looking for the domain.tld (in the right place) in the URL. If your bank is Chase, then you would expect to see http://www.chase.com; but if you saw http://www.chase.com.example.com/ then you know that you’re not really on chase.com; you’re on example.com. This is one of the most important ways to tell a fake website from a real website!

Examples of valid example.com URLs:

  • http://www.example.com/
  • http://example.com/
  • http://blog.example.com
  • http://www.example.com/blog/
  • http://www.example.com?string

Examples of invalid example.com URLs:

  • http://www.example.fakeurlgoeshere.com/
  • http://example.fakeurlgoeshere.com/
  • http://www.example.com.fakeurlgoeshere.com?string

Did you see how all of the valid URLs have “example.com” before the first single forward slash and/or the first question mark? That’s the key to knowing what is real and what is a scam.

Learning how to spot a fake website is relatively simple, will save you a ton of frustration, headaches, and maybe even money. Make sure you know what you’re really clicking on, or you could wind up as the victim of a phisher or an identity thief.

Image courtesy of geekandpoke

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.