The "HOW TO PROTECT YOURSELF" thread

Topic: The "HOW TO PROTECT YOURSELF" thread (Read 17282 times) previous topic - next topic

The "HOW TO PROTECT YOURSELF" thread

January 04, 2005, 09:34:02 PM

Ok, I've been getting tons of those "phishing" emails lately, trying to trick me into giving out my financial information (as if it would do anyone any good), and I'm getting several viruses daily in my email. I recently read an article in the newspaper that said that around Christmas these things get really common as newbies open up their shiny new box and head out onto that there Internet. Following are some of my suggestions on how to protect yourself from viruses, "Phishing" scams, and other people who would like nothing more than to separate you from your money. If you have anything to add, do it. If you know somebody who is computer illiterate or is considering buying thair first computer, print this thread off and give it to them.

1) Before even plugging your ethernet cable or phone line into your PC, GET AN ANTIVIRUS PROGRAM! Surfing the 'net without an antivirus program is like screwing a prostitute without a rubber. STUPID! Immediately after connecting to the internet, update your virus program and AND Windows. You may have to restart your computer a few times, but don't consider your computer up to date until you go to the update site and are told that. you are up to date.

2) Because viruses are changing faster than antivirus programs are, never trust an email attachment. No matter who it's from. For some reason, Windows defaults to "hide file extensions of known file types". This is a spectacularly stupid move on Microsoft's part, making it very easy to trick people into thinking that PIF, EXE or BAT file that they're opening is really a picture of Jessica Simpson's boobs. All the virus purveyor has to do is call the file something like "jessica'sboobs.jpg.pif". With the default setting you won't see the "PIF" part, so you'll think it's a harmless JPG image. This is an easy setting to change. Open up Windows Explorer (not Internet explorer, the other explorer found under START>ALL PROGRAMS>ACCESSORIES. In Windows Explorer, click on "tools", then "folder options", then "view" and un-click the "hide extensions of known file types" button. Click on "apply to all folders" and click "apply".

Close Windows Explorer. Now, whenever you look at a file it will show you the extension, which inducates file type. If you ever see two extensions (such as "filename.jpg.pif" or "filename.gif.exe", the last three letters are the file type.

If you get viruses in your email, don't even bother hitting "reply" and telling the sender off. The "from" address in your virus is fake. Guaranteed. Even if it is a real email address it is not where the email came from. It's spoofed. Just delete the email as you would spam.

3) "NO PHISHING". "Phishing" is when somebody sets up a fake web site designed to look like a real financial institution's website, then sends out a bunch of fake emails hoping to trick people into logging into their site and entering personal information. They then take that info and rob you dry. Some ways to identify a "phishing" scam email:

The email is vague in identifying you. If, for instance, you ever get an email that starts out "Dear PayPal customer" or "Dear Ebay Member" the email is fake. Also, if you ever get an email that starts off "Dear yourname@youremail.com" it is also fake. Ebay, PayPal, (I mention these two because they are the most common theme for "phishing" emails) and most other legitimate business that you deal with know your name and they will identify you by it. They will not identify you by your email address.
The email is from an institution you do not deal with. Obviously, if you don't have a Bank of America account, Bank of America will not write you threatening to cancel your account. This leads us to:
The email is threatening to cancel your account if you do not "log in" and provide personal information. Ebay, PayPal, or your bank company will never, ever send you an email threatening to close your account unless you log in. They will NEVER tell you that they think that your account has been compromised and you must log in to verify yourself. These are tricks the criminal uses to try to get your info.
The email has a link to log into your account. Legit businesses will never ask you to "click here to log in" in an email. This is a spoofed website, and regardless of where the emil link says it's taking you, you're going to a scammer's site. DO NOT EVEN CLICK ON THE LINK, as the website could contain malicious scripts.
If you do click on the link, it asks you for VERY personal info (not only credit card and debit card numbers, but also PIN numbers, passwords, etc). Never, EVER, enter your PIN number(s) into anything other than a bank machine or debit PIN pad. Do not give it to anyone over the phone, throught the internet, or in person. Even if you are 100% certain that the person you are giving it to is legit, they do not need your PIN numbers.

If you do recieve a "phishing" email, immediately forward it to the appropriate business. Ebay would be spoof@ebay.com, paypal is spoof@paypal.com, and just about all other businesses will have a link on their real website for you to report fraud.

If you have ever (or think you may have) entered any personally identifiable information into one of these websites, immediately contact your bank, credit card providers, ebay, paypal, the credit bureau and the FBI. If you have ever entered any PIN numbers into a website this means you. You may be the victim of idenity theft without even knowing it.

A safe rule of thumb is to never, ever log into a website by clicking on a link in an email. If, for example, you want to go to ebay, open a browser window and type in www.ebay.com. Always assume an email link is fake.

4) Never give out your real email address. To anybody. If you do, prepare for an inbox full of spam. If you wish to visit a site that requires an email, give 'em a fake one. If it has to be a real email (in other words, if they require you to verify it by entering a code they email you), use a hotmail email or hotmail address.

5) Never trust "free" software. Those people offering you smilies, atomic clocks, file sharing and other "freeware" are usually just trying to trick you into installing spyware. Spyware is very easy to install and almost impossible to uninstall, and it is a huge hit on your computer's performance. Here is a list of known spyware installers that should be avoided like the plague (this will be updated as people make me aware of them):

Smilycentral. That huge banner with all of those smilies you see on several sites (including the old messageboard) is a spyware installer.
Gator or Gain. This notorious spyware is bundled with several freeware programs
CoolWebSearch. If your software includes this demon, burn it.
BargainBuddy. Ditto. All three of the above programs are usually "bundled" with other software and they are nothing short of viruses IMHO. Just install it and try to uninstall it. You'll see what I mean...
KazAA. If you can't find the "lite" version, don't install KazAA. You will regret it.
BearShare. Same as KazAa. Both will install Gator/Gain, CollWebSearch, BargainBuddy and other malware.
Search bars or tool bars. Any "search" or "tool" bar that a website offers to "improve your internet experience" will almost certainly destroy it instead.
Accelerators. Your computer is sucking info throught that CAT-5 or phone line as fast as it can. An "Accelerator" will only accelerate your need to format your hard drive and reinstall Windows.
Most free/share ware While some of the things you cann download for free really are free, most are merely a vehicle for installing a bunch of crap you don't want. A fairly decent way to tell if your download is clean is to search for the program on download.com. Read the review of the program - If it is spyware-infested they will usually tell you.
Atomic clocks or Web clocks If you ever see a warning that your clock is wrong, it isn't. This is spyware trying to trick you into downloading and installing it. If your computer clock is wrong, look at your watch. Don't install crapware.
Any "warning" message that pops up when you visit a website telling you that something is wrong with your computer. This "warning" is really just an image made to look like a warning message, pointing to spyware. If this "warning" is floating, moving, bouncing or flashing in any way you can be certain it's not legit. True Windows warning dialogue boxes do not move or flash.

If you are running XP SP2 the latest version of IE has activeX controls turned off by default. When you visit a website that tries to install crap on your computer you usually get a warning from IE stating that the activeX control was blocked. That's a good thing. This prevents things such as CoolWebSearch (probably the worst of spyware/malware proigrams there is) from hijacking your browser.

Of course, if you go surfing on the fringes of the internet, you're bound to come back dirty. Surfing WAREZ sites, porn sites, etc will greatly increase your chances of getting spyware.The people that run those sites are not interested in your computer's welfare, they want your money. They'll trick you into installing spyware because the spyware authors pay them to. Keep on your toes.

And that about sums it up. Keep on your toes. If it looks suspicious it is. It it's too good to be true, it isn't good, and it isn't true. Be smart and you should be safe. If anyone has anything to add, feel free.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #1 – January 04, 2005, 10:12:56 PM

Some additional programs and refrences for spyware removal.

My favorite 2 programs:

Spybot Search & Destroy

This program does a great job at removing the most common types of spyware. After this everything can be cleaned out manually. Just remember if using this to make a backup first, to update the program, and to use the immunize feature.

Adaware

This program is also another very easy to use program which will remove most of the spyware on a computer. Again make sure you update it or it will won't help much. Spyware changes frequently and new stuff is being developed all the time.

HiJackThis

If you have even gone throught the torture of having your home page changed without your consent automatically. Or having internet exporer windows opening to pages that you would rather not goto this is the program to fix it. These things are called Hijackers because of how they do what they want when they want. Here is a HijackThis tutorial.

Registry

Most of the spyware will open itself from the registry. The regsitry is the backbone of the windows operating system in that it is a database where all settings are stored. Working in the registry can be harmful to your computer in that it could cause Windows to no longer function. Therefore anything you do is done AT YOUR OWN RISK.

Spyware will open itself from two main places in the Regsitry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

From here the spyware can set itself to open everytime the computer is started or everytime you log on. You can simply go through each key listed and check it through a Windows Startup Library like this one. Startup DB. Google can also be used to do this. Anything that is listed as being spywayre, adaware, or some type of worm can be deleted. Usually a spyware free computer will have fairly few keys listed. If you have a lot then either you have a lot of spyware or you have a lot of junk.

Here is how mine looks (100% spyware free):

Another helpful hint is to check the processes that are running. This can also show if you have spyware running. By pressing CTRL+ALT+DELETE and then going to Task Manager you can see what processes are running.

The first number is the CPU Usage. With newer computers no one process should be using a great amount of CPU time. There are excpetions like processing things in photoshop and games can also use a large amount. The only thing that will almost always have a large number because it is telling you how much percent is not being used.

The second number is the memory usage. Again this number should not be extremely high or the computer will be going very slow. Spyware is known for using large amounts of memory and slowing down the computer while doing so.

Here is what mine looks like:

Finally, I would recommend using Mozilla Firefox for a browser. It is far superior to Internet Explorer in both protection and ease of use. It will block most popups and doens't allow things to be automatically downloaded. Also a good firewall program is a must Windows Firewall does not.

I just want to help anyone out that I can. I fix and upgrade computers and 99% of all problems that I see are caused by spware.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #2 – January 04, 2005, 10:25:40 PM

I definatly concure with using Spybot and Ad-aware. Definately the best 2 programs to rid yourself of spyware/adware/mal-ware. As a personal suggestion to others I also use a freeware program called SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html). This program works as a first line of defense by preventing spyware from installing to begin with. It also can lock out certain items like changing of active-x controls and changing of your start page. But the number one thing to remember with any of these program is Keep Them Up To Date.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #3 – January 04, 2005, 10:31:43 PM

I run spywareblaster, adaware, spybot, AVG antivirus, and firefox. DEATH TO SPYWARE!!! :2gunsfiri

Also a few times when logging onto online banking a window has popped up asking me to verify my account by giving them my visa number and expiry date :rolleyes: wonder how many people have been fooled by that.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #4 – January 04, 2005, 10:43:43 PM

Watch out for something called "Virtual Bouncer" as well.
I got nailed by this and it installed a bunch of "Web Rebate" and Casino stuff on my desktop. It was a HUGE pain to get rid of it.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #5 – January 05, 2005, 12:05:22 AM

Quote from: Thunder Chicken

Accelerators. Your computer is sucking info throught that CAT-5 or phone line as fast as it can. An "Accelerator" will only accelerate your need to format your hard drive and reinstall Windows.

heh, I miss the days when instead of tweaking your 33.6k line manually, a program would use the well known (at the time to tweakers) settings to get the most from your dialup connection. Accelerators USED to actually help back in the 9x days and some (legit ones) will still help the 9x users today. Be it in network performance or memory management.

Quote from: 1986Tbird

Spyware will open itself from two main places in the Regsitry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

I would NOT recommend anything to do with opening the registry in a thread like this. Even with a disclaimer, people are bound to make mistakes and modify something they shouldn't - possibly causing serious problems such as no boot.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #6 – January 05, 2005, 12:21:07 AM

Quote

I run spywareblaster, adaware, spybot, AVG antivirus, and firefox. DEATH TO SPYWARE!!!

Ditto

Quote

Another helpful hint is to check the processes that are running. This can also show if you have spyware running. By pressing CTRL+ALT+DELETE and then going to Task Manager you can see what processes are running

A helpful site to see what's what in your processes is:
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #7 – January 08, 2005, 09:08:15 PM

Another program to add to the list of Spyware killers (I don't generally recommend Microsoft betas, but this seems to work great):

Microsoft Spyware Killer beta

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #8 – January 09, 2005, 10:06:58 AM

Quote

Microsoft betas, but this seems to work great

Only cause they bought out yet another company and are using their product. Wait til the "expiry" date is up, then let's see what they do with (or to) it.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #9 – February 06, 2005, 05:30:00 AM

http://www.spywareguide.com/

They have a block list that works awsome as well as a comprehensive list of spyware.

The only problem that i see with the microsoft beta is that it acts as a firewall too in some cases. I guess that is good but it would be nice if the firewall caught the stuff. Double security is nice though.

I've also noticed AVG Antivirus does as good or better job than Symantec corporate 9.0.1 antivirus. It does a better job with trojans and such.

Firefox is your best bet a around. I havn't gotten one piece of spyware other than what is already installed in Windows since i switched soley to firefox. Tabbed browsing is the bomb too. I install it on every computer i touch. There are tons of add ons as well so you can personalize the crap out of firefox.

Play it safe. Use your commen sence and you will be ok.

tc

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #10 – May 27, 2005, 11:09:33 AM

Not to be an ass but adaware pales in comparsion to Spysweeper

http://www.webroot.com

Check it out i thought that adaware was all the world till i found this

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #11 – May 28, 2005, 01:31:43 AM

I agree with you but unless spysweeper has changed it also installs spyware on your computer. Several years ago it was deemed unsafe by some big consortium. I can't remember the details now since it was about 2 years ago or more. They may have reinvented themselves since. I just stay away to be safe.

From my experience there is however no be all cure all program. It takes a group of programs to fix spyware. Each does a better job at certain things than the other including spysweeper.

tc

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #12 – August 31, 2005, 03:25:05 PM

Lately it seems that the scammers are getting more sophisticated. They now know that nobody will fall for their "your account has been suspended" scam, so they have resorted to spoofing other way using ebay/ PayPal. I recently received one saying that ebay cancelled all of my auctions and to "click here" to get them reinstated, but I didn't take a screenshot. I got one today saying that somebody paid for my item but didn't receive it, but of course the "click here to respond" button takes you to some website in Korea that apes Ebay's login page.
Once again, it is EXTREMELY important to recognise these emails as fakes, and the easiest way to do so is by remembering a few simple guidelines:

1) Ebay/paypal will never send an email that starts out as "Dear Ebay member" or "Dear PayPal member" or even "Dear xxx@xxx.com" - if you really do have an account they will identify you by your first and last name, not your email address or "Ebay member"

2) If there is a problem with an auction or a transaction the email will identify that transaction using both the item number AND the item title. This is a tricky one because the false one I had about my auctions being cancelled gave a fake number. It didn't name the item being sold in the auction though, which was a warning.

3) Hover your mouse over any links in the email and down in the lower left corner youll see where that link takes you. The scammers are getting tricky here too, by using subdomains, so you might see "www.ebay.com.875987/ebaylogin/new/login.php or something like that. The real domain name you're going to is the "875987", not ebay.com. Remember, EVERYTHING before the first forward slash (/) in the address is the domain you're going to.

A screenshot of today's fraud:

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #13 – September 01, 2005, 09:06:07 AM

Ouch....sorry to hear about that Carm. At least no damage was done. You can thank the W3C for allowing Unicode to become an acceptable standard. Unicode looks like that gibberish but most all newer browsers will translate said gibberish into what looks like a legitimate site. So "www.2f8ng8vns.com" could be translated easily into "www.paypal.com". Lovely, isn't it? They're keeping us web guys on our toes. :(

I've found that if you turn off HTML e-mail, finding spam is much, much easier. Legitimate eBay or Paypal e-mail will come across easily as plain text that way. Anything spoofing either one (or anything else) will show up as HTML code, which is a dead giveaway that it's spam.

Also, when you open a piece of mail in HTML and you are online, the graphics embedded in that e-mail will start calling to their host to fill in. That call out will tell the host, "Hey, someone at this address is requesting graphics!" Which then affirms to the host that the address is legitimate, therefore setting you up for more spam in the future. Turning off HTML e-mail will not call for those graphics. You'll lose all the pretty graphics from legitimate e-mails, but that's a small price to pay when it comes to your security and privacy.

Re: The "HOW TO PROTECT YOURSELF" thread

Reply #14 – September 01, 2005, 06:17:12 PM

Eric - you don't have to be sorry for me - I didn't fall for it. I'm much too paranoid to ever fall for one of those scams. If anything looks even the slightest bit suspicious I immediately forward it to spoof@paypal.com or spoof@ebay.com...

You make good points about images. Outlook Express (yes, i still use it) has a function that blocks all images embedded within the email while still allowing the HTML formatting to come through. In the later versions this is turned on by default, with a header at the top of the email saying "Outlook Express has blocked some of the images embedded within your email in order to prevent the sender from identifying your computer. Click here to download those images". It is a wise decision to leave that feature enabled.

Most of those scammer emails actually use images on payPal and eBay's servers and just link to them. Whether they do thiis to conserve their own bandwidth or to make the emails look more legit I dunno...