The "HOW TO PROTECT YOURSELF" thread January 04, 2005, 09:34:02 PM Ok, I've been getting tons of those "phishing" emails lately, trying to trick me into giving out my financial information (as if it would do anyone any good), and I'm getting several viruses daily in my email. I recently read an article in the newspaper that said that around Christmas these things get really common as newbies open up their shiny new box and head out onto that there Internet. Following are some of my suggestions on how to protect yourself from viruses, "Phishing" scams, and other people who would like nothing more than to separate you from your money. If you have anything to add, do it. If you know somebody who is computer illiterate or is considering buying thair first computer, print this thread off and give it to them. 1) Before even plugging your ethernet cable or phone line into your PC, GET AN ANTIVIRUS PROGRAM! Surfing the 'net without an antivirus program is like screwing a prostitute without a rubber. STUPID! Immediately after connecting to the internet, update your virus program and AND Windows. You may have to restart your computer a few times, but don't consider your computer up to date until you go to the update site and are told that. you are up to date. 2) Because viruses are changing faster than antivirus programs are, never trust an email attachment. No matter who it's from. For some reason, Windows defaults to "hide file extensions of known file types". This is a spectacularly stupid move on Microsoft's part, making it very easy to trick people into thinking that PIF, EXE or BAT file that they're opening is really a picture of Jessica Simpson's boobs. All the virus purveyor has to do is call the file something like "jessica'sboobs.jpg.pif". With the default setting you won't see the "PIF" part, so you'll think it's a harmless JPG image. This is an easy setting to change. Open up Windows Explorer (not Internet explorer, the other explorer found under START>ALL PROGRAMS>ACCESSORIES. In Windows Explorer, click on "tools", then "folder options", then "view" and un-click the "hide extensions of known file types" button. Click on "apply to all folders" and click "apply". Close Windows Explorer. Now, whenever you look at a file it will show you the extension, which inducates file type. If you ever see two extensions (such as "filename.jpg.pif" or "filename.gif.exe", the last three letters are the file type. If you get viruses in your email, don't even bother hitting "reply" and telling the sender off. The "from" address in your virus is fake. Guaranteed. Even if it is a real email address it is not where the email came from. It's spoofed. Just delete the email as you would spam. 3) "NO PHISHING". "Phishing" is when somebody sets up a fake web site designed to look like a real financial institution's website, then sends out a bunch of fake emails hoping to trick people into logging into their site and entering personal information. They then take that info and rob you dry. Some ways to identify a "phishing" scam email:The email is vague in identifying you. If, for instance, you ever get an email that starts out "Dear PayPal customer" or "Dear Ebay Member" the email is fake. Also, if you ever get an email that starts off "Dear email@example.com" it is also fake. Ebay, PayPal, (I mention these two because they are the most common theme for "phishing" emails) and most other legitimate business that you deal with know your name and they will identify you by it. They will not identify you by your email address.The email is from an institution you do not deal with. Obviously, if you don't have a Bank of America account, Bank of America will not write you threatening to cancel your account. This leads us to:The email is threatening to cancel your account if you do not "log in" and provide personal information. Ebay, PayPal, or your bank company will never, ever send you an email threatening to close your account unless you log in. They will NEVER tell you that they think that your account has been compromised and you must log in to verify yourself. These are tricks the criminal uses to try to get your info.The email has a link to log into your account. Legit businesses will never ask you to "click here to log in" in an email. This is a spoofed website, and regardless of where the emil link says it's taking you, you're going to a scammer's site. DO NOT EVEN CLICK ON THE LINK, as the website could contain malicious scripts. If you do click on the link, it asks you for VERY personal info (not only credit card and debit card numbers, but also PIN numbers, passwords, etc). Never, EVER, enter your PIN number(s) into anything other than a bank machine or debit PIN pad. Do not give it to anyone over the phone, throught the internet, or in person. Even if you are 100% certain that the person you are giving it to is legit, they do not need your PIN numbers.If you do recieve a "phishing" email, immediately forward it to the appropriate business. Ebay would be firstname.lastname@example.org, paypal is email@example.com, and just about all other businesses will have a link on their real website for you to report fraud. If you have ever (or think you may have) entered any personally identifiable information into one of these websites, immediately contact your bank, credit card providers, ebay, paypal, the credit bureau and the FBI. If you have ever entered any PIN numbers into a website this means you. You may be the victim of idenity theft without even knowing it. A safe rule of thumb is to never, ever log into a website by clicking on a link in an email. If, for example, you want to go to ebay, open a browser window and type in www.ebay.com. Always assume an email link is fake. 4) Never give out your real email address. To anybody. If you do, prepare for an inbox full of spam. If you wish to visit a site that requires an email, give 'em a fake one. If it has to be a real email (in other words, if they require you to verify it by entering a code they email you), use a hotmail email or hotmail address. 5) Never trust "free" software. Those people offering you smilies, atomic clocks, file sharing and other "freeware" are usually just trying to trick you into installing spyware. Spyware is very easy to install and almost impossible to uninstall, and it is a huge hit on your computer's performance. Here is a list of known spyware installers that should be avoided like the plague (this will be updated as people make me aware of them): Smilycentral. That huge banner with all of those smilies you see on several sites (including the old messageboard) is a spyware installer.Gator or Gain. This notorious spyware is bundled with several freeware programsCoolWebSearch. If your software includes this demon, burn it.BargainBuddy. Ditto. All three of the above programs are usually "bundled" with other software and they are nothing short of viruses IMHO. Just install it and try to uninstall it. You'll see what I mean...KazAA. If you can't find the "lite" version, don't install KazAA. You will regret it.BearShare. Same as KazAa. Both will install Gator/Gain, CollWebSearch, BargainBuddy and other malware.Search bars or tool bars. Any "search" or "tool" bar that a website offers to "improve your internet experience" will almost certainly destroy it instead.Accelerators. Your computer is sucking info throught that CAT-5 or phone line as fast as it can. An "Accelerator" will only accelerate your need to format your hard drive and reinstall Windows.Most free/share ware While some of the things you cann download for free really are free, most are merely a vehicle for installing a bunch of crap you don't want. A fairly decent way to tell if your download is clean is to search for the program on download.com. Read the review of the program - If it is spyware-infested they will usually tell you.Atomic clocks or Web clocks If you ever see a warning that your clock is wrong, it isn't. This is spyware trying to trick you into downloading and installing it. If your computer clock is wrong, look at your watch. Don't install crapware.Any "warning" message that pops up when you visit a website telling you that something is wrong with your computer. This "warning" is really just an image made to look like a warning message, pointing to spyware. If this "warning" is floating, moving, bouncing or flashing in any way you can be certain it's not legit. True Windows warning dialogue boxes do not move or flash.If you are running XP SP2 the latest version of IE has activeX controls turned off by default. When you visit a website that tries to install crap on your computer you usually get a warning from IE stating that the activeX control was blocked. That's a good thing. This prevents things such as CoolWebSearch (probably the worst of spyware/malware proigrams there is) from hijacking your browser. Of course, if you go surfing on the fringes of the internet, you're bound to come back dirty. Surfing WAREZ sites, porn sites, etc will greatly increase your chances of getting spyware.The people that run those sites are not interested in your computer's welfare, they want your money. They'll trick you into installing spyware because the spyware authors pay them to. Keep on your toes. And that about sums it up. Keep on your toes. If it looks suspicious it is. It it's too good to be true, it isn't good, and it isn't true. Be smart and you should be safe. If anyone has anything to add, feel free.