Think You’re Internet Safety Savvy? – Think Again

What you don’t know can’t hurt you, right? I’m not a mathematician, so I can’t vouch for the relative statistical accuracy of that statement, but I do know this: what you don’t know can hurt you big time on the Internet.

In any given week I speak with 100’s of typical Internet users who generally have the same behavior characteristics while surfing the Internet in that they:

Use a search engine to locate and generate information.

Despite the fact that cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines, the typical user I come into contact with has no knowledge of current conditions, and believes search engine output to be untainted and free of potential harmful exposure to malware.

Sadly, current statistics indicate that over sixteen thousand web pages were infected with malware daily between January and June of this year; three times the rate of infection noted in the previous year. Work out the math, and you’ll find that’s one new infected legitimate website every five seconds!

More disturbing, seventy nine percent of compromised web pages tracked this year were on legitimate web sites; including web sites owned by Fortune 500 companies, government agencies and ironically, security vendors.

Trust the information they discover while online to be reliable and credible.

Rogue security software developers, for example, rely on the innate level of trust that typical Internet users’ have developed, to convince users’ to download this type of malicious software. The vast majority of typical Internet users I speak with are not aware that such a class of software even exists. But it does; and regrettably, it is becoming more widespread.

A rogue security application is an application, usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Some types of rogue security software have the potential to collect private and personal information from an infected machine which could include passwords, credit card details, and other sensitive information.

Communicate with family and friends by email.

The worldwide Internet population is now estimated to be 1.08 billion users, so the ability to communicate with family and friends has increased dramatically. Unfortunately however, cyber-crooks are well aware of the opportunities such a large number of unaware potential victims present for illicit monetary gain.

Incredible as it seems, billions (that’s right billions), of spam email messages are generated every hour through so called botnets; zombie computers controlled by cyber-criminals.

The Marshal Threat Research and Content Engineering (TRACE) report for the first half of 2008 has just been released, and unhappily it shows that “Cyber criminals are using ‘blended attacks’ to distribute malware and links to hacked websites via email on an unprecedented scale”.

Sustaining this conclusion, the IC³ (Internet Crime Complaint Center) recently stated that these types of attacks against Internet users are occurring with such frequency, that the situation can be called nothing short of “alarming”.

Yet, the majority of typical users, that I meet, are unaware of the very real dangers that spam emails hold for their safety, security and identity protection. Email scams, for example, are only one of the many dangers that email users face on a daily basis.

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational email topics.

Recently, spam CNN sensational news alerts seem to be one of the methods cyber-crooks have selected to capture users’ attention, rather than emails offering pharmaceuticals, expensive watches, or other knockoff products.

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system, your money and your identity:

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on the computer
• Install a personal firewall on the computer
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
• Ensure the anti-virus software scans all e-mail attachments
• Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected