Staying out of trouble on the Internet is quite difficult these days. There are several ways through which we can fall a victim on the web. One source is phishing. Cyber criminals install fake websites where they want us to provide important pieces of information like user ID, password and credit card number. Another source of trouble is computer viruses. There are much more viruses targeting Windows users than targeting Mac users. By the way, if you aren't sure if your terminal is infected with computer viruses, a good way of removing them is simply to reinstall OS. It's also a good idea to reinstall OS periodically, which we do. Another source of trouble is just ordinary websites where cyber criminals install malicious codes and files to redirect Internet users to undesirable destinations. So what do we do if a computer is infected with a virus. Just disinfect it or reinstall OS? Or what if we provide personal information by mistake? Actually, we are not going to talk about what we should do after something happens this time. Rather, we want to talk about what we should do so as not to become a victim of exploitation through or on the Internet.
1. Using status bar: It's just a simple measure, but the status bar is now essential when we use a web browser. If you use Firefox, you can open a status bar by choosing Status Bar under View (See Screenshot 01.) Using the status bar, you want to check the actual destination before clicking on a hyperlink. (See Screenshot 02.) For example, Screenshot 03 shows a spam comment in moderation. It looks as if the destination were the porn website at pics.hqtube.com. But the status bar says otherwise.
By the way, there are several subjects that you want to avoid when clicking on a link found on a website. Such subjects include porn, game, loan, debt, free software and so forth.
2. Avoid free hosting websites: You should be cautious when you visit a free hosting website. That's simply because cyber criminals exploit free services to install fake websites. Relatively small hosting websites that cyber criminal currently use include those found at freeweb7.com, bravenet.com, t35.com and 10gbfreehost.com. t35.com is the worst of any kind because the webmaster invites spammers to install websites so that he or she can make more ad revenue. Large free hosting websites aren't exceptions. One bad label is Google-owned Blogspot. Cyber criminals created hundreds of websites at Blogspot last year through january or February, 2008. (REF: Why Blogger Keeps Being Exploited for Porn Spam, More Porn Websites Found at Google-Owned Blogspot and Tutorial for Dummies: How to Subscribe to Blogspot Porn Lists). Another bad label is Tripod/Lycos. A cyber criminal posted a spam comment at Apple Discussion to lure Mac users into a virus-waiting website hosted at Tripod in May, 2007. (REF: Apple Discussions Exploited for Porn and Virus)
3. Avoiding free products, freeware, shareware: Is freeware better than shareware because it's free? Nope. Freeware is generally bad. Yes, there are many good freeware titles like VideoLAN's VLC Media Player. Before accepting freeware, you may want to ask 'Why is it free?' A common tactic that the cyber criminal group behind Antivirus 2008 sells their malware is infect Internet users with computer viruses, right? So be careful when you accept installers.
4. Being cautious of e-mail messages from banks, eBay, PayPal...: Cyber criminals want your money. So they hopefully want to exploit those who have money. For them, PayPal users, eBay users and bank clients are good targets. Screenshot 04-5 show examples of phishing e-mail messages. A crucial point is that they always urge the mail recipient to go to a website and login his/her account. A sentence used in one phishing message says "If you will not activate new security system within one week we will have to temporarily lock your account until your personality will be indetified." A setence used in the other phishing message says "For your security, we have temporarily suspended your account."
Basically, all you have to do to tell if the message is genuine is to see
The phishing message usually gives a clear link that says 'Click here to login' or similar where the true destination link is a totally different website. They often use hacked websites to host phishing content. And you need to see the source code of the message to see if sender's e-mail address is valid.
5. Avoiding .INFO and .CN domains: Many websites with .INFO and .CN domains are ones that we should avoid visiting. Cyber criminals use .INFO domains only because those domains are cheap. There were so many spam domains throughout 2007 because some of major domain registrars were selling them cheap. ESTDOMAINS and others were selling one .INFO/.ORG domain for just a dollar or two last year. They did so because ICANN wanted to shift some domain registrants from crowded .COM and .NET domains. Nowadays, many scam and virus-distributing websites are hosted with .CN domains. That's because there are many career cyber criminals in China. That's also because they prefer to register domains through Chinese companies so that non-Chinese people cannot contact them.
6. Avoid webpages with no security layer and/or fake labels: One way of telling whether or not an online store is legitimate is if
If a website in questions fails to pass any one of the 4 criteria, simply don't buy anything. Screenshot 08 shows an example of an online pharmacy store where the checkpage doesn't have a security layer. That means personal information will not be encrypted when you send a form. (REF: Fake Online Pharmacy Store at PILLS-DEALS.COM with a Chinese Connection?) Screenshot 09 shows an example of a checkout page where fake certificate labels are used. (REF: Viagra USA Online at WWW.VIAGRAUSAONLINE.COM: Guilty As Charged)
So why do we want to avoid illegitimate online stores? Such websites are most likely to exist so that cyber criminals can collect personal information. They probably have no intention of delivering your order. That's often the case with fake online pharmacy stores. (Click here for a testimony.) If the office location of the company running an online store is shown as
96 Mowat Ave
Then should we avoid or accept it? Avoid it, right?
7. Avoiding unattended websites: In fact, many exploited websites are unattended by administrators. We've tried to contact the webmasters of many exploited websites. Many of them don't even check e-mail messages. Some of them don't even have contact information shown at their websites. Cyber criminals want to exploit unattended websites with low traffic so that ill codes and files won't be deleted. The websites of colleges and universities are good targets because they usually don't have anyone monitoring site traffic. We tried to contact a lot of colleges and universities about their ongoing exploited websites. Only a few of them bothered to write back. The personal websites of graduate students and professors are all good targets because they can be quite busy after the mid-term. People only get excited at the beginning. After a while, they won't go back to their websites.
8. Using traffic monitoring software: There are commercial applications and shareware titles that you can use to monitor outgoing traffic. For Mac OS, there are software titles like Intego's NetBarrier X, Objective Development's Little Snitch, Symantec's Norton Internet Security. We have never used Norton Internet Security. What we currently use is Little Snitch. When you install a new application and launch it, Little Snitch may launch itself and ask you how you want to deal with the application. That's what happens if this new application is trying to access a server outside. For example, if I try to use an application called Network Utiltiy, Little Snitch pops up and asks me if I want to let it access the Internet once or for good. (See Screenshot 10.) Whatever I decide, my setting will be recorded as a definition. Later on, I can launch Little Snitch and change a definition for a particular application (See Screenshot 11) or simply delete it by pressing the delete key. Using a connection monitoring application like Little Snitch, you can prevent unknow applications from sending data out. Unfortunately, we don't know what's available for Windows or Linux. Sorry.
9. Checking domain registration: There are a lot of fake online stores that are installed to scam you. One of such websites was hosted at the domain of declkams.com. (See Screenshot 12.) Website content has been removed for now. This website was used to host a fake online pharmacy store with an infamous label of Canadian Healthcare. We know it's fake because its checkout page contains illegitimate certificate labels. (REF: Connection Between King Replica Scam and Canadian HealthCare Scam) Another way of making sure that it's a safe place to shop online is to see its domain registration. For example, let's see what the domain registration of declkams.com looks/looked like. Registrant's address is shown as
chong qin shi shi qiao pu hua yu shang wu lou 27 hao lou 197
The street address is something that is not used on this planet. Obviously, it's a fake address. And you definitely want to avoid purchasing anything from an online store whose domain registration contains apparent fake information.
|
