Kim Komando hosts the nation’s largest talk radio show about computers and the Internet. To get the podcast or find the station nearest you, visit www.komando.com/listen. To subscribe to Kim’s free e-mail newsletters, sign up at www.komando.com/newsletters. Contact her at gnstech@gannett.com.
http://www.usatoday.com/tech/columnist/kimkomando/2010-01-28-online-crooks_N.htm?csp=usat.me
Criminals are getting smarter and smarter. So, these days, it isn’t enough to just run security software on your computer. You need to keep up with the criminals’ latest tricks. Here are six threats to your security and tips for protecting yourself.
Flash drives
Flash or thumb drives provide an easy way to infect machines with malware. It’s no surprise that criminals are using them, particularly to target companies.
TECH TIPS: Ask Kim
Criminals use a flash drive with a company’s logo. They load it with malware and drop it in the company’s parking lot. An unsuspecting employee picks up the drive and connects it to his or her computer. What happens next is the scary part. Criminals gain access to the company’s network — and trade secrets.
Never use a flash drive that you find. If you find one at your company, alert the IT department. It can find the rightful owner or destroy the drive.
Facebook ‘friends’
Everyone seems to be on Facebook. It can be exciting to find new Facebook contacts. But pay close attention to who you grant access to your profile.
If you use your account for business, it can be a gold mine for competitors. You may unknowingly post information about projects that would benefit competitors. Even your contact list says a lot. It can give hints about an upcoming merger or partnership. It can also give criminals inroads at other companies.
That’s not the only danger. Information you post can be used for targeted phishing attacks. A criminal can post a link to a malicious site. It could be a phishing site or a site that installs malware.
Limit what others see and be careful about your posts. You may also prevent others from posting to your wall. Above all, be vigilant.
Clickjacking
Clicking on malicious links is known as clickjacking. It can happen anywhere online. Most notably, it threatens Facebook and Twitter users. A victim is lured to a malicious page. The victim’s profile page is opened behind the malicious page. The victim has no idea any of this is happening.
In the case of Facebook, clicking on the malicious page causes the victim to sign in to Facebook. The victim could then perform actions that compromise the Facebook account. Or, victims might be tricked into turning on webcams and microphones. They might even delete their Facebook accounts.
There is no certain way to protect against clickjacking. Your best bet is to watch for suspicious links or sites. Be alert.
Smart phone apps
Smart phone apps are hot. Criminals are looking to them to get your information. Apple checks apps before offering them to users. But other app stores may be less thorough.
For example, one developer recently offered banking apps for Android phones. The developer had no ties to the banks. The apps may have been password-stealing tools.
Although it’s less likely, apps could also infect a phone with malware. Even seemingly legitimate apps pose risks. They may collect location information or access information stored on the phone.
Watch out for unknown developers when installing apps. Read the developer’s privacy statement to understand what is collected and how it’s used. And understand the app store’s approval process. Read reviews.
If it is a third-party app, contact the service to which it connects. Make sure the developer is an approved partner. If in doubt, skip the app.
E-mail messages
E-mail has long been a popular method of attack. And e-mail attacks are improving. Obviously, beware of attachments. If you’re not expecting an attachment, call the sender. Verify that it is legitimate.
Watch out for links in e-mail messages as well. These can take you to attack sites. Links to videos are particularly popular. You may be prompted to download something to display the video. You can bet it’s a Trojan.
Remember that e-cards can lead you to malicious sites. So can e-mail messages telling you to check out pictures of yourself. These malicious sites often use drive-by downloads, targeting holes in Windows. Keeping Windows updated will generally protect you from malicious downloads.
Criminals are also targeting their attacks. Malicious messages may be personalized with information about you.
Remember that it is surprisingly easy to find someone’s e-mail address. Business addresses may be gleaned from company websites or directories. Marketing companies sell targeted lists. And, you can find personal e-mail addresses via Intelius.
A spam filter should stop most of these messages. But never underestimate the importance of vigilance.
Porn dialers
Porn dialers are making a comeback on cellphones. The dialers are Trojans posing as videos, software or utilities.
They affect phones that run Java. Many are found on porn sites. Once installed, they send premium text messages or call premium numbers without your knowledge. You’re hit with a whopping bill. The criminals behind the Trojans share in the proceeds.
Be careful about downloading software. Don’t download anything from unknown or untrusted sources. You could also receive links to premium numbers via text message. Be careful when texting or calling numbers sent to your phone.
Now that you are aware of the dangers, one thing should be clear. When it’s all said and done, the responsibility of not falling for these scams is on your shoulders. Keep your guard up.
Kim Komando hosts the nation’s largest talk radio show about computers and the Internet. To get the podcast or find the station nearest you, visit www.komando.com/listen. To subscribe to Kim’s free e-mail newsletters, sign up at www.komando.com/newsletters. Contact her at gnstech@gannett.com.