This article, which appeared in PC World Magazine (March 2009), provides an informative overview of how to address related threats and provides some good tips on how to protect our privacy. The article is closely related to the ethical and privacy issues discussed in Chapter 4 of Laudon and Laudon. Real threats exist to web browser caches, ATM card skimmers, PC passwords, credit cards, social networks like Facebook. Users need to be cautious with cell phone e-mails and fake anti-malware offers. I like the article because it is closely related to my annual information technology awareness training. It offers some good information on what precautions should be taken to safeguard our home PC. There are 17 threats mentioned in the article, but I will summarize four tips that I think are the most intriguing. They are: (1) Browser Cache, (2) Card Skimmer Scams, (3) Discoverable Passwords, and (4) Fake Anti-Malware Offers.
(1) Browser Cache: One of the threats mentioned is that browser caches keep copies of text, images, and cookies from web pages that are visited. We are susceptible to being profiled based on our browser history. The problem can be fixed by instructing the IE to save its cache to an external drive rather than saving the cache to the hard drive. Another option is to use a software utility program to clean up the cache after searching the browser. The article mentions that Internet Explorer 8 will the first version of IE to secure a web browsing feature called "InPrivate".
(2) Card Skimmer Scams: A second threat is that consumers are susceptible to losing their credit card information to skimmers. Criminals can place a card skimmer device into an ATM at a small convenience store, a bank or gas station. The skimmer's internal memory can retrieve data from the card's magnetic strip while another skimmer can retrieve the ATM's keypad and records the PIN code. Once the data is retrieved, then the criminal can produce a new credit card to make bank withdrawals from the victim's account. The victim has no alternative, but to cancel the bank or credit card account. Identity theft is a difficult issue to resolve because of the time required to contact the credit card companies. The fix recommended is to gain familiarity with the appearance of card slots especially around outside ATM's or gas stations. If you notice an unfamiliar component surrounding the slot, then avoid using the ATM. Make the transaction inside the bank. I have not encountered this problem, but someone at my office told me that her credit card information was stolen after she pumped gas at a local gas station in Oxnard.
(3) Discoverable Passwords: Hackers can break into Yahoo mail accounts or other e-mails that are common to various browsers. Sometimes the passwords can be retrieved by hackers who work on finding out the online security question. If the answers to the security question are too simple, then the criminal might be able to convince the Web mail's service provider to give out the password. Actually, this happened to me at work. I forgot my password so I kept requesting the password from a government website. I forgot the security question, but eventually, I was able to retrieve the security question and the password.
The recommendation is to keep changing the password. There are password management utilities that can help prevent password retrievals. The user should answer the security question with a strong answer that hackers cannot retrieve. What is your favorite team? Just answer the question with something like $df89KDod.
(4) Fake Anti-Malware Offers: The article mentions that PC users can be easily tricked into providing their personal information to on-line scams that display window alert messages. The user might see some familiar product names like DriveCleaner, WinFixer, Antivirus 2009 appear as a warning that the computer is infected by a virus. Although the advirtisement might appear legitimate, the user may be tricked to enter a website a credit card is requred to purchase the DriveCleaner software. When the software is purchased and placed on the PC, the computer is never wiped clean because the program deactivates the Registry keys or corrupts the Windows software. The recommendation is to acquire an anti-malware program from a legitimate provider. Victims of such scams should contact the Federal Trade Commission to alleviate the problem of scamming.
I actually am familiar with the fake anti-malware offers. I was enticed to purchase two anti-virus programs that appeared after I was alerted that my PC acquired a virus. However, the programs never worked well and the advertisement kept appearing on my screen. Although I spent considerable effort to remove the program from my PC, I feel that the advertisement was in fact a virus that invaded my PC. Eventually, I removed it using legitimate program recommended by my supervisor. Luckily, this incident occurred on my home PC. I am more cautious about advertisements appearing out of the blue.
Reference: Andrew Brandt, "High-Risk Security Threats (And How to Fix Them)," PC World, March 2009, Vol. 27 Issue 3, p62-70.
Subscribe to:
Post Comments (Atom)
It's a very good article and more of similar need to be published to educate the public. Browsers have become one of the most important tools we use to interact with the world and both developers and users need to aware of their deficiencies not necessarily a technical loop hole that a malicious person can exploit but how the very thing works until at least these tools become “smarter”. IE's biggest technical deficiency is allowing to download programs (ActiveX) and allow it run to be part of the browser. They solved this in IE8 putting the ActiveX in a sandbox and limiting its reach, however a user can turn it off and no one can blame MSFT for that. Neither Safari nor Firefox allow such thing.
ReplyDelete