Top 3 Products & Services
Dated: Aug. 13, 2004
Related CategoriesNetwork Security
The Internet is no doubt a useful place, but unfortunately it can also be quite dangerous. Just how do you know what is safe and what you should stay away from? This article gets right down to the point with some practical tips on avoiding a few tricks, so that you don't end up inconvenienced, annoyed, or devastated.
Fake Login Page
No doubt many people have come across this trick many times before.
Recently I've been receiving many e-mails from banks. The first e-mail I got happened to be the bank that I use for my personal and business banking, and then a few days later another e-mail came in from another bank - which I have no dealings with at all. Another few days, and an e-mail from another bank. Then they just kept coming! Each e-mail was telling me that in an effort to avoid account fraud, they are asking all users to click the link in the e-mail, and login to verify their username and password.
Seems ok, right? Nothing bad could happen there. Only that the e-mail is not sent from the bank. And the link? Well, that doesn't go to the bank's website. You'll see their logo, and even the exact same design and wording as the bank's website - but it's not their website.
The e-mail would have been sent to you by someone who wants your banking password. Or more specifically, wants your money. They have set up a site that mimics your bank's site, and when you enter your username and password to login, instead of logging you in it sends your username and password to the hacker. Either by e-mail or by storing it in a file on their web server, or any other technique they decided to use. Then all the hacker has to go is go to your bank's real website, enter your username and password, and he/she has access to your money!
If you didn't already know about this, then that has probably scared you. But don't worry; it can't happen to you if you don't let it. The single most superior way to ensure you don't get caught out here is to never follow a link from an e-mail where you may need to enter your username and password. And it's not just banks - it could be anything: your internet account, your personal website, or even your TechiWarehouse message board account.
If you must follow a link from an e-mail, then there are a few more things you can check:
Make sure that the link is going to the website you want to go to. Eg. if you want to go to the Commerce Bank website, but the link in your e-mail says http://188.8.131.52/login/, don't follow it.
There's another trick that I've seen recently - a link similar to http://email@example.com/login/. Looks legitimate doesn't it? It isn't. What's actually happening is you are visiting the same page as before, it's just disguised it by adding the address of the website you want to go to before the @ sign, which is usually used to log users on to a website. So, don't follow a link like this either. And look carefully, because sometimes these links even say http://www.commercebank.com @184.108.40.206/login/. With all the spaces, the tricksters are hoping it will go off the side of your screen - thus escaping your watchful eye.
And finally, don't forget that the link you click isn't necessarily the link you visit. It's quite easy in a webpage (and in an e-mail) to make a link that doesn't go where it looks like it will. Don't believe me? Try this link: http://www.google.com/. Where did it go?
So, after clicking the link, check again in your browser's address bar to make sure it is definitely the right place. If in doubt, don't enter any personal details. Close the window, and open another one to what you know is the correct address.
Downloading Software Without Your Permission
I've seen this alot recently. It's when a website decides they want their software running on your computer, and they don't want you to have a say. Most default security settings will make a website ask you for permission, but they do it in such a way that it is too easy to grant them their wishes.
Have you ever seen a box like this?
How easy is it to just click Yes? Doing so would cause the company's software to be automatically downloaded and installed on your computer, and who knows what it could be? It could easily be a virus, worm, or trojan.
The simple way to avoid this is - don't click Yes. If you do have to, check the name of the company listed. Make sure you totally trust that the software they provide to you is safe.
If a web user is hastily looking up a website to grab some information, and a warning like the above pops up, they could just assume that they need to click Yes to open the page. Then bingo, the software is installed.
Also make sure that everyone else that uses your computer is aware of this. I once came home and found that a utility had been installed on my computer that automatically updates the system time. Well, no problem with that. Except that this program was riddled with ads, and annoying popups. Lucky, uninstalling it was easy - all I had to do was go to Control Panel's Add/Remove Programs dialog. Obviously someone had got a popup for this program (I know because I've seen it before) and clicked Yes. In this case, it wasn't so bad - but what if it was? Make sure that everyone that uses your computer is aware of this.
Invalid Security Certificates
When you logon to your bank's website, to a shopping website to make a payment, or many other websites, you may see a small padlock icon at the bottom of your browser window. This means that the site you are viewing is safe and secure, and all information you exchange with it (eg. your credit card number) is encrypted so as to keep it from prying eyes.
However, many sites these days have invalid certificates. Note that an invalid certificate does not mean the site is insecure, just that it cannot be verified. So, it could be insecure. But it could be ok. However, it's always best to stay on the safe side - so only deal with a website if you totally trust them.
If the certificate is invalid, you should get a message like this:
From there, you have the option of continuing or cancelling the connection. Make your choice wisely.
Today you've learnt about a few techniques that can be used by malicious-intentioned people to disadvantage you on the Internet. You've been reminded that the Internet is an unsafe place, as well as a useful place. You've been equipped with a few tips on avoiding a few of the bad things that could happen to you. But remember, there is a lot more out there. Make sure you read up on many more security issues on the World Wide Web before you try anything you're not totally sure about. And finally - if in doubt, don't click Yes!
Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!