How to Use the Internet to Invest Wisely and Avoid Costly Mistakes
Securing Your Information
The Internet serves as a powerful tool for investors. But hackers and identity thieves can wreak havoc on your personal finances unless you take steps to protect the security of your account numbers, passwords, and PINs. And investment opportunities that sound like no-brainers all too often turn out to be frauds.
OnGuard Online suggests these tips to help you invest wisely online:
Protect your personal information. It’s valuable. If you get an email or pop-up message asking for personal information, don't reply or click on the link in the message. Email is not a secure way to transmit personal information, and you don’t want to risk downloading a virus or piece of spyware that can log your key-strokes when you type in an account number, password, or PIN. The safest course of action is not to respond to requests for your personal or financial information. If you believe there may be a need for such information by a company with which you have an account, contact that company directly in a way you know to be genuine.
Don't access your online investment account until you have checked for indicators that the site is secure, like a key or closed padlock icon on the browser's status bar or a website URL that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some scammers have forged security icons.
Protect your passwords. Keep your passwords in a secure place, out of plain view, and avoid storing them on your computer. Don't share your passwords on the Internet, over email, or on the phone. Your Internet Service Provider (ISP) should never ask for your password. And if you access your accounts in a public place, be sure to position yourself so that no one can see your hands or your screen as you type your PIN or password.
In addition, hackers may try to figure out your passwords to gain access to your computer. You can make it tougher for them by:
* Using passwords that have at least eight characters and include numbers or symbols. The longer your password is, the tougher it is for a hacker to discover it.
* Avoiding common words: some hackers use programs that can try every word in the dictionary.
* Not using your personal information, your login name, or adjacent keys on the keyboard as passwords.
* Changing your passwords regularly (at a minimum, every 90 days).
* Not using the same password for each online account you access.
Use anti-virus and anti-spyware software, and a firewall, and keep them up-to-date. These programs are a must-have if you make financial transactions online. Look for anti-virus software that removes or quarantines viruses, and for anti-spyware software that can undo changes spyware makes to your system; check that both programs will update automatically. If your firewall was shipped in the "off" mode, be sure to turn it on and set it up properly. It’s also important to keep your operating system up-to-date with the latest security patches.
Use a Security Token (if available). Using a security token can make it even harder for an identity thief to access your online investment account. That's because these small number-generating devices offer a second layer of security — a one-time pass-code that typically changes every 30 or 60 seconds. These unpredictable pass-codes can frustrate identity thieves.
Use Extra Caution with Public Computers or Wireless Connections. Avoid using public or other shared computers to access your financial accounts online. If you do use one, when you finish a session, log off completely, delete your “temporary internet files,” and clear your Internet history.
Many cafes, hotels, airports, and other public establishments offer wireless networks for use by their customers. These “hot spots” are convenient, but they may not be secure. Ask the proprietor what security measures are in place. Regardless, if you have personal, financial, or other sensitive information on your computer, you may decide that accessing your online investment account — or any account, for that matter — through a public wireless connection isn't worth the security risk.
Log Out Completely. Closing or minimizing your browser or typing in a new web address when you're done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the "log out" button to terminate your online session. In addition, don't permit your browser to "remember" your username and password information. If this browser feature is active, anyone using your computer will have access to your investment account information.
Avoiding Investment Scams Online
To avoid Internet scams, OnGuard Online suggests the following:
* Independently Verify Claims. Never, ever, make an investment based solely on what you read in an online newsletter, bulletin board posting, or blog — especially if the investment involves a small, thinly-traded company that isn't well known. It's easy for a company or its promoters to make grandiose claims about new product developments, lucrative contracts, or the company's financial health. Before you invest, make sure you've independently verified those claims. Get started by turning to unbiased sources, such as the U.S. Securities and Exchange Commission (SEC), your state securities regulator, and securities industry self-regulatory organizations (including FINRA, Amex, and Nasdaq).
* Do Your Homework. Offers to sell securities must be registered with the SEC or eligible for an exemption — otherwise the offering is illegal. To see whether an investment is registered, check the SEC's EDGAR database and call your state securities regulator for more information about the company and the people promoting it. The fact that a company has registered its securities and files reports with the SEC doesn't guarantee the company will be a good investment. Likewise, the fact that a company hasn't registered and doesn't file reports doesn't mean the company is a fraud. But many investment frauds, including online scams, involve unregistered securities — so always investigate before you invest.
* Be Skeptical of Self-Provided References. Fraudsters will falsely assure you that an investment is properly registered with the appropriate agency and purport to give you the agency’s telephone number so that you can verify that “fact.” Sometimes they will give you the name of a real agency — other times they will fabricate one. But even if the agency does exist, the contact information they provide invariably will be false. Instead of speaking with a government official, you’ll reach the fraudsters or their colleagues — who will give the company, the promoter, or the transaction high marks.
* Thoroughly Check Out Promoters and Company Officials. Many fraudsters are repeat offenders. Whenever the SEC sues an individual or entity, the agency issues a "litigation release." Litigation releases going back to 1995 are available on the SEC’s website, www.sec.gov — simply run a search for the promoter, his or her company or newsletter, the company being touted, and its officers and directors. You also can check the licensing and disciplinary history of the person or entity promoting the opportunity by using FINRA ’s free BrokerCheck service or by calling your state securities regulator.
* Find Out Where the Stock Trades. Many small, thinly-traded companies cannot meet the listing requirements of a national exchange. The securities of these companies trade instead in the "over-the-counter" market and are quoted on OTC systems, such as the OTC Bulletin Board or the Pink Sheets. Stocks that trade in the OTC market generally are among the most risky and most susceptible to manipulation.
* Watch Out for High-Pressure Pitches. Beware of promoters who pressure you to buy before you have a chance to think about and fully investigate an investment opportunity. Don't fall for the line that you'll lose out on a "once-in-a-lifetime" chance to make big money if you don't act quickly. Remember: if an opportunity sounds too good to be true, it probably is.
* Consider the Source and Be Skeptical. Whenever someone you don't know offers you a hot stock tip, ask yourself: Why me? Why is this stranger giving me this tip? How might he or she benefit if I trade? Never forget that the person touting the stock may well be an insider of the company or a paid promoter who stands to profit handsomely if you trade.
Where to Turn for Help if You Run Into Problems Online
If you experience problems with your online investment account — or if you encounter an investment scam — please send your complaint in writing to the SEC using the agency’s Online Complaint Center. Include as many details as possible, including a summary of the problem and the names, addresses, telephone or fax numbers, and email addresses or websites of any person or firm involved. If you believe your personal information has been misused, file a report about your identity theft with the police, and also file a complaint with the Federal Trade Commission at www.ftc.gov/idtheft. For more information on investing wisely and avoiding costly mistakes, visit the Investor Information section of the SEC’s website at www.sec.gov/investor.shtml.
Thursday, September 13, 2007
Why protect wireless networks?
Wireless networks, which are sometimes known as Wi-Fi or 802.11 networks, let computers talk to one another using a radio link similar to cordless phones.
Like any radio transmission, anyone in range can pick up the signal or transmit on the same frequency. This means that wireless networks are at risk from:
* Eavesdropping – listening to the information as it is transmitted over the air. This means that information on the network must be encrypted
* Hacking – anyone in range can connect to the network. This means that the network must be restricted to known and trusted users and computers.
* Freeloading – where a wireless network is used to share a broadband internet connection, there is a risk that unauthorised users will use your connection without permission.
The problem is that most wireless network equipment, when it comes out of the box, is not protected against these threats in order to make it easy to set up. This means you have to configure the network yourself to make it secure.
How to protect a wireless network
Although the Wi-Fi standard defines things like encryption and access control, the way you set them up varies from manufacturer to manufacturer. This means that the advice will seem a little technical because it is only possible to say what you have to do, not how you do it. Consequently, you will need to refer to the documentation that came with your hardware to set these defences up.
* Use encryption. WPA2 is the best but is generally only available on the latest hardware. WPA-PSK is the next best and is available on most hardware. Failing either of these, for example if you are using older access points and network cards, use WEP.
* Use access points only rather than ad-hoc, peer-to-peer networks. Access points give more control.
* Make sure that every computer on the network has a desktop firewall (see Use a firewall).
* Use public access points with care (see Use public computers carefully).
* Switch off SSID broadcast. The SSID is the name of the wireless network.
* Choose an obscure SSID name. With SSID broadcast switched off, an obscure SSID will make it harder for a hacker to guess.
* Use a strong password to access the wireless access point (see Use strong passwords).
* If your access point allows it, restrict wireless access to the hours that you are likely to use it.
* Use MAC filtering. Each network card has a unique code called a MAC address. You can set access points to restrict access to certain, trusted MAC addresses. This will restrict people’s ability to freeload.
Like any radio transmission, anyone in range can pick up the signal or transmit on the same frequency. This means that wireless networks are at risk from:
* Eavesdropping – listening to the information as it is transmitted over the air. This means that information on the network must be encrypted
* Hacking – anyone in range can connect to the network. This means that the network must be restricted to known and trusted users and computers.
* Freeloading – where a wireless network is used to share a broadband internet connection, there is a risk that unauthorised users will use your connection without permission.
The problem is that most wireless network equipment, when it comes out of the box, is not protected against these threats in order to make it easy to set up. This means you have to configure the network yourself to make it secure.
How to protect a wireless network
Although the Wi-Fi standard defines things like encryption and access control, the way you set them up varies from manufacturer to manufacturer. This means that the advice will seem a little technical because it is only possible to say what you have to do, not how you do it. Consequently, you will need to refer to the documentation that came with your hardware to set these defences up.
* Use encryption. WPA2 is the best but is generally only available on the latest hardware. WPA-PSK is the next best and is available on most hardware. Failing either of these, for example if you are using older access points and network cards, use WEP.
* Use access points only rather than ad-hoc, peer-to-peer networks. Access points give more control.
* Make sure that every computer on the network has a desktop firewall (see Use a firewall).
* Use public access points with care (see Use public computers carefully).
* Switch off SSID broadcast. The SSID is the name of the wireless network.
* Choose an obscure SSID name. With SSID broadcast switched off, an obscure SSID will make it harder for a hacker to guess.
* Use a strong password to access the wireless access point (see Use strong passwords).
* If your access point allows it, restrict wireless access to the hours that you are likely to use it.
* Use MAC filtering. Each network card has a unique code called a MAC address. You can set access points to restrict access to certain, trusted MAC addresses. This will restrict people’s ability to freeload.
Safe use of Emails
Most of us cannot get by whether at work or socially without using emails on a daily basis. However, there are a great number of problems that can arise out of you using the email service if you do not understand the risks involved.
As discussed in some detail in the identity and privacy section there are a number of serious privacy, identity theft, scam, spam, etc, issues associated with emails. In this section we will not focus on those, but on the implications of using emails.
So lets get emails into prospective.
Emails are like postcards – everyone (who has access to the various system components) including the postman can read them as they travel to your inbox.
Emails can end up being stored for years on various mailservers, even though you may have deleted it from your inbox and or outbox (or any other place you store your emails). It is very hard to guarantee that a particular email has been properly deleted. Your employer may have a email retention policy that emails entering and leaving their system will be stored for X years regardless of whether the user actually deletes the email or not. Worse still due to various backup policies, most email servers are backed up on a daily basis just in case the hardware fails. However, those backups (typically on tapes) are held for long periods of time even years. Thus even if you have purge the email from your mailbox, your employer or Internet Service Provider may still have multiple copies of it floating around.
Worse still the recipient who has received your email will have multiple copies for exactly the same reasons as stated above.
Once you have sent an email you lose control over it, i.e. what happens to it. The recipient can mass mail it out to lots of other people, choose to publish it on blogging website, etc.
The risks described above can be dramatically reduced if you use some of the following rules:
Email Rule A
Never put in an email what you would be a shamed of or embarrassed by or could cause you other problems if that email was make public to the world!
This is heavy statement to make and sometimes quite hard to follow – but you must follow it. Pause for a moment and think about what you have sent in your emails over the last few days. If you are a business person or an employee, the ramifications are probably even worse. Most businesses have strict rules about what can and cannot be sent by email. Some businesses even enforce email encryption. Make yourself familiar with the email policy / rules at your place of work.
Furthermore, DO NOT under any circumstance include your bank account, credit card or PIN details – this information is very dangerous to you, especially if criminals get hold of it.
Email Rule B
If possible, use strong email encryption for sensitive information (assuming the law allows this in country where you live and work and where the recipient lives and works).
By the way..... wanting privacy is a basic human right and human need if we are to function correctly as a society. However, in recent years a number of governments are trying to adopt various measures which erode this basic right. It is a difficult balance trying to protect the population from terrorist attacks vs the eroding of human rights (whether they are explicit or implicit). Arguments used can be summarized as follows: “If you are doing nothing wrong ... then you have nothing to worry about” as they erode our privacy. To which a counter argument can be summarized as follows: “If I am doing nothing wrong then you have no need to spy on me.” Worse still the authorities may do something wrong with that information. Bruce Schneier has an excellent essay on this very topic see "The Value Of Privacy ".
Bruce Schneier is a recognised expert, author and commentator on the subject of security.
You may be required by national laws (depending which country you live in) to provide the plain text and or decryption keys to your emails if requested by a suitable person, e.g. judge or some authorised official. Using encryption in some countries is banned and may attract unwanted attention from the authorities. Thus think carefully before you use it, why you want to use it. Is the information you are sending in an email worthy of encryption. On balance using encryption is worthwhile (assuming it is allowed by the laws where you live and work).
How do you use strong encryption to protect your emails? If you are in business, you will probably want to automate the process and you will end up buying a commercial package to do so. As a private individual there a number software packages that you can use, some of which are free for personal use. Check the licences carefully. Also some packages are easier to use and integrate much more easily with your email client.
Have a look at the following, most of these are available for all operating system types include Microsoft Windows, Mac OS, Linux, etc.
* PGP (Pretty Good Privacy) - a good reputable encryption and security package.
* GnuPG – Free open source implementation of the pgp standard. (www.gnupg.org).
As with all things you must invest some time to read the documentation carefully and learn how to use these tools. Also learn what the limitations are. Some of the main limitations of all these tools is that even though the email itself is encrypted in transit the email will remain in plain text on your machine and on the recipient's machine. Furthermore, once the recipient has decrypted it you have totally lost control of what they can do with that email – i..e they may choose to forward it with encrypting it.
Email Rule C
Check and then re-check the “To” address field before you send the email. It is so easy to send the emails to the wrong people – which could end up with significant ramifications for you. However, if you had followed Email Rule A the damage could possibly limited in some small way. E.g. if you are sending out your job application and CV to a prospective employer and you send it to your present employer by mistake. There are many worse examples than this.
Check and then recheck the content of the email to determine if it breaks Email Rule A!
Note: Even if you think you have deleted something from your computer, e.g. an email it still may be present. Assuming your emails are stored on your computer, the email package will typically mark the email as deleted but will not actually delete it until some you run the “compact folders” option in the email client. Worse still, it is still possible using tools from the Internet to recover deleted from your computer (assuming you have emptied the recycle bin), by examining the hard disk at a very technical level.
As discussed in some detail in the identity and privacy section there are a number of serious privacy, identity theft, scam, spam, etc, issues associated with emails. In this section we will not focus on those, but on the implications of using emails.
So lets get emails into prospective.
Emails are like postcards – everyone (who has access to the various system components) including the postman can read them as they travel to your inbox.
Emails can end up being stored for years on various mailservers, even though you may have deleted it from your inbox and or outbox (or any other place you store your emails). It is very hard to guarantee that a particular email has been properly deleted. Your employer may have a email retention policy that emails entering and leaving their system will be stored for X years regardless of whether the user actually deletes the email or not. Worse still due to various backup policies, most email servers are backed up on a daily basis just in case the hardware fails. However, those backups (typically on tapes) are held for long periods of time even years. Thus even if you have purge the email from your mailbox, your employer or Internet Service Provider may still have multiple copies of it floating around.
Worse still the recipient who has received your email will have multiple copies for exactly the same reasons as stated above.
Once you have sent an email you lose control over it, i.e. what happens to it. The recipient can mass mail it out to lots of other people, choose to publish it on blogging website, etc.
The risks described above can be dramatically reduced if you use some of the following rules:
Email Rule A
Never put in an email what you would be a shamed of or embarrassed by or could cause you other problems if that email was make public to the world!
This is heavy statement to make and sometimes quite hard to follow – but you must follow it. Pause for a moment and think about what you have sent in your emails over the last few days. If you are a business person or an employee, the ramifications are probably even worse. Most businesses have strict rules about what can and cannot be sent by email. Some businesses even enforce email encryption. Make yourself familiar with the email policy / rules at your place of work.
Furthermore, DO NOT under any circumstance include your bank account, credit card or PIN details – this information is very dangerous to you, especially if criminals get hold of it.
Email Rule B
If possible, use strong email encryption for sensitive information (assuming the law allows this in country where you live and work and where the recipient lives and works).
By the way..... wanting privacy is a basic human right and human need if we are to function correctly as a society. However, in recent years a number of governments are trying to adopt various measures which erode this basic right. It is a difficult balance trying to protect the population from terrorist attacks vs the eroding of human rights (whether they are explicit or implicit). Arguments used can be summarized as follows: “If you are doing nothing wrong ... then you have nothing to worry about” as they erode our privacy. To which a counter argument can be summarized as follows: “If I am doing nothing wrong then you have no need to spy on me.” Worse still the authorities may do something wrong with that information. Bruce Schneier has an excellent essay on this very topic see "The Value Of Privacy ".
Bruce Schneier is a recognised expert, author and commentator on the subject of security.
You may be required by national laws (depending which country you live in) to provide the plain text and or decryption keys to your emails if requested by a suitable person, e.g. judge or some authorised official. Using encryption in some countries is banned and may attract unwanted attention from the authorities. Thus think carefully before you use it, why you want to use it. Is the information you are sending in an email worthy of encryption. On balance using encryption is worthwhile (assuming it is allowed by the laws where you live and work).
How do you use strong encryption to protect your emails? If you are in business, you will probably want to automate the process and you will end up buying a commercial package to do so. As a private individual there a number software packages that you can use, some of which are free for personal use. Check the licences carefully. Also some packages are easier to use and integrate much more easily with your email client.
Have a look at the following, most of these are available for all operating system types include Microsoft Windows, Mac OS, Linux, etc.
* PGP (Pretty Good Privacy) - a good reputable encryption and security package.
* GnuPG – Free open source implementation of the pgp standard. (www.gnupg.org).
As with all things you must invest some time to read the documentation carefully and learn how to use these tools. Also learn what the limitations are. Some of the main limitations of all these tools is that even though the email itself is encrypted in transit the email will remain in plain text on your machine and on the recipient's machine. Furthermore, once the recipient has decrypted it you have totally lost control of what they can do with that email – i..e they may choose to forward it with encrypting it.
Email Rule C
Check and then re-check the “To” address field before you send the email. It is so easy to send the emails to the wrong people – which could end up with significant ramifications for you. However, if you had followed Email Rule A the damage could possibly limited in some small way. E.g. if you are sending out your job application and CV to a prospective employer and you send it to your present employer by mistake. There are many worse examples than this.
Check and then recheck the content of the email to determine if it breaks Email Rule A!
Note: Even if you think you have deleted something from your computer, e.g. an email it still may be present. Assuming your emails are stored on your computer, the email package will typically mark the email as deleted but will not actually delete it until some you run the “compact folders” option in the email client. Worse still, it is still possible using tools from the Internet to recover deleted from your computer (assuming you have emptied the recycle bin), by examining the hard disk at a very technical level.
To lower your risk of spyware infections
* Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads.
* Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
* Download free software only from sites you know and trust. Enticing free software downloads frequently bundle other software, including spyware.
* Don't click on links inside pop-up windows.
* Don't click on links in spam that claim to offer anti-spyware software; you may unintentionally be installing spyware.
Just when you thought you were Web savvy, one more privacy, security, and functionality issue crops up — spyware. Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to identity theft.
Many experienced Web users have learned how to recognize spyware, avoid it, and delete it. According to OnGuard Online, all computer users should get wise to the signs that spyware has been installed on their machines, and then take the appropriate steps to delete it.
The clues that spyware is on a computer include:
* Barrage of pop-up ads
* Hijacked browser — that is, a browser that takes you to sites other than those you type into the address box
* A sudden or repeated change in your computer's Internet home page
* New and unexpected toolbars
* New and unexpected icons on the system tray at the bottom of your computer screen
* Keys that don't work (for example, the "Tab" key that might not work when you try to move to the next field in a Web form)
* Random error messages
* Sluggish or downright slow performance when opening programs or saving files
The good news is that consumers can take steps to lower their risk of spyware infections. Indeed, OnGuard Online suggests that you:
Update your operating system and Web browser software. Your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that spyware could exploit.
Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle other software, including spyware.
Don't install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.
Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the "Medium" setting for Internet Explorer. Keep your browser updated.
Don't click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the "X" icon in the title bar.
Don't click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.
Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.
If you think your computer might have spyware on it, experts advise that you take three steps: Get an anti-spyware program from a vendor you know and trust. Set it to scan on a regular basis — at least once a week — and every time you start your computer, if possible. And, delete any software programs the anti-spyware program detects that you don't want on your computer.
* Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
* Download free software only from sites you know and trust. Enticing free software downloads frequently bundle other software, including spyware.
* Don't click on links inside pop-up windows.
* Don't click on links in spam that claim to offer anti-spyware software; you may unintentionally be installing spyware.
Just when you thought you were Web savvy, one more privacy, security, and functionality issue crops up — spyware. Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to identity theft.
Many experienced Web users have learned how to recognize spyware, avoid it, and delete it. According to OnGuard Online, all computer users should get wise to the signs that spyware has been installed on their machines, and then take the appropriate steps to delete it.
The clues that spyware is on a computer include:
* Barrage of pop-up ads
* Hijacked browser — that is, a browser that takes you to sites other than those you type into the address box
* A sudden or repeated change in your computer's Internet home page
* New and unexpected toolbars
* New and unexpected icons on the system tray at the bottom of your computer screen
* Keys that don't work (for example, the "Tab" key that might not work when you try to move to the next field in a Web form)
* Random error messages
* Sluggish or downright slow performance when opening programs or saving files
The good news is that consumers can take steps to lower their risk of spyware infections. Indeed, OnGuard Online suggests that you:
Update your operating system and Web browser software. Your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that spyware could exploit.
Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle other software, including spyware.
Don't install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.
Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the "Medium" setting for Internet Explorer. Keep your browser updated.
Don't click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the "X" icon in the title bar.
Don't click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.
Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.
If you think your computer might have spyware on it, experts advise that you take three steps: Get an anti-spyware program from a vendor you know and trust. Set it to scan on a regular basis — at least once a week — and every time you start your computer, if possible. And, delete any software programs the anti-spyware program detects that you don't want on your computer.
Use online auctions safely
Avoid scams, buy and sell with confidence
Online auctions match willing buyers with willing sellers and are one of the success stories of the internet. However, they are also a market opportunity for fraudsters if you aren’t careful and don’t follow the rules.
Risks
* You pay for something but it never arrives.
* You sell something but the buyer doesn't pay.
* You are conned into selling early or at a low price.
* Your auction identity is compromised and used fraudulently.
* You fall for one of the common scams like sending off a laptop before you get paid for it because you have been promised a price that's too good to be true.
* You inadvertently disclose personal information to crooks.
Know how the system works
* If you are new to online auctions, take the time to read the online guides provided by the auction company so you understand how the system works and what the rules are.
* Understand what the auction company can do (and won’t do) if something goes wrong.
* Use a login name for the auction site that is different from your email address.
* Use strong passwords.
* Update your contact information, including email address, if it changes.
Know your seller
* Pick good sellers.
* Get to know the seller. Look at their profile, their rating and transaction history.
* Be wary of sellers who have lots of negative feedback.
* Of course we are all newcomers to auctions at some point and most sellers with few ratings from other buyers are not bad guys, but be a little more cautious with them.
* If the seller is a business, check their real-world existence. If they provide a phone number or address, give them a call or pay a visit.
* Sellers outside the UK may be harder to chase if something goes wrong.
* Ask the sellers questions by email. Prompt, helpful replies are more encouraging than slow or rude responses.
* Be clear about shipping and delivery costs and methods of payment and if any surcharges are likely because of your method of payment.
Use your judgement
* Never give out your password to anyone.
* Be very wary about giving out personal information to sellers, especially your auction site password. You may need to give some personal information to a seller once you have won their auction, for example a delivery address, but remain conscious of the risks and don’t give more information than you need to.
* Be wary of phishing emails. These may appear to be from a trusted organisation but are really from criminals trying to lure you to a fake website to get your personal information (see Avoid fake websites).
* If you think your auction account has been compromised, take action immediately. Check the site’s online help files. See Undo identity theft.
* Always make sure you are using a secure internet connection to change or access your personal information. Look for ‘https’ at the beginning of the address and the padlock symbol (See Learn about secure web pages).
* Although many trusted organisations do send emails containing legitimate links (for example to websites that contain more information on a given subject), always be careful when clicking on them. It is better to enter your bank's address into your web broswer directly or use a bookmark that you created using the correct address.
* Check that communications between buyer and seller are not being blocked by spam filters by checking your spam folder regularly.
Avoid common scams
* Avoid fake websites.
* Be wary of emails or messages which might be attempts to get your personal information by pretending to come from the auction company itself. Auction companies will never send you emails asking you to disclose PIN numbers, passwords or other personal information or which link to a page that asks you for this kind of information. If you click on a link in an email that takes you to a page that requires a password or personal information, it is very likely to be a scam.
* Don’t fall for requests to close auctions early. The best bids usually come towards the end of the auction period.
* Make sure you have been paid before despatching goods.
* Use a reputable escrow service for high value transactions and consider using an electronic payment service such as PayPal, for routine payments (see Make payments online safely).
Online auctions match willing buyers with willing sellers and are one of the success stories of the internet. However, they are also a market opportunity for fraudsters if you aren’t careful and don’t follow the rules.
Risks
* You pay for something but it never arrives.
* You sell something but the buyer doesn't pay.
* You are conned into selling early or at a low price.
* Your auction identity is compromised and used fraudulently.
* You fall for one of the common scams like sending off a laptop before you get paid for it because you have been promised a price that's too good to be true.
* You inadvertently disclose personal information to crooks.
Know how the system works
* If you are new to online auctions, take the time to read the online guides provided by the auction company so you understand how the system works and what the rules are.
* Understand what the auction company can do (and won’t do) if something goes wrong.
* Use a login name for the auction site that is different from your email address.
* Use strong passwords.
* Update your contact information, including email address, if it changes.
Know your seller
* Pick good sellers.
* Get to know the seller. Look at their profile, their rating and transaction history.
* Be wary of sellers who have lots of negative feedback.
* Of course we are all newcomers to auctions at some point and most sellers with few ratings from other buyers are not bad guys, but be a little more cautious with them.
* If the seller is a business, check their real-world existence. If they provide a phone number or address, give them a call or pay a visit.
* Sellers outside the UK may be harder to chase if something goes wrong.
* Ask the sellers questions by email. Prompt, helpful replies are more encouraging than slow or rude responses.
* Be clear about shipping and delivery costs and methods of payment and if any surcharges are likely because of your method of payment.
Use your judgement
* Never give out your password to anyone.
* Be very wary about giving out personal information to sellers, especially your auction site password. You may need to give some personal information to a seller once you have won their auction, for example a delivery address, but remain conscious of the risks and don’t give more information than you need to.
* Be wary of phishing emails. These may appear to be from a trusted organisation but are really from criminals trying to lure you to a fake website to get your personal information (see Avoid fake websites).
* If you think your auction account has been compromised, take action immediately. Check the site’s online help files. See Undo identity theft.
* Always make sure you are using a secure internet connection to change or access your personal information. Look for ‘https’ at the beginning of the address and the padlock symbol (See Learn about secure web pages).
* Although many trusted organisations do send emails containing legitimate links (for example to websites that contain more information on a given subject), always be careful when clicking on them. It is better to enter your bank's address into your web broswer directly or use a bookmark that you created using the correct address.
* Check that communications between buyer and seller are not being blocked by spam filters by checking your spam folder regularly.
Avoid common scams
* Avoid fake websites.
* Be wary of emails or messages which might be attempts to get your personal information by pretending to come from the auction company itself. Auction companies will never send you emails asking you to disclose PIN numbers, passwords or other personal information or which link to a page that asks you for this kind of information. If you click on a link in an email that takes you to a page that requires a password or personal information, it is very likely to be a scam.
* Don’t fall for requests to close auctions early. The best bids usually come towards the end of the auction period.
* Make sure you have been paid before despatching goods.
* Use a reputable escrow service for high value transactions and consider using an electronic payment service such as PayPal, for routine payments (see Make payments online safely).
Shop online safely
How to pick trustworthy online retailers and avoid scams
Millions of people buy online every day without any problems. With a bit of commonsense and knowledge, you can avoid problems with ecommerce.
Risks
* Buying goods that aren’t delivered.
* Goods which don’t match the description.
* Delays and hassles with online purchases.
* Poor after-sales service.
* Misuse of your credit or debit card details.
Deal with reputable sellers
* Pick good sellers, especially when buying from private individuals.
* Look for evidence of a physical address and telephone contact details.
* Don’t judge a person or company solely by their web site.
* Be especially cautious when buying from overseas companies.
* Check sellers’ privacy policy and returns policy.
* Use an appropriate, safe means of online payment to get some protection against non-delivery (see Make payments online safely).
Use a secure website
* Make sure you use a secure web site to enter credit card information. Look for a padlock symbol in the bottom right of the browser window and for the website address to begin with ‘https://’ (see Learn about secure web pages). If you get a warning about a certificate be very cautious indeed. However, the padlock is not an absolute guarantee of safety and it says nothing about the business’s ethics.
* Click on the padlock to check that the seller is who they say they are and that their certificate is current and registered to the right address.
* Don’t be fooled by a padlock that appears on the web page itself. It’s easy for conmen to copy the image of a padlock. You need to look for one that is in the window frame of the browser itself.
Beware scams
* If a deal looks too good to be true, it probably is. Cross-check information on the internet and see if anyone else has had problems.
* Beware of work from home scams which promise easy profits but never pay.
* Buy from reputable companies.
* Be extremely wary of anything that is offered in an unsolicited or spam email.
Selling online
If you are a business selling online:
* Validate new customers and suppliers using published information (e.g. address or phone number).
* Obtain a credit status report before shipping goods on credit.
* E-commerce businesses are liable for any fraud on cards they accept (unless they are using 'Verified by Visa' or 'Mastercard Sercurecode'. These systems can help protect businesses from chargebacks that result from fraud).
* Using the Address Verification System (AVS) and Card Security Code (CSC) checking systems will significantly reduce the risks from e-commerce fraud.
* Authorisation does not guarantee payment and so businesses must do all checks to validate the customer and delivery address.
More information
*
Helpful tips from the BBC about buying online.
*
If you have been a victim of fraud when buying online, see Deal with ecommerce fraud for advice.
*
Card Watch.
* eBay's Safety Centre.
Millions of people buy online every day without any problems. With a bit of commonsense and knowledge, you can avoid problems with ecommerce.
Risks
* Buying goods that aren’t delivered.
* Goods which don’t match the description.
* Delays and hassles with online purchases.
* Poor after-sales service.
* Misuse of your credit or debit card details.
Deal with reputable sellers
* Pick good sellers, especially when buying from private individuals.
* Look for evidence of a physical address and telephone contact details.
* Don’t judge a person or company solely by their web site.
* Be especially cautious when buying from overseas companies.
* Check sellers’ privacy policy and returns policy.
* Use an appropriate, safe means of online payment to get some protection against non-delivery (see Make payments online safely).
Use a secure website
* Make sure you use a secure web site to enter credit card information. Look for a padlock symbol in the bottom right of the browser window and for the website address to begin with ‘https://’ (see Learn about secure web pages). If you get a warning about a certificate be very cautious indeed. However, the padlock is not an absolute guarantee of safety and it says nothing about the business’s ethics.
* Click on the padlock to check that the seller is who they say they are and that their certificate is current and registered to the right address.
* Don’t be fooled by a padlock that appears on the web page itself. It’s easy for conmen to copy the image of a padlock. You need to look for one that is in the window frame of the browser itself.
Beware scams
* If a deal looks too good to be true, it probably is. Cross-check information on the internet and see if anyone else has had problems.
* Beware of work from home scams which promise easy profits but never pay.
* Buy from reputable companies.
* Be extremely wary of anything that is offered in an unsolicited or spam email.
Selling online
If you are a business selling online:
* Validate new customers and suppliers using published information (e.g. address or phone number).
* Obtain a credit status report before shipping goods on credit.
* E-commerce businesses are liable for any fraud on cards they accept (unless they are using 'Verified by Visa' or 'Mastercard Sercurecode'. These systems can help protect businesses from chargebacks that result from fraud).
* Using the Address Verification System (AVS) and Card Security Code (CSC) checking systems will significantly reduce the risks from e-commerce fraud.
* Authorisation does not guarantee payment and so businesses must do all checks to validate the customer and delivery address.
More information
*
Helpful tips from the BBC about buying online.
*
If you have been a victim of fraud when buying online, see Deal with ecommerce fraud for advice.
*
Card Watch.
* eBay's Safety Centre.
Bank online safely
Avoid the risk of identity theft and protect your bank details
Banking online is very convenient but you have to protect your password and personal details so criminals can’t access your account in your name.
Risks
* Phishing, which means being tricked into disclosing your password and details to online criminals.
* Identity theft caused by viruses or spyware, giving criminals access to your bank account and other personal information stored on your computer.
Don’t be fooled by impostors
One of the biggest risks in banking online is identity theft. Fraudsters send out emails that look like they come from banks (or other trusted organisations) and which contain links to fake websites which also resemble the real thing. Phishing scams are like a fake cashpoint machine that looks like the real thing.
* Be wary of phishing emails. These may appear to be from your bank but are really from criminals trying to lure you to a fake website to get your personal information (see Avoid fake websites).
* Banks will never send you emails asking you to disclose PIN numbers, passwords or other personal information or which link to a page that asks you for this kind of information. If you click on a link in an email that takes you to a page that requires a password or personal information, it is very likely to be a scam.
* Always make sure you are using a secure internet connection to connect to your bank. Look for ‘https’ at the beginning of the address and the padlock symbol (See Learn about secure web pages).
* Although many trusted organisations do send emails containing legitimate links (for example to websites that contain more information on a given subject), always be careful when clicking on them. It is better to enter your bank's address into your web browser directly or use a bookmark that you created using the correct address.
* If you believe your details may have been compromised in some way, always contact the bank (See Undo identity theft).
Make sure your computer is secure
Because criminals can get your passwords and personal information using viruses or spyware, it is vital that your computer is as secure as possible. Follow the advice on this site, in particular:
* Install anti-virus software.
* Stop spyware.
* Use a firewall.
* Get the latest Windows updates.
Use common sense
* Learn your password and PIN. Destroy any written record as soon as you can.
* Don’t write down your password or PIN.
* Use different passwords for bank and credit card sites. Don't use the same password for every website.
* Use strong passwords.
* Be careful when using public computers to access your bank (see Use public computers carefully).
* Never give your personal security details, such as account number or PIN number, to someone you don't trust.
* Don’t fall for money-laundering scams. Be wary of any ‘business opportunity’ that involves receiving or holding money for strangers.
* A good source for further information, including information about known frauds, is your own bank's website.
Keep tabs on your money
* If you spot any unusual transactions in your statement, report them immediately.
Banking online is very convenient but you have to protect your password and personal details so criminals can’t access your account in your name.
Risks
* Phishing, which means being tricked into disclosing your password and details to online criminals.
* Identity theft caused by viruses or spyware, giving criminals access to your bank account and other personal information stored on your computer.
Don’t be fooled by impostors
One of the biggest risks in banking online is identity theft. Fraudsters send out emails that look like they come from banks (or other trusted organisations) and which contain links to fake websites which also resemble the real thing. Phishing scams are like a fake cashpoint machine that looks like the real thing.
* Be wary of phishing emails. These may appear to be from your bank but are really from criminals trying to lure you to a fake website to get your personal information (see Avoid fake websites).
* Banks will never send you emails asking you to disclose PIN numbers, passwords or other personal information or which link to a page that asks you for this kind of information. If you click on a link in an email that takes you to a page that requires a password or personal information, it is very likely to be a scam.
* Always make sure you are using a secure internet connection to connect to your bank. Look for ‘https’ at the beginning of the address and the padlock symbol (See Learn about secure web pages).
* Although many trusted organisations do send emails containing legitimate links (for example to websites that contain more information on a given subject), always be careful when clicking on them. It is better to enter your bank's address into your web browser directly or use a bookmark that you created using the correct address.
* If you believe your details may have been compromised in some way, always contact the bank (See Undo identity theft).
Make sure your computer is secure
Because criminals can get your passwords and personal information using viruses or spyware, it is vital that your computer is as secure as possible. Follow the advice on this site, in particular:
* Install anti-virus software.
* Stop spyware.
* Use a firewall.
* Get the latest Windows updates.
Use common sense
* Learn your password and PIN. Destroy any written record as soon as you can.
* Don’t write down your password or PIN.
* Use different passwords for bank and credit card sites. Don't use the same password for every website.
* Use strong passwords.
* Be careful when using public computers to access your bank (see Use public computers carefully).
* Never give your personal security details, such as account number or PIN number, to someone you don't trust.
* Don’t fall for money-laundering scams. Be wary of any ‘business opportunity’ that involves receiving or holding money for strangers.
* A good source for further information, including information about known frauds, is your own bank's website.
Keep tabs on your money
* If you spot any unusual transactions in your statement, report them immediately.
Subscribe to:
Posts (Atom)