Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 44 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
44
Dung lượng
2,88 MB
Nội dung
12 Protect Your Sensitive Data Online and on Your PC Identity thieves are using increasingly more sophisticated tools to steal information from your PC that will enable them to commit identity fraud types of crimes. From keystroke logging software to so-called social engineering attacks, ID thieves increasingly are turning to technology to steal the data they need to rip you off. Keep Private Information about Yourself to Yourself Almost everywhere you go on the web, you’re asked to tell the world about yourself. Newspaper web sites commonly ask their online readers to register with the site. You might participate in message board discussions, but as part of the signup process, the board may have asked for your birth date, what you do for a living, your annual income, your favorite hobbies, or any of a dozen other bits of information an identity thief could use against you. Instant messaging programs (which we covered in Chapter 10) also provide a venue for you to spill the beans to ID criminals in their “personal profiles” sections. When asked for sensitive data—your mother’s maiden name, your SSN, your birthday, where you live or work, your phone number, or any other personally identifiable information—don’t be a pushover. You can, and should, vigorously question anyone who asks you for this kind of very sensitive information. Even the social security administration advises people who are asked for their social security number to ask why it’s needed, what it’ll be used for, what happens if you refuse to turn it over, and what law requires that company to ask you for it. It’s not easy for some people to say no to these kinds of requests. In fact, when asked by the folks who run cash registers in stores, people give up details like their address so often that the clerks who ask for this kind of information are usually surprised when you just say no. Frankly, when this happens, I find the puzzled look on a cashier’s face hilarious. But if you find it irresistible to tell the world about every detail of your life, resist that urge; it’s going to get you in a lot of trouble in the long run. Except in very specific circumstances (such as when the store is going to deliver something to your house), no business needs to know that much about you. And if you’ve already posted some or all of this stuff online somewhere, it’s not too late to take it down. Delete your profile details today. Get that stuff off the Web! CHAPTER 12: Prevent Identity Theft and Protect Yourself 329 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 330 HowtoDoEverythingwithWindowsXPHome Networking Perform “Vanity Searches” and Unlist Yourself Ever Google yourself, just for fun? Sometimes you can find some pretty interesting stuff about yourself (see Figure 12-8). While it may seem cool at the time, there’s a catch: identity thieves can and do use this kind of information for nefarious purposes, too. Maybe your employer lists the company directory online, and that photo of you at a charity event that ended up in the local paper is cached somewhere, too. If you attend college or graduated since 1990, there might be a lot more information about you than you realize, including your social security number, your name, and FIGURE 12-8 Vanity searches typically turn up lots of odd results. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. CHAPTER 12: Prevent Identity Theft and Protect Yourself 331 12 a photograph. Some military officers’ promotion notices, for example, are published in the Federal Register—which is also mirrored to the Web—and include those officers’ social security numbers. It’s worth the effort to try to get the most damaging information taken offline. What kinds of things should you search for? Court records, especially those from civil courts, are increasingly published online. If you’ve sued someone, or if you’ve been sued, contact the courthouse to find out if their records are online. Buying real estate also puts your personal information in a public record that might be searchable from the Web. (See Figure 12-9.) FIGURE 12-9 For just $50, peopledata.com lets you run background checks. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Start by entering your vital details into search engines: your full name, street addresses where you’ve lived, your birth date and social security number, and your phone number. And don’t just Google this stuff (see Figure 12-10); look on Yahoo.com, Altavista.com, Alltheweb.com, lycos.com, metacrawler.com, and excite.com as well. Sites like anywho.com, whowhere.com, and whitepages.com specialize in searching for people, and peopledata.com lets you run complete background checks, for a fee of course, on yourself (or people with the same name). Combine searches of your name with the company you work for, or your e-mail address, home address, or work address. Most importantly, when you find sensitive personal information, contact the site and get them to take it down. Google’s own PhoneBook search tool lets you unlist yourself from the directory. Head to www.google.com/help/pbremoval.html to get yourself out of their white pages. 332 HowtoDoEverythingwithWindowsXPHome Networking FIGURE 12-10 Google’s PhoneBook Name Removal form takes your home address and phone number offline. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. CHAPTER 12: Prevent Identity Theft and Protect Yourself 333 12 Steer Clear of Phishing Scams Starting in 2003, some of the spam e-mail that flows into our inboxes began to take on sinister overtones. Our accounts were on the verge of being shut down, said the messages. Some of them included the official corporate logos of our banks, of the auction sites we visit most, of online payment services like PayPal. They warned you, you need to log into our site and “confirm” your account, lest it be closed for good. Thousands of people, fearing the loss of money, e-mail, or auctions-in-progress in online accounts, rushed to click the links in these messages, entered their usernames and passwords into official-looking pages on what they thought was the real web site. Then, blammo. Nothing happened. Or did it? In reality, those folks just handed their most sensitive information—logins and passwords to online banks, investment web sites, and payment services—right over to the identity thieves. This kind of scam, now given the unfortunate name of phishing, was so effective that the victims didn’t even know they’d been robbed for days or weeks, until one day, their accounts had been emptied, or the password changed. That was when the grim reality began to set in. They’d been swindled, suckered by a twenty-first century P.T. Barnum. But to sophisticated users, these forgeries were pretty obvious. Misspelled words dotted the windows. Graphics didn’t line up correctly with other elements on the page. And if you hovered your mouse pointer over the links in the messages, the URLs just didn’t look right. In the beginning, you could spot one of these scams a mile off, if you knew what to look for. Then the crooks behind the phishing scams began to get wise. They corrected the obvious dumb grammar and spelling mistakes. They cleaned up the graphics. And most deviously, they exploited weaknesses in how Outlook Express or Internet Explorer displays a URL on a page, to obscure the real URL where the link in the e-mail message would take you. Thousands more got scammed. What toDo If You Get a Phishing E-Mail According to the Anti-Phishing Working Group (www.antiphishing.org, see Figure 12-11), phishing attacks are growing exponentially and getting more sophisticated. There are a few basic rules you can follow to avoid getting suckered by a phishing expedition. For one thing, your bank won’t ever close your online account simply because you haven’t logged in for a while, so don’t believe any e-mail that warns about this kind of outcome. Banks, payment services, and auction sites never need you to e-mail them your passwords—they run the site, after all, so they know them already! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 334 HowtoDoEverythingwithWindowsXPHome Networking If you think, even for a moment, that a message might be legit, don’t click the link in the message. Instead, open your browser and type in each letter of your bank’s (or payment service’s, or credit card company’s) URL yourself, and hit the ENTER key. Look for their secure login page, which will have a URL that begins with “https://” (look for the extra s, instead of the “http://” you’re used to), and use that link. Spread the word to your more gullible (or less net-savvy) friends and family about phishing scams. If you’re reading this book, you’re duty-bound to make sure the people you care about don’t fall for this kind of stuff. And the Anti-Phishing Working Group wants copies of any phishing e-mail you get. For details and instructions about howto send the messages, click the Report Phishing link on their front page. Better Browsing with Alternatives One of the easiest ways you can avoid many of the pitfalls of modern web browsing is to use an alternative browser. Attacks against Internet Explorer, using rogue FIGURE 12-11 Phishing messages often share some characteristics. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. CHAPTER 12: Prevent Identity Theft and Protect Yourself 335 12 ActiveX controls or exploiting scripting vulnerabilities, are the most common ways bad guys get into your PC. Here are a few options you can choose from: ■ Netscape (http://find.pcworld.com/43476) Tied in with AOL’s broadband service, Netscape includes AIM and a streaming music service, Radio@Netscape (see Figure 12-12). Netscape’s mail application features a Palm Sync function for owners of that PDA, and both the mail client and browser claim to be able to easily import your settings from other browsers. FIGURE 12-12 Netscape is the senior graphical web browser. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. ■ Mozilla (www.mozilla.org) This is the core of the Netscape browser, without the AOL additions (see Figure 12-13). Tabbed browsing lets you keep many pages open at once, and a built-in pop-up blocker prevents unsightly ad exposure. The mail client provides only rudimentary spam filtering. ■ Opera (www.opera.com) Opera shares many of Mozilla’s features and includes a spam-filtering mail reader, an IRC client, and an RSS reading application (see Figure 12-14). The one downside: Opera’s free version is ad-supported and displays a banner ad, embedded in its window, at all times. However, its paid version is ad-free. 336 HowtoDoEverythingwithWindowsXPHome Networking FIGURE 12-13 Mozilla extracts all the best of Netscape’s features and engine. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. CHAPTER 12: Prevent Identity Theft and Protect Yourself 337 12 ■ Firefox (www.mozilla.org/products/firefox/) Mozilla’s younger cousin is speedy and slick (see Figure 12-15). Downloads all go to the desktop automatically to reduce the number of dialog boxes you encounter. At 4.7MB, it’s one of the slimmest browsers anywhere. Like the others, it has its own pop-up blocker, and its UI is fully customizable, with a substantial theme library. ■ Lynx (http://find.pcworld.com/44394) For the ultimate experience in retro–web browsing, you have to try Lynx, the original text-based web browser (see Figure 12-16). Web pages display in an 80 × 32 command- line window, and you use arrow keys to move your selection from link to link. The SPACEBAR turns the page. It’s got no pop-ups, but also no graphics to speak of. FIGURE 12-14 Opera’s settings are always within easy reach. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 338 HowtoDoEverythingwithWindowsXPHome Networking FIGURE 12-15 Firefox is made for speed. FIGURE 12-16 Lynx, the first text-only web browser, brightens up DOS. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... address for, 202 Windows Firewall configuring, 119–121 enabling logging in, 122–123 overview of, 118–119 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark 351 352 How to Do Everything with WindowsXP Home Networking Windows Update accessing with Internet Explorer, 175 advisory about web site for, 176 features of, 116 functionality of, 175 updating systems with, 176–179 web... PhoneBook, removing contact information with, 332 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark 343 344 How to Do EverythingwithWindowsXPHome Networking H hacker terminology, origin of, 112 hackers blocking with third-party Internet firewalls, 132–135 blocking withWindows Firewall, 118–123 harassment or stalking online, getting help with, 291–292 hard drives, protecting... PIN Store Passwords Using WindowsXP is a password, as is the string of text you have to You need look no further than WindowsXP itself if enter to log into your PC, read an online news story, you want a bare-bones, simplistic password keeper view your e-mail messages, pay bills at your bank’s While Windows won’t help you come up with hard- web site, or even add movies to your Netflix queue to- guess... Companies www.verypdf.com to remove this watermark purchase PDF Split-Merge on Click here for terms of use 340 HowtoDoEverythingwithWindowsXPHome Networking antivirus applications (cont.) rating, 202 removing, 204 selecting appropriate features of, 202–203 stopping viruses with, 128–129 trial versions of, 203–206 antivirus suites, features of, 203 AOL (America Online) protecting with antivirus... of, 112 credit card checks, identity-theft concerns related to, 321 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark 341 342 How to Do EverythingwithWindowsXPHome Networking credit cards protecting from identity theft, 317 protecting online, 307–309 credit reporting bureaus examples of, 322 placing fraud alerts with, 327 prescreening performed by, 324 credit reports fraud... Split-Merge on www.verypdf.com to remove this watermark 345 346 How to Do EverythingwithWindowsXPHome Networking mIRC securing, 288–289, 291 stopping from launching browsers, 274 web address for, 273 MIT (Massachussetts Institute of Technology), relationship of hacker term to, 112 modems functionality of, 6 types of, 14–16 Monster.com site, features of, 312 Mozilla browser downloading, 271 features... N G D O T O Figure 2 H O W WindowsXP automatically enter your password for box will create an entry in this list of stored you at logon, so when you boot the PC it goes right usernames and passwords Thereafter, any time to the desktop For the sake of your PC’s security, you try to connect to the same computer, Windows don’t use this feature presents you with a dialog box with the username and password... remove this watermark 349 350 HowtoDoEverythingwithWindowsXPHome Networking stalking and threats, preventing in chat and IM, 291–292 stand-alone antivirus applications, features of, 203 staple guns, obtaining, 55 static addresses using with wired networks, 65–69 using with wireless networks, 95–98 streaming media, explanation of, 11 strippers, connecting cables with, 52–54 Super G, speed of,... to the trouble of then enter your password (into both fields at the top creating a password if you’re not going to use it of the screen) and a password hint into the bottom One feature in Tweak UI, a WindowsXP Power Toy field (as shown in Figure 2) (http://find.pcworld.com/44094) from Microsoft, lets 3 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark E V E R Y T H I N G Figure... See Windows Firewall Internet connections configuring and sharing in wired networks, 76–78 configuring and sharing in wireless networks, 92–94 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Index Internet Explorer accessing Windows Update with, 175 alternatives to, 131 downloading Office updates with, 185–190 Privacy settings in, 304 verifying security certificates with, . always within easy reach. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 338 How to Do Everything with Windows XP Home Networking. concerns related to, 321 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 342 How to Do Everything with Windows XP Home Networking