If you’re running a Windows computer, you must install an array of security software to fend off an international collection of crooks, hackers, vandals and sleazy business people.
You need a good antivirus program, a strong firewall program, an effective antispam program and a program that specializes in stopping spyware and adware. Or you could just buy an Apple Macintosh, which isn’t significantly affected by these threats, other than spam e-mail.
But the fastest-growing computer-security problem isn’t viruses or other traditional malicious programs, and it can’t be entirely defeated by using security software or by buying a Mac. It consists of tactics to fool users into giving up sensitive financial data that criminals can use to steal their money and even their identities.
Tactics include things such as “phishing,” the practice by which crooks create e-mails and Web sites that look like legitimate messages and sites from real banks and other financial companies. Phishing is closely linked to crimeware, a newly named category of malicious software that helps criminals steal private financial information.
Here are a few tips to help you avoid these schemes:
* Don’t trust e-mail from financial institutions. E-mail is so easily manipulated by crooks that you simply should never consider e-mail from a financial institution legitimate. Don’t click on any link it contains.
There is a very high chance it’s a skillful fraud, and that the link will take you to a clever fake Web site designed to capture passwords and account numbers.
* Never respond to unsolicited commercial e-mail, called spam, or even click on a link in an unsolicited commercial e-mail. In the old days, responding to spam just got you on more spam e-mail lists.
Besides, any company that has to resort to spam as a sales tool isn’t likely to have a very good product to offer. Would you buy a stock touted on the street by a complete stranger? If not, why would you buy one touted in a spam e-mail?
The only safe response to spam is to ignore it and delete it.
* Don’t download or use free software unless you’re sure it’s legitimate. Sites offering free cursors, for instance, can secretly install all sorts of bad stuff on your PC. This is especially true of free security software, which is sometimes just malicious software posing as a security program. If you suddenly see a security program pop up on your PC, don’t trust it.
There are many legitimate free programs, including some good free security programs, such as SpyBot or AVG Anti-Virus. But check them out before downloading. Look them up on the CNET or PC Magazine Web sites, which review most software. If they’re not covered there, assume they’re not legitimate.
Earlier, I said that buying Windows security software, or using a Macintosh, can’t automatically protect you from schemes. But they can help. An antispyware program can’t prevent you from entering sensitive information on a fake Web site, but it might block the installation and operation of spy software from that site. A Macintosh owner can foolishly give up his or her bank account number, but most malicious software that crooks try to install won’t work on a Mac.
And there are some new security programs aimed directly at the new scams. McAfee’s Site Advisor program can tell you whether a Web site seems bad. A new add-on for the Firefox Web browser, called Shazou, can tell you where a Web site’s server is located. If you think you’re on the Bank of America Web site, but Shazou tells you the server is in Russia, that’s a clue you’re being scammed. And Symantec is planning a new product this fall called Norton Confidential that will tell you if a Web site appears to be a fake. Also, forthcoming versions of Firefox and Microsoft’s Internet Explorer browser will have built-in warnings that sites may be fake.
The best defense, however, is to be smart and careful.
Walter Mossberg writes about personal technology in The Wall Street Journal.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.