The Mossberg Report
You can’t turn around without reading scary stories about the dangers of the Internet — spyware, adware, viruses, spam. But the biggest trend to worry about is the combining of these nefarious tools for criminal purposes. Spam email used to be annoying; now it may lead you to phony web sites set up by identity thieves. Spyware and adware were once merely disreputable marketing tools; today they may be used to steal your passwords, account numbers and more. But you can stay safe online if you follow six simple rules.
1. If you have a Windows computer, you must obtain and install all of the following: a reputable antivirus program, a software firewall, a junk-mail filter and an antispyware program. Even if you own a Macintosh (Macs have been unaffected by most of these threats to date), you will still need to turn on your computer’s firewall and employ a junk-mail filter.
2. Upgrade to the latest versions of the leading Windows web browsers, Microsoft’s Internet Explorer 7 and Mozilla’s Firefox 2.0, both of which warn you when a web page you’re visiting appears to be phony. (The new Internet Explorer also has under-the-hood security improvements that close some of the holes plaguing older versions.) You might also consider add-on software, like McAfee’s SiteAdvisor or the new Norton Confidential, which warn about fraudulent sites and, in the case of Norton, also about malicious software on your PC. On a Mac, consider using Firefox 2.0 instead of Apple’s Safari, which, while very good and generally secure, lacks a fake-web-site detector.
3. Never respond to or click a link within any unsolicited email message from a financial institution — even your own — no matter how official it looks. Crooks have become skilled at mimicking logos and typefaces used by banks, brokers and payment services like PayPal. When you click on links within these fake emails, you’ll be taken to web pages that look like the companies’ official sites, even down to the address, but they’ll steal your log-in information. Be especially wary of email from a financial institution that asks for account information or says you must log in at a linked site to address a problem. You can phone the company to see if there really is an issue. Obviously, this caution doesn’t apply to some financial emails, such as confirmations of online stock trades you’ve just executed. But in general, you shouldn’t conduct financial transactions via email or links in email. Instead, go directly to the financial sites you use.
4. Similarly, never act on emails offering stock tips, miracle pills or the chance to earn money by storing millions from overseas in your bank account. Sounds obvious, but in the past these scams might have cost you a little money. Now they may be part of more-damaging identity-theft schemes. Treat such come-ons the way you’d treat a stranger in a bad neighborhood who made such promises.
5. Never, ever download software from a company or web site whose honesty or veracity you’re not sure of. If a site says you’ll need special software to use its features, don’t bite. Even if the software is well known and safe — like RealNetworks’ RealPlayer, Apple’s QuickTime or Adobe Flash — don’t get it from a link provided by a random web page. Instead, visit the Real, Apple or Adobe sites to download it manually.
6. Finally, never use security software offered to you via unsolicited email or a popup window, or that suddenly appears on your PC. Such programs are almost always scams and often install malicious spyware, adware and viruses rather than cleaning them up. In general, stick with leading security brands like Symantec, McAfee, Zone Labs and Webroot. Check the software in the reviews section of PC Magazine or the CNET web site. If it isn’t covered there, it’s probably untrustworthy.