taking care of your security
english deutsch français polski russian
Products
Purchase
Support
Partners
News
About

News

Home
Press releases
Security Teacher
Agnitum Directions
Agnitum Blog
Awards
Press Room
PR Contacts

Christmas Security Tips

Christmas is approaching fast, and online activities of all kinds are heating up. Shoppers are busy buying gifts and snapping up bargains, web merchants are busy clearing their stock at year-end discount prices, and entertainment sites are packed with glittering temptations. Web traffic is at an all-time high.

But because everyone’s minds are focused on having fun and spending money, (even) less thought than usual is being given to security issues. And that makes Christmas a great time to be a hacker. Right now, hackers are using this hectic time to take advantage of people whose minds are on anything but security.

In this final issue of Security Insight for 2006, here are some reminders to help you stay safe online this Christmas.

Tip # 1 – Beware of spam & phishing

We’ve already talked a lot about the risks from spam and phishing. These guys get even more creative and cunning at this time of year, in order to entice you into falling for their offers, so always be on your guard and apply extra caution when reviewing those ‘special offer’ emails.

Here are the main security risks from spam and phishing:

1. Infected file attachments

You may receive an email purporting to be from a friend or colleague that contains a dangerous file attachment incorporating a virus or other malicious program. Or, as often happens during the holiday season, you may get a greeting card, screensaver or a pack of smiley pictures to entertain you — you might not recognize the sender’s name, but it’s Christmas, so who cares, right? Wrong. Chances are the attachment includes something you really don’t want for Christmas.

Although most people now realize that they should not open attachments from unfamiliar sources, an email from a friend might cause you to be more trusting than usual. But stop and think for a moment. Might that friend’s computer have been infected with a Trojan that sends out emails to everyone in their contact list?

When you think about it, it makes sense to spend a few seconds scanning any attachment for spyware and viruses, even if you think it’s from someone you know. Healthy skepticism never did anyone any harm.

2. Drive-by malware downloads as a result of an exploit

Your computer can get infected with spyware, viruses or Trojans by just visiting a website that’s been exploited with malware — either accidentally or deliberately. Web servers hosting otherwise legitimate sites can also be compromised and forced by hackers to distribute malware to unsuspecting people’s computers. Such threats might include dozens of spam messages apparently containing nothing more dangerous than a link to a poisoned site, which will automatically infect your computer if you haven’t installed the latest browser and OS patches.

So make sure you always have the latest updates and patches installed (see http://www.agnitum.com/news/securityinsight/issues/november2006) — you can download them for free. And be suspicious of any links forwarded to you by someone you don’t know. Use a URL scanner before visiting any site you’ve not visited before, and raise the security settings in your browser to High to prevent the execution of ActiveX scripts, as these often carry infections.

3. Email client vulnerability exploits

Email clients can be subject to vulnerabilities that allow remote attackers to infiltrate PCs. Embedded scripts or virus-laden graphics can be sent out en masse, and such attacks can be very damaging if they’re not countered properly. To prevent this kind of attack, keep your email client up to date with the latest patches. If your email client comes as part of the operating system (such as Outlook Express), use the Windows Update site. If you use Outlook, go to Office Updates to get the latest updates. If you use an independent client like Opera or Thunderbird, check the vendor’s website for more information on how to keep your email secure and updated.

4. Phishing emails targeting your personal information

Phishing is a dangerous trend that should always be monitored. Mostly, preventing phishing is about being smart. Don’t respond to commercial solicitations that ask for sensitive data such as logon information, credit card verification, membership details and other obvious trickery. Remember, bona fide organizations will never approach you with such requests by email.

Tip # 2 – Be careful with online transactions

1. Encrypted data and security certificates

The information you send over the Internet when you’re paying for goods or services online is usually encrypted at your side and decrypted when it reaches the recipient in order to be undecipherable while it’s in transit. This way, hackers attempting to intercept the transaction session details by tapping into the connection channel will see only unreadable gibberish that they won’t be able to use.

Modern browsers can encrypt sensitive data on the fly when they send it over the Internet. You must be aware that sensitive information you enter on websites when you make purchases at other locations should always be transmitted in encrypted format.

Always look for the yellow padlock icon on the right of the address bar. The padlock icon and the HTTPS prefix in the address bar are indications that the site is secure. You can click on the padlock icon to see additional information about the site’s security certificate and authenticity.

2. Deal only with credible organizations

Naturally, you want to deal with trusted entities when your personal financial information is involved. It’s always a good idea to check out unfamiliar ecommerce sites before handing over any key personal information — you can investigate a site’s reputation using a simple Google search. Also, check the site’s registration properties (http://www.networksolutions.com/whois/index.jsp), and fully investigate security certificates and their issuing authorities.

3. Use your credit cards intelligently

When conducting financial transactions over the Internet, be sure to regularly check your credit card records. Report any discrepancies to the credit card issuing organization immediately. Of course, do not divulge your credit card details to anyone you don’t trust. Create a disclosure policy in your household that sets down rules for how much credit card information your kids can use. Outpost Firewall Pro lets you define a list of characters (such as a credit card number) that can be blocked from transmission over the Internet, preventing accidental disclosure.

Tip # 3 – Use common sense

Never open files downloaded from the Internet without first scanning them for viruses and spyware.

Install a firewall that will protect you from network attacks and illegitimate software.

Peer-to-peer networks can be replete with malware, so be careful when you exchange media files and remember that a lot of copyrighted materials may be in circulation there.

Instant Message-propagating viruses are becoming more and more common, so always take care when exchanging links and files over IM, even with your friends.

Always keep your software up to date, especially programs that access the Internet. You can read more on that here.

And one last wish for the day — have a very merry Christmas and a happy New Year!
Meet Security Insight Author

 

Igor Pankov has always been fascinated with computers, the Internet, and the freedom of knowledge at your fingertips...
Read more...

Security Tales
Sign Up Today!
Get Free Monthly Newsletters:
Agnitum Directions (product news)
Security Teacher Digest (security tips)

Enter your email:

RSS feed
Terms of use   Search   Site map   Contact Us   Privacy Policy   PR Contacts   
Web resources   All rights reserved © 2008, Agnitum Ltd.
Outpost PRO: firewall with antispyware   Network Security Firewall