How To: Keep Your Identity Safe Online

We live in a time when using computers for purchases, bill paying, and banking are becoming more and more the norm. Broadband and constant, fast connectivity are the accepted standards. Given just how much computers are a part of our daily lives, you should find a couple of recent pieces of news very disturbing.

 

A government survey in the U.K. found that 12% of respondents had suffered from online fraud in 2006, yet fewer than half of the respondents believed they should be responsible for protecting their personal information online.

 

The other item was a story in the New York Times that stated thousands of Social Security numbers are posted online by states and counties. Of course, along with them you often find addresses, dates of birth, and maiden names. It's like offering someone's identity on a platter to thieves.

 

This pair might be unrelated, but taken together they highlight the growing problem of keeping yourself secure online. In spite of those survey results, protecting personal information should be a vital issue for anyone using a computer. Criminals are becoming more sophisticated, which means the defenses have to be constantly improving.

 

We assume we're doing everything possible to safeguard ourselves and our identities, but as these stories show, a significant part of the online population is doing no such thing. So, perhaps it's worthwhile to start by recapping the most obvious precautions.

 

Make sure you have a firewall and that's it's properly configured. There are many available, both free and paid, stand-alone or part of a package with anti-virus software.

 

Use anti-virus software (again, paid or free, like Trend Micro PC-Cillian Internet Security); update and run full scans regularly. You should also have anti-spyware installed on your computer, and, once again, check it often.

 

Make sure you don't use the same password for all accounts. Create your passwords from a mix of letters and numbers, which makes them far less easy to hack.

 

Do you use a Wi-Fi network at home? Then you'd better set it up properly, with both a firewall and a password, or anyone sitting outside in a car can enter it and hack into your system.

 

Use the spam filters in your e-mail client (also worth considering is a filter called Mailwasher, where you can preview your incoming mail and delete items you don't want to bother with). If you receive obvious spam, don't open it, and never open attachments that you're not expecting, even from people you know and trust; their computers might have been hijacked.

 

Oh, and if you use a Mac, don't look so smug. You might be largely safe from virus attacks, but malware and adware can still get you, so take all the appropriate steps.

 

If you believe your bank account – or any account – has been used without authorization, report it to the bank immediately.

 

 

 

 

Possibly the biggest threats to keeping your identity secure are phishing e-mails and pharming. Phishing mails look like e-mails from PayPal, eBay, or a bank. They're becoming more and more sophisticated, running variations on the basic theme, which is to get you to part with your personal information so the crooks can access your accounts.

 

These days they're very well done, having moved from the obvious to such things as reporting a transaction you know you've never made, hoping to panic you into clicking on the website link and giving your account access details. Do that and your account will either be sold or drained, and probably the first you'll know about it is when you discover you have no money.

 

Pharming is a more insidious beast, and harder to detect. In essence, when you type in a URL, you're redirected to a fake (but convincing-looking) site. This is done through rewriting local host files on your computer with a virus like the Banker Trojan, or DNS server poisoning, which can send a lot of people to the fake site without them knowing.

 

Although firewalls and security suites can block unauthorized transfers of data, believe it or not, your PC browser can act as phishing protection. Firefox 2 comes with a default phishing filter, which blocks data from going to known phishing sites. However, as the database is static, you need to check with Google's constantly updated list (Tools > Options > Security > Check By Asking Google About Each Site I Visit), which should help keep you safer – although you'll have to accept the agreement first.

 

 

 

FireFox Screenshot

 

If you're one of those who've moved to Internet Explorer 7, you're also in luck. In fact, as you install it, it asks if you want to install the phishing filter. If you haven't already, you can get in running by clicking Tools > Phishing Filter > Turn On Automatic Website Checking > OK. The new Opera browser, 9.1, will include a similar feature.

 

 

 

 

These days, it's not only eBay that has a free toolbar to help protect you from phishing. Earthlink and AOL are also among those who provide them. They verify every URL you type or web link you click and inform you if the real address is different. You might balk at the thought of adding yet another toolbar, but it's a worthwhile addition.

 

 

Inevitably, there's software you can buy to store passwords and logins securely, such as Evidence Blaster or My Security Vault. The latter includes a toolbar plug-in and a number of other bells and whistles to make it seem attractive. Whether you want to invest in the software is a personal decision, of course. While it does offer certain advantages (you don't need to remember all your logins and passwords, for instance), you do have to pay for it.

 

My Security Vault Pro Screenshot

 

 

 

 

There are a number of alternatives beginning to circulate that help protect your online security, although at present they don't have wide circulation. SecurID is a code device that looks like the remote opening device for your car, except it shows a different six-digit number each minute. When you log into a system protected by SecurID, you enter your usual login, password, and the number on the device. If they match, then bingo, you're given access.

 

Of course, it's a system with problems, not the least of which is cost and having to synchronize the code device and server (can you enter your number in time?). Because of the expense, it's currently not much of a consumer option (although AOL has offered it as a paid option).

 

There are some other contenders, like Grid Guard or Entrust, but to date, no system has emerged as truly viable for mass use.

 

 

There's no single, simple solution to prevent pharming short of purchasing software, such as Norton Confidential or Websense. But the best safeguards are the oldest ones – check the URL of any site asking for your information. If it's supposed to be secure, make sure it has https:// on it. Be certain before you give any information away that the site is exactly what you typed, and that it has a certificate (in IE and some other browsers, click File > Properties, or simply right click with the cursor anywhere on the webpage and select Properties).

 

 

Yes, you need spam filters enabled to help keep your computer safe and help reduce or eliminate the possibilities of viruses arriving in e-mails. One excellent filter is Mailwasher. It works with your mail server, just the same as Outlook, Eudora, or whatever you use. However, you can delete a message, bounce it back (so it appears your address doesn't exist), and get information on the mail – all without downloading it. You can even preview the mail without having to download it.

 

You can use it on all Windows systems, and there's a Linux version, although it's only for POP3 mail accounts, not web-based mail – at least not in the free version. Mailwasher Pro, which you have to pay for, supports web mail. You can even set it up to check your mail at pre-defined intervals.

 

 

 

Mailwasher Free