As targeted scams become more common, it's vital to protect yourself.
By Simson Garfinkel
In recent months, I've met at least three people who have been the
victim of hackers who've taken over their Gmail accounts and sent out
e-mails to everyone in the address book.
The e-mails, which appear legitimate, claim that the person has been
robbed while traveling and begs that money be wired so that the person
can get home. What makes the scam even more effective is that it tends
to happen to people who are actually traveling abroad—making it more
likely that friends and families will be duped.
Although it's widely believed that a strong password is one of the
best defenses against online fraud, hackers increasingly employ highly
effective ways for compromising accounts that do not require guessing
passwords.
This means that it is more important than ever to practice "defensive
computing"—and to have a plan in place for what to do if your account
is compromised.
Malware. Sometimes called the "advanced persistent
threat," a broad range of software that was programmed with evil intent
is running on tens of millions of computers throughout the world.
These programs can capture usernames and passwords as you type them,
send the data to remote websites, and even open up a "proxy" so that
attackers can type commands into a Web browser running on your very
computer. This makes today's state-of-the-art security measures—like
strong passwords and key fobs—more or less useless, since the bad guys
type their commands on your computer after you've authenticated.
Today, the primary defense against malware is antivirus software,
but increasingly, the best malware doesn't get caught for days, weeks,
or even months after it's been released into the wild. Because antivirus
software is failing, many organizations now recommend antediluvian
security precautions, such as not clicking on links and not opening
files you receive by e-mail unless you know that the mail is legitimate.
Unfortunately, there is no tool for assessing legitimacy.
Windows XP. According to the website w3schools,
roughly 33 percent of the computers browsing the Internet are running
Windows XP. That's a problem, because unlike Windows 7, XP is uniquely
susceptible to many of today's most pernicious malware threats. Windows
7, and especially Windows 7 running on 64-bit computers, has security
features built in to the operating system such as address space
randomization and a non-executable data area. These protections will never
be added to Windows XP. Thus, as a general rule, you should not use
Windows XP on a computer that's connected to the Internet. Tell that to
the 33 percent.
Kiosk computers. You should avoid using public
computers at hotels, airports, libraries, and "business centers" to
access webmail accounts, because there is simply no way to tell if these
computers are infected with malware or not. And many of them are
running Windows XP. So avoid them.
Source Article: http://techre.vu/x1Yq35 (via @TechReview)
