Social networks, Wi-Fi hotspots, popup ads and other online tools are a playground for cyber thieves. But you can avoid being lured into their sinister games.
How could clicking on a game in an email or a funny picture in a pop-up ad hurt anyone? However innocent they may seem, malicious software comes in all shapes and sizes. That's why it pays to be on the lookout for potential danger on the Internet.
To avoid getting stung, use this guide to learn about six increasingly common tools of high-tech scammers.
Facebook and other social networks operate on the principle that you're friends with other people on the service. One of the most common scams involves a friend whose Facebook account has been hacked or broken into by a criminal. The hacker sends an urgent plea to your friend's contacts, which includes you, asking for cash. Naturally, the account holder is not in need, and any money sent goes straight into the scammer's pockets. Other common attacks include hacked accounts used to direct victims to websites that install viruses and other software that will corrupt your computer.
Twitter also is a popular network with crooks. A scam artist will register hundreds of Twitter accounts, often posing as a celebrity or a single woman looking for romance. The scammer will then use each account to follow thousands of legitimate Twitter users (including you, perhaps). The goal: You will follow that account in return, which will expose your entire contact list to the scammer's messages, which usually include links to malware.
Don't use the same password on Facebook or any other social network that you use on other websites. Never click on unusual URLs sent through a social network. If you think something's amiss with a request you receive, contact the sender through another channel — such as a phone. Change your Facebook privacy settings so that only friends can see your personal information. "And never follow anyone on Twitter you don't know or if you aren't certain of the account's legitimacy," says Jack Key, USAA's Chief Information Security Officer. "All it takes is a handful of victims for a scam like this to spread like wildfire."
The main threat to mobile devices is from applications that have been coded with the intent to do harm to the phone or its owner. This threat is particularly directed at iPhone® and Android users who unlock their phones to install unapproved applications or use the phone on an unapproved network. This practice, also known as jailbreaking or rooting, bypasses the device's built-in security system.
Only run applications that have been approved by Apple® or the manufacturer of your mobile device or that have been provided by a reputable source. Other applications haven't been checked for security risks. If you want the tightest security, keep your mobile device's operating system unmodified. Don't download apps you don't know anything about.
Watch out for text messages that include phony alerts. The come-ons are varied, encouraging you to call a 900 or other toll-based number or open a mysterious web page. You're then directed to a phishing website under the pretense of a job offer or quick cash, or the threat of legal action over an unpaid bill. Ultimately, the scammer aims to trick you into giving up sensitive or personal information, such as a banking site password.
Ignore any text messages from a number or person you don't recognize, and use the Web to look up strange phone numbers. Simply Google the phone number and you'll quickly see if it's been reported as malicious or dangerous. Then report the text messages to your cellular carrier.
The rapid growth of Wi-Fi hot spots has made it convenient to crack open your laptop and hop online just about anywhere. But how do you know the hot spot you're accessing is legitimate and not set up by a hacker? Crooks operate lookalike hot spots with the sole purpose of eavesdropping on all the data you send through it. When you type in your password, Social Security number or credit card information, scammers can capture it all and be on a fast track to stealing your identity. Another less common attack involves a hacker simply eavesdropping on a legitimate wireless connection by using special equipment to capture your signal, either from next door or while driving down the street.
Most phony hot spots leave telltale signs that they aren't legit, such as typos, strange sign-in web page designs or URLs that don't seem right. If you aren't 100% sure a site is legitimate, don't sign in to it. It's also a good idea to do your banking and bill-paying at home, on a line you know is secure. Make sure you're using Wi-Fi Protected Access 2 security on your home router and protect it with a strong password, such as a combination of numbers and letters.
The latest twist on malware goes like this: A web pop-up alerts you that you have a security problem, prompting you to download additional software to fix it. Once you do, you're told the problem is even more severe than first indicated, and the software says you need to spend $40 or so to correct it. You use your credit card to pay the fee, and the problem goes away. The catch is, there never was a virus. The original download caused the problem, with the intent of getting you to pay to make it go away. When the scammers receive your money, they've hooked you. Your credit card may be charged multiple times, or your credit card number may be sold to others, or the problem will suddenly resurface in a few months, prompting you to pay again.
Any pop-up asking for money is undoubtedly malware and not part of a legitimate security program. Run standard anti-malware software to rid your computer of the attack. If that doesn't work, a web search from another computer for the name of the program usually will provide specific tools designed to remove the malware from your machine.
Email-based attacks remain the most common form of online crime, mainly because the attacks are so easy to generate -- and because everyone uses email. The most common attack is phishing. A hacker sends you a phony email purporting to be from your bank or another business you have an account with, attempting to trick you into providing your password or other sensitive data. Of course, the simplest way in is also the easiest. Says Key, "Old-fashioned malware is still commonly delivered via email in the form of an attachment."
Never open an attachment you aren't 100% sure is legitimate. Be wary of any email asking you to click a link, call a phone number or provide private information about yourself or an account you own. Reputable companies never gather information this way.
Get the latest military news and headlines delivered to your inbox every weekday morning.