Bits & Bytes: Information theft protection
In the last article, we discussed the likelihood of your information being stolen, along with what information is at risk and how crime organizations obtain your information. Though the risk of personal information theft may seem excessively high, the important thing to understand is that, with extremely easy methods and guidelines, anyone can effortlessly protect themselves from these threats while being able to fully utilize all modern conveniences. Protection is not a compromise.
Most web sites that protect your private information require the use of credentials that supposedly only you know. These credentials are generally in the form of a username and password. A criminal or criminal organization wanting to access your online accounts either must break the system protecting your account (a complex method), or obtain your username and password (a much easier method).
One common way for your username and password to fall into the hands of a third party is if you give it to them. Now, you may be thinking: “How can that happen? I would never do that”. Well, these crime organizations are tricky; they are professionals, and they have a lot of experience tricking people to hand over their information. The way this is usually done is by a web site that looks identical to the web site you think you are visiting. You may think you are at your bank’s web site, for example, when actually you are viewing a replica of your bank’s web site. When you enter your username and password to log in, instantly the criminals have it. To help keep their actions concealed, sometimes these fake web sites will simply forward you to the real web site after you have entered your login credentials: you never know you were at another web site and that it was collecting your personal login information.
The positive thing is that it is not hard to protect yourself from this theft technique if you use a security system that is built into all current full featured web browsers such as Opera, Firefox, Chrome, or any other web browser you may be using. Without going into excessive technical detail on how this works, the easy thing to understand is that companies, such as banks, payment institutions, or any other organization running a web site that provides access to your personal information, will have purchased special certificates that modern web browsers can use to verify that you are indeed looking at the web site you intend to view. The way this works is that the address bar of your web browser will turn green if all is OK and you can safely enter your username and password. To summarize, whenever you are entering a username and password that you absolutely would not want another party to have, simply check the address bar of your web browser to see if it is green. If it’s green, you know that you are viewing the legitimate web site you intend to view and you can safely enter your login credentials without practical concern of theft. By doing nothing more than checking for a green address bar you have protected yourself from one of the more common methods used by criminals to obtain your usernames and passwords.
Beyond creating replicas of web sites to obtain your passwords, criminal organizations may attempt to install monitoring software on your computer to record your passwords as you type them. This type of software is called a “keylogger,” referencing to software that logs all key strokes typed on your computer. If a keylogger is installed on your computer, your passwords will be intercepted even if you check for the green address bar. Keyloggers are installed on your computer via three primary methods.
The first, and generally the most common, method is via a neighboring computer. A “neighboring” computer refers to a computer that is connected to the same network as your computer. You are most susceptible to neighboring computers when you are connected to public networks such as those at airports, coffee houses, hotels, libraries, etc. At these locations your computer is susceptible to any threat that is installed on any other computer also connected to that same network. A “neighbor” may not even be aware their computer has been compromised with a keylogger, but that keylogger will use the network connection to covertly install itself onto your computer. Protecting yourself from the effects of neighboring computers is done using a simple system called an IPSEC VPN.
By using this system, your computer is insulated from the effects from all neighboring computers. The system is rather simple to use and involves a small box that sits at your home or office. When you travel, you click an icon on your computer that seamlessly connects you to that box and fully protects you from surrounding threats.
Other openings that can be used to access your computer is having a wireless network that is only password protected, but not secure, along with techniques that trick you to install monitoring software on your own computer. The next article will discuss these issues along with how faxes are now easily interceptable, and how to easily keep e-mails private instead of having them visible to everyone on the Internet who wants to read them.
(Bits & Bytes is a computer troubleshooting advice column provided by Zebis, a single point of contact managed service provider located on Sanibel serving clients worldwide.)