Tips for Protecting Yourself from Technology-Based Fraud
The following information can substantially reduce your exposure to technology-based fraud. There is no way to remove all risks, but the following can substantially reduce your risks. Most of the tips presented here are independent of the type of computer you use. Where there are differences based on the type of computer you use, we have tried to give examples for several computer types.
Protect Your Identity
- Do not provide personal information over the Internet, especially if you did not initiate the transaction. Be especially careful of requests for information such as Social Security Numbers, credit card numbers, bank account numbers, your passwords, etc. You cannot be subpoenaed or compelled to provide information via email.
- On a periodic basis it is important to change your password on any website where you conduct business. To be extra safe, never change your password from a machine that you expect is infected. Any passwords should be changed after you clean up from an infection.
- Do not respond to requests for assistance in completing business transactions. These are almost always scams designed to get you to pay bogus processing fees.
- Carefully review your bank and credit card statements as soon as you receive them. Investigate suspicious transactions immediately. Also, federal law authorizes you to receive a free credit report annually from www.annualcreditreport.com. If you suspect that you’ve become a victim of identity theft, the FTC.gov site provides information to help get through this at http://www.ftc.gov/bcp/edu/microsites/idtheft/
Protect Your Network
- If you have a broadband connection (e.g., Cox or DSL), consider the use of a wireless broadband firewall router. (See wireless broadband firewall routers from Netgear, Linksys, Asus, or D-Link.)
- Routers are inexpensive and allow multiple computers to attach to your broadband connection. They protect you by blocking all traffic except traffic initiated by a computer attached to your router. This prevents external random attacks from getting to your computer(s). On your wireless connection, consider using WPA2 encryption with a long passphrase. This will lessen the chances of someone gaining unauthorized access to your network.
Protect Your Computer(s)
If you have more than one computer connected to your router, consider using a personal firewall on those computers. For Windows and Mac machines, there is a free built-in personal firewall. All you need to do is enable it. For Ubuntu Linux machines, there are several free firewalls that are easily installed.
Broadband firewalls and personal firewalls protect you in different ways. The broadband firewall protects connected machines by blocking attacks from the Internet, but does not protect connected computers from each other. You need a personal firewall for that. See our article on How Broadband and Personal Firewalls Work.
- Enable automatic updates for all software that has that capability, especially Windows. This helps protect you by promptly correcting the vulnerabilities malware exploits.
Obtain anti-virus and anti-spyware software and configure it to update daily, scan periodically, and clean or quarantine as recommended. This can protect you from viruses and malware originating from a variety of sources such as email and web. Here are examples of anti-virus vendors for Microsoft, Macs example 1, Macs example 2, and Ubuntu Linux. Several of those vendors also provide anti-spyware software or you can supplement your anti-virus software with one of the following freely available anti-spyware products: Malwarebytes, Spybot Search & Destroy, and SuperAntiSpyware. For those on a tight budget, a few anti-virus vendors offer basic versions of their products for free. For more info, see anti-virus example 1 or example 2. Do not install anti-virus offered as a pop-up while you are surfing. These are almost always malware.
- Never click anywhere in a pop-up, even to close it. Always close a pop-up using the keystroke combination Alt+F4.
- During the initial setup of your computer, typically only one account is created with full administrative rights. Administrative rights are usually needed only for installing software and other changes. Consider creating a user account with no administrative rights, and use that account for normal processing such as doing emails, creating documents and surfing. Only use the administrative account when you need to. For information on setting up a limited user account, click on the operating system you use from the following choices: Windows 7, Windows Vista, Windows XP, or Mac.
For more advanced Mac OS X users, Apple has published information on securing your Mac.
- Children and adolescents can miss warnings and surf to sites with malware. Cleaning up after such an event can be time consuming. In some cases you have to completely reinstall your operating system to remove the malware. There is an inexpensive product called Deep Freeze that can simplify the cleanup. It works by returning your PC to a clean state every time you reboot.
While a very strong defense, this option is not for the novice user. Unless you intervene, Deep Freeze will undo all changes, even changes you want to keep. So, you have to make special arrangements for permanent changes or Deep Freeze will undo them. An example of this would be ensuring Windows Updates are permanent. In those cases, you have to "unfreeze" the machine to install new software or patches you want to keep, and then "freeze" it again once the changes are installed. It is very effective, but requires effort every time you want permanent changes. Computer Services and the school-based support staff use it to help protect many of our workstations.
- Only click “OK” for software installations that you initiated. For instance, if you intend to install Adobe Photoshop, it is probably safe to click "OK" when you are prompted for permission to install. On the other hand, if you surf to a site and a box pops up requesting your permission to install software, be careful. The pop-up should contain information about the software to be installed. A safe way to proceed is to gather information about the software and search Google before deciding whether or not to install. If there is no information about the software, don’t install it.
- One of the primary outlets for malware and fraud is through email. At LSUHSC we take many steps to provide what is called messaging hygiene whereby the messages are scanned and cleaned of viruses, malware, spam, phishing, etc... Most large respectable providers of internet email accounts will also provide reliable messaging hygiene services for you. Choosing a vendor for your personal email needs which provides these services will greatly reduce your exposure.
- Use website rating software such as McAfee SiteAdvisor. This is a free service that warns you of sites that have problematic content.
- Should you notice your computer performing unusually slow or acting strangely and these issues persist after the computer is restarted, you should seek expert help and have your computer scanned for malware. See "Getting Help" below.
Protect Your Data
- Back up everything on a portable hard drive or DVDs in case you have to reinstall. If you can't back up all your data, at least back up your most important data. Many malware infections require a complete reinstall to remove, erasing all content from the hard drive. Backups can allow you to recover any data that is lost.
- Be careful when sharing media such as thumb drives since this can spread malware infections.
Technology attacks have become very sophisticated, and that trend will likely continue. The result is the average user will find it increasingly difficult to understand the attacks and the steps needed for protection. Thus, you should anticipate the need for help. Below are some tips on finding help:
- Many times a family member, relative, or friend emerges as a technology guru willing to help. When that happens, try to understand as much about what they are doing as possible.
- Our Auxiliary Enterprises group offers many services. A link to their website is: http://www.lsuhsc.edu/administration/ae/
- There are private sector solutions available. Some will make house calls.
No matter who you get to help you, keep in mind they are making changes to your computer. Always ask what was done and especially ask for any passwords that were changed or added. You will need that information if you have to try another support option.
“Our doubts are traitors, and make us lose the good we oft might win by fearing to attempt.”
Measure for Measure
Act I, Scene IV