Some Safety Tips To Help You Avoid Latest Scams
IF YOU'RE RUNNING a Windows computer, you must install an array of security software to fend off an international collection of crooks, hackers, vandals and sleazy business people who aim to invade your PC through the Internet.
You need a good antivirus program, a strong firewall program, an effective antispam program, and a program that specializes in stopping spyware and adware. Or you could just buy an Apple Macintosh, which isn't significantly affected (so far) by these threats, other than spam email.
But the fastest-growing computer-security problem isn't viruses or other traditional malicious programs, and it can't be entirely defeated by using security software or by buying a Mac. It's called 'social engineering,' and it consists of tactics that try to fool users into giving up sensitive financial data that criminals can use to steal their money and even their identities.
Social engineering is a broad term that includes 'phishing,' the practice by which crooks create emails and Web sites that look just like legitimate messages and sites from real banks and other financial companies. It's closely linked to a newly named category of malicious software called Crimeware -- programs that help criminals steal your private financial information.
THESE TERMS ARE confusing and overlapping, but the threat is real. Increasingly, common-looking scams are combined with secret installations of software that help criminals spy on you and steal your data.
Here are a few tips to help you avoid these schemes:
1. Don't trust email from financial institutions. Email is so easily manipulated by crooks that you simply should never, ever consider any email from a financial institution as legitimate. The message may bear a bank's or a broker's logo, but you should never respond to such an email, and never click on any link it contains.
There is a very high chance it's a skillful fraud, and that the link will take you to a clever fake Web site designed to capture passwords and account numbers. The site may also silently install on your PC a program called a key logger, which records everything you type and sends that information back to the crooks.
2. Never respond to unsolicited commercial email, or spam, or even click on a link in an unsolicited commercial email. In the old days, responding to spam just got you on more spam email lists. Today, it might also result in the secret installation of a key logger or other malicious software.
Besides, any company that has to resort to spam as a sales tool isn't likely to have a very good product to offer. Do you really think that if someone had invented a pill that enlarged penises and breasts, he'd be selling it through spam? He'd have sold it to a big drug company for billions. And nobody in Nigeria needs your bank account to store stolen millions.
Would you buy a stock touted on the street by a complete stranger? If not, why would you buy one touted in a spam email?
The only safe response to spam is to ignore it and delete it.
3. Don't download or use free software unless you're sure it's legitimate. Sites offering free cursors, for instance, can secretly install all sorts of bad stuff on your PC. This is especially true of free security software, which is sometimes just malicious software posing as a security program. If you suddenly see a security program pop up on your PC, don't trust it.
THERE ARE MANY legitimate free programs, including some good free security programs, like SpyBot or AVG Anti-Virus. But check them out before downloading. Look them up on the CNET or PC Magazine Web sites, which review most software. If they're not covered there, assume they're not legitimate. You may pass up some free programs that are real, but it could save you from huge grief.
Earlier, I said that buying Windows security software, or using a Macintosh, can't automatically protect you from social-engineering schemes, and that's true. But they can help. An antispyware program can't prevent you from entering sensitive information on a fake Web site, but it might block the installation and operation of spying software from that site. A Macintosh owner can foolishly give up her bank account number, but most malicious software that crooks try to install won't work on a Mac.
And there are some new security programs aimed directly at social-engineering scams. McAfee's Site Advisor program can tell you if a Web site seems bad. A new add-on for the Firefox Web browser, called Shazou, can tell you where a Web site's server is located. If you think you're on the Bank of America Web site, but Shazou tells you the server is in Russia, that's a clue that you're being scammed. And Symantec plans a new product this fall called Norton Confidential that will tell you if a Web site appears to be a fake. Also, forthcoming new versions of Firefox and of Microsoft's Internet Explorer browser will have built-in warnings that sites may be fake.
The best defense against social engineering, however, is to be smart and careful.
Walter S. Mossberg
避免网络欺诈的安全小贴士
如果你用著Windows电脑,你就必须安装很多防护软件,挡开一系列骗子、黑客、恶意破坏者以及无良商人通过互联网对你电脑的侵犯。
双语阅读
? Some Safety Tips To Help You Avoid Latest Scams你要有管用的防病毒程序、强有力的防火墙、有效的反垃圾邮件程序,还要有阻挡间谍软件和广告软件的程序等。要么你就干脆买一台苹果(Apple)的Macintosh电脑,除了垃圾邮件外,目前Macintosh电脑还没有受到太多侵犯。
但扑面而来的电脑安全问题已经不局限于电脑病毒或者其他传统的恶意侵犯程序,也并不是使用安全软件或者买一台Mac电脑就能彻底解决的。现在,这已经成为一项“社会工程”,很多犯罪分子甚至可以诱使电脑用户交出财务数据,藉以盗窃用户的钱财乃至身份。
从广义角度讲,“社会工程”或许也包括这种“愿者上钩”(phishing)的网络诈骗行为──骗子们创建貌似合法的电子邮件或假冒银行或财务公司的网站欺骗用户。而这又与所谓的犯罪软件密不可分,正是这种程序在帮助犯罪分子窃取你的财务信息。
这些术语可能有些晦涩难懂,让你感觉颠三倒四,但危险不容忽视。很多貌似普通的骗局实际上都暗藏秘密软件,使得犯罪分子可以轻而易举地窥视你,窃取你的数据。
下面向大家介绍避免上当的几点小贴士:
1.不要轻易相信来自金融机构的邮件。骗子们可以轻松仿造电子邮件,因此千万不要想当然地认为来自某家金融机构的邮件合法。邮件可能标有某家银行或券商的标识,但是永远不要回复,也不要点击上面的任何链接。
这很可能是一场精心设计的骗局,这个链接将把你引向一个虚假网站,索取你的帐号及密码。还可能神不知鬼不觉地在你的电脑上装了所谓的跟踪程序,跟踪你键入的所有信息,并将其提供给骗子。
2. 不要回复不请自到的商业邮件或垃圾邮件,更不要点击上面的链接。过去,回复垃圾邮件最多也就是招来更多邮件。而现在,你一不小心就会让骗子获得可乘之机,在你的电脑上秘密安装了跟踪软件或其他恶意软件。
而且,任何一个通过群发邮件来兜售产品的公司都不太可能有什么好产品。你真的相信如果有人发明了丰胸药丸,他会通过垃圾邮件来销售?他早就把它卖给制药公司换取数十亿美元了。而且也不可能有尼日利亚人需要用你的帐户来存放他偷来的数百万美元。
你会在马路上买下陌生人兜售的股票吗?如果不会,为什么还要理会那些垃圾邮件呢?
对付这些垃圾邮件,最保险的办法就是不去理它,删掉它。
3. 不要下载或使用免费软件,除非你确定它合法。某些提供免费软件的网站也会在你的电脑上秘密安装不当程序。这在免费安全软件上尤其常见,有时候它看似安全软件,实际上却是恶意软件。如果你突然看见一个安全程序跳出来,千万不要相信它。
有很多合法的安全软件可供使用,包括SpyBot和AVG Anti-Virus等效果不错的软件。但下载前一定要查一查。到CNET或PC Magazine Web的网站去查一查,如果这里没有,最好视它们为非法。你可能因此错过一些真正的免费程序,但这可以帮助你避免很大麻烦。
前面我说过,买一个Windows安全软件或者使用Macintosh电脑未必能让你完全避免被侵犯,事实的确如此。不过这可以有所帮助。一个反间谍软件的程序不能保证你一定不访问某些虚假网站的敏感信息,但它可以阻止网站上一些间谍软件的安装及运行。Macintosh电脑的用户也可能犯下愚蠢的错误、把她的银行帐号交出来,但大多数恶意软件目前还无法侵犯Mac。
而且,有一些新软件专门用来对付具有社会工程性质的垃圾邮件。McAfee的Site Advisor程序可以帮助你判断网站的好坏。名为Shazou的Firefox Web浏览器可以帮助你找出网站服务器的地址。如果你觉得你正在访问美国银行(Bank of America)的网站,而Shazou却告诉你它的服务器在俄罗斯,那么你很可能被骗了。赛门铁克(Symantec)将会于今秋推出名为Norton Confidential的新产品,它将帮你辨别网站的真伪。此外,即将推出的新版Firefox和微软(Microsoft)新版Internet Explorer浏览器也将具备非法网站提醒功能。
不过对付这种社会工程的最好办法还是:加强警惕,小心谨慎。
Walter S. Mossberg
