In addition to knowing and applying the basic rules for the use of static, reusable passwords (see Security Basics
), every Internet user should know about spoofing and phishing. The fastest growing computer crime, they can inflict serious damage to your finances and credit.
Phishing & spoofing scams
In essence, these scams prey on unaware computer users to divulge personal and sensitive information that is then used to steal the person's identity for the purposes of fraud. Using sophisticated techniques, they send emails containing links directing you to fraudulent websites that are designed to have the exact look and feel of the real website. Once there, they ask you to update or confirm sensitive personal information such as credit card or bank account numbers, your login information, social insurance number etc. To bait you, they may even allude to an urgent or threatening condition concerning your account.
Should you receive such an email and have dealings with the organization the email appears to have come from, DO NOT click on the link provided in the email. Instead, use your bookmark for that organization, or type the organization's website address (URL) in your browser, to go there directly.
Key loggers & other malware
Even if you don't provide the spoofed website with what they ask for, simply clicking the link in the email could subject your computer to background installations of key loggers and other malware. Key logging is a method used to capture your user IDs, passwords and other personal information as you type it.
Criminals know how to retrieve this information, or can even set it up to automatically have it sent to them. The risk that this type of software is present on a computer is particularly acute when you use shared or public computers such as those in hotels, airports, Internet cafes etc. If at all possible, never use these computers to log in to financial or other websites that contain sensitive and personal information. At all times avoid providing any identifying information and never
use the "remember me" option many websites offer on such computers.
Keep personal information, well, personal
Most people do not realize that the personal information they volunteer on websites like Facebook and others like it, is frequently used to build a personal profile which can subsequently be used to impersonate them.
If you feel the need to have an account on such websites, reveal as little personal information as possible or provide bogus information for location, date of birth etc. Providing factual information may come back to bite you.