Friday, February 12, 2010

Stop clicking


I know this isn’t sexy cutting edge security stuff and it’s super basic to most some of you out there. However, the most common path for bad things to get onto your computer is by you inviting them in. So, most some of you need a refresher on web and e-mail dangers.
What prompted this line of thought was the FBI and the National Center for Disaster Fraud (NCDF) providing a press release that gives people that wish to donate to a disaster relief fund a list of items to watch for. (Aside: sad that there is a need for an organization like the NCDF)
While absolutely essential for any kind of donation effort, much of it is good practice for navigating e-mail and the web at anytime.
For me, the biggest advice I can give is this:
Do NOT click on a link in an e-mail.
If the link is to www.chase.com - I open a separate browser and type in www.chase.com and see if I can navigate to the specific page that I need. If I cannot navigate to the page, then I will type in the complete link into a browser.
The reason to avoid clicking on a link in an e-mail is because where the link SAYS it is going and where it actually TAKES you can be two VERY different things. The actual place that you end up based upon the underlying HTML code of the link, not on the words you click on.
Just to prove my point, if I put http://www.bankofamerica.com in this blog and you click on it (against my earlier advice – you can click on it), it will take you to an archive of my earlier blog on Technology Security hosted at Typepad.
Real simple, do not click on a link in an e-mail. Even if it is from someone you know!
Ok – here is what the FBI recommends - enjoy:
  • Do not respond to any unsolicited (spam) incoming emails, including clicking links contained within those messages
  • Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via email or social networking sites
  • Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities
  • Rather than following a purported link to a website, verify the legitimacy of nonprofit organizations by using various Internet-based resources to confirm the group’s existence and its nonprofit status
  • Be cautious of emails that claim to show pictures of the disaster areas in attached files, because the files may contain viruses. Open attachments only from known senders.
  • To ensure your money is received and used for its intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf
  • Do not be pressured into making contributions, as reputable charities do not use such tactics
  • Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft. 
  • Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.

No comments:

Post a Comment