Only The Paranoid Survive is a tract on corporate fundamentals penned by Intel’s ex-Chairman Andy Grove.
The words should, however, be tattooed on the back of every PC owner’s mouse hand.
The internet is full of thieves and vagabonds united by one common goal – to separate you from your hard-earned cash. Here’s our guide to staying one step ahead of the bad guys. Follow our internet security tips to stay safe online and you can shop, surf and socialise online, and sleep soundly afterwards too.
1. Guerrilla psychology
Don’t be fooled into thinking cyber crime is a technical problem with a purely technical solution. A firewall and antivirus software can protect your computer, but they won’t keep you and your identity safe.
Social engineering is the black art of influencing people, and it’s the hacker’s best friend. In essence, hackers can control us thanks to a refined understanding of human characteristics such as trust, ignorance, greed, the need to be liked, the desire to help and plain old gullibility. Not even the most sophisticated software can hope to protect us from ourselves.
In order to stay safe, educate yourself about social engineering. Take a trip to the Symantec website for a brilliant briefing on the subject. If you get keen, check out The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick.
2. Avoid being a mule
Working from home, earn £500 a week commission. It sounds to good to be true, and it is. Scammers pass stolen cash to unsuspecting people, who transfer it back to the thieves via electronic payment. Your job with the work taken out is money laundering. Beware.
3. Set a serious password
If you’re struggling to create passwords that will stump a hacker, check out Microsoft’s guide to adding complexity to access codes in such a way that you can still remember the logon.
When you’ve made a password, you should rate its relative security. Microsoft offers an excellent password checking tool, which can be found here.
4. Split your emails
Rather than linking Facebook, Twitter, newsgroups, forums, shopping and banking sites to one email address, use multiple addresses. As a minimum, use one for social activities and one for financial business.
Your social address will rightly draw more attention than your business one – that’s the way you want it to be. If the former is hacked, it won’t be as nightmarish as losing control of your financial address.
5. Take care on public networks
Never, under any circumstances, use a public network for financial transactions. Only send your personal and financial details over a network you’ve set up yourself, or one you know to be secure. Who knows what horrors are lurking on the hard disk of that internet cafe machine, or somewhere between it and its internet access point?
Hackers have also been known to set up laptops to broadcast networks with names such as ‘Free Internet Access’ in hotels. They’ll let you pass internet traffic through them and harvest any juicy details as you type.
The truly paranoid should virtualise. The idea is simple: create a virtual PC, use it to surf the internet and, when you’ve done, destroy it, along with any viruses that may have infected it while you were online.
Running a virtual version of Ubuntu from within Ubuntu is likely to be the easiest way of achieving this style of computing, and it’s likely to be very safe too.
7. Anatomy of an iffy shop
By making online shops look slick, official and safe, online criminals hope to dupe us into disclosing credit card details. Fake shopping sites, like much online criminality, rely on social engineering.
There are, however, some tell-tale signs that should help you spot an iffy shop. First, avoid sites that ask for cash, cheque or virtual cash payments only – only do business with sites that accept credit cards.
Always ensure that the shop has a physical address.
8. Be wary of Facebook
There are two key areas of social networking security – the technical sphere and the human one. Technical security is about setting up your profile correctly – your favourite site will explain how, so follow its guides. Next is the human aspect of security and our old friend, social engineering.
No quantity of settings and checkboxes can prevent a user from willingly complying with the bad guys, and this is what they depend on. There’s one simple rule to follow here: don’t do or say anything online that you wouldn’t do or say in real life.
9. A price on your identity
If you’re in doubt about the value of your credentials, visit www.everyclickmatters.com/victim/assessment.html. Complete the questionnaire and discover what you’re worth to a scammer…
10. Beware geeks bearing gifts
Social engineering can be our worst enemy when it comes to making us run malware installers.
On the day StarCraft II was released, security firms reported a huge number of warez downloads for the game that were really wrappers for viruses. On the day Michael Jackson died, sites sprang up claiming video exclusives of the singer’s last moments. Again, these were links to malware.
Employing the lure of a hot topic as a means of walking us towards malware is a common hacker tactic. When you’re tempted to click a link, follow the old mantra: if something sounds too good to be true, it probably is.
11. Choose your flexible friend
Never be tempted to use or enter details from your debit card – always use a credit card. Section 75 of the Consumer Credit Act (1974) make credit card companies liable to pay if you’re the innocent victim of fraud.
Card companies may, however, avoid paying out if you’re proved not to have taken ‘reasonable’ care with your card – doing something like writing down your PIN, for example.
Credit cards themselves also offer different levels of fraud insurance, so shop around before choosing a card and make sure you read the terms and conditions closely.
12. Pump and dump
Don’t be tempted to follow unsolicited dead-cert share tips. The senders will probably hold a lot of them. When you and other victims buy, the price will go up. They’ll then sell, leaving you holding the baby.
13. Just like that
A common online action site scam is to sell goods that are ‘like’ top brand goods. Your new watch may be like a Rolex insofar as it ticks, but that could be your lot.
14. Act on your doubts
If you think an online shop or service is dodgy, do some checking. A WHOIS search may let you see the registration details of a site. Visit the website www.whois.net and check out your suspect site.
Companies House also enables you to check out details about company addresses, owners and the like. Look for big discrepancies between onscreen addresses and physical offices.
15. We’ve found a virus
Bogus security experts call unsuspecting PC owners claiming they’ve found a virus on their hard drive. All you need do is pay a fee and they’ll remotely remove the nasty.
In reality, the scammers are just working through phone lists, planting the seeds of fear and then collecting bucketloads of cash.
16. Ditch IE6
If you’re still using Internet Explorer 6, shame on you. Not only are you likely to be getting less from the internet – Google and YouTube have now stopped supporting the ageing browser – but it’s also riddled with security flaws. Do yourself a favour and download a newer browser.
17. Check out Virus Total
If you’ve received a file and are worried about its provenance, upload it to www.virustotal.com. The site will run the file through a number of virus-scanning engines to find any hidden malware. It’ll also send you a handy report document.
18. Listen to Bruce Schneier
Renowned security expert, blogger and self-styled security guru Bruce Schneier has a thing or two to say about every aspect of the topic, ranging from the virus right up to national security policy. Visit his blog at www.schneier.com and add it to your bookmarks.
19. Check firewall logs
Firewalls keep logs of traffic they’ve rebuffed. Check these and look for patterns – maybe a particular IP address is pinging your network or a certain port on your setup is spewing out too much traffic. These sorts of things can suggest a viral infection.
20. Stop redundant services
The more software and services you’re running, the greater the risk you could be compromised. Be ruthless – delete or deactivate applications and services you don’t use. This will reduce the number of ways into your machine that are available to hackers.
21. Be cautious
If you must use file sharing, do so with the utmost paranoia about security. When you’ve downloaded a file, isolate it and, if possible, execute it from a virtual environment to ensure it’s safe before letting it into your true computing environment.
22. Update software
Windows 7 and most major apps are happy to update themselves automatically, but you should still run their update systems manually to ensure they’re working. Smaller apps may need updating manually, so check their makers’ sites for updates.
23. Enter your own URLs
Never follow links to URLs emailed to you and don’t Google your bank’s address. Google can be tricked into moving spoof sites up its rankings table by criminals looking to entice people to sites designed to harvest logon details. Enter important URLs yourself.
24. Check site safety
Download McAfee’s excellent SiteAdvisor from www.siteadvisor.com. The browser plug-in has a traffic light system that shows dangerous sites in search results. Following its green, yellow and red site rating icons will help you to avoid compromised web locations.
25. Test your system
Test your antivirus system using the Eicar string. It’s a text file that all antivirus engines should pick up, no matter how it’s wrapped or compressed. Get it from www.eicar.org. It’s completely safe and won’t land you in legal hot water.