Common Sense – the best FREE tool to keep safe

Guest Post by Antonello Cuschieri.

The world is full of strange people, but the Internet is even worse. It didn’t take much time for crooks to understand that the Internet has given them the ability to gain a worldwide accessibility to possible victims to their scams. Unfortunately, some people use such useful resources to their own advantage and to the detriment of others.

You are the most important “FREE tool” in the security chain

We’re talking about free tools to protect ourselves and our machines – and what’s more free than our own common sense? Yes, because in many cases we can protect ourselves by simply thinking before clicking. How many times do we find ourselves in a website which we don’t really care about? How did we end up there? It might be a misleading advert but it might also be through carelessness and lack of thinking.

Who has never found a link on a website saying that you’re the 999,999,999th visitor and you’ve won a million dollars? Who never received an email saying that you’ve won a lottery asking you to contact them so that you retrieve your prize money? Every Internet user has come across these circumstances and unfortunately, many have fallen victims.

As a matter of fact, with some common sense and thinking you’d realize that what you’re reading cannot be true! How can you win a lottery without ever participating in it? How can you go into a website, and every time you visit you’re the 999,999,999th visitor? Many don’t realize this and unfortunately continue by submitting their personal details to these persons and end up losing their hard-earned money instead of getting the hefty prize money.

I thought I’d share an interesting website with you. Hoax-Slayer.com is an excellent reference point if you want to know whether an email you received is a scam or not. All the top email scams are listed ranging from the famous Nigerian Army Official to some of the most common compassionate chain letters. Whilst this website doesn’t give any guarantee that it has all scam emails included, it is a good focal point for who needs to verify the legitimacy of an email that they’ve received.

If you find something that’s too good to be true, you should be suspicious even because there is nobody or no company stupid enough to give you something for free. You might say, so how can I trust these free tools that we’re discussing this month? And that’s exactly why I mentioned this. Yes, because there are a lot of tools that help us stay safe, some are even free, but some are also malicious. They might offer you a good free deal, but in reality they’ll do more harm to you or the machine you’re using. Which brings us to the point that, even if you find a source for aid, make sure it’s a reliable source and do your research before diving right into it.

google-logoIn this case, Search Engines (like Google, Bing, Yahoo, …) are another free tool that would help us a lot. Yes, because normally, by simply putting the software/website/software’s name in the search engine, the results you’ll get might open your eyes and possibly stopping you from becoming a victim of yet another scam. In such cases, I’d suggest you look for forums because there’s where people’s opinions are. Many people are keen on helping others out – and they announce scams they’ve fallen victims of etc. and therefore would help you find out if the opportunity in front of you is legitimate or not.

Be careful, because there are a lot of scams out there and you’re the one to make sure you don’t fall victim. The tools are out there, some are free, but it’s up to you to use them. Nobody will force you to use the tools but it’s in your best interest to make sure you’re protected. In security, you need to be proactive and not reactive – therefore don’t wait until you suffer any damages in order to invest in your own security.

Unfortunately, many people wait to be attacked and then they put up the barriers to protect them from attacks. Unfortunately, in some cases you don’t get a second chance and one blow might be ‘fatal’ (technically speaking). But, lets get to the facts, and see what these tools are and how we can use them to help us protect ourselves and our machines:

  • Hoax-Slayer (and similar websites) – this is normally full of user contributions – many of whom have fallen victims of scams. This means that you’re getting information straight from the horse’s mouth and the information you get there are normally priceless because it might save you from making the same mistake as someone else already did in the past. The number of scams out there is unbelievable with new ones cropping up everyday. So it’s always good to consult such websites before accepting any awesome deal.
  • Search Engines – they’re the hearth of the Internet and that’s where everything is. Normally, a simple search would make things clearer about the deal you were presented. Don’t forget that scams can come in various forms. I’d keep an eye on:

o    Emails involving fund transfers

o    Emails (allegedly) from payment providers (paypal, visa etc.) asking for your password – that should be followed by an immediate DELETE!

o    Drop-shipping deals (from the forums it looks like China is quite a common country for drop-shipping scams)

o    Newsletter registrations – might be just a data-mining exercise to get hold of as much emails as possible.

o    Lotteries/Competitions – these are the most common and the easier to spot. Unless you don’t participate in a competition, it’s impossible to win it! And, don’t forget that there is only one 999,999,999th visitor – so you cannot be the lucky one each time you visit the website.

o    Email Scams – or more popular as the Nigerian scam. Why would an Army Colonel contact you to help him get his funds out. He’s in the army, he probably has a lot of friends out of Nigeria, so why would he be trusting an unknown individual (you) to handle his funds. Apart from the fact that it’s illegal in the first place.

o    Online Sales – if you’re selling something worth €10, nobody will give you €50 for it. Many fell victims of scams involving such deals.  The worse thing is that you’ll actually receive a payment of €50 – only to find out that it’s fraudulent after some time but you’d have already sent the item you’re selling. So you’ll end up without the item you’re selling and having to pay back the bank (because they use cheques) the amount of fraudulent funds which you’ve probably already spent.

  • Software – yes there are a lot of free software tools out there but you cannot trust anything that’s marked as free. Depending on what you need, you still need to make sure you research the product before, but in any case, here’s a couple of names you might find already useful (some reviews of these will follow during this month) :

o    Avast or AVG Antivirus – they have commercial products, but they also have a very good free version which is great for home users and which updates itself automatically.

o    TrueCrypt - encrypts devices or files and runs on a lot of platforms, including Linux, OS X, and Windows

o    LastPass – a free password manages which allows you to create really strong passwords for websites and helps you in remembering them, so you do not need to re-use the same password on all websites

o    CoreFTP – this is slightly more specific and normally used by advanced-users and/or web developers. This reliable software will transfer your files efficiently, easy to use and free.

Another aspect you need to be careful of are 3rd party applications. Even reputable websites can handle 3rd party applications and normally that’s where the problem begins. Taking Facebook as an example, how many times do you add an application and you confirm you’re happy with allowing access to that application? Have you checked if it’s really good to share your information with? Do you know if you’re putting yourself at risk?

In many cases, these applications are depicted as useful – which indeed they’d be but in reality would pose a risk to your privacy and personal information. So next time you’re adding an application to your Facebook Account, use the above resources (search-engines and forums) to make sure it’s a safe application and also see what other users think about it and if the application caused any damage to them.

Final conclusions

I’ve mentioned it before and I’ll mention it again – the information is out there, but it’s up to you to go for it. Never dive into the water without knowing if it’s deep enough – same goes with technology. It’s easy to keep things hidden online, so never jump into conclusions before you do your research.

1.    In conclusion, personally, I’d suggest that you keep the following in mind if you receive such an email:

2.    You can never win a lottery if you didn’t participate in it

3.    No stranger is going to come to YOU to help him get the money out of the country

4.    Companies have their own domain and won’t use a yahoo (or similar) email address

5.    How could a stranger have your email address to inform you that your machine is hacked?

6.    No bank will ask you to submit your account details via email

7.    No company produces software for free – normally they offer free versions but they also have paid (more sophisticated) versions of the software

8.    Avoid non-verified payment methods such as Western Union. These are popular with scam artists

9.    Use the information that’s out there and learn from who made mistakes in the past

10.  Don’t be afraid to refuse an ‘awesome’ opportunity – you might find out it was the best investment you’re making

11.  Do your research and do it well. Don’t be biased and ignore all the negative comments made by other users – if there are negative comments, they’re there for a reason.

Improve our visibility and share this article with your friends !
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • RSS
  • Slashdot
  • Twitter
About AntonelloCuschieri

Antonello has an honours degree in Computing and Information Systems from the London Metropolitan University, and has always had a particular interest in Security. In view of this, he opted to further his studies in this area and obtained a Masters Degree in Information Security from the University of Liverpool.

Work: Start off as a Computer Technician whilst studying for my Degree, however the most determining move for my career was when I joined the Ministry for IT and Investment in Malta as an eSecurity Project Coordinator. In this position, I was responsible for projects related to IT Security (and also non-IT to a certain level) on a National Basis. I was involved in the setting up of an eSecurity Task Force in Malta and also the setting up of a Hotline to work against child abuse over the Internet.

I now work in one of the leading iGaming companies.

Antonello lives and works in Malta.

Comments

  1. James says:

    Thats some good tips!

  2. Anthony says:

    Great post, lots of good information and tips. It’s true you can use all the best security software to protect yourself online, but the best security begins and ends with the user. Even the best protection will not work if you let the attacker in, user beware. Thanks