Avoiding Phishing Scams

Online, identity thieves often use a technique called phishing to trick you into disclosing valuable personal information. It’s called that because the other party is “fishing” for your personal information, typically via fake email messages and websites.

It’s Not All Good

How can you avoid falling victim to a phishing scam? There are several things you can do:

• Look at the sender’s email address. Most phishing emails come from an address different from the one indicated by the (fake) sender. (For example, in an email that’s supposedly from FedEx, the email address [email protected] would be suspicious; you’d expect an email from FedEx to look something like address@fedex.com.)

• Mouse over any links in the email. In a phishing email, the URL for the link will not match the link text or the (fake) sender’s supposed website.

• Look for poor grammar and misspellings. Many phishing schemes come from outside the United States by scammers who don’t speak English as their first language. As such, you’re likely to find questionable phrasing and unprofessional text—not what you’d expect from your bank or other professional institution.

• If you receive an unexpected email, no matter the apparent source, do not click any of the links in the email. If you think there’s a legitimate issue from a given website, go to that site manually in your web browser and access your account from there.

• Some phishing messages include attached files that you are urged to click to display a document or image. Do not click or open any of these attachments; they might contain malware that can steal personal information or damage your computer. (Read more about malware later in this chapter.)

• Not all phishing scams come via email. You should also beware of text messages from people you don’t know, as well as scam direct messages on Facebook, Twitter, and other social media.

Keeping Your Private Information Private

Identity theft can happen any time you make private information public. This has become a special issue on social networks, such as Facebook, where users tend to forget that everything they post is publicly visible.

Many Facebook users not only post personal information in their status updates, but also include sensitive data in their personal profiles. Javelin Strategy and Research found that 68% of people with public social media profiles shared their birthday information, 63% shared the name of their high schools, 18% shared their phone numbers, and 12% shared their pet’s names.

None of this might sound dangerous, until you realize that all of these items are the type of personal information many companies use for the “secret questions” their websites use to reset users’ passwords. A fraudster armed with this publicly visible information could log on to your account on a banking website, for example, reset your password (to a new one he provides), and thus gain access to your banking accounts.

The solution to this problem is to enter as little personal information as possible when you’re online. For example, you don’t need to—and shouldn’t—include your street address or phone number in a comment or reply to an online news article. Don’t give the bad guys anything they can use against you!

Follow these tips:

• Unless absolutely necessary, do not enter your personal contact information (home address, phone number, and so on) into your social media profile.

• Do not post or enter your birthdate, children’s names, pet’s names, and the like—anything that could be used to reset your passwords at various websites.

• Do not post status updates that indicate your current location—especially if you’re away from home. That’s grist for both physical stalkers and home burglars.

It’s Not All Good

Hiding Personal Information on Facebook

Too many Facebook users of all ages make all their personal information totally public—visible to all users, friends or not. Fortunately, you can configure Facebook’s privacy settings to keep your private information private.

Click your name in the Facebook toolbar to open your personal profile page.

Click the Edit Profile button.

Click the Edit (pencil) button for the information you want to make private.

Mouse over the item you want to change and then click the Options button for that item.

Click the Privacy button and select Friends to make this information visible only to people on your friends list—or click Only Me to completely hide this information from others.

Conducting a Privacy Checkup

Facebook holds lots of information about you and other users—your contact info, personal posts, photos, and more. To determine what Facebook does with all this information, conduct a privacy checkup.

Click the Help button on the Facebook toolbar to display the pull-down menu.

Click Privacy Checkup.

Click Who Can See What You Share to configure who can see your posts and photos.

Click How to Keep Your Account Secure to configure your password and alerts.

Click How People Can Find You on Facebook to configure friend requests and the visibility of your email and phone number.

Click Your Data Settings on Facebook to configure how other apps and websites use your Facebook data.

Identifying Online Scams

Most online fraud is easily detectible by the simple fact that it arrives in your email inbox out of the blue and seems too good to be true. So if you get an unsolicited offer that promises great riches, you know to hit the Delete key—pronto.

You can train yourself to recognize scam emails at a glance. That’s because most scam messages have one or more of the following characteristics in common:

• The email does not address you personally by name; your name doesn’t appear anywhere in the body of the message.

• You don’t know the person who sent you the message; the message was totally unsolicited.

• The message is rife with spelling and grammatical errors. (Scammers often operate from foreign countries and do not speak English as their first language.) Conversely, the text of the message might seem overly formal, as if written by someone not familiar with everyday English.

• You are promised large sums of money for little or no effort on your part.

• You are asked to provide your bank account number, credit card number, or other personal information—or are asked to provide money upfront for various fees or to pay the cost of expediting the process.

• You are asked to buy one or more gift cards for your boss, pastor, or other authority figure—and then provide the cards’ numbers or mail the cards to a strange address.

It’s Not All Good

Avoiding Online Fraud

Recognizing a scam email is just one way to reduce your risk of getting conned online. Here are some more tips you can employ:

• Familiarize yourself with the common types of online scams—and if a message in your inbox resembles any of these common scams, delete it.

• Ignore all unsolicited emails, of any type. No stranger will send you a legitimate offer via email; it just doesn’t happen. When you receive an unsolicited offer via email, delete it.

• Don’t give in to greed. If an offer sounds too good to be true, it probably is; there are no true “get rich quick” schemes.

• Never provide any personal information—including credit card numbers, your Social Security number, and the like—via email. If such information is legitimately needed, you can call the company yourself or visit its official website to provide the information directly.

• If the fraud involved transmittal of your credit card information, contact your credit card company to halt all unauthorized payments—and to limit your liability.

• If you think your bank accounts have been compromised, contact your bank to put a freeze on your checking and savings accounts—and open new accounts, if necessary.

• Contact one of the three major credit-reporting bureaus to see if stolen personal information has been used to open new credit accounts—or max out your existing accounts. The three major bureaus are Equifax (www.equifax.com), Experian (www.experian.com), and TransUnion (www.transunion.com).

• Contact your local law enforcement authorities—fraud is illegal, and it should be reported as a crime.

• Report the fraud to your state attorney general’s office.

• File a complaint with the Federal Trade Commission (FTC) via the form located at www.ftccomplaintassistant.gov.

• Contact any or all of the following consumer-oriented websites: Better Business Bureau (www.bbb.org), Internet Crime Complaint Center (www.ic3.gov), and the National Consumers League (NCL) Fraud Center (www.fraud.org).

Above all, don’t provide any additional information or money to the scammers. As soon as you suspect you’ve been had, halt all contact and cut off all access to your bank and credit card accounts. Sometimes the best you can hope for is to minimize your losses.

Protecting Against Malware

You can do several things to avoid having your PC infected with malware. It’s all about smart and safe computing.

• Don’t open email attachments or files sent via text from people you don’t know—or even from people you do know if you aren’t expecting them. That’s because some malware can hijack the address book on an infected PC, thus sending out infected email that the owner isn’t even aware of. Just looking at an email message won’t harm anything; the damage comes when you open a file attached to the email.

• Download files only from reliable file archive websites, such as Download.com (download.cnet.com) and Softpedia (www.softpedia.com). Do not download files you find on sites you don’t know.

• Don’t access or download files from music and video file-sharing networks, which are notoriously virus and spyware ridden. Instead, download music and movies from legitimate sites, such as the Amazon MP3 Store and the iTunes Store.

• Because viruses and spyware can also be transmitted via physical storage media, share USB drives, CDs, DVDs, and files only with users you know and trust.

• Use antimalware software, such as Windows Security, to identify and remove viruses and spyware from your system.

Using Antimalware Software

Windows 10 comes with its own antivirus utility built in. It’s called Windows Security, and it tells you the last time your system was scanned, whether any threats have been detected, and more security-related information.

Of course, you’re not locked into using Microsoft’s antimalware solution. Several third-party programs are available, including the following:

• AVG Internet Security (www.avg.com)

• Avira Antivirus (www.avira.com)

• Iobit Malware Fighter (www.iobit.com)

• McAfee Total Protection (www.mcafee.com)

• Norton 360 (us.norton.com)

• Trend Micro Antivirus+Security (shop.trendmicro.com)

If you just purchased a new PC, it might come with a trial version of one of these third-party antivirus programs preinstalled. That’s fine, but know that you’ll be nagged to pay for the full version after the 90-day trial. You can do this if you want, but you don’t need to; remember, you have Windows Security built into Windows, and it’s both free and very effective.

By the way, if you want to get rid of the trial version of one of these antivirus programs, open the Settings window, click Apps, then click Apps & Features. Select the program you want to get rid of and then click Uninstall. This will get rid of all the “upgrade” nagging from the program in question.

Whichever antimalware solution you employ, make sure you update it on a regular basis. These updates include information on the very latest viruses and spyware, and are invaluable for protecting your system from new threats. (Windows Security is configured to update itself automatically—so there’s nothing you have to do manually.)

It’s Not All Good

Using Windows Security

The easiest way to protect your computer from malware is with Windows 10’s built-in Windows Security tool. In most instances, you don’t have to access the tool at all; it’s enabled and configured automatically. You can, however, view your security settings (and change any settings you want) from the Windows Security tool.

Click the Start button to display the Start menu.

Click Settings to display the Settings tool.

Click Update & Security.

Select the Windows Security tab.

Click Open Windows Security to open the Windows Security tool.

The Home tab is selected by default. You see that your PC is being protected and when the last scan occurred. Any issues you need to address are highlighted here.

Click Virus & Threat Protection to change Windows Security settings.

Click Account Protection to configure security for your Microsoft account.

Click Firewall & Network Protection to configure Windows Firewall settings.

Click App & Browser Control to configure SmartScreen protection for the Edge browser and Windows apps.

Click Device Security to view device status and manage security for your computer hardware.

Click Device Performance & Health to view information about the health of your computer.

Scroll down and click Family Options to manage how your family uses their connected devices.

Protecting Against Ransomware

There’s a relatively new type of malware making the rounds that takes your computer hostage and won’t let you access your files until you pay the hacker a monetary ransom. While this ransomware is typically targeted at large institutions (that can afford paying a large ransom), it sometimes hits individual PCs, with devastating results.

Fortunately, Windows 10 offers protection from ransomware, via what Microsoft calls controlled folder access. Activating this option keeps unauthorized applications, including ransomware, from accessing your computer’s files and folders. You need to enable this option manually because it’s not automatically enabled in Windows 10.

From the Windows Security tool, click Virus & Threat Protection.

Go to the Ransomware Protection section and click Manage Ransomware Protection.

Scroll down to the Controlled Folder Access section and click Manage Controlled Folder Access.

Click “on” Controlled Folder Access.