How to Protect Your PC Against Devious Security Traps
Securing your PC against the malicious wilds of the Web isn't as simple as just keeping your antivirus software of choice up-to-date. In fact, the pervasiveness of security software has forced the bad guys to turn to increasingly clever tricks in their quest to "pwn" your PC.
Mon, September 16, 2013
PC World —
But fear not! Those sneaky tricks are most effective if victims are unaware of the danger. And today, dear reader, I'm going to show you how to avoid the most devious PC security traps, because in this case knowing is more than half the battle.
Let's start with the devious attack you're most likely to encounter during your day-to-day computing.
Phishing websites mimic the look of another site in an attempt to lure you into entering your personal and account information. Although phishing websites take all forms, attackers especially like to spoof banks and social networks. Phishing attacks typically threaten from two angles: mistyped website URLs and email messages that pretend to be from legitimate sources.
One simple tell gives away a phishing site: The URL doesn't match the URL of the website you think it is. If Facebokk.com, Faceb00k.com, or Facenook.com asks for your Facebook login, run away screaming. (Or at least do the digital equivalent.) I can't stress this enough: Give the URL of any website that asks you to log in a close examination before you pass out your password.
Beyond that, most social media and banking websites use HTTPS encryption by default. If the site that you're on doesn't have the lock icon next to its URL in your browser, that's a good sign that something is afoot.
The big three browsers--Internet Explorer, Chrome, and Firefox--all include safe-browsing warning systems that clue you in to suspected phishing and malware sites, while browser plug-ins such as Web of Trust and McAfee's Site Advisor can provide an extra layer of protection.
Scammers and hackers love email. All too often, tales of hacked Twitter accounts and Web servers can be traced back to the same origin: "A member of the team opened a malicious email message."
Okay, that's not quite true. In most cases, merely opening a piece of email won't send your world crashing down. You have to click a malicious link or open a tainted email attachment. The solution? Be wary of clicking emailed links, and don't open attachments without ensuring their cleanliness first.
That goes doubly so for email purporting to be from banking sites, PayPal, social media, or any other site to which you need to log in;A often such messages are phishing attempts. (Yes, the bad guys can fake email addresses.) Instead, open your browser and navigate to the site in question directly. Email providers and programs often flag suspicious email, but their detection systems aren't bulletproof.