You are previewing Is It Safe? Protecting Your Computer, Your Business, and Yourself Online.
O'Reilly logo
Is It Safe? Protecting Your Computer, Your Business, and Yourself Online

Book Description

Is It Safe?

PROTECTING YOUR COMPUTER, YOUR BUSINESS, AND YOURSELF ONLINE

IDENTITY THEFT. DATA THEFT. INTERNET FRAUD. ONLINE

SURVEILLANCE. EMAIL SCAMS.

Hacks, attacks, and viruses. The Internet is a dangerous place. In years past, you could protect your computer from malicious activity by installing an antivirus program and activating a firewall utility. Unfortunately, that’s no longer good enough; the Internet has become a much darker place, plagued not only by rogue software but also by dangerous criminals and shadowy government agencies. Is It Safe? addresses the new generation of security threat. It presents information about each type of threat and then discusses ways to minimize and recover from those threats. Is It Safe? differs from other security books by focusing more on the social aspects of online security than purely the technical aspects. Yes, this book still covers topics such as antivirus programs and spam blockers, but it recognizes that today’s online security issues are more behavioral in nature–phishing schemes, email scams, and the like.

Are you being scammed? Learn how to spot the newest and most insidious computer security threats–fraudulent retailers, eBay scammers, online con artists, and the like.

Is your identity safe? Avoid being one of the nine million Americans each year who have their identities stolen. Today’s real Internet threats aren’t viruses and spam. Today’s real threat are thieves who steal your identity, rack up thousands on your credit card, open businesses under your name, commit crimes, and forever damage your reputation!

 Is Big Brother watching? Get the scoop on online tracking and surveillance. We examine just who might be tracking your online activities and why.

 Is your employer watching you? How to tell when you’re being monitored; and how to determine what is acceptable and what isn’t.

Michael Miller has written more than 80 nonfiction books over the past two decades. His best-selling books include Que’s YouTube 4 You, Googlepedia: The Ultimate Google Resource, iPodpedia: The Ultimate iPod and iTunes Resource, and Absolute Beginner’s Guide to Computer Basics. He has established a reputation for clearly explaining technical topics to nontechnical readers and for offering useful real-world advice about complicated topics.

Table of Contents

  1. Copyright
    1. Dedication
  2. About the Author
  3. Acknowledgments
  4. We Want to Hear from You!
  5. Reader Services
  6. Introduction
    1. How This Book Is Organized
    2. Conventions Used in This Book
      1. Web Page Addresses
      2. Software and Services
      3. Special Elements
    3. Let Me Know What You Think
  7. I. Protecting Against Identity Theft
    1. 1. Identity Theft: How Big a Problem?
      1. Who Are You?
      2. What Is Identity Theft?
        1. Financial Identity Theft
        2. Criminal Identity Theft
        3. Identity Cloning
        4. Business/Commercial Identity Theft
      3. How Big Is the Identity Theft Problem?
      4. Who Is Most Vulnerable to Identity Theft?
      5. How Do Identity Thieves Steal Your Personal Information?
        1. Stealing Information Online
          1. Phishing Scams
          2. Email Interception
          3. Wi-Fi Data Sniffing
          4. Surreptitious Spyware
          5. Physical Theft
          6. Observation and Eavesdropping
          7. Inside Information
          8. Dumpster Diving
          9. Mailbox Theft
          10. Address Hijacking
          11. Recovering Computer Data
          12. Skimming
          13. Scanning
          14. Pretexting
          15. Data Theft
      6. What Happens When Your Identity Is Stolen?
    2. 2. How to Keep Your Personal Information Personal
      1. Step One: Be Aware
      2. Step Two: Keep Your Data Secure
        1. Protecting Your Computer Data
          1. Create a Password-Protected User Account
          2. Protect Individual Files
          3. Install Anti-Virus and Anti-Spyware Programs
          4. Practice Safe Computing
          5. Install a Software Firewall
          6. Browse Securely
          7. Create Secure Passwords
          8. Minimize Your Notebook Risk
          9. Don’t Toss It—Shred It
        2. Protecting Your Physical Data
          1. Carry Only What You Need
          2. Don’t Give Out Your Social Security Number
          3. Shred Your Paperwork—and Your Charge Cards
          4. Opt Out of Credit Card Mailings
          5. Keep Your Personal Information Secure
          6. Don’t Use Your Mailbox
          7. Pick Up Your Checks in Person
          8. Hold That Mail
      3. Step Three: Question Authority
        1. Responding to Email Requests
        2. Responding to Phone Requests
        3. Responding to Postal Mail Requests
      4. Step Four: Monitor Your Situation
        1. Check Your Accounts
        2. Be Aware of Suspicious Activity
        3. Inspect Your Credit Reports
      5. ID Theft Protection Services—Real or Con?
        1. How Do These Services Work?
        2. Should You Sign Up?
        3. What About ID Theft Insurance?
    3. 3. Repairing a Stolen Identity
      1. How Do You Know Whether Your Identity Has Been Stolen?
      2. Stopping the Fraud
        1. Closing Compromised Accounts
        2. Dealing with Your Other Cards and Accounts
        3. Placing a Fraud Alert on Your Credit Reports
        4. Filing a Police Report
        5. Filing a Complaint with the FTC
      3. Repairing the Damage
        1. Disputing Unauthorized Transactions
          1. Credit Card Theft
          2. Unauthorized Electronic Withdrawals
          3. Bad Checks
        2. Closing Fraudulent Bank Accounts
        3. Replacing Compromised Documents
        4. Recovering from Bankruptcy Fraud
        5. Recovering from Investment Fraud
        6. Recovering from Website Fraud
        7. Recovering from Criminal Fraud
        8. Dealing with Collection Agencies
        9. Monitoring and Correcting Your Credit Reports
  8. II. Protecting Against Data Theft
    1. 4. Data Theft: How Big a Problem?
      1. What Is Data Theft?
        1. ID Data Theft
        2. Non-ID Data Theft
      2. How Do Thieves Steal Corporate Data?
        1. Online Theft
        2. Physical Theft
      3. What Happens to the Stolen Data?
      4. How Widespread Is the Data Theft Problem?
    2. 5. Protecting Corporate Data
      1. Data Loss Prevention—It’s Not Optional
      2. Discouraging Copying to Portable Storage Devices
        1. Banning Portable Devices
        2. Disabling USB Ports via the Windows Registry
        3. Software Solutions for Portable Data Theft
      3. Locking Down Corporate Laptops
        1. Protecting Notebooks from Physical Theft
          1. Anti-Theft Cables
          2. Motion Sensors
          3. Notebook Safes
          4. Notebook Tracking Software
        2. Protecting Notebooks from Data Theft
          1. BIOS Passwords
          2. Fingerprint Readers
          3. File Encryption
      4. Minimizing Large-Scale Data Theft
        1. What Data Is Vulnerable?
        2. Physical Theft Solutions
        3. Content Monitoring Solutions
        4. Digital Rights Management Solutions
        5. Encryption Solutions
        6. Network Intrusion Solutions
        7. Software Solutions
        8. Process Solutions
        9. Holistic Solutions
      5. Fighting Data Theft on the State and Federal Level
    3. 6. Recovering from Data Theft
      1. Plan
        1. Establish a Rapid Response Team
        2. Establishing Procedures in Advance
      2. Respond
      3. Communicate
      4. Contact
      5. Compensate
      6. Recover
      7. Correct
  9. III. Protecting Against Online Fraud
    1. 7. Online Fraud: How Big a Problem?
      1. Understanding Online Shopping Fraud
        1. The Biggest Risk: Credit Card Fraud
        2. Not Getting What You Ordered
        3. When Is a Merchant Not a Merchant?
        4. Which Merchants Are Riskier?
      2. Understanding Online Auction Fraud
        1. Dealing with Shady Sellers
        2. Considering Second Chance Offers
        3. Dealing with Counterfeit Merchandise
        4. Dealing with Deadbeat Bidders
        5. Dealing with Counterfeit Cashier’s Checks
        6. Dealing with eBay Identity Theft
        7. Dealing with eBay Phishing Scams
    2. 8. How to Not Be a Victim of Online Fraud
      1. Protecting Yourself from Online Shopping Fraud
        1. Researching Retailers Before You Buy
        2. The Right and the Wrong Ways to Pay
        3. Reporting Fraudulent Business Practices
        4. Top Ten Tips for Making Online Shopping Even Safer
          1. Tip #1: Trust Your Instincts
          2. Tip #2: Shop with Merchants You Know
          3. Tip #3: Check for Complaints
          4. Tip #4: Look for the WebAssured Logo
          5. Tip #5: Look for a Secure Site
          6. Tip #6: Look for Real-World Contact Info
          7. Tip #7: Don’t Provide Any More Information Than You Have To
          8. Tip #8: Safeguard Your Password
          9. Tip #9: Pay by Credit Card
          10. Tip #10: If It Sounds Too Good to Be True—It Probably Is!
      2. Protecting Yourself from Online Auction Fraud
        1. Protecting Yourself from Phishing Scams
        2. Protecting Yourself Against Fraudulent Sellers
        3. Protecting Yourself from Wire Transfer Scams
        4. Protecting Yourself from Hijacked Accounts
        5. Protecting Yourself with an Escrow Service
        6. Getting Help if You’ve Been Victimized by an Unscrupulous Seller
        7. Protecting Yourself Against Fraudulent Buyers
    3. 9. Fraud on the Corporate Level: Online Advertising Click Fraud
      1. How Does Pay-Per-Click Advertising Work?
        1. Who Pays Who?
        2. Getting to Know the Big Internet Ad Networks
      2. What Is Click Fraud?
        1. Manual Click Fraud
        2. Script-Based Click Fraud
        3. Traffic-Based Click Fraud
        4. PTR Click Fraud
        5. Hijacked PC Click Fraud
        6. Impression Fraud
      3. Who Benefits from Click Fraud?
      4. How Widespread Is Click Fraud?
        1. Click Fraud Is High...
        2. Click Fraud Is Low...
      5. What Can You Do to Combat Click Fraud?
        1. Monitor Click-Through and Conversion Rates
        2. Use a Click Fraud Detection Tool
        3. Report Click Fraud to Your Ad Network—and Ask for a Refund
  10. IV. Protecting Against Email Spam and Scams
    1. 10. Email Fraud: How Big a Problem?
      1. Understanding Email Scams
        1. Work-from-Home Scams
        2. Merchandise Resale Scams
        3. Reshipping Scams
        4. Third-Party Receiver of Funds Scams
        5. Multilevel Marketing Scams
        6. Investment Scams
        7. Advance Fee Loan Scams
        8. Bogus Credit Card Offers
        9. Credit Card Loss Protection Scams
        10. Credit Repair Fraud
        11. Debt Elimination Scams
        12. Buyer’s Club Scams
        13. Magazine Sale Scams
        14. Charity Scams
        15. Free Government Grant Scams
        16. Scholarship Scams
        17. Free Prize Scams
        18. Lottery Scams
        19. Billing Fraud
        20. Fake Tax Refunds
        21. Nigerian Letter Scam
      2. Understanding the World of Phishing
        1. What Is Phishing?
        2. The History of Phishing
        3. How Does a Phishing Scam Work?
      3. Measuring the Cost of Email and Phishing Scams
        1. Ranking Different Types of Email Fraud
        2. Sizing the Fraud Problem
        3. Sizing the Phishing Problem
    2. 11. Avoiding Email Fraud and Phishing Scams
      1. Minimizing the Risk of Email Fraud
        1. How to Recognize a Scam Email
        2. How to Avoid Email Fraud
        3. What to Do if You’ve Been Conned
      2. Guarding Against Phishing Scams
        1. Be Aware—and Be Cautious
        2. Use Anti-Phishing Technology
        3. Take Advantage of Augmented Password Logins
        4. What to Do if You’ve Been Phished
    3. 12. Reducing Email Spam
      1. Understanding Email Spam
        1. The History of Spam
        2. How Spam Works
        3. Finding Names to Spam
        4. Spoofing Email Addresses
      2. Sizing the Spam Problem
      3. How to Reduce Email Spam
        1. Keep Your Email Address Private
        2. Use Your ISP’s Spam-Blocking Features
        3. Use Your Email Program’s Spam Filter
        4. Use Anti-Spam Software
        5. Use a Spam Filtering Service
        6. Report the Spam
      4. Dealing with Blacklists
  11. V. Protecting Against Online Surveillance
    1. 13. Online Surveillance: How Big a Problem?
      1. Welcome to the Surveillance Society
      2. Surveillance by Websites
      3. Surveillance by Your Employer
      4. Surveillance by Your Loved Ones
      5. Surveillance by Your Enemies
        1. What You’ve Done in the Past Doesn’t Stay in the Past
        2. Online Stalkers and Predators
      6. Surveillance by Your Government
    2. 14. Dealing with Surveillance at Work
      1. Why Do Companies Spy on Their Employees?
        1. Legal Issues
        2. Productivity Issues
        3. Security Issues
        4. Image Issues
      2. How Do Companies Spy on Their Employees?
        1. Web Filters
        2. Packet Sniffers
        3. Log Files
        4. Desktop Monitoring
        5. Keystroke Loggers
        6. Email Monitoring
      3. Monitoring Employees’ Outside Activities
      4. Balancing Employer and Employee Rights
    3. 15. Big Brother Is Watching You
      1. A Short History of Government Surveillance
        1. Monitoring Minorities
        2. Watching the Subversives
        3. Reacting to Crisis
      2. Government Surveillance Programs Today
        1. Spying on College Students
        2. Spying on Scuba Divers
        3. Spying on Gamblers
        4. Spying on Travelers
      3. High-Tech Surveillance
        1. ECHELON and the IAO
        2. Combining Resources
        3. The NSA’s Warrantless Wiretapping
        4. Ongoing NSA Operations
      4. Is It Legal?
      5. Is It Right?
    4. 16. Covering Your Tracks Online
      1. Hiding Your Tracks by Managing Your Cookies
        1. How Cookies Work
        2. Managing Cookies in Your Web Browser
        3. Automatically Deleting Cookie Files
        4. Manually Deleting Cookie Files
      2. Browsing the Web, Anonymously
        1. How an Anonymizer Site Works
        2. Finding a Web Anonymizer
        3. Using an Anonymizer as a Full-Time Proxy Server
      3. Sending Email, Anonymously
        1. How Remailers Work
        2. Finding a Remailer Service
    5. 17. Protecting Yourself—and Your Children—from Online Predators
      1. Protecting Yourself from Cyberstalkers
        1. What Is Cyberstalking?
        2. Who Are the Cyberstalkers?
        3. What Motivates a Cyberstalker?
        4. Where Do Cyberstalkers Stalk?
        5. Whom Do Cyberstalkers Stalk?
        6. Are Cyberstalkers Dangerous?
        7. How Do You Defend Against Cyberstalkers?
        8. Take Preventative Measures
        9. Confronting Cyberstalkers
      2. Escalating the Danger: When Cyberstalkers Become Online Predators
        1. Who Are the Online Predators?
        2. Who Attracts Online Predators?
        3. How Do Online Predators Work?
        4. How Do You Defend Against Online Predators?
      3. Protecting Your Children from Online Stalkers and Predators
        1. How Big Is the Threat?
        2. How Do Predators Connect with Their Victims?
        3. What Children Are Most at Risk?
        4. How Do You Know Whether Your Child Is Targeted by an Online Predator?
        5. How Can You Protect Your Children from Online Predators?
      4. Defending Against Cyberbullies
        1. What Is Cyberbullying?
        2. How Can You Defend Against Cyberbullies?
    6. 18. Engaging in Your Own Surveillance: Tracking Your Children’s Online Activity
      1. Using Content Filtering Software
        1. How Content Filtering Works
        2. Choosing a Content Filtering Program
      2. Setting Up Parental Controls in Windows Vista
      3. Encouraging Kid-Safe Searching
      4. Monitoring Your Children’s Online Activities
        1. Remote Monitoring Software
        2. Activity Monitoring Software
  12. VI. Protecting Against Computer Viruses and Spyware
    1. 19. Computer Viruses and Spyware: How Big a Problem?
      1. Understanding Computer Viruses
        1. A Short—But Costly—History of Computer Viruses
        2. How Computer Viruses Work
        3. How to Catch a Virus
        4. Understanding Different Types of Computer Viruses
          1. File Infector Viruses
          2. Boot-Sector Viruses
          3. Macro Viruses
          4. Script Viruses
          5. Trojan Horses
          6. Rootkits
          7. Botnet Trojans
          8. Worms
          9. Email Viruses
          10. Chat and Instant Messaging Viruses
          11. Social Networking Viruses
      2. Understanding Spyware
        1. What Spyware Is
        2. How Spyware Works
        3. How to Become Infected with Spyware
        4. Adware: A Special Kind of Spyware
        5. Beware: Fake Anti-Spyware Programs!
        6. Examples of Spyware and Adware
      3. Sizing the Problem
        1. How Big Is the Virus Threat?
        2. How Big Is the Spyware Threat?
    2. 20. Defending Against Computer Viruses
      1. How Do You Know Whether Your Computer Is Infected?
      2. Preventing Virus Attacks with Safe Computing
        1. Don’t Open Email Attachments
        2. Don’t Open Files Sent via Instant Messaging
        3. Don’t Click IM or Chat Links
        4. Don’t Execute Files Found in Newsgroups or Message Boards
        5. Don’t Download Files from Suspect Websites
        6. Limit Your Sharing of Removable Media
        7. Display and Check File Extensions
        8. Use Anti-Virus Software
      3. Protecting Your System with Anti-Virus Software
        1. How Anti-Virus Programs Work
        2. Choosing an Anti-Virus Program
        3. Examining Corporate Anti-Virus Programs
        4. Using an Anti-Virus Program
        5. Keeping Your Anti-Virus Program Up to Date
      4. Recovering from a Virus Infection
        1. Preparing for Disaster
        2. Responding to an Infection—If Your System Is Still Running
        3. Responding to an Infection—If Your System Isn’t Running
      5. Cleaning a Virus from Your System
        1. Understanding File Cleaning Options
          1. Clean/Disinfect/Repair
          2. Quarantine
          3. Delete
        2. Cleaning Specific Viruses
      6. Restoring Your System
        1. Restoring Backup Files
        2. Using Windows System Restore
        3. Reinstalling System Files
        4. Reinstalling Application Files
    3. 21. Avoiding Spyware
      1. Do You Have Spyware on Your System?
      2. Avoiding Spyware-Infested Websites and Programs
      3. Using Anti-Spyware Programs
        1. Choosing an Anti-Spyware Program
        2. How Anti-Spyware Programs Work
      4. Removing Stubborn Spyware Programs
      5. Securing Your Web Browser
        1. Setting Security Levels by Zone
        2. Turning Off Cookies
        3. Deactivating Other Risky Features
      6. Blocking Spyware Domains
  13. VII. Protecting Against Computer Hacks and Attacks
    1. 22. Computer Attacks: How Big a Problem?
      1. What Is a Computer Attack?
        1. Robbery
        2. Vandalism
          1. Data Destruction
          2. Data Diddling
          3. Website Defacement
        3. Assault
        4. Hijacking
      2. What Are the Different Methods Used for Computer Attacks?
        1. Social Engineering Attacks
        2. Impersonation Attacks
        3. Transitive Trust Attacks
        4. Exploits
        5. Infrastructure Attacks
          1. DNS Spoofing
          2. ICMP Bombing
          3. Source Routing
          4. Racing Authentication
          5. TCP Sequence Guessing
          6. TCP Splicing
          7. FTP Bouncing
          8. Wireless Attacks
        6. Denial of Service Attacks
        7. Session Hijacking
        8. Data-Driven Attacks
        9. Multistaged Attacks
        10. Staged Download Attacks
      3. Computer Attacks and Cyberterrorism
        1. Cyberterrorism: A Real-World Example
        2. Detailing the Terrorist Threat
      4. How Is a Computer Attack Executed?
        1. Steps to Attack
        2. Examining a Real-World Attack
      5. How High Is Your Risk?
    2. 23. Defending Your Home Network from Attack
      1. Evaluating Your Risk
        1. Who Uses Your Computer?
        2. How Do You Connect to the Internet?
        3. What Do You Do Online?
        4. Do You Have a Home Network?
        5. Do You Have a Website or Blog?
      2. Recognizing an Attack
      3. Reducing Your Risk of Attack
        1. Use Strong Passwords—and Lots of Them
        2. Turn Off File Sharing
        3. Keep Your Operating System and Software Updated
        4. Keep Backup Copies
        5. Use Common Sense
      4. Protecting Your Computers with a Firewall
        1. How Firewalls Work
          1. Traffic Filtering
          2. Matching Incoming and Outgoing Traffic
          3. Sniffing Packet Contents
        2. What to Look for in a Firewall
        3. Choosing a Software Firewall
        4. Using the Windows Firewall
      5. Securing a Wireless Home Network
        1. How to Protect Your Wireless Network from Attack
        2. Different Types of Wireless Security
        3. Enabling Wireless Security
        4. Configuring Your Home Network for Wireless Security
        5. Changing Your Network’s SSID and Password
        6. Disabling SSID Broadcasting
    3. 24. Defending Your Company Network from Attack
      1. Preparing for an Attack
        1. Background and Objectives
        2. Response Team Structure
        3. Incident Classification
        4. Reporting
        5. Business Continuity
        6. Process Flow
      2. Defending Against a Network Attack
        1. Employing a Firewall
        2. Using Proxy Servers
        3. Creating a Demilitarized Zone
        4. Activating an Email Gateway
        5. Employing a Network Intrusion Detection System
      3. Defending Against Internal Security Breaches
      4. Recognizing an In-Process Attack
      5. Dealing with and Recovering from a Serious Attack
    4. 25. Defending Your Website from Attack
      1. How Can Your Website Be Attacked?
        1. Cross Site Scripting
        2. SQL Injection
        3. Authentication Hacking
        4. Directory Traversal Attacks
        5. Denial of Service Attacks
      2. Defending Against Website Hacks and Attacks
        1. Defending Against a General Attack
        2. Employing a Web Vulnerability Scanner
        3. Defending Against Cross Site Scripting
        4. Defending Against SQL Injection
        5. Defending Against Authentication Hacking
        6. Defending Against Directory Traversal Attacks
        7. Defending Against Denial of Service Attacks
      3. Recovering from a Website Attack