Hacking and intrusions
Malware-caused PC problems aren’t the only thing you have to worry about. A determined cybercriminal can get inside your PC by directly hacking into it, and some malware can steal your data and passwords, sending the information back to home base.
This is where a firewall comes in handy: It serves as a gatekeeper, permitting safe traffic (such as your Web browsing) and blocking bad traffic (hacking attempts, malware data transfers, and the like).
Windows includes a firewall, named (appropriately enough) Windows Firewall. It’s set by default to block malicious traffic from coming into your computer, but it isn’t set to watch the data that’s going out, so it will likely not detect any malware attempts to transmit your data to cyberattackers. Although you can enable the firewall’s outgoing protection (in Windows Vista and later versions), that isn’t easy for the average user to set up or configure.
For the ultimate in PC security, you should use a firewall that protects your machine from both incoming and outgoing malicious traffic by default. First, find out whether your antivirus utility or Internet security package has a firewall component, and whether it offers full protection. If it doesn’t, consider a third-party firewall such as ZoneAlarm Firewall or Comodo Firewall Free.
Phishing and scam sites
One method that cybercriminals use to steal your passwords, money, or identity is commonly called phishing (a play on the word fishing). Attackers try to get you (the fish) to hand over your information or money. They do so by hooking you with an email message, IM, or some other form of communication (the bait) that looks as if it came from a legitimate source such as a bank or an online shopping site.
Phishing isn’t a new tactic, but people still fall for it. Here are some precautions that you can take to keep phishing scams from reeling you in.
Don’t click links in email: Scammers often put links to fake login pages in email messages that look very convincing in an attempt to steal your personal information. With that in mind, if an email ever asks you to click a link to log in to a site and enter your username and password, don’t do it. Instead, type in the real website URL of the company directly into your browser, or search Google for the site.
Check for SSL encryption: Before entering sensitive information online, make sure that the website is using encryption to secure the information while it’s moving over the Internet. The site address should begin with https instead of http, and your browser should show some kind of indicator near the address bar. If a site isn’t using encryption for a screen in which it asks you to enter sensitive data, it’s most likely a phishing site or scam site. SSL encryption isn’t a guarantee of safety, but you ought to make a habit of looking for that lock icon.
Use a Web browser add-on: Many Web browser add-ons out there can help you identify phishing scams and other dangerous sites. Typically these plug-ins use badges or some other indicator to show whether a site is safe, unsafe, or questionable. Most antivirus programs offer these types of browser add-ons, but if yours doesn’t or you don’t like it, consider using Web of Trust, an independent site-reputation tracking service.
Social network safety
Facebook, Twitter, and other popular social networking sites have given cybercriminals additional avenues to try grabbing your personal data. For example, scammers might create a malicious Facebook app that attempts to harvest your information for their financial gain, spreads tainted links, or hijacks other people’s profiles. Below are a few measures that you can implement to protect yourself on social networks.
Tighten your security and privacy settings: Although security and privacy features vary across social networks, they can help to protect you and your account data. You must set them up, however, for them to work effectively. For instance, both Facebook and Twitter allow you to encrypt your connections so that other people can’t hijack your account when you’re connecting from public Wi-Fi hotspots. And Facebook offers a feature to monitor and track the computers and devices that log in to your account, to help identify unauthorized logins.
Be careful who you “friend” or “follow”: Before you add someone as a Facebook friend, or follow them on Twitter or Google+, ask yourself whether you really know the person. Cybercriminals often set up fake profiles just to spread spam and malicious links.
Watch for phishing attempts, scams, and hoaxes: If something sounds fishy or too good to be true, it probably is. Two widespread Facebook scams, for instance, promote links or apps that claim to tell you who has viewed your profile, or that promise to change your Facebook profile layout or theme—even though neither capability exists. Think before you click on these types of links or apps, as they could steal your information, hijack your account, send spam to your friends, or cause other damage. To learn more about social network security and to discover scams as they develop, follow sites such as Facecrooks or PCWorld’s own security topic page.
Check app permissions: If you’re thinking of giving a Facebook app permission to access your profile information, first check out the types of information it wants. If you think a particular app should not be able to access certain details, don’t allow it. Also, periodically check the apps you’ve authorized to see if any of them look suspicious.
Twitter lets apps access account information, too. Be sure to review which apps and services can access your profile. If you no longer want to use a particular app or service, you can disable it from this page.
Use apps to help detect malicious activity: A number of apps can tell you if your social network accounts are vulnerable to attack, or if you’re sharing too much personal data. For starters, they can filter and moderate your feeds and comments for malicious or inappropriate content, and detect fake profiles set up to flood your feeds with spam.
Two good antiscam apps are Bitdefender Safego for Facebook or Twitter and MyPageKeeper for Facebook, both of which monitor your profile's feeds and comments and alert you and other users to any malicious links they encounter. For more details on how each utility works, see "Lock down your social media with essential security add-ons." And if you operate your own Facebook Fan Page or blog, consider using a service such as Websense Defensio, which filters comments for spam messages, malicious content, and profanity.