Online fraud is a type of cybercrime that uses email, web sites, chat rooms or message boards. There are many different types of online fraud, including phishing and pharming scams, which use forged e-mails and Web sites to trick recipients into giving out personal information such as credit card data, social security numbers, and passwords.

When armed with a little technical advice and common sense, you can prevent online fraud. Symantec recommends following these basic steps to avoid becoming a victim of online fraud:

 Do's

  • Consider disabling file sharing on your computer.
  • Be careful about opening attachments, especially from unknown senders.
  • Familiarize yourself with a Web site’s privacy policy, especially if you are asked to provide confidential and/or personal data.
  • Review bank and credit card statements regularly.
  • Install and regularly update software firewall, antivirus, and anti-spyware solutions. We recommend Norton Internet Security for comprehensive protection.
  • Keep your Windows operating system and all your applications updated with the latest security patches.
  • Create strong passwords and protect them carefully or consider using password protection software. Norton Internet Security encrypts passwords for secure storage, monitors them for unapproved usage, and notifies you when a Web site offers secure login capabilities.
  • Lock your home mailbox.
  • Shred bank and credit card statements and other financial data before disposal.
  • Check your bank and credit card statements monthly.
  • Strong passwords have eight characters or more, and use a combination of letters, numbers, and symbols.
  • Take advantage of your right to a free annual credit report.
  • If you think you’ve become a victim of ID theft or cybercrime, report it to the proper authorities immediately. Visit the following websites for more information:
    www.ic3.gov
    www.fraud.org
    www.cybercrime.gov

Don’ts

  • Don’t provide personal data to anyone over the phone or in person (for a job or loan application, for example) unless you are certain of the other party’s trustworthiness.
  • Don’t ever give out your personal information in response to an email, a web site you’ve come to through an external link, or a pop-up screen that appears on a real Web site. Open a new browser window and type the URL directly into the address bar to ensure the site is legitimate.
  • Don’t keep financial data on laptops unless absolutely necessary; laptops are far more likely to be stolen than desktops.

 

How to Protect Against Phishing

Phishing is an online con game, and phishers are nothing more than tech-savvy con artists. In a typical phishing scam, phishers send out emails, which appear to come from a legitimate company, in an attempt to scam users into providing private information that will be used for identity theft.

Phishers use a variety of sophisticated devices to steal information—including pop-up windows, URL masks which simulate real Web addresses, and keystroke loggers that capture account names and passwords.

 To protect yourself against phishing, follow these basic guidelines:

  • Be wary of emails asking for confidential information—especially of a financial nature. Legitimate organizations will never request sensitive information via email.
  • Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
  • Familiarize yourself with a Web site’s privacy policy.
  • Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them.
  • Never submit confidential information via forms embedded within email messages.
  • Never use links in an email to connect to a Web site. Instead, open a new browser window and type the URL directly into the address bar.
  • Maintain effective software to combat phishing. Norton Internet Security automatically detects and blocks fake Web sites. It also authenticates major banking and shopping Web sites.

 

How to Protect Against Pharming

Pharming is an attempt to defraud Internet surfers by hijacking a Web site’s domain name, or URL, and redirecting users to an imposter Web site where fraudulent requests for information are made.

 To protect yourself against pharming, follow these basic guidelines:

  • Check the URL of any site that asks you to provide personal information. Make sure your session begins at the known authentic address of the site, with no additional characters appended to it.
  • Maintain effective, up-to-date virus protection. Symantec recommends Norton AntiVirus.
  • Use a trusted, legitimate Internet Service Provider. Rigorous security at the ISP level is your first line of defense against pharming.
  • Check the certificate. It takes just a few seconds to tell if a site you land on is legitimate. On the latest version of Internet Explorer and on many other commonly available Web browsers, go to "File"" in the main menu and select "Properties",or right click your mouse anywhere on the browser screen and, from the menu that pops up, click on"Properties. When the "Properties" box pops up, click on "Certificates" and check if the site carries a secure certificate from its legitimate owner.
  • Block suspicious Web sites automatically. Norton Internet Security detects and blocks fake Web sites, making it easier for you to be confident most of the sites you are using are legitimate.

Phishing FAQs

What does "phishing" mean?
Phishing is a term used for fraudulent Internet "scams" that set out to deceive users into providing personal information that ends up in many cases, being used for identity theft.

How does phishing work?
Most commonly, an email that appears to be from a well-known and trusted company is sent to a large list of email addresses. The email may direct the recipient to a spoofed Web page, where he or she is asked for personal information.

Where can I learn more about phishing?
You can learn more about Phishing here. It explains in more detail what phishing is, and also provides tips on how not to fall prey to Internet scams.

Does Symantec have a product to protect me against phishing?
Yes. Norton Internet Security can help protect users from receiving phishing emails.  

Terms You Should Know

Advanced evasion techniques

Symantec uses the term security risks to refer to a number of programs, such as adware, spyware, misleading applications, and other programs, that users may not want on their systems. These programs often use social engineering to trick users into downloading and installing them and employ a variety of advanced evasion techniques to resist detection and removal.

Authentication fraud

Phishing sites use “zombie” networks of hijacked computers to constantly shift their host address, evading blacklists of known phishing sites.

Bots

Bots are programs that are covertly installed on a targeted system, allowing an unauthorized user to remotely control the computer for a wide variety of purposes.

Crimeware

The software tools used in cybercrime are sometimes referred to as crimeware. Crimeware is software that is used to commit a criminal act. Like cybercrime, crimeware covers a wide range of malicious or potentially malicious software.

Cybercrime

Any crime that is committed using a computer, network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime.

Heuristics

A problem-solving technique that looks for malicious processes (e.g. worms, mass mailer viruses, Trojans, keyloggers, etc.) in real time.

Identity Theft

The act of stealing and assuming another person’s identity in order to commit fraud or other crimes.

Mutual authentication

A security method requiring both parties in a transaction to prove their identities. On the Web, this would require both the Web browser and Web server to prove their identities to one another, thus ensuring both the Web page and the page’s user are legitimate. Used on financial and commerce sites, mutual authentication can help prevent phishing and other kinds of fraud.

Online Fraud

Refers to any type of fraud that uses email, Web sites, chat rooms or message boards. These vehicles are used to present fraudulent solicitations to potential victims, to conduct fraudulent transactions or to transmit stolen money to financial institutions or to others connected with the crime.

Online Transaction Security

Refers to the security measures available to protect consumers at the time they are most vulnerable to criminals and hackers — when browsing, shopping, or banking online, and about to submit passwords, account numbers, or other confidential information.

Pharming

An attempt to defraud Internet surfers by hijacking a Web site’s domain name, or URL, and redirecting users to an imposter Web site where fraudulent requests for information are made.

Phishing

An attempt to mislead people into divulging confidential information, such as social security numbers and passwords. Typically uses legitimate looking email or instant messages in combination with imposter Web sites to make fraudulent requests for information (i.e., to go “fishing” for data).

Polymorphics

A polymorphic virus can change its byte pattern when it replicates and is able to avoid detection from simple string-scanning antivirus techniques.

Rootkits

Rootkits are a system tool meant to hide legitimately running processes and applications from users. Attackers can exploit these tools to conceal their presence and actions on a system. Actions performed by a rootkit, such as installation and code execution, are done without end-user consent or knowledge. “User mode rootkits” intercept system calls. “Kernel mode rootkits” plant themselves at the deepest level of system memory and are the most robust method of system hooking—and the hardest to detect.

Spyware

Software that collects information about your computer and how you use it and relays that information to someone else over the Internet. Spyware ordinarily runs in the background and, in some cases, installs itself on your computer without your knowledge or permission.

Virus

A virus is a program or code that replicates itself onto other files with which it comes in contact; that is, a virus can infect another program, boot sector, partition sector, or a document that supports macros by inserting itself or attaching itself to that medium. Most viruses only replicate, though many can do damage to a computer system or a user's data as well.

Vulnerability

A (universal) vulnerability is a state in a computing system (or set of systems) that allows an attacker to execute commands as another user, access data that is contrary to the specified access restrictions for that data, pose as another entity, or conduct a denial of service attack.

Worm

A worm is a program that makes and facilitates the distribution of copies of itself, for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected email.