Mountain View Computer Users Group

The world has changed. Today we can work, check bank balances, book travel, research medical questions, talk to friends and family members, order books and music, bid on auction items, and even buy a car without leaving home. Thanks to the Internet, we have access to entertainment, shopping, email and other information, 24 hours a day. This access to information is greater than most folks in my generation could have ever imagined. However, the Internet is not without hazards. The Internet and the anonymity it affords can give online scammers, hackers, and identify thieves access to your computer, personal information, finances and more.

I have written about it before, and so have many others, but with Christmas almost here and many of you already shopping on the Internet, I wanted to provide an update on that Internet bugaboo: SECURITY!!! First of all, for those of you who are concerned about using your credit cards for Internet purchases, a couple of things to consider: first, most CC companies have either a $50 maximum amount which you are liable for if someone uses your # without your permission. In fact, many have a $0 liability policy, sometimes tied to a requirement that you report the use within a certain time-frame. So, step one should be to check with your CC customer service and find out what the policy is. Also, it is possible, with many CCs to get a one-time use # which might be a new account number, or just the 3 digit # on the reverse side of your card. Check with the CC company or the issuing bank. Obviously, you will want to check your CC account regularly to see if any bogus charges have been added and this is pretty easy if you setup an online account. Even easier if your issuing bank or CC company has an alert setup that will notify you if an unusual charge appears. Remember that all the other security measures that affect your computer, e.g. anti virus, anti spy/malware, firewall, updating your operating system, etc. further insure your safety. A good reference is: www.microsoft.com/athome/security/viruses.

The Washington State AARP folks gave an excellent presentation on this topic at the national AARP convention and graciously gave me their permission to use any parts I wanted to for this column. Here are a few of the pretty extensive notes I took:

Protect your privacy and personal information online; if you are asked for personal information such as your name, email, address, telephone number, account numbers, or Social Security number, find out how the information is going to be used before you share it. Find out how the requester protects your personal information. Remember, it is your information.

Whether you are shopping, banking, or conducting other business online, do not provide your personal or financial information through a company's website until you have checked for indicators that the site is secure. Look for "https" in the Web address (the "s" stands for secure). Look for a padlock or an unbroken key in the lower right corner of the status bar. Double-click the padlock or key to ensure that the "issued by" name on the security certificate matches the name in the address bar.

If you get an email or pop-up message asking for personal information, do not reply or click on the link in the message. If you think there may be a need to provide information to the requester (you have an account with the company or have placed an order) con- tact the company directly by telephone. Do not send your personal information via email; it is not a secure transmission method.

Here is an excellent place to review the topic of phishing: www.microsoft.com/athome/security.

Anyone can set up shop online. It is a good practice to know whom you are dealing with and what you are getting into. Proceed with caution in your online activities. If you shop online, check out the seller before you buy. A legitimate business or individual seller should give you a physical address and a working telephone number you can call in case you have problems. Call the telephone number before you buy. Never send cash, personal checks or money orders for online purchases. Check out the terms of the deal, like refund policies and delivery dates. The law requires sellers to ship items as promised or within 30 days after the order date if no specific date is promised.

Delete junk email without opening the message. If you open the email, it can alert the spammer that the address is good. Never reply to spam. This includes responding to an option to "Remove me from your list." Do not buy anything or give to any charity marketing through spam. Spammers may swap or sell email addresses of their customers. If you make a purchase as the result of a spam email, it may result in more spam. Do not forward chain email messages. You lose control over who sees your email address. You might also be forwarding a hoax aiding in the delivery of a virus.

Passwords are the key to unlocking your computer and online accounts. A strong password provides better security against hackers and thieves. Strong passwords should be over eight characters in length, combine letters, numbers, and symbols, and should avoid using common words. Do not use your name, your spouse's name, your birthday or location.

Change your passwords regularly or at least every 90 days.

Do not use the same password for each online account you use. Keep your passwords secret. Do not give passwords out to family or friends or send your passwords over email. Do not enable the "Save Password Option" if you receive a dialog box asking you if you would like the computer to remember your password. Do not store written passwords on or near your computer.

Record passwords and store in a safe, secure place. One way to create a strong and memorable password is to think of a "pass phrase." Think of a phrase that is easy to remember like "I save my pennies for a rainy day." Use the first letter of each word as your password, converting some letters into numbers that resemble letters; for example "Ism4ard." Notice the combination of upper and lower case letters, numbers and symbols.

Pay attention to what kids do and whom they meet online. Consider a rule that no child reveals personal information, including photos, without permission. Warn kids never to meet Internet "friends" in person. Parental controls are provided by most Internet Service Providers, or sold as separate software. No software can substitute for parental supervision. Talk to your kids and/or grandkids about safe computing as well as things they are seeing and doing online.

Stop and think before you click; before you provide information, open files or attachments, or download files from unknown senders, take a minute to stop and think before you click.

Free downloads can contain spyware. To avoid it, resist the urge to install any software unless you know exactly what it is. You can install anti-spyware software and then use it regularly to scan for and delete spyware programs that may sneak onto your computer.

Email attachments and links sent over email will not damage your computer without your participation. You have to open an email or attachment that includes a virus or follow a link to a site that is programmed to infect your computer. Hackers use a variety of enticing file names such as "Per your request!" or "Fwd: FUNNY" to get you to open the email attachment or click on the link. Do not open an email attachment unless you expect it and know what it contains. You can help others trust your attachments by including a message in your text that explains what you are attaching.

"Instant messaging" is a form of online communication like email. You can type messages to someone and they can see the messages almost immediately. Files attached to instant messages can also contain viruses. In most cases, viruses spread when you open an infected file attached to an instant message appearing to come from someone you know.

Finally, two things, share your knowledge with others so that they will be more vigilant on the "net and report abuses, including spam, via the Federal Trade Commission http://www.ftc.gov, your Internet Service Provider and your bank or credit union. Most have addresses to use that may begin with phishing, abuse or spoof. Check their web pages for the correct one.

That's it for now, until next time, have fun with all those computer and electronic goodies, but remember to be careful out there on the 'net!

Aloha, Lou

- 30 -