Hackers and spammers may be using your computer right now. They invade secretly and hide software to get access to the information on your computer, including your email program. Once on your computer, they can spy on your Internet surfing, steal your personal information, and use your computer to send spam — potentially offensive or illegal — to other computers without your knowledge.

Computers that are taken over this way often become part of a robot network, known as a “botnet” for short. A botnet, also known as a “zombie army,” usually is made up of tens or hundreds of thousands of home computers sending emails by the millions. Computer security experts estimate that most spam is sent by home computers that are controlled remotely, and that millions of these home computers are part of botnets.

Spammers can install hidden software on your computer in several ways. First, they scan the Internet to find computers that are unprotected, and then install software through those “open doors.” Spammers may send you an email with attachments, links or images which, if you click on or open them, install hidden software. Sometimes just visiting a website or downloading files may cause a “drive-by download,” which installs malicious software that could turn your computer into a “bot.”

It can be difficult to tell if a spammer has installed hidden software on your computer, but there are some warning signs. You may receive emails accusing you of sending spam; you may find email messages in your “outbox” that you didn’t send; or your computer suddenly may operate more slowly or sluggishly.

Botnets are not inevitable. You can help reduce the chances of becoming part of a bot — including limiting access into your computer. Leaving your Internet connection on and unprotected is just like leaving your front door wide open. CenturyLink™encourages you to secure your computer by:

• Using anti-virus and anti-spyware software, like CenturyLink™Online Security, and keeping it up to date.
• Setting your operating system software to download and install security patches automatically. Operating system companies issue security patches for flaws that they find in their systems.
• Being cautious about opening any attachments or downloading files from emails you receive. Don’t open an email attachment — even if it looks like it’s from a friend or coworker — unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.
• Using a firewall to protect your computer from hacking attacks while it is connected to the Internet. A firewall is software or hardware designed to block hackers from accessing your computer. A firewall is different from anti-virus protection: while anti-virus software scans incoming communications and files for troublesome viruses, a properly-configured firewall helps make you invisible on the Internet and blocks all incoming communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection because the connection is always open. Firewall is included with CenturyLink™Online Security
• Disconnecting from the Internet when you’re away from your computer. While anti-virus and anti-spyware software, along with a firewall, are critical protections when you’re connected to the Web, they’re not foolproof. Hackers just can’t get into your computer when it’s disconnected from the Internet.
• Downloading free software only from sites you know and trust. It can be appealing to download free software like games, file-sharing programs, customized toolbars, and the like. But remember that many free software applications contain other software, including spyware.
• Checking your “sent items” file or “outgoing” mailbox for messages you did not intend to send. If you do find unknown messages in your out box, it’s a sign that your computer may be infected with spyware, and may be part of a botnet. This isn’t foolproof: many spammers have learned to hide their unauthorized access.
• Taking action immediately if your computer is infected. If your computer has been hacked or infected by a virus, disconnect from the Internet right away. Then scan your entire computer with fully updated anti-virus and anti-spyware software. Contact CenturyLink® to report unauthorized accesses. If you suspect that any of your passwords have been compromised, call that company immediately to change your password.

Courtesy of OnGuardOnline.gov

P2P File-Sharing: Evaluate the Risks

Every day, millions of computer users share files online. Whether it is music, games, or software, file-sharing can give people access to a wealth of information. To share files through a P2P network, you download special software that connects your computer to other computers running the same software. Millions of users could be connected to each other through this software at one time. The software often is free.

Sounds promising, right? Maybe, but make sure that you consider the trade-offs. CenturyLink cautions that file-sharing can have a number of risks. For example, when you are connected to file-sharing programs, you may unknowingly allow others to copy private files – even giving access to entire folders and subfolders – you never intended to share. You may download material that is protected by copyright laws and find yourself mired in legal issues. You may download a virus or facilitate a security breach. Or you may unwittingly download pornography labeled as something else.

To secure the personal information stored on your computer, CenturyLink suggests that you:

• Install file-sharing software carefully, so that you know what’s being shared. When you load a file-sharing application onto your computer, any changes you make to the P2P software’s default settings during installation could cause serious problems. For example, if you change the defaults when you set up the “shared” or “save” folder, you may let other P2P users into any of your folders – and all its subfolders. You could inadvertently share information on your hard drive – like your tax returns, email messages, medical records, photos, or other personal documents – along with the files you want to share. And almost all P2P file-sharing applications will, by default, share the downloads in your “save” or “download” folder – unless you set it not to.
• Use security software and keep it and your operating system up-to-date. Some file-sharing programs may install malware that monitors a user’s computer use and then sends that data to third parties. Files you download may also hide malware, viruses, or other unwanted content. And when you install a P2P file-sharing application, you might be required to install “adware” that monitors your browsing habits and serves you advertising.
  Malware and adware can be difficult to detect and remove. Before you use any file-sharing program, get a security program that includes anti-virus and anti-spyware protection like CenturyLink™Online Security and make sure that your operating system is up to date. Set your security software and operating system to be updated regularly. Make sure your security software and firewall are running whenever your computer is connected to the Internet. Delete any software the security program detects that you don’t want on your computer. And before you open or play any downloaded files, scan them with your security software to detect malware or viruses.
• Close your connection. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and could increase your security risk. If you have a high-speed or “broadband” connection to the Internet, you stay connected to the Internet unless you turn off the computer or disconnect your Internet service. These “always on” connections may allow others to copy your shared files at any time. To be sure your file-sharing program is closed, take the time to “exit” the program, rather than just clicking “X” or “closing” it. What’s more, some file-sharing programs automatically open every time you turn on your computer. As a preventive measure, you may want to adjust the file-sharing program’s controls to prevent the file-sharing program from automatically opening.
• Create separate user accounts. If more than one person uses your computer, consider setting up separate user accounts, in addition to the administrator’s account, and give those user accounts only limited rights. Since only a user with administrator rights can install software, this can help protect against software you don’t want on your computer. It also can keep users from accessing other users’ folders and subfolders, since users with limited rights generally don’t have access to each other’s information. Also use a password to protect your firewall and security software so no one else can disable them or grant themselves rights that you don’t want them to have on your machine.
• Back up sensitive documents. Back up files that you’d want to keep if your computer crashes. Store them on CDs, DVDs, or detachable drives that you keep in a safe place.
• Talk with your family about file-sharing. If you’re a parent, ask your children whether they’ve downloaded file-sharing software, and if they’ve exchanged games, videos, music, or other material. Talk to your kids about the security and other risks involved with file-sharing and how to install the software correctly, if they’re going to use P2P file-sharing at all. If you’re a teen or tween interested in file-sharing, talk with your parents before downloading software or exchanging files.
• CenturyLink provides many inexpensive and safe alternatives for high quality, current media.CenturyLink has gone to great lengths to provide users with inexpensive, safe, legal, and high-quality options to satisfy any of their needs for digital media.
  1. The CenturyLink Unlimited Music service is the perfect solution for music lovers in your family. Subscribe to the CenturyLink Unlimited Music Premium Package and get started on filling up your music library.
  2. The CenturyLink Video Store allows users to “Rent” or purchase video content in digital format. Some selections can even be burned to DVDs for your home collection. Download high-quality and current movie, television series, and music video titles quickly without ever leaving your home to pickup or return a movie.
  3. CenturyLink.com provides a huge variety of completely free video content from the Videos link in the directory. With cartoons, business programming, entertainment, and several news feeds there is likely to something for everyone here.

Courtesy of OnGuardOnline.gov

A techie spy and his cunning crew are out to get your personal information. Stop them cold by proving you’re ready to protect yourself online. Courtesy of OnGuardOnline.gov.

Three rounds. Three strikes. Make it through this game, and it’s clear — you’re on to spam scams and not likely to get slammed by the next one. Courtesy of OnGuardOnline.gov.

Phishers are looking to lure you with bogus emails and pop-ups that seem safe. Will you take the bait or live to swim another day? Courtesy of OnGuardOnline.gov.

A phisher pays an unexpected visit to someone’s home. Courtesy of OnGuardOnline.gov.

A phisher shows that phishing can happen when you least expect it — even at the office. Courtesy of OnGuardOnline.gov.

A phisher visits a clothing store in hopes of getting a shopper’s financial information. Courtesy of OnGuardOnline.gov.

Are you a shrewd online shopper who can spot a risky offer? Peruse our sales pitches to find out. You decide who gets your business and who gets the boot. Courtesy of OnGuardOnline.gov.

You’ve already lost one laptop, Agent Smith. Your job’s on the line if it happens again. Make wise choices this time, and it’s mission accomplished. Courtesy of OnGuardOnline.gov.

Mikko Hyppönen, Chief Research Officer at F-Secure, discusses the various aspects of crimeware. This interesting video reviews the history of Internet crime, who benefits, and scams to watch for. Courtesy of F-Secure.

Get a glimpse of your future as your investing intelligence is put to the test. Courtesy of OnGuardOnline.gov.

Hackers hunting for vulnerable wireless networks are closing in. Stop the hack attack with correct answers to these wireless security questions. Courtesy of OnGuardOnline.gov.

Mikko Hyppönen, Chief Research Officer at F-Secure, discusses the various motives of crimeware in a follow up to RE:SOLUTION. This frightening video details several kinds of cyber crimes and alerts the viewer to potential scams and crimes that can affect innocent people. Courtesy of F-Secure.

Your identity’s been stolen! Luckily, this time you just need to correctly answer some questions on protecting your identity to get it back. Courtesy of OnGuardOnline.gov.

Compete with our contestants for a spot on the Friend Finder All-Star List. Earn your spot by showing you’re savvy when it comes to making friends online. Courtesy of OnGuardOnline.gov.

Mikko Hypponen , Chief Research Office at F-Secure, discusses the issue of Targeted Attacks and provides details on how these threats affect both businesses and governments around the world. Courtesy of F-Secure.

Don’t let spyware sneak onto your computer to give others a peek at information you enter online. Get wise to the spyware guise by taking this quiz. Courtesy of OnGuardOnline.gov.

Congratulations! You’re the next contestant on Auction Action, the game that puts your online auction know-how to the test. Courtesy of OnGuardOnline.gov.

F-Secure experts explain how the Conficker scam (aka Downadup) slipped past many technology experts through common devices like flash drives. Learn how F-Secure and other online security professionals handle these threats. Courtesy of F-Secure.

F-Secure experts explain how the Conficker scam (aka Downadup) slipped past many technology experts through common devices like flash drives. Learn how F-Secure and other online security professionals handle these threats. Courtesy of F-Secure.

The first half of 2009 was filled with new threats to Internet security. Learn what security experts are doing about drive-by downloads, Twitter worms, and Conficker. Courtesy of F-Secure.

The first half of 2009 was filled with new threats to Internet security. Learn what security experts are doing about drive-by downloads, Twitter worms, and Conficker. Courtesy of F-Secure.

Social Networking Sites: Safety Tips for Tweens and Teens

You’ve probably learned a long list of important safety and privacy lessons already: Look both ways before crossing the street; buckle up; hide your diary where your nosy brother can’t find it; don’t talk to strangers.

CenturyLink is urging kids to add one more lesson to the list: Don’t post information about yourself online that you don’t want the whole world to know. The Internet is the world’s biggest information exchange: many more people could see your information than you intend, including your parents, your teachers, your employer, the police — and strangers, some of whom could be dangerous.

Social networking sites have added a new factor to the “friends of friends” equation. By providing information about yourself and using blogs, chat rooms, email, or instant messaging, you can communicate, either within a limited community, or with the world at large. But while the sites can increase your circle of friends, they also can increase your exposure to people who have less-than-friendly intentions. You’ve heard the stories about people who were stalked by someone they met online, had their identity stolen, or had their computer hacked.

Your Safety’s at Stake

CenturyLink suggests these tips for socializing safely online:

• Think about how different sites work before deciding to join a site. Some sites will allow only a defined community of users to access posted content; others allow anyone and everyone to view postings.
• Think about keeping some control over the information you post. Consider restricting access to your page to a select group of people, for example, your friends from school, your club, your team, your community groups, or your family.
• Keep your information to yourself. Don’t post your full name, Social Security number, address, phone number, or bank and credit card account numbers — and don’t post other people’s information, either.

Be cautious about posting information that could be used to identify you or locate you offline. This could include the name of your school, sports team, clubs, and where you work or hang out.

• Make sure your screen name doesn’t say too much about you. Don’t use your name, your age, or your hometown. Even if you think your screen name makes you anonymous, it doesn’t take a genius to combine clues to figure out who you are and where you can be found.
• Post only information that you are comfortable with others seeing — and knowing — about you. Many people can see your page, including your parents, your teachers, the police, the college you might want to apply to next year, or the job you might want to apply for in five years.
• Remember that once you post information online, you can’t take it back. Even if you delete the information from a site, older versions exist on other people’s computers.
• Consider not posting your photo. It can be altered and broadcast in ways you may not be happy about. If you do post one, ask yourself whether it’s one your mom would display in the living room.
• Flirting with strangers online could have serious consequences. Because some people lie about who they really are, you never really know who you’re dealing with.
• Be wary if a new online friend wants to meet you in person. Before you decide to meet someone, do your research: Ask whether any of your friends know the person, and see what background you can dig up through online search engines. If you decide to meet them, be smart about it: Meet in a public place, during the day, with friends you trust. Tell an adult or a responsible sibling where you’re going, and when you expect to be back.
• Trust your gut if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, tell an adult you trust and report it to the police and the social networking site. You could end up preventing someone else from becoming a victim.

What to Do if There’s a Problem

Trust your gut if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, tell an adult you trust, and report it to the police and the social networking site.

The Children’s Online Privacy Protection Act (COPPA) requires websites to obtain parental consent before collecting, using, or disclosing personal information from children under age 13. If a website is violating COPPA, report it to the Federal Trade Commission.

Courtesy of OnGuardOnline.gov

Know Your Legal Obligations

Under federal law, you’re required to advertise your product or service and the terms of the sale honestly and accurately. You can’t place “shill” bids on your item to boost the price or offer false testimonials about yourself in the comment section of Internet auction sites.

You’re prohibited from auctioning illegal goods; some auction sites have further prohibitions on sales of other items. While many auction sites monitor to ensure that illegal items are not being offered, the responsibility for ensuring that a sale is legal rests with the seller and buyer. Some auction sites post a list of prohibited items.

You are required to ship merchandise within the time frame specified during the auction, or within 30 days, if a time frame is not specified. If you can’t meet the shipping commitment, you must give the buyer an opportunity to agree to the new shipping date or cancel the order for a full refund.

Advertising Your Product

• When describing your item and its condition, state whether it’s new, used, or reconditioned.
• Anticipate questions buyers might have and address them in the description of your item or service.
• When possible, include a photograph of the item. There’s much truth to the saying that “a picture is worth a thousand words.”
• Specify the minimum bid you’re willing to accept.
• Specify who will pay for shipping, and whether you’ll ship internationally.
• State your return policy, including who’s responsible for paying shipping costs or restocking fees if the item is returned.
• Let prospective bidders know whether you provide follow-up service; if you don’t, tell them where they can get it.

Dealing with Bidders

• Respond as quickly as possible to bidders’ questions about the item you’re auctioning or the terms of the sale.
• When the auction closes, print all information about the transaction, including the buyer’s identification; a description of the item; and the date, time, and price of the bid. Save a copy of every email you send and receive from the auction site or the successful bidder.
• Contact the successful buyer as soon after the auction closes as possible; confirm the final cost, including shipping charges, and tell the buyer where to send payment.

Arranging for Payment

• If you accept credit card payments from the buyer directly, bill the credit card account only after you’ve shipped the product.
• If a buyer insists on using a particular escrow or online payment service that you’ve never heard of, check it out by visiting its website or calling its customer service line. If there isn’t one, or if you call and can’t reach someone, don’t use the service. If the service claims to be affiliated with a government agency, that’s a sign of a scam.
• Before agreeing to use an online payment or escrow service, read the terms of agreement. If it’s an online payment service, find out who pays for credit card charge backs or transaction reversal requests if the buyer seeks them.
• Examine the service’s privacy policy and security measures. Never disclose financial or personal information unless you know why it’s being collected, how it will be used, and how it will be safeguarded.
• Don’t use an online escrow service that does not process its own transactions, but that requires you to set up accounts with online payment services. Legitimate escrow services never do this.
• Check with the Better Business Bureau, state attorney general or consumer protection agency — where you live and where the online payment or escrow service is based — to see whether any unresolved complaints are on file against the service. But remember that a lack of complaints doesn’t guarantee that the service has no problems.

Look Out for Fraudulent Checks or Money Orders

Sometimes, your bank may not alert you that a fake check or money order has been returned until after you have shipped the merchandise. If you are suspicious about a check because it is written by a third party or for any other reason, call the person who wrote the check to verify that they have authorized it. If you receive a check or money order for an amount that exceeds the successful bid, and the buyer asks that you wire the excess funds back to him or to a third party, do not wire the money. Instead, return the check to the buyer, and do not ship the merchandise.

If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank the check was drawn from and ask if it is valid. Get the bank’s phone number from directory assistance or an Internet site that you know and trust, not from the person who gave you the check.

Courtesy of OnGuardOnline.gov

Despite complaints of fraud, online auctions remain a fun, efficient, and relatively safe way to shop — if you act prudently. Here’s how:

Before Bidding

Become familiar with the auction site. Never assume that the rules of one auction site apply to another. If the site offers a step-by-step tutorial on the bidding process, take it. It may save you frustration and disappointment later.

Find out what protections the auction site offers buyers. Some sites provide free insurance or guarantees for items that are not delivered, not authentic, or not what the seller claims.

Know exactly what you’re bidding on. Read the seller’s description of the item or service, and if a photograph is posted, look at it. Read the fine print. Look for words like “refurbished,” “close out,” “discontinued,” or “off-brand” — especially when shopping for computer or electronic equipment — to get a better idea of the condition of the item. Sometimes this information and other important terms are in a contract that may be found by following a hyperlink in the listing to the seller’s online store.

Try to determine the relative value of an item before you bid. Be skeptical if the price sounds too low to be realistic. “Brick-and-mortar” stores and price comparison sites may be good for reality checks.

Find out all you can about the seller. Avoid doing business with sellers you can’t identify, especially those who try to lure you off the auction site with promises of a better deal. Don’t trust emails alone. Some fraudulent sellers have used forged email headers that make follow-up difficult, if not impossible. Get the seller’s telephone number as another way to get in touch. Dial the number to confirm that it is correct.

Some auction sites post feedback ratings of sellers based on comments by other buyers. Check them out. Although these comments and ratings may give you some idea of how you’ll be treated, comments sometimes are submitted by the seller or “shills” paid by the seller. In other cases, a seller may build up his reputation by selling many low cost items before making fraudulent sales of higher cost items.

Consider whether the item comes with a warranty, and whether follow-up service is available if you need it. Many sellers don’t have the expertise or facilities to provide services for the goods they sell. If this is the case with your seller, be sure you’re willing to forfeit that protection before placing a bid.

Find out who pays for shipping and delivery. Generally, sellers specify the cost of shipping and give buyers the option for express delivery at an additional cost. If you’re uncertain about shipping costs, check with the seller before you bid.

Check on the seller’s return policy. Can you return the item for a full refund if you’re not satisfied with it? If you return it, are you required to pay shipping costs or a restocking fee? Sometimes the return policy is found in the listing, but other times you may have to access it by following a hyperlink in the listing to the seller’s online store.

Email or call the seller if you have any questions. Don’t place any bids until you get straight — and satisfactory — answers.

When Bidding

Establish a top price and stick to it. This can help ensure that you get a fair price and protect you from “shill bidding.” Don’t bid on an item you don’t intend to buy. If you’re the highest bidder, you’re obligated to follow through with the transaction. Some auction sites bar “non-paying” bidders, also known as “deadbeats,” from future bidding.

Save all transaction information. Print the seller’s identification, the item description, and the time, date, and price of your bid. Print and save every email you send and receive from the auction company or the seller.

Before Paying

Protect your identity. Never provide your Social Security number or driver’s license number to a seller. Don’t provide your credit card number or bank account information until you check out the seller and the online payment or escrow service, if you’re using one, and ensure their legitimacy. Examine the online payment and escrow service’s privacy policy and security measures. Never disclose financial or personal information unless you know why it’s being collected, how it will be used, and how it will be safeguarded.

Protect your funds. Know what form of payment the seller accepts. If the seller accepts only cashier’s checks or money orders, decide whether you’re willing to risk sending your payment before you receive the product. Never wire money to a person you don’t know or whose identity you can’t verify.

If the seller insists on using a particular escrow or online payment service you’ve never heard of, check it out. Visit its website. Be suspicious of any site that is generally of poor quality with misspelled words or claims that it is affiliated with the government. Call the customer service line. If there isn’t one — or if you call and can’t reach someone — don’t use the service.

Before you agree to use any online payment or escrow service, read the service’s terms of agreement. If it’s an online payment service, find out whether it offers buyers any recourse if sellers don’t keep their end of the bargain, whether it prevents sellers from accessing their funds if buyers are not satisfied with the product, and who is responsible for paying for credit card charge backs or transaction reversal requests. If the online payment service cannot recover the loss from the seller, it might try to recover its loss from you, using the credit card or bank account information in its file. To limit your exposure, consider reserving a separate credit card, stored-value card, or bank account to use just for your online transactions.

Be suspicious of an online escrow service that cannot process its own transactions and requires you to set up accounts with online payment services. Legitimate escrow services never do this.

Check with the Better Business Bureau, state attorney general, or consumer protection agency — where you live and where the online payment or escrow service is based — to see whether there are any unresolved complaints against the service. A lack of complaints doesn’t mean that a service doesn’t have any problems. Many scammers change their company names often.

Courtesy of OnGuardOnline.gov

Going online can be a convenient way to compare prescription drug prices, research health products and services, answer health questions, or do some research ahead of your next medical appointment.

If you’ve spent much time searching or shopping online, you may already know the usual precautions to take — like making sure you have up-to-date security software on your computer (if not, read 7 Practices for Computer Security). When you take your health online, the same rules apply, and so do a few others.

CenturyLink has these tips for being smart and safe when dealing with health information and health care products online:

Know who’s on the other end.

Before you hand over any personal or financial information, whether to buy something or just get “more information,” remember: anyone can set up shop online under almost any name. If you’re thinking about buying a heath–related product from an unfamiliar company or website, do some research:

• Confirm the online seller’s physical address (not just a P.O. Box) and phone number, so you know you can reach someone if you need to.
• Do a search for the company name and website, and be sure to look past the first page of results. If you find a lot of negative reviews, you may be better off taking your business elsewhere.
• Check with the local Better Business Bureau (BBB) where the seller is based to see if it has a report on the company. And if you see a BBB logo on the site, check that it links back to the BBB site. Also, read logos and websites carefully. Some companies want to trade on the reputation of the BBB or other trusted organizations, and either misuse logos, or create lookalike logos, seals, and websites.
• Look for indicators the site is secure, like a lock icon on the browser’s status bar or a url that begins with “https” (the “s” stands for “secure”). But also know that security icons can be forged, so they aren’t foolproof. Avoid sites that ask you to give out personal or financial information over email, or ask you to wire cash.

Consider the source.

When you’re looking for health information online, it’s easy to get a lot of misinformation along the way. Instead of a random search, try starting with trusted sources. Two great choices are MedlinePlus (medlineplus.gov) and Healthfinder.gov (healthfinder.gov), government websites that let you look up hundreds of health topics and the latest health headlines.

Wherever you start your health search, always consider who’s behind the information. Government websites (sites ending in .gov) are a good bet. So are university or medical school websites (.edu) and sites for trusted, nationally recognized health or research facilities, like the Mayo Clinic. Not-for-profit groups with a mission that focuses on research and teaching the public about specific conditions (whose sites typically end in .org), can also be good resources, but keep in mind that “.org” doesn’t guarantee a site is reputable. Scammers can set up bogus .org sites.

Only buy prescription drugs from licensed U.S. pharmacies.

What looks like an online pharmacy could be a front for a scammer or identity thief. The sites may use official looking seals and logos, promise money back guarantees, and “look” legitimate, but all of that can be faked. You could end up with products that are fake, expired, mislabeled, or the wrong dosage. They could even contain dangerous ingredients. Or, you might pay for a prescription and never get your order — or your money — back.

So how can you tell if you’re dealing with a legitimate U.S. pharmacy? To see if a pharmacy is licensed in the U.S., check with the state board of pharmacy where it’s based. The National Association of Boards of Pharmacy (NABP) at www.nabp.info has information on each state’s board. NABP also has a list of online pharmacies that meet extra NABP criteria and have been accredited through its Verified Internet Pharmacy Practice Sites (VIPPS) program. Reputable pharmacy websites also should require a prescription, have a licensed pharmacist to answer questions, and provide a physical business address and phone number.

Talk to your doctor or health professional.

As you look for answers to your health questions, you might come across websites or ads for pills or other products that make some pretty big promises. They may say their product will cure a serious condition like arthritis, diabetes, Alzheimer’s disease, multiple sclerosis, cancer, and HIV-AIDS, or that one product will cure a range of conditions. Or, the ad might just be for a weight loss pill that says you can lose weight without exercising or changing how you eat.

The products may be called “scientific breakthroughs” or “ancient remedies,” or the ads may use scientific-sounding words like “thermogenesis,” or safe-sounding words like “natural.” Scammers can be creative. But the reality is that most of these products are useless, and at best a waste of money. Others are flat-out dangerous to your health.

Don’t trust a website just because it looks professional or has success stories from “real people.” The stories may be made up, or the people may be actors or models paid to praise the product. Instead, before you think about trying a health product, ask your doctor about it. Your doctor can tell you about the risks of a product, as well as how it could affect any medicine you’re taking or treatments you’re getting.

For more on health from the FTC, visit ftc.gov/health.

Courtesy of OnGuardOnline.gov

Securing Your Wireless Network

Increasingly, computer users interested in convenience and mobility are accessing the Internet wirelessly. Today, business travelers use wireless laptops to stay in touch with the home office; vacationers beam snapshots to friends while still on holiday; and shoppers place orders from the comfort of their couches. A wireless network can connect computers in different parts of your home or business without a tangle of cords and enable you to work on a laptop anywhere within the network’s range.

Going wireless generally requires a broadband Internet connection into your home, called an “access point,” like a cable or DSL line that runs into a modem. To set up the wireless network, you connect the access point to a wireless router that broadcasts a signal through the air, sometimes as far as several hundred feet. Any computer within range that’s equipped with a wireless client card can pull the signal from the air and gain access to the Internet.

The downside of a wireless network is that, unless you take certain precautions, anyone with a wireless-ready computer can use your network. That means your neighbors, or even hackers lurking nearby, could “piggyback” on your network, or even access the information on your computer. And if an unauthorized person uses your network to commit a crime or send spam, the activity can be traced back to your account.

Fortunately, there are steps you can take to protect your wireless network and the computers on it. As no one step is a complete fix, taking all of the following steps will help you be more secure.

Precautionary Steps

1. Use encryption. The most effective way to secure your wireless network from intruders is to encrypt, or scramble, communications over the network. Most wireless routers, access points, and base stations have a built-in encryption mechanism. If your wireless router doesn’t have an encryption feature, consider getting one that does.
   Manufacturers often deliver wireless routers with the encryption feature turned off. You must turn it on. The directions that come with your wireless router should explain how to do that. If they don’t, check the router manufacturer’s website.
   Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must use the same encryption. WPA is stronger; use it if you have a choice. It should protect you against most hackers.
   Some older routers use only WEP encryption, which is better than no encryption. It should protect your wireless network against accidental intrusions by neighbors or attacks by less-sophisticated hackers. If you use WEP encryption, set it to the highest security level available.
2. Use anti-virus and anti-spyware software, and a firewall. Computers on a wireless network need the same protections as any computer connected to the Internet. Install anti-virus and anti-spyware software, and keep them up-to-date. If your firewall was shipped in the “off” mode, turn it on.
3. Turn off identifier broadcasting. Most wireless routers have a mechanism called identifier broadcasting. It sends out a signal to any device in the vicinity announcing its presence. You don’t need to broadcast this information if the person using the network already knows it is there. Hackers can use identifier broadcasting to home in on vulnerable wireless networks. Note the SSID name so you can connect manually. Disable the identifier broadcasting mechanism if your wireless router allows it.
4. Change the identifier on your router from the default. The identifier for your router is likely to be a standard, default ID assigned by the manufacturer to all hardware of that model. Even if your router is not broadcasting its identifier to the world, hackers know the default IDs and can use them to try to access your network. Change your identifier to something only you know, and remember to configure the same unique ID into your wireless router and your computer so they can communicate. Use a password that’s at least 10 characters long: The longer your password, the harder it is for hackers to break.
5. Change your router’s pre-set password for administration. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something only you know. The longer the password, the tougher it is to crack.
6. Allow only specific computers to access your wireless network. Every computer that is able to communicate with a network is assigned its own unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses access to the network. Some hackers have mimicked MAC addresses, so don’t rely on this step alone.
7. Turn off your wireless network when you know you won’t use it. Hackers cannot access a wireless router when it is shut down. If you turn the router off when you’re not using it, you limit the amount of time that it is susceptible to a hack.
8. Don’t assume that public “hot spots” are secure. Many cafés, hotels, airports, and other public establishments offer wireless networks for their customers’ use. These “hot spots” are convenient, but they may not be secure. Ask the proprietor what security measures are in place.
9. Be careful about the information you access or send from a public wireless network. To be on the safe side, you may want to assume that other people can access any information you see or send over a public wireless network. Unless you can verify that a hot spot has effective security measures in place, it may be best to avoid sending or receiving sensitive information over that network.

Glossary

Encryption: The scrambling of data into a secret code that can be read only by software set to decode the information.

Extended Service Set Identifier (ESSID): The name a manufacturer assigns to a router. It may be a standard, default name assigned by the manufacturer to all hardware of that model. Users can improve security by changing to a unique name. Similar to a Service Set Identifier (SSID).

Firewall: Hardware or software designed to keep hackers from using your computer to send personal information without your permission. Firewalls watch for outside attempts to access your system and block communications to and from sources you don’t permit.

Media Access Control (MAC) Address: A unique number that the manufacturer assigns to each computer or other device in a network.

Router: A device that connects two or more networks. A router finds the best path for forwarding information across the networks.

Wired Equivalent Privacy (WEP): A security protocol that encrypts data sent to and from wireless devices within a network. Not as strong as WPA encryption.

Wi-Fi Protected Access (WPA): A security protocol developed to fix flaws in WEP. Encrypts data sent to and from wireless devices within a network.

Wireless Network: A method of accessing high speed Internet without the computer being linked by cables.

Courtesy of OnGuardOnline.gov

Just when you thought you were Web savvy, one more privacy, security, and functionality issue crops up — spyware. Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to identity theft.

Many experienced Web users have learned how to recognize spyware, avoid it, and delete it. According to CenturyLink security experts, all computer users should take preventive steps to avoid spyware, get wise to the signs that it has been installed on their machines, and then take the appropriate steps to delete it.

The clues that spyware is on a computer include:

• Barrage of pop-ups
• Hijacked browser — that is, a browser that takes you to sites other than those you type into the address box
• A sudden or repeated change in your computer’s Internet home page
• New and unexpected toolbars
• New and unexpected icons on the system tray at the bottom of your computer screen or on your desktop
• Keys that don’t work (for example, the “Tab” key that might not work when you try to move to the next field in a Web form)
• Random error messages
• Sluggish or downright slow performance when opening programs or saving files

The good news is that consumers can take steps to lower their risk of spyware infections. Indeed, CenturyLink suggests that you:

Update your operating system and Web browser software. Your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that spyware could exploit. Set your operating system and security software to update automatically to be sure you have the latest protections. CenturyLink’s free PC Health Check can also help you pinpoint possible security vulnerabilities on your PC.

Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. CenturyLink™Online Security is available to all of our high speed Internet customers and includes anti-virus and anti-spyware software, a firewall, and more.

Download free software only from sites you know and trust. It can be appealing to download free games, file-sharing programs, or customized toolbars. Be aware, however, that some of these free software applications bundle other software, including spyware. If you share a computer with kids, talk with them about safe computing.

Don’t install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.

Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the “Medium” setting for Internet Explorer.

Don’t click on any links within pop-ups. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the “X” icon in the title bar.

Don’t click on links in spam or pop-ups that claim to offer anti-spyware software. Some software offered in spam or pop-ups actually installs spyware. In fact, ads that claim to have scanned your computer and detected malware are a tactic scammers have used to spread malware, so resist the urge to respond to or click on those messages.

Back up your data. Whether it’s text files or photos that are important to you, back up any data that you’d want to keep in case of a computer crash. Do this as regularly as you update your security software.

If you think your computer might have spyware on it, immediately stop shopping, banking, or doing any other online activity that involves user names, passwords, or other sensitive information. Confirm that your security software is active and current and run it to scan your computer for viruses and spyware, deleting anything the program identifies as a problem.

Courtesy of OnGuardOnline.gov

Social Networking Sites: A Parent’s Guide

“It’s 10 p.m. Do you know where your children are?”

Remember that phrase from your own childhood? It’s still a valid question, but now, it comes with a twist: “Do you know where your kids are — and who they’re chatting with online?”

Social networking sites have morphed into a mainstream medium for teens and adults. These sites encourage and enable people to exchange information about themselves, share pictures and videos, and use blogs and private messaging to communicate with friends, others who share interests, and sometimes even the world-at-large. And that’s why it’s important to be aware of the possible pitfalls that come with networking online.

Some social networking sites attract pre-teens – even kids as young as 5 or 6. These younger-focused sites don’t allow the same kinds of communication that teens and adults have, but there are still things that parents can do to help young kids socialize safely online. In fact, when it comes to young kids, the law provides some protections – and gives parents some control over the type of information that children can disclose online. For sites directed to children under age 13, and for general audience sites that know they’re dealing with kids younger than 13, there’s the Children’s Online Privacy Protection Act (COPPA). It requires these sites to get parental consent before they collect, maintain, or use kids’ information. COPPA also allows parents to review their child’s online profiles and blog pages.

Parents sometimes can feel outpaced by their technologically savvy kids. Technology aside, there are lessons that parents can teach to help kids stay safer as they socialize online.

Help Kids Socialize Safely Online

CenturyLink shares these tips for safe social networking:

• Help your kids understand what information should be private. Tell them why it’s important to keep some things – about themselves, family members and friends – to themselves. Information like their full name, Social Security number, street address, phone number, and family financial information — like bank or credit card account numbers — is private and should stay that way. Tell them not to choose a screen name that gives away too much personal information.
• Use privacy settings to restrict who can access and post on your child’s website. Some social networking sites have strong privacy settings. Show your child how to use these settings to limit who can view their online profile, and explain to them why this is important.
• Explain that kids should post only information that you — and they — are comfortable with others seeing. Even if privacy settings are turned on, some — or even all — of your child’s profile may be seen by a broader audience than you’re comfortable with. Encourage your child to think about the language used in a blog, and to think before posting pictures and videos. Employers, college admissions officers, team coaches, and teachers may view your child’s postings. Even a kid’s screen name could make a difference. Encourage teens to think about the impression that screen names could make.
• Remind your kids that once they post information online, they can’t take it back. Even if they delete the information from a site, older versions may exist on other people’s computers and be circulated online.
• Know how your kids are getting online. More and more, kids are accessing the Internet through their cell phones. Find out about what limits you can place on your child’s cell phone. Some cellular companies have plans that limit downloads, Internet access, and texting; other plans allow kids to use those features only at certain times of day.
• Talk to your kids about bullying. Online bullying can take many forms, from spreading rumors online and posting or forwarding private messages without the sender’s OK, to sending threatening messages. Tell your kids that the words they type and the images they post can have real-world consequences. They can make the target of the bullying feel bad, make the sender look bad – and, sometimes, can bring on punishment from the authorities. Encourage your kids to talk to you if they feel targeted by a bully.
• Talk to your kids about avoiding sex talk online. Recent research shows that teens who don’t talk about sex with strangers online are less likely to come in contact with a predator.
  If you’re concerned that your child is engaging in risky online behavior, you can search the blog sites they visit to see what information they’re posting. Try searching by their name, nickname, school, hobbies, grade, or area where you live.
• Tell your kids to trust their gut if they have suspicions. If they feel threatened by someone or uncomfortable because of something online, encourage them to tell you. You can then help them report concerns to the police and to the social networking site. Most sites have links where users can immediately report abusive, suspicious, or inappropriate online behavior.
• Read sites’ privacy policies. Spend some time with a site’s privacy policy, FAQs, and parent sections to understand its features and privacy controls. The site should spell out your rights as a parent to review and delete your child’s profile if your child is younger than 13.

A Few More Tips to Protect Pre-Teens

Many of the tips above apply for pre-teens, but parents of younger children also can:

• Take extra steps to protect younger kids. Keep the computer in an open area like the kitchen or family room, so you can keep an eye on what your kids are doing online. Use the Internet with them to help develop safe surfing habits. Consider taking advantage of parental control features on some operating systems that let you manage your kids’ computer use, including what sites they can visit, whether they can download items, or what time of day they can be online.
• Go where your kids go online. Sign up for – and use – the social networking spaces that your kids visit. Let them know that you’re there, and help teach them how to act as they socialize online.
• Review your child’s friends list. You may want to limit your child’s online “friends” to people your child actually knows and is friendly with in real life.
• Understand sites’ privacy policies. Sites should spell out your rights as a parent to review and delete your child’s profile if your child is younger than 13.

What to Do if There’s a Problem

Trust your gut if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, tell an adult you trust, and report it to the police and the social networking site.

The Children’s Online Privacy Protection Act (COPPA) requires websites to obtain parental consent before collecting, using, or disclosing personal information from children under age 13. If a website is violating COPPA, report it to the Federal Trade Commission.

Courtesy of OnGuardOnline.gov

How Not To Get Hooked by a “Phishing” Scam

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

Have you received email with a similar message? It’s a scam called “phishing” — and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

According to CenturyLink security experts, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, a bank, online payment service, or even a government agency. The message may ask you to “update,” “validate,” or “confirm” your account information. Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. But it isn’t. It’s a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

CenturyLink suggests these tips to help you avoid getting hooked by a phishing scam:

• If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.
• Area codes can mislead. Some scammers send emails that appear to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. And delete any emails that ask you to confirm or divulge your financial information.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
  Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software like CenturyLink™Online Security that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.
  A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software “patches” to close holes in the system that hackers or phishers could exploit.

• Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
• Forward phishing emails to CenturyLink at phishing@centurylink.net – and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
• If you believe you’ve been scammed, visit the FTC’s Identity Theft website at ftc.gov/idtheft. Victims of phishing can become victims of identity theft. While you can’t entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit reporting companies. See www.annualcreditreport.com for details on ordering a free annual credit report.

Courtesy of OnGuardOnline.gov

Shopping online offers lots of benefits that you won’t find shopping in a store or by mail. The Internet is always open — seven days a week, 24 hours a day — and bargains can be numerous online. With a click of a mouse, you can buy an airline ticket, book a hotel, send flowers to a friend, or purchase your favorite fashions. But sizing up your finds on the Internet is a little different from checking out items at the mall.

If you’re buying items from an online retailer or auction website, CenturyLink offers this advice to help you make the most of your shopping experience:

• Know who you’re dealing with. Anyone can set up shop online under almost any name. Confirm the online seller’s physical address and phone number in case you have questions or problems. If you get an email or pop-up message while you’re browsing that asks for financial information, don’t reply or click on the link in the message. Legitimate companies don’t ask for this information via email.
• Know exactly what you’re buying. Read the seller’s description of the product closely, especially the fine print. Words like “refurbished,” “vintage,” or “close-out” may indicate that the product is in less-than-mint condition, while name-brand items with “too good to be true” prices could be counterfeits.
• Know what it will cost. Check out websites that offer price comparisons and then, compare “apples to apples.” Factor shipping and handling — along with your needs and budget — into the total cost of the order. Do not send cash under any circumstances.
• Pay by credit or charge card. If you pay by credit or charge card online, your transaction will be protected by the Fair Credit Billing Act. Under this law, you have the right to dispute charges under certain circumstances and temporarily withhold payment while the creditor is investigating them. In the event of unauthorized use of your credit or charge card, you generally would be held liable only for the first $50 in charges. Some companies offer an online shopping guarantee that ensures you will not be held responsible for any unauthorized charges made online, and some cards may provide additional warranty, return, and/or purchase protection benefits.
• Check out the terms of the deal, like refund policies and delivery dates. Can you return the item for a full refund if you’re not satisfied? If you return it, find out who pays the shipping costs or restocking fees, and when you will receive your order. A Federal Trade Commission (FTC) rule requires sellers to ship items as promised or within 30 days after the order date if no specific date is promised.
• Keep a paper trail. Print and save records of your online transactions, including the product description and price, the online receipt, and copies of every email you send or receive from the seller. Read your credit card statements as you receive them and be on the lookout for unauthorized charges.
• Don’t email your financial information. Email is not a secure method of transmitting financial information like your credit card, checking account, or Social Security number. If you initiate a transaction and want to provide your financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some fraudulent sites have forged security icons.
• Check the privacy policy. It should let you know what personal information the website operators are collecting, why, and how they’re going to use the information. If you can’t find a privacy policy — or if you can’t understand it, consider taking your business to another site that’s more consumer-friendly.

Courtesy of OnGuardOnline.gov

Securing Your Information

The Internet serves as a powerful tool for investors. But hackers and identity thieves can wreak havoc on your personal finances unless you take steps to protect the security of your account numbers, passwords, and PINs. And investment opportunities that sound like no-brainers all too often turn out to be frauds.

CenturyLink suggests these tips to help you invest wisely online:

Protect your personal information. It’s valuable. If you get an email or pop-up message asking for personal information, don’t reply or click on the link in the message. Email is not a secure way to transmit personal information, and you don’t want to risk downloading a virus or piece of spyware that can log your key-strokes when you type in an account number, password, or PIN. The safest course of action is not to respond to requests for your personal or financial information. If you believe there may be a need for such information by a company with which you have an account, contact that company directly in a way you know to be genuine.

Don’t access your online investment account until you have checked to see that the site is secure. Look for things like a key or closed padlock icon on the browser’s status bar or a website URL that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some scammers have forged security icons.

Protect your passwords. Keep your passwords in a secure place, out of plain view, and avoid storing them on your computer. Don’t share your passwords on the Internet, over email, or on the phone. CenturyLink will never ask for your password. And if you access your accounts in a public place, be sure to position yourself so that no one can see your hands or your screen as you type your PIN or password.

In addition, hackers may try to figure out your passwords to gain access to your computer. You can make it tougher for them by:

• Using passwords that have at least eight characters and include numbers or symbols. The longer your password is, the tougher it is for a hacker to figure it out.
• Avoiding common words: some hackers use programs that can try every word in the dictionary—even spelled backwards.
• Not using your personal information, your login name, or adjacent keys on the keyboard as passwords.
• Changing your passwords regularly (at a minimum, every 90 days).
• Not using the same password for each online account you access.

Use anti-virus and anti-spyware software, and a firewall, and keep them up-to-date. These programs are a must-have if you make financial transactions online. CenturyLink™Online Security includes anti-virus software that removes or quarantines viruses, anti-spyware software that can undo changes spyware makes to your system, and it updates both programs automatically. CenturyLink Online Security also includes a firewall. It’s also important to keep your operating system up-to-date with the latest security patches.

Use a Security Token (if available). Using a security token can make it even harder for an identity thief to access your online investment account. That’s because these small number-generating devices offer a second layer of security — a one-time pass-code that typically changes every 30 or 60 seconds. These unpredictable pass-codes can frustrate identity thieves.

Use Extra Caution with Public Computers or Wireless Connections. Avoid using public or other shared computers to access your financial accounts online. If you do use one, when you finish a session, log off completely, delete your “temporary internet files,” and clear your Internet history.

Many cafes, hotels, airports, and other public establishments offer wireless networks for use by their customers. These “hot spots” are convenient, but they may not be secure. Ask the proprietor what security measures are in place. Regardless, if you have personal, financial, or other sensitive information on your computer, you may decide that accessing your online investment account — or any account, for that matter — through a public wireless connection isn’t worth the security risk.

Log Out Completely. Closing or minimizing your browser or typing in a new web address when you’re done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the “log out” button to terminate your online session. In addition, don’t permit your browser to “remember” your username and password information. If this browser feature is active, anyone using your computer will have access to your investment account information.

Avoiding Investment Scams Online

To avoid Internet scams, CenturyLink suggests the following:

• Independently Verify Claims. Never, ever, make an investment based solely on what you read in an online newsletter, bulletin board posting, or blog — especially if the investment involves a small, thinly-traded company that isn’t well known. It’s easy for a company or its promoters to make grandiose claims about new product developments, lucrative contracts, or the company’s financial health. Before you invest, make sure you’ve independently verified those claims. Get started by turning to unbiased sources, such as the U.S. Securities and Exchange Commission (SEC), your state securities regulator, and securities industry self-regulatory organizations (including FINRA, Amex, and Nasdaq).
• Do Your Homework. Offers to sell securities must be registered with the SEC or eligible for an exemption — otherwise the offering is illegal. To see whether an investment is registered, check the SEC’s EDGAR database and contact your state securities regulator for more information about the company and the people promoting it. The fact that a company has registered its securities and files reports with the SEC doesn’t guarantee the company will be a good investment. Likewise, the fact that a company hasn’t registered and doesn’t file reports doesn’t mean the company is a fraud. But many investment frauds, including online scams, involve unregistered securities — so always investigate before you invest.
• Be Skeptical of Self-Provided References. Fraudsters will falsely assure you that an investment is properly registered with the appropriate agency and purport to give you the agency’s telephone number so that you can verify that “fact.” Sometimes they will give you the name of a real agency — other times they will make one up. But even if the agency does exist, the contact information they provide invariably will be false. Instead of speaking with a government official, you’ll reach the fraudsters or their colleagues — who will give the company, the promoter, or the transaction high marks.
• Thoroughly Check Out Promoters and Company Officials. Many fraudsters are repeat offenders. Whenever the SEC sues an individual or entity, the agency issues a “litigation release.” Litigation releases going back to 1995 are available on the SEC’s website — simply run a search for the promoter, his or her company or newsletter, the company being touted, and its officers and directors. You also can check the licensing and disciplinary history of the person or entity promoting the opportunity by contacting your state securities regulator.
• Find Out Where the Stock Trades. Many small, thinly-traded companies cannot meet the listing requirements of a national exchange. The securities of these companies trade instead in the “over-the-counter” market and are quoted on OTC systems, such as the OTC Bulletin Board or the Pink Sheets. Stocks that trade in the OTC market generally are among the most risky and most susceptible to manipulation.
• Watch Out for High-Pressure Pitches. Beware of promoters who pressure you to buy before you have a chance to think about and fully investigate an investment opportunity. Don’t fall for the line that you’ll lose out on a “once-in-a-lifetime” chance to make big money if you don’t act quickly. Remember: if an opportunity sounds too good to be true, it probably is.
• Consider the Source and Be Skeptical. Whenever someone you don’t know offers you a hot stock tip, ask yourself: Why me? Why is this stranger giving me this tip? How might he or she benefit if I trade? Never forget that the person touting the stock may well be an insider of the company or a paid promoter who stands to profit handsomely if you trade.

Courtesy of OnGuardOnline.gov

Malware is short for “malicious software;” it includes viruses – programs that copy themselves without your permission – and spyware, programs installed without your consent to monitor or control your computer activity. Criminals are hard at work thinking up creative ways to get malware on your computer. They create appealing web sites, desirable downloads, and compelling stories to lure you to links that will download malware, especially on computers that don’t use adequate security software. Then, they use the malware to steal personal information, send spam, and commit fraud.

It doesn’t have to be that way. CenturyLink security experts says consumers can minimize the havoc malware can wreak, and reclaim their computers and their electronic information.

Computers may be infected with malware if they:

• Slow down, malfunction, or display repeated error messages
• Won’t shut down or restart
• Serve up a lot of pop-up ads, or display them when you’re not surfing the web
• Display web pages or programs you didn’t intend to use, or send emails you didn’t write.

If you suspect malware is lurking on your computer, stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. Malware on your computer could be sending your personal information to identity thieves.

Then, confirm that your security software is active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall (all of which are included in CenturyLink Online Security). Security software that comes pre-installed on a computer generally works for a short time unless you pay a subscription fee to keep it in effect. In any case, security software protects against the newest threats only if it is up-to-date. That’s why it is critical to set your security software and operating system (like Windows or Apple’s OS) to update automatically.

Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers have used to spread malware, and that has attracted the attention of the Federal Trade Commission, the nation’s consumer protection agency, as well as a number of state law enforcement agencies.

Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. Delete everything the program identifies as a problem. You may have to restart your computer for the changes to take effect.

If you need professional help, if your machine isn’t covered by a warranty, or if your security software isn’t doing the job properly, you may need to pay for technical support. CenturyLink offers tech support via the phone or in your home through our RescueIT service.

Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future. If your security software or operating system was out-of-date, download the newest version and set it to update automatically. Use the opportunity to back up important files by copying them onto a removable disc. Other ways to minimize the chances of a malware download in the future:

• Don’t click on a link in an email or open an attachment unless you know who sent it and what it is. Links in email can send you to sites that automatically download malware to your machine. Opening attachments – even those that appear to come from a friend or co-worker – also can install malware on your computer.
• Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
• Talk about safe computing. Tell your kids that some online activity can put a computer at risk: clicking on pop-ups, downloading “free” games or programs, or posting personal information.

Finally, monitor your computer for unusual behavior. If you suspect your machine has been exposed to malware, take action immediately. Report problems with malware to CenturyLink so we can try to prevent similar problems and alert other subscribers.

Courtesy of OnGuardOnline.gov

Keeping Laptops From Getting Lost or Stolen

A laptop computer defines convenience and mobility. It enables you to work from home, a hotel room, a conference hall, or a coffee shop.

Maybe you’ve taken steps to secure the data on your laptop: You’ve installed CenturyLink Online Security. You protect your information with a strong password. You encrypt your data, and you’re too smart to fall for those emails that ask for your personal information. But what about the laptop itself? A minor distraction is all it takes for your laptop to vanish. If it does, you may lose more than an expensive piece of hardware. The fact is, if your data protections aren’t up to par, that sensitive and valuable information in your laptop may be a magnet for an identity thief.

Chances are you’ve heard stories about stolen laptops on the news or from friends and colleagues. No one thinks their laptop will be stolen – at least not until they find the trunk of their car broken into, notice that their laptop isn’t waiting at the other side of airport security, or get a refill at the local java joint only to turn around and find their laptop gone.

CenturyLink suggests keeping these tips in mind when you take your laptop out and about:

• Treat your laptop like cash. If you had a wad of money sitting out in a public place, would you turn your back on it – even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep a careful eye on your laptop just as you would a pile of cash.
• Keep it locked. Whether you’re using your laptop in the office, a hotel, or some other public place, a security device can make it more difficult for someone to steal it. Use a laptop security cable: attach it to something immovable or to a heavy piece of furniture that’s difficult to move – say, a table or a desk.
• Keep it off the floor. No matter where you are in public – at a conference, a coffee shop, or a registration desk – avoid putting your laptop on the floor. If you must put it down, place it between your feet or at least up against your leg, so that you’re aware of it.
• Keep your passwords elsewhere. Remembering strong passwords or access numbers can be difficult. However, leaving either in a laptop carrying case or on your laptop is like leaving the keys in your car. There’s no reason to make it easy for a thief to get to your personal or corporate information.
• Mind the bag. When you take your laptop on the road, carrying it in a computer case may advertise what’s inside. Consider using a suitcase, a padded briefcase or a backpack instead.
• Get it out of the car. Don’t leave your laptop in the car – not on the seat, not in the trunk. Parked cars are a favorite target of laptop thieves; don’t help them by leaving your laptop unattended. That said, if you must leave your laptop behind, keep it out of sight.
• Don’t leave it “for just a minute.” Your conference colleagues seem trustworthy, so you’re comfortable leaving your laptop while you network during a break. The people at the coffee shop seem nice, so you ask them to keep an eye while you use the restroom. Don’t leave your laptop unguarded – even for a minute. Take it with you if you can, or at least use a cable to secure it to something heavy.
• Pay attention in airports. Keep your eye on your laptop as you go through security. Hold onto it until the person in front of you has gone through the metal detector – and keep an eye out when it emerges on the other side of the screener. The confusion and shuffle of security checkpoints can be fertile ground for theft.
• Be vigilant in hotels. If you stay in hotels, a security cable may not be enough. Try not to leave your laptop out in your room. Rather, use the safe in your room if there is one. If you’re using a security cable to lock down your laptop, consider hanging the “do not disturb” sign on your door.
• Use bells and whistles. Depending on your security needs, an alarm can be a useful tool. Some laptop alarms sound when there’s unexpected motion, or when the computer moves outside a specified range around you. Or consider a kind of “lo-jack” for your laptop: a program that reports the location of your stolen laptop once it’s connected to the Internet.
• Where to turn for help. If your laptop is stolen, report it immediately to the local authorities. If it’s your business laptop that’s missing, also immediately notify your employer.

Courtesy of OnGuardOnline.gov

Whether to study or socialize, play games or learn something new, it’s likely your kids are spending time online. And as a parent, chances are that you’re spending time thinking about ways to make sure they make smart and safe choices when they do. Among the many choices they’re faced with online is how to deal with their personal information.

The Children’s Online Privacy Protection Act – COPPA – gives parents control over what information websites can collect from their kids. Any website for kids under 13, or any general site that collects personal information from kids it knows are under 13, is required to comply with COPPA. The Federal Trade Commission, the nation’s consumer protection agency, enforces this law.

Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.

Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.

What Can You Do?

Your kids’ personal information and privacy are valuable — to you, to them, and to marketers. Here’s how to help protect your kids’ personal information when they’re online.

Check out sites your kids visit. If a site requires users to register, see what kind of information it asks for and whether you’re comfortable with what they tell you. If the site allows kids to post information about themselves, talk to your child about the risks and benefits of disclosing certain information in a public forum. You also can see whether the site appears to be following the most basic COPPA requirements, like clearly posting its privacy policy for parents and asking for parental consent before kids can participate.

Take a look at the privacy policy. Just because a site has a privacy policy doesn’t mean it keeps personal information private. The policy should tell you what the site does with the information it collects; then, you can decide how you feel about it. Remember, if the policy says there are no limits to what it collects or who gets to see it, there are no limits.

Ask questions. If you’re not clear on a site’s practices or policies, ask about them. If the site falls under COPPA, the privacy policy has to include contact information for the site manager.

Be selective with your permission. In many cases, websites need your okay before they’re allowed to collect personal information from your kids. They may ask for your permission in a number of ways, including by email or postal mail. Or, you may give your consent by allowing them to charge your credit card. In addition to considering when to give your permission, consider how much consent you want to give — in many cases, it’s not all or none. You might be able to give the company permission to collect some personal information from your child, but say no to having that information passed along to another marketer.

Know your rights. As a parent, you have the right to have a site delete any personal information it has about your child. Some sites will let you see the information they’ve collected. But first, they’ll need to make sure you really are the parent, either by requiring a signed form or an email with a digital signature, for example, or by verifying a charge made to your credit card. You also have a right to take back your consent and have any information collected from your child deleted.

Report a website. If you think a site has collected or disclosed information from your kids or marketed to them in a way that violates the law, report it to the FTC at ftc.gov/complaint or 1-877-FTC-HELP (382-4357).

More Tips For Parents

Talk, and talk often. Make sure your kids know what information should be private, and what information might be appropriate for sharing. When they give out their personal information, they give up control of who can reach them, whether it’s with a marketing message or something more personal. On the other hand, sharing some personal information may allow them to participate in certain activities or to get emails about promotions and events they’re interested in.

Depending on what they do online, also remind your kids that once they post information online, they can’t take it back. Even if they delete the information from a site, older versions may exist on other people’s computers and be circulated online.

Know what sites your kids go to. Talk with your kids about the sites they like to visit. Do some exploring on your own to get to know how the sites work and what privacy settings and controls they offer.

Make agreements. Be sure your kids know what your family has decided is okay — and not okay — to divulge online. Consider writing down a list of the rules your family has agreed on, and posting them where everyone can see them.

Let your kids know you’ll keep an eye on the sites they visit. One option is to check your browser history and temporary files, though keep in mind that older kids may know how to delete these files or keep them from getting recorded. If you’d like more controls, check to see what privacy settings your browser offers or consider software that offers a range of controls.

Know how your kids get online. Kids may get online using your family computer or someone else’s, as well as through cell phones and game consoles. Know what limits you can place on your child’s cell phone — some companies have plans that limit downloads, Internet access, and texting on cell phones; other plans allow kids to use those features at certain times of day. Check out what parental controls are available on the gaming consoles your kids use, as well.

Courtesy of OnGuardOnline.gov

Internet auction sites give buyers a “virtual” flea market with new and used merchandise from around the world; they give sellers a global storefront from which to market their goods. But the online auction business can be risky business. CenturyLink wants to help buyers and sellers stay safe on Internet auction websites. Among the thousands of consumer fraud complaints the Federal Trade Commission (FTC) receives every year, those dealing with online auction fraud consistently rank near the top of the list. The complaints generally deal with late shipments, no shipments, or shipments of products that aren’t the same quality as advertised; bogus online payment or escrow services; and fraudulent dealers who lure bidders from legitimate auction sites with seemingly better deals. Most complaints involve sellers, but in some cases, the buyers are the subject.

Whether you’re a buyer or a seller, understanding how Internet auctions work can help you avoid most problems.

• How Internet Auctions Work — Rules of the Marketplace
• Phishing
• Payment Options
• Types of Fraud
• Fake Check Scams Target Sellers

How Internet Auctions Work — Rules of the Marketplace

Role of the Auction Site. Most Internet auction sites specialize in person-to-person activity where individual sellers or small businesses sell their items directly to consumers. In these auctions, the seller — not the site — has the merchandise, and often, the site will not take responsibility for any problems that may arise between buyers and sellers. Before using an Internet auction site for the first time, buyers and sellers should read the Terms of Use, and review any information the site offers.

Registration. Most Internet auction sites require buyers and sellers to register and obtain a “user account name” (or “screen name”) and password before they can make bids or place items for bid. Keep your password to yourself. If you share it, another person could access your account and buy or sell items without your knowledge. That could damage your online reputation — and eventually, your bank account.

Fees. Some sites require sellers to agree to pay a fee every time they conduct an auction, whether the item is sold or not. Other sites charge a fee only when an item is sold.

The Auction. Many sellers set a time limit on bidding and, in some cases, a “reserve price” — the lowest price they will accept for an item. When the bidding closes at the scheduled time, the item is sold to the highest bidder. If no one bids at or above the reserve price, the auction closes without the item being sold.

Some auction sites allow sellers to set a price at which a buyer can purchase the item without competing with other bidders. A buyer can choose to purchase the item for the price the seller has set, without bidding.

After the Auction: Arranging to Pay and Deliver Merchandise. At the end of a successful auction, the buyer and seller communicate — usually by email — to arrange for payment and delivery.

Phishing

Be aware of “phishing”: emails sent to you asking for your password or other personal information that look like they’ve been sent by an auction website or payment service. Usually, these emails are fishing for your information and are coming from someone who wants to hack into your account.

If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser; phishers often make links look like they go to one site, but actually send you somewhere else.

Payment Options

Successful bidders can choose among many options to pay for an item they have bought on an Internet auction — credit card, online payment service (which often accepts credit card payments), debit card, personal check, cashier’s check, money order, or escrow service. Sometimes, the seller limits the types of payment accepted and posts that information in the auction listing. Many sellers require receipt of a cashier’s check or money order before they send an item. Higher volume sellers often accept credit cards directly. To protect both buyers and sellers, some auction sites now prohibit the use of wire transfers as a method of payment.

Credit Cards. Credit cards are a safe option for consumers to use when paying for items bought on an Internet auction: They allow buyers to seek a credit from the credit card issuer (also known as a “charge back”) if the product isn’t delivered or isn’t what they ordered.

Online Payment Services. Online payment services are popular with both buyers and sellers. They allow buyers to use a credit card or electronic bank transfer to pay sellers. They also may protect buyers from unlawful use of their credit cards or bank accounts because the online payment service holds the account information, not the seller. Many sellers prefer online payment services because the services tend to provide more security than, say, personal checks.

To use an online payment service, the buyer and seller generally set up accounts that allow them to make or accept payments. Buyers provide payment information, like bank account or credit card numbers, and sellers give information about where payments should be deposited. In some cases, sellers do not have to create an account with the online payment service to receive funds. To complete a transaction, the buyer tells the online payment service to direct appropriate funds to the seller. The seller then gets immediate access to the funds. Most online payment services charge the seller to receive the funds, but some payment services charge the buyer.

Some online payment services offer protections to buyers if the seller fails to ship the goods or ships goods that are not as described in the auction. Buyers should read the terms under which the protections apply. Usually, if a buyer uses a credit card to pay for goods or services through an online payment service, charge back rights are available to the buyer who uses the credit card. However, if the service considers the transfer of funds to be a method of sending cash rather than paying for goods, then charge back rights may not apply. If you cannot find out what will happen if you need a refund, or if you don’t understand how the payment service works from reading the website, find a different service or use another method of payment.

Debit Card, Personal Check, Cashier’s Check, or Money Order. Many smaller sellers accept forms of payment that are cash equivalents. These sellers often wait to receive the payment (and may wait for a personal check to clear) before shipping the item. Buyers should use this type of payment only when they trust the seller. At the same time, sellers should ensure that checks and money orders they receive from buyers are legitimate before shipping the goods; they should be suspicious of checks or money orders for amounts that exceed the price of the merchandise. Unlike credit cards or some online payment services, cash equivalents (and wire transfers) cannot be reversed if something goes wrong.

Wire Transfers. CenturyLink recommends that buyers not wire money (via a money transmitter or directly to a seller’s bank account). Buyers should be suspicious of sellers who insist on wire transfers as the only form of payment they will accept. If something goes wrong with the transaction, you most likely will lose your payment and not have any recourse. In fact, to protect both buyers and sellers, some auction sites now prohibit the use of wire transfers as a method of payment.

Online Escrow Services and Bonding Services. For big-ticket items like computers, cars, or jewelry, buyers should consider using an escrow service or purchasing from a bonded or insured seller to protect their funds. The primary purpose of online escrow services is to protect buyers and sellers from fraud. Escrow services accept and hold payment from a buyer — often a wire transfer, check, money order or credit card — until he receives and approves the merchandise. Then, the escrow service forwards the payment to the seller. The buyer pays the fee for an online escrow service — generally a percentage of the cost of the item.

Before using an escrow service, both the buyer and the seller should verify that it is a legitimate, reputable company.

Some sellers may state that they are bonded or otherwise insured against fraud. If a buyer intends to rely on a seller’s bonded status or the seller’s insurance to protect against fraud, he should investigate the legitimacy of the bonding or insurance company and then make sure that the seller really is a member of — or certified by — that company. If a problem arises with a bonded seller, the buyer usually has to engage in a dispute resolution process with the seller before being able to submit a claim to the bonding or insurance company.

Types of Fraud

Most people who complain to the FTC about Internet auction fraud report problems with sellers who:

• Fail to send the merchandise.
• Send something of lesser value than advertised.
• Fail to deliver in a timely manner.
• Fail to disclose all relevant information about a product or terms of the sale.

Some buyers experience other problems, including:

• “Bid siphoning,” when con artists lure bidders off legitimate auction sites by offering to sell the “same” item at a lower price. They intend to trick consumers into sending money without delivering the item. By going off-site, buyers lose any protections the original site may provide, such as insurance, feedback forms, or guarantees.
• “Second chance offers,” when con artists offer losing bidders of a closed auction a second chance to purchase the item that they lost in the auction. Second-chance buyers lose any protections the original site may provide once they go off-site.
• “Shill bidding,” when fraudulent sellers or their partners, known as “shills,” bid on sellers’ items to drive up the price.
• “Bid shielding,” when fraudulent buyers submit very high bids to discourage other bidders from competing for the same item, then retract their bids so that people they know can get the item at a lower price.

Escrow Service Complaints. Another type of fraud occurs when sellers or buyers pose as escrow services to improperly obtain money or goods. The so-called seller puts goods up for sale on an Internet auction and insists that prospective buyers use a particular escrow service. Once buyers provide the escrow service with their payment information, the escrow service doesn’t hold the payment: It is sent directly to the so-called seller. The buyer never receives the promised goods, can’t locate the seller, and, because the escrow service was part of the scheme, can’t get any money back.

In some cases, a fraudster poses as a buyer and, after placing the highest bid on an item, insists that the seller use a particular escrow service. The escrow service tricks the seller into sending the merchandise and doesn’t send the payment or return the goods to the seller.

Fake Check Scams Target Sellers

Sellers can be victims of fraud when buyers send fake checks or money orders that are detected by the bank only after the seller has shipped the goods. A buyer might offer to use a cashier’s check, personal check, or corporate check to pay for the item you’re selling. Sometimes, the buyer sends a fake check or money order that exceeds the cost of the item that has been purchased. The so-called buyer (or the buyer’s “agent”) states that he made a mistake, or comes up with another reason for writing the check for more than the purchase price. In either case, the buyer asks you to wire back the difference after you deposit the check. You deposit the check, learn that it has cleared, and wire the funds back to the “buyers.” Later, the bank determines that the check is fraudulent, leaving you liable for the entire amount. The checks were counterfeit, but good enough to fool unsuspecting bank tellers.

Courtesy of OnGuardOnline.gov

Identity Theft: What To Do If Your Personal Information Has Been Compromised

The bottom line for online threats like phishing, spyware, and hackers is identity theft. ID theft occurs when someone uses your name, Social Security number, credit card number or other personal information without your permission to commit fraud or other crimes. That’s why it’s important to protect your personal information. To find out how to deter and detect identity theft, visit ftc.gov/idtheft.

But, according to CenturyLink Online Security experts, if your personal information is accidentally disclosed or deliberately stolen, taking certain steps quickly can minimize the potential for the theft of your identity.

Place a “Fraud Alert” on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:

• TransUnion: www.transunion.com, 1-800-680-7289
• Experian: www.experian.com, 1-888-EXPERIAN (397-3742)
• Equifax: www.equifax.com, 1-800-525-6285

Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts on your accounts that you can’t explain.

Close accounts. Close any accounts that have been tampered with or established fraudulently:

• Call the security or fraud departments of each company where an account was opened or changed without your okay. Follow up in writing, with copies of supporting documents.
• Ask for verification that the disputed account has been closed and the fraudulent debts discharged.
• Keep copies of documents and records of your conversations about the theft.

File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime. This report will also help you claim your rights as a victim of identity theft.

Courtesy of OnGuardOnline.gov

Filter Tips: 10 Scams to Screen from Your Email

1. The “Nigerian” Email Scam
2. Phishing
3. Work-at-Home Scams
4. Weight Loss Claims
5. Foreign Lotteries
6. Cure-All Products
7. Check Overpayment Scams
8. Pay-in-Advance Credit Offers
9. Debt Relief
10. Investment Schemes

While some consumers find unsolicited commercial email – also known as “spam” – informative, others find it annoying and time consuming. Still others find it expensive: They’re among the people who have lost money to spam that contained bogus offers and fraudulent promotions.

CenturyLink offers filtering software to limit the spam in our users’ email inboxes. In addition, some old-fashioned ‘filter tips’ can help you save time and money by avoiding frauds pitched in email. Here’s how to spot 10 common spam scams:

1. The “Nigerian” Email Scam

The Bait: Con artists claim to be officials, businesspeople, or the surviving spouses of former government honchos in Nigeria or another country whose money is somehow tied up for a limited time. They offer to transfer lots of money into your bank account if you will pay a fee or “taxes” to help them access their money. If you respond to the initial offer, you may receive documents that look “official.” Then they ask you to send money to cover transaction and transfer costs and attorney’s fees, as well as blank letterhead, your bank account numbers, or other information. They may even encourage you to travel to the country in question, or a neighboring country, to complete the transaction. Some fraudsters have even produced trunks of dyed or stamped money to try to verify their claims.

The Catch: The emails are from crooks trying to steal your money or your identity. Inevitably, in this scenario, emergencies come up, requiring more of your money and delaying the “transfer” of funds to your account. In the end, there aren’t any profits for you, and the scam artist vanishes with your money. The harm sometimes can be felt even beyond your pocketbook: according to State Department reports, people who have responded to “pay in advance ” solicitations have been beaten, subjected to threats and extortion, and in some cases, murdered.

Your Safety Net: If you receive an email from someone claiming to need your help getting money out of a foreign country, don’t respond. Forward “Nigerian” scam emails – including all the email addressing information – to CenturyLink at spam@centurylink.net. If you’ve lost money to one of these schemes, call your local Secret Service field office. Local field offices are listed in the Blue Pages of your telephone directory.

2. Phishing

The Bait: Email or pop-up messages that claim to be from a business or organization you may deal with – say, CenturyLink, a bank, online payment service, or even a government agency. The message may ask you to “update,” “validate,” or “confirm” your account information or face dire consequences.

The Catch: Phishing is a scam where Internet fraudsters send spam or pop-up messages to reel in personal and financial information from unsuspecting victims. The messages direct you to a website that looks just like a legitimate organization’s site, or to a phone number purporting to be real. But these are bogus and exist simply to trick you into divulging your personal information so the operators can steal it, fake your identity, and run up bills or commit crimes in your name.

Your Safety Net: Make it a policy never to respond to emails or pop-ups that ask for your personal or financial information, click on links in the message, or call phone numbers given in the message. Don’t cut and paste a link from the message into your Web browser, either: phishers can make links look like they go one place, but then actually take you to a look-alike site. If you are concerned about your account, contact the organization using a phone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. Using anti-virus and anti-spyware software and a firewall, and keeping them up to date, can help.

Forward phishing emails to CenturyLink at phishing@centurylink.net and to the organization that is being spoofed.

3. Work-at-Home Scams

The Bait: Advertisements that promise steady income for minimal labor – in medical claims processing, envelope-stuffing, craft assembly work, or other jobs. The ads use similar come-ons: Fast cash. Minimal work. No risk. And the advantage of working from home when it’s convenient for you.

The Catch: The ads don’t say you may have to work many hours without pay, or pay hidden costs to place newspaper ads, make photocopies, or buy supplies, software, or equipment to do the job. Once you put in your own time and money, you’re likely to find promoters who refuse to pay you, claiming that your work isn’t up to their “quality standards.”

Your Safety Net: The FTC has yet to find anyone who has gotten rich stuffing envelopes or assembling magnets at home. Legitimate work-at-home business promoters should tell you – in writing – exactly what’s involved in the program they’re selling. Before you commit any money, find out what tasks you will have to perform, whether you will be paid a salary or work on commission, who will pay you, when you will get your first paycheck, the total cost of the program – including supplies, equipment and membership fees – and what you will get for your money. Can you verify information from current workers? Be aware of “shills,” people who are paid to lie and give you every reason to pay for work. Get professional advice from a lawyer, an accountant, a financial advisor, or another expert if you need it, and check out the company with your local consumer protection agency, state Attorney General and the Better Business Bureau – not only where the company is located, but also where you live.

Forward work-at-home email scams to CenturyLink at spam@centurylink.net.

4. Weight Loss Claims

The Bait: Emails promising a revolutionary pill, patch, cream, or other product that will result in weight loss without diet or exercise. Some products claim to block the absorption of fat, carbs, or calories; others guarantee permanent weight loss; still others suggest you’ll lose lots of weight at lightening speed.

The Catch: These are gimmicks, playing on your sense of hopefulness. There’s nothing available through email you can wear or apply to your skin that can cause permanent – or even significant weight loss.

Your Safety Net: Experts agree that the best way to lose weight is to eat fewer calories and increase your physical activity so you burn more energy. A reasonable goal is to lose about a pound a week. For most people, that means cutting about 500 calories a day from your diet, eating a variety of nutritious foods, and exercising regularly. Permanent weight loss happens with permanent lifestyle changes. Talk to your health care provider about a nutrition and exercise program suited to your lifestyle and metabolism.

Forward weight loss emails to CenturyLink at spam@centurylink.net.

5. Foreign Lotteries

The Bait: Emails boasting enticing odds in foreign lotteries. You may even get a message claiming you’ve already won! You just have to pay to get your prize or collect your winnings.

The Catch: Most promotions for foreign lotteries are phony. The scammers will ask you to pay “taxes,” “customs duties,” or fees – and then keep any money you send.” Scammers sometime ask you to send funds via wire transfer. Don’t send cash or use a money-wiring service because you’ll have no recourse if something goes wrong. In addition, lottery hustlers use victims’ bank account numbers to make unauthorized withdrawals or their credit card numbers to run up additional charges. And one last important note: participating in a foreign lottery violates U.S. law.

Your Safety Net: Skip these offers. Don’t send money now on the promise of a pay-off later.

Forward email solicitations for foreign lottery promotions to CenturyLink at spam@centurylink.net.

6. Cure-All Products

The Bait: Emails claiming that a product is a “miracle cure,” a “scientific breakthrough,” an “ancient remedy” – or a quick and effective cure for a wide variety of ailments or diseases. They generally announce limited availability, and require payment in advance, and offer a no-risk “money-back guarantee.” Case histories or testimonials by consumers or doctors claiming amazing results are not uncommon.

The Catch: There is no product or dietary supplement available via email that can make good on its claims to shrink tumors, cure insomnia, cure impotency, treat Alzheimer’s disease, or prevent severe memory loss. These kinds of claims deal with the treatment of diseases; companies that want to make claims like these must follow the FDA’s pre-market testing and review process required for new drugs.

Your Safety Net: When evaluating health-related claims, be skeptical. Consult a health care professional before buying any “cure-all” that claims to treat a wide range of ailments or offers quick cures and easy solutions to serious illnesses. Generally speaking, a cure all is a cure none.

Forward spam with miracle health claims to CenturyLink at spam@centurylink.net.

7. Check Overpayment Scams

The Bait: A response to your ad or online auction posting, offering to pay with a cashier’s, personal, or corporate check. At the last minute, the so-called buyer (or the buyer’s “agent”) comes up with a reason for writing the check for more than the purchase price, and asks you to wire back the difference after you deposit the check.

The Catch: If you deposit the check, you lose. Typically, the checks are counterfeit, but they’re good enough to fool unsuspecting bank tellers and increase the balance in your bank account – temporarily. But when the check eventually bounces, you are liable for the entire amount.

Your Safety Net: Don’t accept a check for more than your selling price, no matter how tempting the plea or convincing the story. Ask the buyer to write the check for the purchase price. If the buyer sends the incorrect amount, return the check. Don’t send the merchandise. As a seller who accepts payment by check, you may ask for a check drawn on a local bank, or a bank with a local branch. That way, you can visit personally to make sure the check is valid. If that’s not possible, call the bank the check was drawn on using the phone number from directory assistance or an Internet site that you know and trust, not from the person who gave you the check. Ask if the check is valid.

Forward check overpayment email scams to CenturyLink at spam@centurylink.net and your state Attorney General. You can find contact information for your state Attorney General at www.naag.org.

8. Pay-in-Advance Credit Offers

The Bait: News that you’ve been “pre-qualified” to get a low-interest loan or credit card, or repair your bad credit even though banks have turned you down. But to take advantage of the offer, you have to ante up a processing fee of several hundred dollars.

The Catch: A legitimate pre-qualified offer means you’ve been selected to apply. You still have to complete an application and you can still be turned down. If you paid a fee in advance for the promise of a loan or credit card, you’ve been hustled. You might get a list of lenders, but there’s no loan, and the person you’ve paid has taken your money and run.

Your Safety Net: Don’t pay for a promise. Legitimate lenders never “guarantee” a card or loan before you apply. They may require that you pay application, appraisal, or credit report fees, but these fees seldom are required before the lender is identified and the application is completed. In addition, the fees generally are paid to the lender, not to the broker or person who arranged the “guaranteed” loan. Forward unsolicited email containing credit offers to CenturyLink at spam@centurylink.net.

9. Debt Relief

The Bait: Emails touting a way you can consolidate your bills into one monthly payment without borrowing; stop credit harassment, foreclosures, repossessions, tax levies and garnishments; or wipe out your debts.

The Catch: These offers often involve bankruptcy proceedings, but they rarely say so. While bankruptcy is one way to deal with serious financial problems, it’s generally considered the option of last resort. The reason: it has a long-term negative impact on your creditworthiness. A bankruptcy stays on your credit report for 10 years, and can hurt your ability to get credit, a job, insurance, or even a place to live. To top it off, you will likely be responsible for attorneys’ fees for bankruptcy proceedings.

Your Safety Net: Read between the lines when looking at these emails. Before resorting to bankruptcy, talk with your creditors about arranging a modified payment plan, contact a credit counseling service to help you develop a debt repayment plan, or carefully consider a second mortgage or home equity line of credit. One caution: While a home loan may allow you to consolidate your debt, it also requires your home as collateral. If you can’t make the payments, you could lose your home.

Forward debt relief email offers to CenturyLink at spam@centurylink.net.

10. Investment Schemes

The Bait: Emails touting “investments” that promise high rates of return with little or no risk. One version seeks investors to help form an offshore bank. Others are vague about the nature of the investment, but stress the rates of return. Promoters hype their high-level financial connections; the fact that they’re privy to inside information; that they’ll guarantee the investment; or that they’ll buy it back. To close the deal, they often serve up phony statistics, misrepresent the significance of a current event, or stress the unique quality of their offering. And they’ll almost always try to rush you into a decision.

The Catch: Many unsolicited schemes are a good investment for the promoters, but not for participants. Promoters of fraudulent investments operate a particular scam for a short time, close down before they can be detected, and quickly spend the money they take in. Often, they reopen under another name, selling another investment scam.

Your Safety Net: Take your time in evaluating the legitimacy of an offer: The higher the promised return, the higher the risk. Don’t let a promoter pressure you into committing to an investment before you are certain it’s legitimate. Hire your own attorney or an accountant to take a look at any investment offer, too.

Forward spam with investment-related schemes to CenturyLink at spam@centurylink.net.

Fighting Back

Con artists are clever and cunning, constantly hatching new variations on age-old scams. Still, skeptical consumers can spot questionable or unsavory promotions in email offers. Should you receive an email that you think may be fraudulent, forward it to CenturyLink at spam@centurylink.net, hit delete, and smile. You’ll be doing your part to help put a scam artist out of work.

How to Report if You Have Been a Victim of Spam

If you receive an email that you think may be a scam, forward it to CenturyLink at spam@centurylink.net. Also, if the email appears to be impersonating a bank or other company or organization, forward the message to the actual organization.

Courtesy of OnGuardOnline.gov

The Internet gives buyers access to a world of goods and services, and gives sellers access to a world of customers. Unfortunately, the Internet also gives con artists the very same access. But being on guard online can help you maximize the global benefits of electronic commerce and minimize your chance of being defrauded. CenturyLink wants you to know how to spot some cross-border scams — including foreign lotteries, money offers, and check overpayment schemes — and report them to the appropriate authorities.

Foreign Lotteries

For years, scam operators have used the telephone and direct mail to entice U.S. consumers into buying chances in supposedly high-stakes foreign lotteries. Now they’re using email, too — either to sell tickets or suggest that a large cash prize has your name on it. No matter what country’s name is used to promote a lottery, the pitch follows a pattern: you should send money to pay for taxes, insurance, or processing or customs fees. The amount may seem small at first, but as long as you keep paying, the requests for funds will keep coming — for higher and higher amounts. Some victims have lost thousands of dollars.

Most scam operators never buy the lottery tickets on your behalf. Others buy some tickets, but keep the “winnings” for themselves. In any case, lottery hustlers generally try to get you to share your bank account or credit card numbers, so they can make unauthorized withdrawals.

If you’re thinking about responding to a foreign lottery, CenturyLink wants you to remember:

• Playing a foreign lottery is against the law.
• There are no secret systems for winning foreign lotteries. Your chances of getting any money back are slim to none.
• If you buy even one foreign lottery ticket, you can expect many more bogus offers for lottery or investment “opportunities.” Your name will be placed on “sucker lists” that fraudsters buy and sell.
• Keep your credit card and bank account numbers to yourself. Scam artists often ask for them during an unsolicited sales pitch. Once they get your account numbers, they may use them to commit identity theft.

Resist solicitations for foreign lottery promotions. Forward the emails to CenturyLink at spam@centurylink.net and then hit delete.

“Nigerian” Foreign Money Offers

The “Nigerian” scam got its name from emails that supposedly came from Nigerian “officials” who needed your help getting at their money — which was tied up due to strife in their country. Today, people claiming to be officials, businesspeople, or the surviving relatives of former government honchos in countries around the world send countless offers via email to transfer thousands of dollars into your bank account if you will just pay a fee or “taxes” to help them access their money. If you respond to the initial offer, you may receive documents that look “official.” But then, you will get more email asking you to send more money to cover transaction and transfer costs, attorney’s fees, blank letterhead, and your bank account numbers, among other information. Subsequent emails will encourage you to travel to another country to complete the transaction. Some fraudsters have even produced trunks of dyed or stamped money to verify their claims.

The emails are from crooks trying to steal your money or commit identity theft. Victims of this scam report that emergencies arise that require more money and delay the “transfer” of funds; in the end, you lose your money, and the scam artist vanishes. According to the U.S. State Department, people who have responded to these solicitations have been beaten, subjected to threats and extortion, and in some cases, murdered.

If you receive an email from someone claiming to need your help getting money out of another country, don’t respond. After all, why would a stranger from another country pick you out at random to share thousands of dollars? Forward the email to CenturyLink at spam@centurylink.net and then hit delete.

Check Overpayment Schemes

Say no to a check for more than your selling price, no matter how tempting the plea or convincing the story. Check overpayment schemes generally target people who have posted an item for sale online. The con artist, posing as a potential buyer from a foreign country (or a distant part of the U.S.), emails the seller and offers to buy the item with a cashier’s check, money order, personal check, or corporate check. Or the scammer may pretend to be a business owner from a foreign country, needing “financial agents” to process payments for their U.S. orders; in exchange, they promise a commission.

Regardless of the cover, here’s what happens: The scammer sends you a check that looks authentic — complete with watermarks — made payable for more money than you expected. They ask you to deposit it in your bank account, and then wire-transfer some portion of the funds to a foreign account. They provide convincing reasons why the check is for more than the necessary amount, and why the funds must be transferred quickly. Sometimes, the counterfeit checks fool a bank teller, but be aware that the check still can bounce. The scammer vanishes with the money you wired from your own account and you are on the hook for the entire amount of the worthless check. In addition, a scammer who has your bank account number is likely to use it to withdraw more money from your account.

Courtesy of OnGuardOnline.gov

If you want to get rid of your old computer, options include recycling, reselling, and donating. But before you log off for the last time, there are important things to do to prepare it for disposal.

Computers often hold personal and financial information, including passwords, account numbers, license keys or registration numbers for software programs, addresses and phone numbers, medical and prescription information, tax returns, and other personal documents. Before getting rid of your old computer, it’s a good idea to use software to “wipe” the hard drive clean. If you don’t, consider your old hard drive a 21st century treasure chest for identity thieves and information pirates.

You can deter identity theft and information piracy by taking a few preventive steps.

Understanding Hard Drives

A computer’s hard drive stores data, and maintains an index of files. When you save a file, especially a large one, it is scattered around the hard drive in bits and pieces. Files also are automatically created by browsers and operating systems. When you open a file, the hard drive checks the index, then gathers the bits and pieces and reconstructs them.

When you delete a file, the links between the index and the file disappear, signaling to your system that the file isn’t needed any longer and that hard drive space can be overwritten. But the bits and pieces of the deleted file stay on your computer until they’re overwritten, and they can be retrieved with a data recovery program. To remove data from your hard drive permanently, it needs to be wiped clean.

Cleaning Hard Dives

Before you clean your hard drive, save the files that are important to you on an external storage device – for example, a USB drive, a CDRom, or an external hard drive – or transfer them to a new computer. Check your owner’s manual, the manufacturer’s website, or its customer support line for information on how to save data and transfer it to a new computer.

Utility programs to wipe your hard drive are available both online and in stores where computers are sold. They’re generally inexpensive; some are available on the Internet for free. Wipe utility programs vary in their capabilities: some erase the entire disk, while others allow you to select files or folders to erase. They also vary in their effectiveness: programs that overwrite or wipe the hard drive many times are very effective; those that overwrite or wipe the drive only once may not prevent information being wiped from being recovered later. If your old computer contains sensitive information that would be valuable to an identity thief, consider using a program that overwrites or wipes the hard drive many times. Or, remove the hard drive, and physically destroy it.

One more thing to keep in mind: If you use your home or personal computer for business purposes, check with your employer about how to manage information on your computer that’s business-related. The law requires businesses to follow data security and disposal requirements for certain information that’s related to customers.

Disposal Options

Once you have a “clean” computer, here’s how to dispose of it:

• Recycle it. Many computer manufacturers have programs to recycle computers and components. Check their websites or call their toll-free numbers for more information. The Environmental Protection Agency (EPA) has information on electronic product recycling programs at www.epa.gov/epaoswer/hazwaste/recycle/ecycling/donate.htm. Your local community may have a recycling program. Check with your county or local government, including the local landfill office for regulations.
• Donate it. Many organizations collect old computers and donate them to charities.
• Resell it. Some people and organizations buy old computers. Check online.

Keep the environment in mind when disposing of your computer. Most computer equipment contains hazardous materials that don’t belong in a landfill. For example, many computers have heavy metals that can contaminate the earth. The EPA recommends that you check with your local health and sanitation agencies for ways to dispose of electronics safely.

Courtesy of OnGuardOnline.gov

Access to information and entertainment, credit and financial services, products from every corner of the world — even to your work — is greater than ever. Thanks to the Internet, you can play a friendly game with an opponent across the ocean; review and rate videos, songs, or clothes; get expert advice in an instant; or collaborate with far-flung co-workers in a “virtual” office.

But the Internet — and the anonymity it affords — also can give online scammers, hackers, and identity thieves access to your computer, personal information, finances, and more.

With awareness as your safety net, you can minimize the chance of an Internet mishap. Being on guard online helps you protect your information, your computer, and your money. To be safer and more secure online, make these seven practices part of your online routine.

1. Protect your personal information. It’s valuable.

To an identity thief, your personal information can provide instant access to your financial accounts, your credit record, and other assets. If you think no one would be interested in YOUR personal information, think again. ANYONE can be a victim of identity theft. In fact, according to the Federal Trade Commission, millions of people become victims every year. Visit ftc.gov/idtheft to learn what to do if your identity is stolen or your personal or financial information has been compromised – online or in the “real” world.

How do criminals get your personal information online? One way is by lying about who they are, to convince you to share your account numbers, passwords, and other information so they can get your money or buy things in your name. The scam is called “phishing”: criminals send email, text, or pop-up messages that appear to come from your bank, a government agency, an online seller or another organization with which you do business. The message asks you to click to a website or call a phone number to update your account information or claim a prize or benefit. It might suggest something bad will happen if you don’t respond quickly with your personal information. In reality, legitimate businesses should never use email, pop-ups, or text messages to ask for your personal information.

To avoid phishing scams:

• Don’t reply to an email, text, or pop-up message that asks for personal or financial information, and don’t click on links in the message. If you want to go to a bank or business’s website, type the web address into your browser yourself.
• Don’t respond if you get a message – by email, text, pop-up or phone – that asks you to call a phone number to update your account or give your personal information to access a refund. If you need to reach an organization with which you do business, call the number on your financial statement, or use a telephone directory.

Some identity thieves have stolen personal information from many people at once, by hacking into large databases managed by businesses or government agencies. While you can’t enjoy the benefits of the Internet without sharing some personal information, you can take steps to share only with organizations you know and trust. Don’t give out your personal information unless you first find out how it’s going to be used and how it will be protected.

If you are shopping online, don’t provide your personal or financial information through a company’s website until you have checked for indicators that the site is secure, like a lock icon on the browser’s status bar or a website URL that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some scammers have forged security icons. And some hackers have managed to breach sites that took appropriate security precautions.

Read website privacy policies. They should explain what personal information the website collects, how the information is used, and whether it is provided to third parties. The privacy policy also should tell you whether you have the right to see what information the website has about you and what security measures the company takes to protect your information. If you don’t see a privacy policy — or if you can’t understand it — consider doing business elsewhere.

2. Know who you’re dealing with.

And what you’re getting into. There are dishonest people in the bricks and mortar world and on the Internet. But online, you can’t judge an operator’s trustworthiness with a gut-affirming look in the eye. It’s remarkably simple for online scammers to impersonate a legitimate business, so you need to know who you’re dealing with. If you’re thinking about shopping on a site with which you’re not familiar, do some independent research before you buy.

• Type the site’s name into a search engine: If you find unfavorable reviews posted, you may be better off doing business with a different seller.
• If it’s your first time on an unfamiliar site, call the seller’s phone number, so you know you can reach them if you need to. If you can’t find a working phone number, take your business elsewhere.

File-Sharing: Worth the hidden costs?
Every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often, the software is free and easy to access.

But file-sharing can have a number of risks. If you don’t check the proper settings, you could allow access not only to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents. In addition, you may unwittingly download malware or pornography labeled as something else. Or you may download material that is protected by the copyright laws, which would mean you could be breaking the law.

If you decide to use file-sharing software, be sure to read the End User Licensing Agreement to be sure you understand and are willing to tolerate the potential risks of free downloads.

3. Use security software that updates automatically.

Keep your security software active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall (all of which are included in CenturyLink™ Online Security). Security software protects against the newest threats only if it is up-to-date. That’s why it is critical to set your security software to update automatically.

Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers have used to spread malware.

Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, delete it.

Anti-Virus Software
Anti-virus software protects your computer from viruses that can destroy your data, slow your computer’s performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.

Anti-Spyware Software
Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to the theft of your personal information.

A computer may be infected with spyware if it:

• Slows down, malfunctions, or displays repeated error messages
• Won’t shut down or restart
• Serves up a lot of pop-up ads, or displays them when you’re not surfing the web
• Displays web pages or programs you didn’t intend to use, or sends emails you didn’t write.

Firewalls
A firewall helps keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don’t permit.

Don’t Let Your Computer Become Part of a “BotNet”
Some spammers search the Internet for unprotected computers they can control and use anonymously to send spam, turning them into a robot network, known as a “botnet.” Also known as a “zombie army,” a botnet is made up of many thousands of home computers sending emails by the millions. Most spam is sent remotely this way; millions of home computers are part of botnets.

Spammers scan the Internet to find computers that aren’t protected by security software, and then install bad software – known as “malware” – through those “open doors.” That’s one reason why up-to-date security software is critical.

Malware may be hidden in free software applications. It can be appealing to download free software like games, file-sharing programs, customized toolbars, and the like. But sometimes just visiting a website or downloading files may cause a “drive-by download,” which could turn your computer into a “bot.”

Another way spammers take over your computer is by sending you an email with attachments, links or images which, if you click on or open them, install hidden software. Be cautious about opening any attachments or downloading files from emails you receive. Don’t open an email attachment — even if it looks like it’s from a friend or coworker — unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.

4. Keep your operating system and Web browser up-to-date, and learn about their security features.

Hackers also take advantage of Web browsers (like Firefox or Internet Explorer) and operating system software (like Windows or Mac’s OS) that don’t have the latest security updates. Operating system companies issue security patches for flaws that they find in their systems, so it’s important to set your operating system and Web browser software to download and install security patches automatically.

In addition, you can increase your online security by changing the built-in security and privacy settings in your operating system or browser. Check the “Tools” or “Options” menus to learn how to upgrade from the default settings. Use your “Help” function for more information about your choices.

If you’re not using your computer for an extended period, disconnect it from the Internet. When it’s disconnected, the computer doesn’t send or receive information from the Internet and isn’t vulnerable to hackers.

5. Protect your passwords.

Keep your passwords in a secure place, and out of plain sight. Don’t share them on the Internet, over email, or on the phone.

In addition, hackers may try to figure out your passwords to gain access to your computer. To make it tougher for them:

• Use passwords that have at least eight characters and include numbers or symbols. The longer the password, the tougher it is to crack. A 12-character password is stronger than one with eight characters.
• Avoid common words: some hackers use programs that can try every word in the dictionary.
• Don’t use your personal information, your login name, or adjacent keys on the keyboard as passwords.
• Change your passwords regularly (at a minimum, every 90 days).
• Don’t use the same password for each online account you access.

6. Back up important files.

If you follow these tips, you’re more likely to be free of interference from hackers, viruses, and spammers. But no system is completely secure. If you have important files stored on your computer, copy them onto a removable disc or an external hard drive, and store it in a safe place.

7. Learn what to do in an e-mergency.

If you suspect malware is lurking on your computer, stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. Malware could be sending your personal information to identity thieves.

Confirm that your security software is up-to-date, then use it to scan your computer. Delete everything the program identifies as a problem. You may have to restart your computer for the changes to take effect.

If you need professional help, if your machine isn’t covered by a warranty, or if your security software isn’t doing the job properly, you may need to pay for technical support. CenturyLink’s RescueIT service offers tech support via the phone or in your home.

Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future.

Also, talk about safe computing with anyone else who uses the computer. Tell them that some online activity can put a computer at risk, and share the seven practices for safer computing.

Courtesy of OnGuardOnline.gov

As a style statement and useful communication device, the mobile phone is perhaps the most sought-after gadget of our times. Whether used for keeping tabs on children or running a business, the mobile phone has made a huge difference in how we do things today.

But our increasing dependence on the benefits of wireless communication has also come with a cost. If something goes wrong – like the phone is lost or it gets infected with a virus – this can quickly cause some serious life complications.  Many people now store all their personal information, banking details, business projects and other valuable data on their smartphones, which can also be synchronized with computers. As more financial transactions are carried out using mobile phones than ever before, criminals are not only out to steal the phones but to make money from the information they contain.

Mobile threats

At the moment, the mobile phone security scene is not as serious as the Internet-based threats that are affecting everyone’s home and work PCs. While there are currently several hundred mobile threats, on the PC side there are hundreds of thousands of threats. The vast majority of mobile phones are still relatively safe, especially the older types of phones with standard features. However, mobile phones are constantly becoming more sophisticated. Experts predict that smartphones will soon take over from laptops as the most popular device for connecting to the Internet on the move. It is also a scenario guaranteed to attract the virus writers.

There are different ways that malicious viruses, worms and trojans, collectively known as malware in the Internet security world, can infect your phone. You may be tricked into opening a multimedia message that contains the malware, or unlocking your phone and installing a harmful application through a Bluetooth connection or as a web download.

Malware can instruct your phone to send out expensive sms messages or make calls to premium rate numbers. It can also delete important information or make your phone unusable. Some malware attempts to spread further by messaging people on your contact list. A recent outbreak in Asia saw the first so-called ransom trojan, which disabled the victim’s phone and demanded a payment before the criminals made the phone operational again. Internet hackers have carried out similar attacks against websites for several years.

Safe habits save trouble

Following some common sense security measures helps to keep your phone safe and sound. For a start, don’t make things easy for thieves by showing off your phone in public places where it can be snatched, or by leaving it visible inside a car. You can also preempt trouble by spending a little time on your phone’s security settings. Always keep the phone locked and protected with a password if you must leave it unattended somewhere.

Statistics show that most mobile phones are lost by teenagers, so educate them about security issues and think twice before investing in expensive models that could easily disappear tomorrow. If your family has a history of dropping mobile phones down the toilet or leaving them on top of the car and driving off, consider taking out insurance.

Treat your SIM card with care and make sure you have a backup record of all the information it contains. Also make a record of your phone’s unique 15 digit IMEI number which can be found by typing *#06# on the keypad. This helps the police identify a recovered phone. If you do lose your phone or it’s stolen, notify the police immediately and also get your operator to disable the phone number before someone runs up a huge bill on your account. Marking the phone with your contact details makes it easy for honest people to return a lost phone.

Think of your mobile phone in the same way as your computer. Only accept messages, downloads and applications from reliable sources, just like you would when using your PC. Any multimedia message (mms) that prompts an installation should be refused. Disable your phone’s Bluetooth discoverability.

When you are web browsing on your phone, remember that the interface is different so you may not be able spot the telltale signs of dubious websites. Be on the lookout for ‘phishing’ attempts that ask you to reveal personal information such as credit card details.

Courtesy of F-Secure

Today’s youth have grown up with the World Wide Web, and are the first generation of digital natives. They have a more accepting and open-minded relationship with the information technology that is rapidly reshaping the world, while the rest of us are usually playing catch-up trying to work out what is really going on. At its best, the Internet is a fantastic resource for learning, entertainment and communication. But it can also be addictive, anti-social and downright dangerous. The bottom line is we really need to know what they are doing online.

Establishing ground rules

A constructive security approach is based on talking openly with children about the positive and negative aspects of the Internet and how to use it safely. We need to make it normal and easy for children to discuss their favorite websites and whatever else they encounter on the web, including unpleasant or disturbing content.

With younger kids, the aim is to shield them from exposure to harmful content and to set rules that keep their online enthusiasm within reasonable bounds. Parents can take the initiative by introducing kids to fun but safe websites. Recommendations from other parents or teachers are a good starting point.

Locating the computer in a place where you can keep an eye on your child’s Internet activity gives you more control. It’s also important to set clear limits on the amount of time children spend online and what websites they can visit. The parental control feature on software like CenturyLink™ Online Security is an easy way to enforce your Internet policies and enables you to set specific time limits. Without basic ground rules, kids can become addicted to the screen and neglect other activities that involve physical play, normal socializing and being outdoors.

Online behavior code

Most kids enjoy taking on the teacher role, so if your web-savviness is already light years behind your children, ask them to show you where they are going and what they are doing online. Surfing the net can also be a joint family activity.

As kids start receiving spam email and joining chat rooms, they inevitably run into the nasty side of the Internet. It’s our job to prepare them for this by instilling a code of conduct for online behavior. The rules are simple: children should never reveal their real names, phone numbers, email, home or school addresses on the Internet, or post photos to people they don’t know.

Kids often have good instincts when dealing with strangers outside the home, but online chat rooms are more complex and real identities can be easily hidden. The harsh reality is that behind any online ‘friend’ in a chat room there could be a predator attempting to ‘befriend’ your child. Children should never go to meet someone in person if they have only communicated with them online, unless accompanied by you.

Encourage your child to talk about any threatening or upsetting messages he or she may receive. It’s worth learning some of the frequent acronyms used in online chat rooms. For example, ASL stands for ‘Age, Sex, Location’ and LMIRL means ‘Let’s meet in real life’.

Teenage kicks

As kids turn into teenagers they often need more space and privacy – and a more democratic discussion about their Internet activities behind that closed bedroom door. Enjoying the Internet should also come with a sense of responsibility, both on a personal and social level.

Just as it’s morally wrong for students to copy-paste material from the Internet instead of doing their own homework, parents also need to talk about issues like the illegal downloading of copyrighted music and films. In fact, downloading anything from the Internet without your permission, whether it’s programs, plug-ins or games, threatens your own privacy and the security of your computer. Viruses and spyware often spread through the hugely popular peer-to-peer networks where teens share digital content for free instead of buying it from the shops.

It’s also essential to discuss the use of credit cards with teens to avoid online financial disasters.

Online bullying and shock videos are other disturbing web trends on the rise. Posting cruel messages, embarrassing photographs and extreme content on the Internet has become a common pastime among some teenagers. There is a sense that ‘anything goes’ in the online world. Doing things for a laugh or a few minutes of fame on YouTube, young people are often not thinking about the privacy and legal consequences of their actions, which can be very serious. Once the damaging material is on the net, it’s not possible to stop it from spreading.

Parents need to work with schools and other authorities to counteract these trends. We need to make sure our kids don’t become perpetrators of online harassment and crime, and explain how to cope if they become targets of unpleasant attention on the web. We also need to explain how they should protect themselves and their family’s privacy online. Thirteen-year-olds posting sexually suggestive photographs on the web don’t have the emotional maturity to understand the longer-term effects this may have on their lives.

Important offline conversation

Today the Internet is everywhere. Installing security software on the home computer and tweaking the parental control settings is only part of the solution to the security issues facing children on the Internet. Policing and spying tactics may sometimes be necessary, but the crucial factor in keeping our children safe online is the quality of our offline conversation with them.

Establishing trust and reaching an agreement on safe Internet use requires two-way communication between parents and kids. To be credible and effective, parents need to get informed and have a plan of action for dealing with the Internet.

Courtesy of F-Secure

Fed up with spam? You’re not alone, so is everyone else. Spend a couple of days without checking email or emptying your junk mail folder, and you often return to an inbox bulging with irritating spam messages.

The days when junk mail was just a passing annoyance are long gone. Last year about 80% of the world’s email traffic consisted of spam. The sheer volume of spam, as well as the sophistication used by spammers to get us to pay attention to their messages, is growing year by year. Internet companies are spending millions trying to prevent the whole system grinding to a halt under the weight of spam messages.

Spam is a major security risk because it is often used to distribute spyware and other harmful viruses which are designed to attack our computers, privacy and bank balances. Clearly, the more time we spend on the Internet, the more essential it is to our online wellbeing that we get spam under control.

Developing spam control

There are some effective ways to minimize the headache caused by spam. The first is to grasp the real nature of the problem. Junk mail, spam, undesired bulk electronic messages – whatever we call it, it’s all about exploiting human traits like curiosity, greed and insecurity for financial gain. Spamming email inboxes, blogs, forums, newsgroups and, increasingly, mobile phones, is an industry run by criminals who make money out of it.

So what can we do about spam? The first line of defense is preventive: avoid getting on the email spamming lists in the first place. When surfing the net, don’t give out your email address or any other personal details unless it’s really necessary. Avoid filling in questionnaires and pop-ups that appear on the screen. When you do sign up for something, check the small print at the end of the form and refuse permission to be contacted by third parties. This means you are less likely to end up on the spamming lists that are compiled and sold by criminals on the web.

Another trick for more spam control is to start using separate email accounts, instead of your primary email, for things like online newsletters and for posting messages on public forums. It’s quick and easy to set up an extra email address with CenturyLink™ (learn how). As a result, your primary email is protected from spam and it’s convenient to use the other email accounts for occasionally sorting out the junk from what you really want to read. Remember that email addresses using common names are more prone to receiving so-called ‘dictionary spam’ because they are easy to guess for the spammers. For example, john.smith@emailprovider.com will automatically attract more spam than john.smith789@emailprovider.com.

Most email programs have spam blocking or filtering features and making the effort to understand the settings can save a huge amount of effort later. It’s also important that you know, for example, how long messages remain in a junk mail folder before they may be automatically deleted. Advanced security applications, like CenturyLink™ Online Security, contain effective anti-spam features as a standard part of an easy-to-use and comprehensive security package.

A healthy skepticism

Whatever precautions we take to protect our email addresses, it’s more than likely that some spam messages still find their way to the inbox. It’s helpful to have consistent policy against these unwelcome intruders.

The basic rule is very simple: clicking on the link or attachment of a spam message is always simply asking for trouble. Links and attachments in spam messages can infect your computer with hidden programs that steal your personal information, such as passwords and online banking details. Clicking on spam messages, regardless of what they say, invariably brings more spam to your email address. Actually buying something advertised in a spam message is a reckless gamble that nearly always ends as a costly mistake.

Since spam is designed to lure you into clicking on something that you shouldn’t, you need to fight the urge to make that click. Ignore all those too-good-to-be-true offers because they are almost guaranteed to be scams. Say no to the promised celebrity pictures and remain aloof from dubious get rich quick schemes. Be highly skeptical of emails from people you don’t know, even if they address you by your first name and claim to have seen a video of you on YouTube.

Remember that spammers are constantly refining their social engineering tactics. Clicking on the “unsubscribe” message of a newsletter that you never requested just attracts more spam. It pays to keep a record of what you have signed up for and to systematically trash all the other spam messages.

If you have been clicking on spam emails and think your computer may be infected, the best way to regain peace of mind is to install professional software like CenturyLink™ Online Security. This will clean up any harmful stuff that may be lurking inside your computer and make sure you stay protected with automatic security updates. With junk mail under control, you can relax and enjoy the time that you’ve wrestled back from the spammers.

Courtesy of F-Secure

Travel plans and the Internet were clearly made for each other. There’s no better way of researching different destinations, comparing prices, and contemplating delicious vacation alternatives than the Internet. Whether it’s a trekking adventure through the rainforest, a relaxing cruise, or a fly-drive vacation you are looking for, the Internet provides a wealth of information at your fingertips.

Using the Internet as your vacation launch pad is extremely convenient. Millions of people are now doing all their travel preparations from the comfort of their home, including printing out their own flight tickets and doing the check-in online. To make sure everything goes smoothly, booking vacations online also requires some attention on the security front. By following a few simple safety measures, you are all set for a wonderful trip.

Passport, vaccines, security

After checking that your passport is still valid, the first thing to do before booking the journey of your dreams is to make sure that your computer is ready for some online shopping action. Unfortunately, surfing the Internet without security software is these days a bit like choosing to travel to the middle of a yellow fever epidemic without having a vaccine.

The Internet has hundreds of thousands of contagious diseases, which have been specially designed by criminals to attack your computer, your privacy and your bank balance. So ensure your online wellbeing by protecting your computer with software like CenturyLink™ Online Security, which stops those pesky viruses from infecting your system.

The next security concerns are your Internet connection and browser. In two short sentences, don’t trust unsecured wireless networks with your credit card details because they can be intercepted by outsiders. And do keep clicking on those security updates which keep Internet Explorer and Mozilla Firefox (or whatever browser you are using) patched up against the viruses.

Diving in, staying safe

Now you are ready to dive online into the colorful coral reef of exciting travel offers. There are definitely great vacation deals to be found online, but it pays to keep an eye out for suspicious websites. Don’t start your vacation by getting ripped off before you have even left your living room.

Make sure your chosen travel agency is a reputable company by checking it has a real address and a customer service phone number that answers your call. A quick online search of the operator’s name should reveal any issues. It’s not unknown for travel companies to go out of business and leave their customers stranded in far-away places, so it’s better to be safe than sorry when booking your trip. Paying for your vacation by credit card usually provides some financial protection against such events, but it’s also important that you have appropriate travel insurance to cover your trip.

As you browse different vacation websites, don’t fill in the pop-up questionnaires that may appear, even if they are offering bargains. These only bring more spam to your email inbox and may also infect your computer with something nasty. The same goes for spam email messages; never click on their attachments or links, or buy anything from junk mail.

Small print and secure payments

Give yourself time to think over the different vacation options and shop around for the best deals. Being flexible about departure dates by a few days can make a big difference in what you pay for a vacation. Before making the payment, don’t forget to double check all the information about your chosen trip, including all the taxes and supplements, departure times and dates. It’s worth making the effort to read the boring small print in the ‘terms and conditions’ to avoid unpleasant surprises.

Take special care when it comes to making the payment. Reputable companies have a secure web page for taking your personal details, which you can identify from a closed padlock or an unbroken key symbol, or a web address that begins with https:// – that extra ‘s’ stands for secure.

It’s good practice to print out the confirmation emails and receipts from the operator in case of any problems. If you are traveling somewhere remote, leave copies of the most important documents with a friend and take one copy with you on the trip. Always check your credit card and bank statements after paying for your vacation. Also remember to do this after the vacation, especially if you have been using a credit card abroad, and notify your bank immediately if you spot something amiss.

Online away from home

Relax, you’re on vacation. Let your mind and body infuse with the new surroundings. But when you stroll cheerily into your hotel and think about using the computer in the lobby, don’t forget that those Internet viruses are still lurking behind the screen. Only this time you have no idea and no control over how secure the computer and the Internet connection is. So think twice before offering your credit card details to the local online crime syndicate. The same goes for your email passwords, online banking login details and other sensitive information.

Instead, set up a new email account that you can use during the vacation for keeping contact with family and friends (learn how to set up another CenturyLink account here). Also use this temporary email for booking local tours and other vacation activities. Even if it ends up on a spamming list, the problem does not affect your normal email.

If you are using a mobile phone abroad, keep in mind that the cost for calls and surfing the net is probably much more expensive than at home. Your phone may also be targeted by unfamiliar mobile viruses through sms messages or your phone’s Bluetooth connection. Installing security software before the trip is highly recommended. Also don’t give your phone to anyone for ‘tuning’ or new screen savers, because this is an easy way to get infected.

Laptop users should also not take risks with sending sensitive information over unsecured wireless networks. If using the web is an essential part of your vacation plans, then check that your hotel has its own secured wireless network before making a booking.

Have a safe and wonderful vacation, and don’t forget to send a postcard!

Courtesy of F-Secure

Internet malware is growing at a faster rate than ever before. That’s the message from CenturyLink’s security partner, F-Secure Security Lab, which is analyzing and responding to Internet threats around the clock, 365 days a year. In addition to the explosion of growth, there is also clear evidence of the increasing sophistication of malware, as well as the professionalism of the criminals who are creating it.

More Sophisticated Malware

In order to maximize the return on their investment, Internet criminals are now utilizing highly complex IT infrastructure and systems, which provides them with the power to silently flood the Internet with their menace.  Many of these systems, such as the Mebroot and Storm worms, are very challenging to detect, as well as programmed to fight back against detection.

Bagle is one of the most prevalent pieces of malware in computer history.  The email worm flooded computers worldwide via email messages, which had a signature subject field message “Hi” and an EXE attachment with a calculator icon. When the recipient clicked on the EXE attachment, the worm spread further while at the same time running the Windows Calculator application in an apparent attempt to fool the user.  The worm then collected email addresses aggressively from all local and network drives searching through every text, HTML file and address book file and sending a copy of itself to each address with the exception of Microsoft, MSN or Hotmail.

Targeted Attacks

Another significant trend in Internet crime observed by the Security Lab has been the growing number of targeted malware attacks on individuals, companies and organizations. In a targeted malware attack, the attacker profiles the victim and sends an email using the recipient’s name, title, and perhaps references to his or her job function. The message content is typically something that the recipient would expect to receive via email.

Taken in by this confidence trick, the recipient opens what seems like an ordinary attachment, such as a Word or PDF document which infects the computer. Often this creates a backdoor that gives the attacker access to the information stored on the computer, without any outward sign of infection. Today’s malware is more devious than ever, making protection against these silent and invisible threats all the more necessary.

Courtesy of F-Secure

Over the years that software has become a commodity, the various subcategories to denote its functionality have increased rapidly. While these subcategories are an attempt to clarify matters, there is often some confusion. This article attempts to draw a better understanding of three terms, freeware, adware and spyware.

Freeware

Typically there is some overlap between these three terms, but each has its distinctive signature. Freeware is copyrighted computer software that is made available for use free of charge, for an unlimited time. The fact that it is protected by copyright means that the author receives both credit for the software they created and the right to retain control of its future development.

The software license attached to the freeware may also impose one or more other restrictions on its use including personal use, individual use, non-profit use, non-commercial use, academic use, commercial use or any combination of these.

A subtle distinction does exist between freeware and free software. Whereas freeware is gratis, which is to say it costs nothing, free software on the other hand means free to study, change, copy, redistribute, share or use. A good rule of thumb is, however, that if you are able to change it and make it your own, it is free software.

Adware

Adware is as the name suggests advertising-supported software. It automatically plays, displays, or downloads advertising material to a computer once the software is installed or while the application is running. Since advertising revenues largely sponsor adware, the program that is downloaded appears at a greatly reduced cost or is even free of charge with the only caveat being that the adware comes with it.

When users download a piece of adware, they must consent to the terms, including the addition of advertisements to their internet browsing. Users may, however, also be given the option to pay for a “registered” or “licensed” copy to do away with the advertisements.

Spyware

Adware in its worst manifestation crosses the line into spyware. It does this when information about the user’s activity is tracked, reported, or re-sold, without the knowledge or consent of the user. It may also interfere with the function of other software applications, slow down a computer significantly or force users to visit a particular website during the course of their browsing online.

In many cases, users click a consent button to install software according to the terms set without reading the small print may open the door to invasive spying. While certain adware programs gain their user’s consent to ‘spy’ on their online activities, spyware in its proper sense is computer software that collects personal information about users without their consent.

Such activities as logging keystrokes, recording Internet web browsing history, and scanning documents on the computer’s hard disk are all examples of invasive spyware behavior. The hacker can use information obtained in this manner for any purpose ranging from direct criminal theft of passwords and information to selling of their findings for marketing purposes.

Spyware is more common than may be imagined with some studies suggesting as many as eight in ten computer users are infected by some form of spyware – in most every case unbeknownst to the user. Fortunately, data security companies like CenturyLink’s partner, F-Secure, and others have made significant gains in detecting these hidden threats and ensuring a spyware-free computing environment for their clients.

Courtesy of F-Secure

Online shopping is big business. According to one study, during the Christmas season, American shoppers buy approximately 25 percent of their holiday goods online. But with so many people now taking the step to shop online, online frauds like phishing are becoming as common. Internet shopping can be a safe and pleasant experience provided you take some basic precautions.

Get ready for shopping action

It’s your money at stake, so it pays to make sure that your online shopping experience is as safe as possible. Going online without any safety awareness or security software is nowadays a bit like deliberately jumping into shark-infested waters. Before spending any money, it’s essential to make sure that your computer, Internet connection and web browser are all as secure as possible.

CenturyLink’s free PC Health Check pinpoints the possible security vulnerabilities on your PC and helps to make sure your system stays in good shape. If you do discover some problems and the constantly evolving world of Internet threats is not quite your area of expertise, then be sure to install a security program on your computer. Software like CenturyLink™ Online Security keeps you protected and automatically updates your computer’s defences, wherever your online shopping expedition takes you.

Now focus for a moment on the Internet connection that brings the world’s marketplace to your computer screen. Remember that it’s always risky to send personal information over the unsecured wireless networks found in cafés, libraries, airports or other local Hotspots. Messages sent over unsecured networks can be intercepted by outsiders. So before whipping out the credit card to complete a purchase, make sure you are on a secured broadband connection at home or work, or log on to a secured wireless network that requires a user name and password.

Safe computer, safe connection, safe browser

The third preventive safety measure is to ensure that your Internet Explorer, Mozilla Firefox, or whatever browser you are using to surf the net, is up to date. Browsers without the latest security updates are vulnerable to attack by hackers and other malware merchants trying get inside your computer. Clicking on the update bubbles from Microsoft, Mozilla or other browser vendors helps to keep the baddies out. It’s that simple.

Safe browsing

With all online sites, remember to look for the padlock symbol on the browser to show that your personal details are protected. The padlock indicates that the browser is running SSL, or Secure Socket Layer, which is a software tool which ensures that information sent to or from a website cannot be viewed during transmission. It does so by using a public and private key encryption system. Websites that do not use security technology (e.g. SSL, the browser padlock) may leave your personal information open for anyone who might wish to intercept the communication.

In all online shopping transactions be sure to get the supplier’s mailing address and telephone number. If the seller only has an email address and no postal address, be immediately suspicious. Always try to use legitimate sites like eBay and PayPal but be careful even when using these – phishing scams can often provide convincing online fake sites that can separate you from your money.

Logging onto an online retail channel usually requires you to fill out a form listing your personal details. If you are assured that the site is legitimate, fill in only those fields that are required. And when submitting your email address, read the small print – most sites assure you that your email address will not be distributed forward making you the recipient of spam, but be sure to check.

Safe passwords

Also remember to use a password that is considered safe. Avoid anything with obvious associations like familiar names or any dictionary words – both are easy for a hacker to figure out. An ideal password should be at least eight characters long and include a mixture of uppercase, lowercase, numerals and other characters. Some passwords are automatically required to be changed after a specified period but it is good practice to change them every three months.

Safe habits save money

Never, ever, buy anything advertised in a spam message. Junk mail offers that seem too good to be true are usually exactly that. They are scams designed to steal your personal details, to infect your computer with nasty stuff like spyware, and to part you from your money. Clicking on attachments or links in spam messages is simply asking for trouble. Also watch out for bogus messages asking you to verify your eBay, PayPal or online banking details. Reputable companies will never do that, so delete all such requests.

Although most transactions online are paperless, it pays to keep copies of all email correspondence and order forms. And if you buy goods on the Internet and something goes wrong, remember, normal consumer rights apply.

Courtesy of F-Secure

419 scam

The basic theme behind a 419 scam (named after the relevant section of the Nigerian Criminal Code) is that a large amount of money has been located, and the person in question requires assistance in obtaining the money. The victim, motivated by greed agrees to assist in freeing up the money for a percentage of the profits. Indeed, the advanced fee aspect is at the heart of the scam, as is the extreme confidentiality needed to make it succeed.

However, the victim is made to feel more and more a part of the plot until he or she is helpless to resist the various requests for more money. In many cases, if the victim cannot pay or refuses to pay more, he is targeted with faxes, phone calls and emails. Finally, he relinquishes the money – sometimes even borrowing large sums from family, friends or banks.

There is one very simple tip to avoid being caught by this scam – ignore all attempts to be contacted. Emails spamming these 419 scams have made it possible for the criminal gangs to reach a far larger audience automatically, even if the scam remains the same.

Money mules

How about this for a great job opportunity? “Get a job in 3 hours after you answer, and start earning! If you’re seeking a convenient job location, consistent hours and great opportunity for growth then this is the perfect position for you!” But what about this one: “I’ll get right to the point. I have a large amount of funds which needs to be laundered…”

Both examples are recent job advertisements found on the Internet, and both ads are trying to recruit money transfer agents – the money mules used by criminals to launder stolen funds. The most common means of recruitment are spam messages and unsolicited emails, as well as job advertisements placed on real recruitment sites. Sometimes criminals create professional websites that look perfectly legitimate to the untrained eye or steal the whole template for a website from a reputable company. On rarer occasions, a reputable website is hacked by criminals and used to host the mule site. In all these cases, the criminals aim to convince the job seekers that the employment opportunity is made by a genuine, legal company.

The promise of easy money for a few hours of simple work has lured many people to sign up as money mules. But when the police and banks discover these cases, the trail always leads to the money mule, not the people behind the crime and the consequences can be serious. People suspected of receiving and forwarding stolen money may have their bank accounts frozen while they are investigated. Becoming a money mule can also ruin a person’s credit history and lead to criminal charges.

F-Secure, CenturyLink’s security partner, carries out research on suspected money laundering websites and also supports Internet volunteer crime fighters who are working to shut down these sites. The more Internet users are aware of the dangers of these scams, the less people will be deceived.

Courtesy of F-Secure

Would you tell a complete stranger all about your family, work, love life, hobbies and interests? And give them some personal photos to look at too? Most people approached on the street would probably answer ‘no’ to the above questions. But on the Internet, that’s exactly what millions of us are doing on the hugely popular social networking sites and chat rooms.

MySpace, Facebook, YouTube, LinkedIn and other social networks have caught the imagination of Internet users all over the world. They can be fun and hip, but they also present a major security concern for Internet users. With millions of active users and vast databases full of valuable information, social networking sites are increasingly targeted by online criminals. Their mission? To get inside our computers, steal our personal information and empty our bank accounts.

Danger of revealing too much

At the heart of the social networking phenomenon are the personal profile pages that users create about themselves. These can be linked to their friends’ pages, the friends of their friends, and so on. The more information everyone publishes on their pages and the wider the communities grow, the juicier the interaction obviously becomes.

Of course, it’s up to you what to reveal about your personal life. The websites also provide different levels of privacy settings to control access to your profile page and your interaction with others. But does your information really remain private? The reality is that the more information you give online, the more vulnerable you also become – with possibly far-reaching consequences on your life outside the Internet. Nevertheless, many people are throwing caution to the wind when it comes to protecting their privacy and reputation online.

So what are the risks of telling too much about yourself? For a start, identity theft is a major industry on the Internet. Information extracted from social networking sites is used by criminals to spam our emails and for targeted attacks on specific individuals and companies, using sophisticated social engineering techniques.

Personal information provides a level of credibility that can make the criminals’ approaches more convincing. For example, it could be an email pretending to be from someone you know, addressing you by your first name and mentioning the names of your children. It doesn’t look like a spam message and can trick you into revealing even more sensitive information. Similar methods are also used to gain financial information from businesses.

Social networking sites are also used by predators and pedophiles searching for possible victims. It’s easy for anyone to adopt false identities on the web, so you should maintain a healthy scepticism over what you see and hear on social networking sites. The bright young student you are conversing with could always be a middle-aged fraud. If you want to meet a person who you have befriended online, always do it in a public place, preferably accompanied by someone.

As social networking sites and chat rooms are especially attractive to children and teenagers, it is essential that parents educate them about safe online behavior and keep tabs on what they are doing online. The first rule about making profile pages and posting messages on public websites is that you should never give out your address, telephone number, social security number, banking details, passwords, or any detailed information about your daily routines.

Bebo provides an excellent summary of the security issues involving social networking sites for both parents and children at www.bebo.com/Safety.jsp.

Maintain a good reputation

It’s worth remembering that whatever you post on your profile page, or other community forum, remains in the public sphere long after you log out of the website. This includes the crazy stuff and wild photos that you posted on Facebook but decided to delete ten minutes later because it suddenly seemed like a bad idea. The problem is that you can’t really retract it. Once it’s out there on the web, you have little control over who copies the material, where it is used and how widely it gets distributed.

So protect your reputation. Think twice before publishing compromising photos that may one day show you in a bad light. Resist the temptation to impress your friends with a profile that gives away too much. It may end up being abused by people who really should know nothing about you.

A momentary lack of judgment can still come to haunt in years to come when applying for jobs or schools, or when accepting a position of responsibility in the community. Employers do a web search on everyone they are thinking of hiring. So do potential life partners! Some stories are just better told face to face, to the right people, and when the time is right.

Staying safe

Many online social networks encourage users to import content like video clips and also accept third party add-on applications. The best way to guard against such threats is to install software like CenturyLink™ Online Security, which updates your computer’s defences automatically and makes sure you won’t be the one spreading worms among your network of friends. It’s also important to update your web browser, so remember to click on the security updates for Internet Explorer and Mozilla Firefox, or any other browser you are using. This helps to keep your computer patched up against the viruses.

Today your online wellbeing has a direct impact on the rest of your life. So enjoy the social networking sites while also keeping security in mind. That way you are protecting your computer, money and reputation, as well as your family and friends.

Courtesy of F-Secure

What is social engineering?

Social engineering describes a series of techniques used to trick people into performing actions or giving up confidential information. While these techniques share many commonalities with the repertoire of an ordinary con man, social engineering is usually confined to online fraud where the author of the scam very rarely comes in touch with the victim of his assault.

Much of social engineering’s success is related to the rise of computers where typically people perform many transactions online exchanging valuable information, transferring money or making payments either with systems or individuals. The impersonal nature of such transactions combined with the ability to automate and replicate such scams makes it very easy for con men with the right social engineering technique to target a large number of people at any given time.

Who falls for it?

All Social Engineering techniques are based on flaws in human logic know as cognitive biases. These recognizable mental traps are woven into specific techniques, which have been proven to be most effective for social engineering purposes. One of the most common techniques is known as pretexting, where the con man creates an invented scenario based on information already obtained (for example personal details, a social security number or other) to lull the recipient into a false sense of security. Gaining the confidence of a lesser member of an organization through such a pretext creates another window of opportunity for the con man to target people further up the administrative chain.

Phishing works

In the same vein as pretexting, phishing applies to email appearing to come from a legitimate business — a bank, or credit card company — requesting “verification” of information from the recipient. Once again, the aim is to lull the receiver into a false sense of security. In the case of phishing, an email usually contains a link to a fraudulent web page that looks legitimate. Users directed to such sites are usually requested to fill out a form detailing everything from home address to PIN codes for credit cards with the inevitable consequence.

Spear phishing – a new technique

Spear phishing is a relatively new approach for the online malware community. As its name suggests, a spear phishing attack involves a distinct target – usually a certain company, government agency, organization, or group. Spear phishers send email that appears genuine to all the employees or members within an organization usually from a trusted source. For example, the person who manages the computer systems in your company may request something as innocent as user names or passwords.

The truth is that the email sender information has been faked with the aim of accessing a company’s entire computer system. If a target recipient responds with a user name or password, or clicks links or opens attachments in a spear phishing email, pop-up window, or website, the consequence can be a straightforward identity theft. Once a company or organization’s members have become victims of identity theft, serious repercussions can follow for all who do business with that company.

Too good to be true?

Another typical social engineering technique is the “gimme” that takes advantage of two very typical human traits – curiosity and greed – to install targeted malware to an organization. Gimmes can arrive as an email bearing an attachment promising such things as a free screensavers, free pornography or anything else that might pique the user into opening an attachment.

Once the attachment is open, a Trojan horse is introduced to the host’s computer allowing the hacker to create a backdoor or install further malware. Another technique recently discovered is the seeding of Flash memory sticks outside or inside a targeted organization. People on the way in, or in an elevator may well assume the flash to be dropped by somebody from that organization and plug it into their computer, thus neatly circumventing the company’s perimeter firewall.

Be smart, be safe

Since, for the most part, phishing only succeeds through social engineering, the best way to beat it is to be wise to the con man’s tricks. Users who suspect a phishing attempt should contact the company in question to check that the email is legitimate. Going to the official company website and typing in a trusted web address to the address bar of their browser, to bypass the link in the suspected phishing message is also advisable.

Spam filters are an important first line of defense against phishing attempts because they reduce the number of phishing-related emails that users receive. Anti-phishing software is available to help sniff out phishing contents on websites, act as a toolbar that displays the real domain name for the visited website, or spot phishing attempts in email. Microsoft itself has announced that its Internet Explorer 7 browser will include anti-phishing technology. For banks and other organizations susceptible to phishing attacks, certain dedicated companies offer round-the-clock services to monitor, analyze and potentially shut down offending phishing websites.

Experts believe that the general rise in knowledge about phishing and the continuous improvement in methods to block it will ultimately clamp down on this particular criminal pursuit. Nevertheless, with such easy money as the driver for their operations, criminals may yet prove themselves tougher adversaries than expected.

Courtesy of F-Secure