IT Best Practices.
How Thieves Steal Your Password to Compromise Your Network Security
You need not worry about run-of-the-mill viruses that try to infect your system surreptitiously. Your firewall and security software does a good job of preventing such digital intrusions. What you have to watch out for are tricks that lure you into explicitly revealing your confidential information. Hackers make such attempts using the following methods:
- Phoney update messages. You’ve turned on update notifications on your system so you receive requests to change software almost everyday. You may not think twice when you click the “Agree” button on such messages. Hackers are counting on your inattention. If you click any button on their phoney dialog boxes, you unleash malware onto your system. There’s almost no way to verify if such messages are legitimate. Never update your software in this manner and always close such dialog boxes.
- Email warnings. An email that is supposedly coming from your financial institution or supplier asks you to update your information. Or a business service you subscribe to wants verification of your account details. Except when you click on the link, nothing visible happens. Instead, behind the scenes, malware is unleashed. Never click links in email, even if the message seems to come from legitimate sources like your customers or coworkers. Even the sources of email can be faked.
- Phishing. A phishing website looks exactly like the pages of legitimate companies except for one detail. Links from emails or fake update messages may lead to these phishing sites. When you enter your usercode and password, you’re sending the information to hackers who use your confidential detials to break into your account. A big clue to the crime is the URL in the address bar of the browser. It does not match the name of the company that put up the original website.
You can thwart all these attempts in the same way. Close the originating page or message. Then manually browse the site of the requesting company. If updates or changes are needed, you can manually make them, thereby bypassing the fake requests. If no such updates or downloads are needed, be sure to inform the company that someone is fraudulently using its name to steal data.