A timely reminder of the dangers of online crime from my colleague and Microsoft UK's Chief Cyber Security Advisor, Ed Gibson:
A few days ago the news broke that a series of banks, savvy investors and other esteemed financial institutions had collectively become victims of a $50b fraud. Inevitably, this news was quickly followed by shock and outrage: "how could this happen?" "where were the regulators?" "how could reputable companies and individuals have been suckered?"
But how surprised should we really be? White-collar criminals are the best in the league. Having investigated scores of massive complex fraud schemes during my career as an FBI Agent, I know never to underestimate the apparent plausibility of the schemes invented -- or the willingness of victims to clutch at the "hope" offered by scammers and to fall for a deal too good to be true.
So here's a reminder of my list of things for you to stay away from online no matter how good or believable they might appear to be...
1. Banks will NEVER ask you to verify your account details – they already have your details. The same applies to Ebay and PayPal.
2. MySpace, Bebo, Facebook, and ALL other social network sites are OPEN by default. Unless you want everyone (including that bully at school, the nosey neighbour, your boss, your mother, or the paedophile from abroad) looking at your site, NEVER use it until you make it PRIVATE. Go into the website settings and follow the instructions. See www.safesocialnetworking.com for more information. The same applies to Instant Messenger -- if you don’t know the person, don’t add them as a contact.
3. Microsoft has not and NEVER will hold a Lottery. (And when we do hold competitions, the terms and conditions will be posted on our website so you can check.)
4. You know if you have relatives in Nigeria or West Africa. NEVER ‘help’ someone you don’t know move money from a foreign country -- that makes you a criminal too!
5. NEVER click a hyperlink in an email from someone you don’t know. And be wise, unless you know who is sending you the online Birthday or Christmas card NEVER click on it – it’s loaded with malware or will redirect you to someplace you don’t want to be. Miscreants and criminals frequently abuse the ‘Hallmark’ name because it is so recognizable. If your name is not in the body of the email, do not click on it.
6. Wireless Internet: Make sure your wireless internet is secure (WEP is okay, WPA is better – and if you don’t know what these terms mean, read the instructions that came with your wireless device). If you're not sure how to secure your network, do NOT use your wireless internet until you find a trusted advisor to fix it (generally your neighbour’s 14 year old kid).
7. There is no free lunch. NEVER reply to email requests for charitable contributions. If you want to donate to a good cause, call the charity yourself and know who you are talking to.
8. "Free" deals usually have a sting in the tail. NEVER reply to pop up ads telling you to run free anti-spyware or anti-malware to get rid of spyware or viruses. You can be certain they will ‘find’ bad stuff on your computer requiring you to buy what they want to sell. OR they will load stealth software onto your computer to steal what’s important to you.
9. NEVER think you are smarter than the criminal. You may be, but if you reply, you lose, you will always lose.
10. Falling in love at first sight does happen – and it’s fabulous when it does – but falling in love online, whether in Second Life or another online virtual world, can be dangerous. Hey, if you are scoring a 4 or 5 in real life, you gotta wonder why a 9 or 10 is chatting you up online...
Finally, think before you forward an email -- whether it's promising good news ("free Marks & Spencer vouchers") or warning of dire dangers ("an armed and dangerous man hiding in your backseat"). There are several internet websites, including snopes.com and hoax-slayer.com, that enable you to check whether or not the offer or warning you've just received are genuine.