TV with DVR & Internet: $84.90/mo
9 tips for avoiding suspicious Web sites
(Credit:
CNET Networks)
Editor's Note: This article was updated on 5/8/09 from a previous version published on 3/3/08, and the original, published on 12/15/06.
No matter how you arrive at an unsafe Web site, it's all downhill from there. Phishers will attempt to coerce you into disclosing your address, credit card number, or social security number. Or maybe adware engines will start sprouting pop-ups over your screen like a field of clover. Worse, your computer may become part of a botnet, its processing power used to send spam and infections to others, possibly even in your name. Here are nine telltale signs you're swimming in dangerous waters, with tips to help keep you firmly in the safety zone.
Before we dive in, take note of two tools to help warn you of dangerous sites. McAfee SiteAdvisor for Internet Explorer and Firefox and AVG LinkScanner assess the hazards of sites you visit, and are available for Firefox or Internet Explorer. Online Armor is one firewall that scans sites in real time based on traceable patterns of malicious software behavior. Also check out our Security Starter Kit for an excellent set of tools that defend against potential threats.
Sign 1: Pop-up city
You click a search result and are suddenly bombarded with no fewer than 10 porn pop-ups. Back out immediately by right-clicking the pop-up in your task bar and selecting 'close' or by killing the EXE in your Task Manager. It might also help to press Alt-F4 to close your browser. Then run a malicious software scanner and remover to assess and fix the damage--Malwarebytes Anti-Malware is a good start.
It's a mouthful, but EULAlyzer's ease of use makes up for its awkward pronunciation.
(Credit: CNET Networks)Sign 2: Where's the EULA?
Rogue antivirus apps often scare you into parting with your credit card number by informing you it's found bogus spyware on your machine (it!) If you're about to sign up for or purchase a service and aren't prompted to accept an end-user license agreement, nor are you offered a privacy policy to view. Shady site proprietors often disclose their intentions in the privacy policy or EULA, so you should always read carefully! The free tool EULAlyzer (from the makers of SpywareBlaster) is a great help because it analyzes license agreements and notes any unusual or possibly dangerous language. An upgrade to the professional version is available for about $20.
Sign 3: Excessive firewall alerts
Your firewall repeatedly alerts you to file extensions you don't recognize and other suspicious anomalies. Once you've set your firewall to allow your most common programs, any alert should be taken seriously, and a number of warnings should be a red light something is amiss. If you're not running a firewall, get one right now.
Sign 4: E-mail and instant message links phish for information
You follow a link embedded in an e-mail and arrive at a site that asks you to provide security information for an "important update." Misleading links are increasingly sent through instant messages under the guise of a contact's friendly tip. This variety is especially easy to fall for. If the page is asking for data or looks like a different destination than the link implied, pull yourself out of autopilot and start taking screenshots. Contact the company for verification before taking any action, and check the Federal Trade Commission's alert board.
Sign 5: The site's URL and e-mail don't match
Any case in which a site's URL doesn't match the contact's e-mail address should raise an alarm. Most legitimate companies provide their employees with a corporate e-mail account. This doesn't mean, however, that you can automatically trust sites where the two align. Illegitimate companies can purchase domain names as easily as legitimate companies.
Phishing link sent through Yahoo IM.
(Credit: CNET Networks)Sign 6: Are you secured?
If a site prompts you to enter personal information, such as a username, password, or credit card number, check the browser window. Unless the site is secure--that is, unless the address starts with https:// and a closed padlock appears at the bottom of the window--your information is ripe for theft.
Sign 7: Check teh speling
Developers and engineers may have a bad reputation when it comes to grammar, and that's why most companies hire wordsmiths. Be wary of a site chock-full of grammatical and spelling errors. That includes the Web address--there's a world of difference between www.yahoo.com and www.yhoo.com.
Sign 8: Nested links
Does the site forward you to a completely unrelated site when you land on it? If nested links progressively take you to other sites, the host may be trying to pull a fast one.
Sign 9: Ridiculously large sums
If a free gift offer seems too good to be true, it probably is. You don't get a $500 gift certificate for doing nothing. Most often you'll have to provide personal information, download something compromising, engage your friends in a pyramid scheme, or all of the above. And how about those well-known scams that offer to pay out, but only after you wire someone a chunk full of a change? In this case, the surest preventative measure is your delete button.
Jessica Dolcourt reviews the latest and greatest smartphone apps, in addition to a healthy dose of Windows software. E-mail Jessica and follow her on Twitter. 
If this was about shopping, then I admit that I don?t shop online in those stores, which doesn?t have physical store or office somewhere. Imagine if product you bought got some trouble you would wish to talk with them personally. In case, you know just e-mail then ?ciao?, they can also ignore your e-mails.
Best stores are those where you pay to delivery man on your doorstep when product is delivered into your hands, so you just provide address, but no credit card info is transferred over net and kept in store.
finally, i wanna start geting credit card from you
thanks
The articles & comments released by the download.com team are written by different team members and at different times. Nothing says that they all have to agree with each other. There is often more than one solution to a problem. I suggest you read and ingest the information freely supplied by download.com, and then apply your own knowledge, preferences & system requirements to your decision making. Become constructive - not destructive.
PS: I have no connection with anyone at the download.com - just believe they do an incredible job FOR FREE !!!!!!!!!!!!!!!
http://www.geocities.com/piic_yo/index.htm
you are mentioning in sign #5 above?
The emails are always from different senders. In this case it is from <imogenegomez@hol.gr>. Hereunder is the Full header of this unsolicited email.
From Imogene Gomez Tue Mar 4 21:51:48 2008
Return-Path: <imogenegomez@hol.gr>
Authentication-Results: mta211.mail.re4.yahoo.com from=hol.gr; domainkeys=neutral (no sig)
Received: from 62.38.2.44 (HELO outgoing.holservices.gr) (62.38.2.44)
by mta211.mail.re4.yahoo.com with SMTP; Tue, 04 Mar 2008 21:52:46 -0800
Received: (qmail 7885 invoked from network); 5 Mar 2008 05:41:20 -0000
Received: from unknown (HELO deliver.mail.dc.hol.net) (192.168.20.70)
by arete.mail.dc.hol.net with SMTP; 5 Mar 2008 05:41:20 -0000
Received: from auth-smtp.hol.gr (takeit01.mail.dc.hol.net [http://192.168.20.71|http://192.168.20.71])
by deliver.hol.gr (8.12.11/8.11.6) with ESMTP id m255pmJO005749
(using TLSv1/SSLv3 with cipher DHE-RSA-AES256-SHA (256 bits) verified OK);
Wed, 5 Mar 2008 07:51:48 +0200
Received: from xbpfia.com (ppp089210076186.dsl.hol.gr [http://89.210.76.186|http://89.210.76.186])
by auth-smtp.hol.gr (8.13.1/8.13.1) with ESMTP id m255oQqh012598;
Wed, 5 Mar 2008 07:51:45 +0200
Received: from bjlkixidu (bjlkixidu.com [http://127.0.0.1|http://127.0.0.1]) by bjlkixidu.com (8.13.1/8.13.1) with SMTP id m257pmNI008092 ; Wed, 05 Mar 2008 07:51:48 +0200
Date: Wed, 05 Mar 2008 07:51:48 +0200
Message-Id: <200803050751.m257pmNI008092@hol.gr>
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
From: Imogene Gomez <ImogeneGomez@hol.gr>
To: kennel advert <poobear10142000@yahoo.com>, upset weaken <ctwest@yahoo.com>,
blinn rabble <rvinzant@yahoo.com>, agile keyed <k_antova@yahoo.com>,
bite cetera <appaudel@yahoo.com>, part squad <austinmaloy@yahoo.com>,
jo ken <henry_301@yahoo.com>, zoo hamper <adilsonsergio@yahoo.com.br>
Subject: Get a bigger copulation organ today
Content-Length: 242
It is the quick way to detect SPAM and PORN they look like Goble-****
It really ticks me off when I'm carefull where I leave my adress and they send it around to the whole world, preferably in a mail that is forwarded and forwarded and forw...
But another far more common way of getting into trouble is to visit a site run which provides means to hack your way past the copy protection placed on commercial software. Such sites either list known serial numbers or offer ways to hack the program in such a way that it thinks it has been entered.
But consider this: If the people running these sites have the morals that allow them to steal from other people... what makes you think that they consider YOUR property any more inviolate?
In a way, what I'm saying is a modification of Sign #9. The difference is that you know that you're treading on thin ice when you visit these sites, so don't be surprised when you're deluged with viruses as a result.
1. do to you spam filter settings and allow only your contacts to contact you.
2. never open all mails from ppl you don't know and be sure to add all your contacts to your address book including contacts from business you occassionally contact.
3. don't bother to go into the spam folder just click the empty button next to it.
4. stop signing up for newsltters and such and going on sites that ask u to join to do quizzes and IQ test and for horoscopes.
Spammers are altered when you open a mail and then spam you more and sell your email address. just ignore them that's all you can do.
Experience can teach you which sites you should never trust. But a good bulwark against the offenders never hurt anyone. I use Zone Alarm, AVG, Ad-Aware and Spybot, all free, all very good at what they do. Another helper is a very small program called "Hijack this" It can do a quick search for suspicious items in your system.
With a few free programs and a little sense you can probably avoid much trouble. It doesn't hurt that additional protection layers are usually at your e-mail and home sites, as part of the service.
I previously was getting over 30 - 40 spam emails daily usualy viagra or cheap computer software stuff. Since I started reporting the spam emails I now only receive 5 spam emails a week. If I'm lucky.
Another thing too I use Mozilla Firefox on PC & Mac, both of these versions have a phishing filter enabled by default advising you that the site you are attempting to visit may be a fake and it gives you the option to either back out or continue.
Adware, Spybots, Spyware and Viruses are common and an everyday threat to everyone including the idiots who post them. There is NO SURE FIRE WAY of eliminating them all, nor is there any 1 program that can tackle them ALL. I have found that being behind a Modem w/Firewall adds to you basic security. Add to that the basic Windows Firewall, and Windows Defender and you have a small security Net going. To that I personally add Avast for Home Users. It has a small footprint on the registry, has a light firewal which enables it to run alongside Windows Firewall, and is updated continuosly. Sometimes 2-3 times in a day, depending on the current threats. Oh, and did I mention the most important part??? IT'S FREE !!!!
A) turn off the internet (pull the plug on the modem)
B) then shut them down.
C) Another way to close them without clicking on them which can trigger links is to go into task manager and close them there.
I SINCERELY Thank you for this helpful information, since I receive a lot of "bogus" emails from the African connection that was exposed on Dateline last year. I check my boss's email and he receives them also!!
Anyway, back to the subject at hand....your information "IS" extremely helpful and I thank you.
Have a pleasant day!
Smile.
Michele~
Manhattan
- by davejyd March 5, 2008 8:58 AM PST
- I noted in an earlier post that a person unplugs his modem if he happens upon an unusual website or popup. I suggest one step better - I have bought a Power Switching System for my PC, and I have my cable modem plugged into one of the switched outlets - so if something unusual or suspicious starts happening with my PC, I can shut down my internet connection instantly with a push of a switch - I feel it is just one extra step in my internet security.
- Like this Reply to this comment
-
Showing 1 of 3 pages (53 Comments)