Smoke, Mirrors & the Internet

Originally published May 30, 2013

“Ladies and gentlemen, step right up to the booth! Winning is easy! All you have to do is to hit this button and claim the cute teddy bear as your prize.”

The carney in the midway isn’t the only slick talker out to separate people from their money. Tricksters and con men are holding shop on the Internet. There are 644 million active websites on the Net, according to Internet analysis and security firm Netcraft.  No one knows for sure how many of those sites are legitimate and how many are malicious.

“Malicious websites don’t necessarily wear a black hat,” says Matt Shaffer, BendBroadband’s information security officer. “In fact, most ‘bad’ websites try to look enticing to the visitor.

“Malicious websites don’t ask you to divulge any of your secrets,” Shaffer says. “They want you to visit so that the website can push specialized software onto your computer.  The only thing you have to do is to ‘Click here to claim your prize, iPad or ringtone.’ ”

Once you have clicked on a malicious link, your computer is open for attack. “It can be a Trojan horse virus that commandeers your computer or a keystroke logger that keeps track of everything that you write on your computer, including user names and passwords,” says Shaffer.

There is a common thread to all Internet scams: It comes down to financial gain. Unlike “phishing” or Internet scams, malicious websites are using your information or computer to attack organizations like financial institutions, large companies or government agencies.

With the help of specialized software, the hacker sets up a “denial of service” attack. The hijacked accounts start sending thousands of emails to a bank or government agency, effectively disabling its computer system. While the IT department is busy sorting out the problem, the criminals attack another computer server for financial gain or to access sensitive information.

Shaffer suggests that you keep your browser and anti-virus software up to date. “All updates are critical security enhancements,” he says. “Someone has found a software vulnerability and it needs to be fixed so it can’t be used by a hacker.”

Shaffer also suggests using extra care when you’re visiting your financial institution or placing an online order: “Make sure the website address starts with ‘https’ or that the Web browser shows a padlock. Both are indicators that you’re accessing the site through a secure connection.

“Once you are done with the transaction, log out and then close down your browser. It will clear any information stored from that session.”

Finally, don’t do business with a company that doesn’t seem to have it all together. “If the website doesn’t look polished, and has bad grammar and misspellings, it’s a good indicator that something is not right.”

In the end: Don’t walk on the wild side of the Internet! Steer clear of the colorful carnival booths and promises of free prizes.