Home Back

Computer Security Threats:
Hacking & Phishing

No, we're not taking about baiting the hook while you have a bad cold. Hacking and Phishing are two very different types of computer security threats.

Hacking is an extremely high tech attack which requires you to take certain precautions to protect your computer and all of the data which is stored in it. Phishing, on the other hand, is decidedly low tech and just requires a dose of common sense to ward off the dangers.

What is hacking?

Because the Internet is simply a network of computers that are all tied together, every one of them (including yours) has the capability to "talk" to any other one. That means that a determined criminal can gain unauthorized entry to your PC once he knows your computer's "address". These criminals are called "hackers".

How hackers discover your PC's address

Your computer leaves its address all over the Internet whenever it visits a web site. The addresses can be found in the log files which are automatically generated by every web server among other places.

Some hackers use what is known as "port scanning" software which simply goes out on the Internet and electronically "knocks" on the door of every connected computer it can find to see if any will them him in.

Once a hacker gains access to your computer he can read anything that's stored on your hard drive. He can install programs which will monitor your key strokes and send sensitive passwords and user names back to his lair, and he can even get copies of your credit card and bank account numbers. Once a hacker gets this information he will proceed to steal you blind.

How to protect yourself against hackers

The best method is to use what is known as a "firewall". This is a piece of hardware, or software, or both which is designed to make your computer "invisible" on the Internet.

How does a firewall work?

A firewall works by blocking the "ports", or doors, which hackers commonly use to gain entrance. Once those ports are blocked the hacker can no longer "see" your computer and, thus, is unable to attack it.

The new version of Windows XP comes with a built-in firewall program which may be all that you need to keep your computer safe. Some cable modem and DSL providers also configure your Internet modem to act as a firewall. In addition there are commercial firewalls available which run from simple to very sophisticated.

How do I know if I am at risk from hacking?

The best way is to use a "friendly" port scanner and let it act as if it is attacking your machine. You can find one that will let you know if your PC is at risk, without doing you any harm, at Symantec. You can also use this web site to scan for viruses, trojan horses, and other threats, for free, at the same time.

If the resulting computer security report indicates that you have a problem then you need a firewall. If you are not technically inclined then contact a PC security consultant for help. Otherwise you can do a search on Google for "XP Firewall", if you are running the latest version of WIndows XP, or "home PC firewall", or "small business PC firewall", as appropriate.

What is Phishing?

Phishing is a term that's applied to the latest identify theft scam where potential thieves and con men use fake e-mail messages, which look very real sometimes, to con you into giving up credit card, bank and other sensitive financial and personal information. Once you give it up they proceed to clean you out and/or steal your identity and run up thousands of dollars worth of debt in your name.

Although some phishing excursions take place over the telephone, where people call up and pretend to be someone that they are not, most of the attacks come in the way of e-mail messages. These messages look very official and purport to come form your bank, charge card company, brokerage house and even government agencies. These con men go to the web site of the company or agency that they are impersonating, steal the graphics and logos and then proceed to put together an email which looks like it actually came from a valid source.

The email may say that your account is about to be suspended unless you "verify" your personal information, or they may contain some other important or urgent-sounding request. What they all have in common is that they require you to click on a link that's embedded in the email and then fill out some form that asks for your PIN code, credit card number, bank account number, social security or tax ID and anything else that they think that they can get away with asking you. Once they have that information - you're toast.

How to protect yourself from phishing attempts

1. Do not ever reply to any e-mail that asks you for any personal or financial information no matter how official it looks. Banks, credit card companies, brokers, the government and any other legitimate entity will never ask you to click on a link and supply any kind of personal or financial information.

If they include a telephone number for you to call, don't! If you feel that the message is legitimate then look up the actual web site address, or telephone number, from a statement or invoice and use it. Even if the link in the email looks real, it isn't. It's easy to make a link look like it goes to one web site but really have it go to another.

2. Never give any sensitive personal information out to anyone who calls you and asks for it. Simply ask for their name, telephone number and extension and tell them you'll call them back. Then, check that telephone number against a number that you find on a statement or receipt. If it doesn't match, call the number that you found and tell someone what's going on. If it's a real message they'll figure it all out for you. If it's a fraud, they'll tell you.

If all of this advice comes too late for you because you already fell for the phishing trick hook, line and sinker, then you have to take immediate action for damage control. Immediately contact the actual company, bank or other agency, explain what happened and then let them close your account and issue you a new one.

You should also contact the authorities and file a report. this will protect you later if creditors come after you for bills that the thieves ran up in your name.

If you live in the U.S. you can learn more about phishing by visiting the Federal Trade Commission Web site at www.ftc.gov or calling toll-free 877-382-4357. Canadian residents should visit the RECOL (Reporting Economic Crime Online) web site at www.recol.ca. U.K. residents can go to www.met.police.uk/fraudalert/identity_theft.htm for more information.

Computer security is a serious and ongoing issues which requires your constant vigilance. Don't let your guard down or you could end up being a victim.

See also: Computer Security Threats