Precautions you may wish to take against Viruses and the like.

If you get spam or do not know the sender of an unsolicited email, delete it.

• Never, never, follow any link it contains. 
• Do not even take any action that purports to be "unsubscribe" or "delete me from your mailing list".
• At worst you will get taken to a site that will compromise your PC, at best you will get even more unwanted mail as you will have confirmed that your email address is valid and that you are a perfect target for future spamming as you actually read the stuff.

If you get an unexpected email that purports to be from a person you know
or a software supplier such as Microsoft
or an email that is in any way suspicious or oddly-worded

• Take care before following any links or opening any attachments.  This is because it is common for viruses to not only mail themselves to everyone in the victim's address book but to also masquerade as coming from random other people in that address book.
• If in doubt, contact the apparent sender to confirm that the message is genuine.
• Microsoft and other software suppliers will never email unsolicited software patches or updates.
• Bear in mind that links can be compromised such that they are not what they seem. As an example this might seem to be a link to a well known search engine http://www.google.co.uk/ but if you click it you will go elsewhere.
• You can avoid disguised URLs by typing (or copy & pasting) the URL into the browser address bar rather than clicking on a link.

Spear phishing

• Phishing is the name given to attempts to get you to disclose financial information such as your on-line banking password to a rouge site.  Spear phishing is when the attack is directed to a specific company and aims to get system account names and passwords.  A typical attack is an email that purports to come from the IT department telling you that some urgent action must be done, possibly with a numeric or disguised URL to visit and then to enter your credentials.
• There have been variants on this theme that purport to come from Microsoft which are after user names and passwords.

Delete chain emails.

• Do not forward or reply to any to them, however impressive, urgent or authoritative they may seem.  They are almost certainly hoaxes.

For your personal protection

Never respond to emails that request financial account information
Phishers often include false but sensational messages in an email ("urgent - your account details may have been stolen" or "your transaction has failed") in order to get an immediate reaction and then direct the victim to a spoof site that contains a copy of all the logos, etc, you see on the real site.  There you are asked to enter you account number and password - whereupon the criminals behind the phish have got all they need to plunder your account. According to one report, phishers convince up to five per cent of recipients to respond. By now you must have binned lots that purport to be from financial institutions that you have no dealings with -  do the same when you get one that claims to be from someone that you do deal with.

Phishing is such a problem that you can be confident that that no financial institution will put out an email that even faintly looks like a phish.  If in doubt contact the institution by means other than anything contained in the email.

Other steps you can take include

• Keep a regular check on your accounts
• Check the website you are visiting is secure (https:// rather than the usual http://)
• Be cautious with emails and personal data
• Read the information published by the British banking industry and the Anti-Phishing group.
• Report suspicious activity to the spoofed organisation and/or the Anti-Phishing group.

Home Computing

• It would be prudent to install good AV software and a firewall on your home computer.  Some software suppliers even provide free versions for personal use.
• Set the 'security settings' on your computer as high as is compatible with your Internet use.
• Ensure that you install the supplier's "critical updates" for your operating system and web browser software.
• Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your working files, preferably not on your computer.
• Watch out for file attachments with double extensions that try to make you think they are something other than what they are, for example
                       saucypicture.jpg                                                                .exe
  is an executable (.exe) not an image (.jpg), it has a row of spaces in the file name just to throw you.
• When in doubt, always err on the side of caution and do not open, download, or execute (especially don't execute) any files or email attachments.

Most suppliers of antivirus software provide guidance on avoiding becoming a victim. One such supplier is www.sophos.com/virusinfo/

Related material

• anti-phishing from the British banking industry
• Anti-Phishing group
• a supplier's guidance www.sophos.com/virusinfo/

---

Many of my pages have been prompted by, or include questions or information from, my readers. If you can add anything to the above please write to me using the message pad below.

This page is part of the Bagshot village web site.

© Copyright | privacy policy

Data provided only for personal background information. While every effort has been made to provide correct information no assurance as to its accuracy is given or implied. Check any facts you wish to rely upon.