Untitled Document

Computer Security Tip 2

Know who you're dealing with online. And know what you're getting into.

There are dishonest people in the bricks and mortar world and on the Internet. But online, you can't judge an operator's trustworthiness with a gut-affirming look in the eye. It's remarkably simple for online scammers to impersonate a legitimate business, so you need to know whom you're dealing with.

If you're shopping online, check out the seller before you buy. A legitimate business or individual seller should give you a physical address and a working telephone number at which they can be contacted in case you have problems.

• "Phishers" send spam or pop-up messages claiming to be from a business or organization that you might deal with – for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond.

The message directs you to a Web site that looks just like a legitimate organization's, but isn't. What is the purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

• Don't take the bait: don't open unsolicited or unknown e-mail messages; don't open attachments from people you don't know or don't expect; and never reply to or click on links in e-mail or pop-ups that ask for personal information. Legitimate companies don't ask for this information via e-mail.

If you are directed to a Web site to update your information, verify that the site is legitimate by calling the company directly, using contact information from your account statements. Or open a new browser window and type the URL into the address field, watching that the actual URL of the site you visit doesn't change and is still the one you intended to visit.

Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing e-mail. Most organizations have information on their Web sites about where to report problems.