|
Windsor
Federal Savings -
Best Practices for Consumers to Stay Safe
Online
The
Internet is a fantastic resource for
everyone. It's great to go shopping in our
slippers and make contacts around the world
in minutes. But there are dangers we all
have to recognize. Can we really trust a
site asking us for our financial
information? And just who are these new
business contacts we're cultivating? And how
trustworthy is that site selling the latest
MP3 gadgets?
The
fact is that online fraud is growing by 30%
annually. Not to mention the fraudsters are
becoming more and more sophisticated every
day. Email scams are virtually unlimited.
Shopping
online may feel like digital Russian
roulette. You are at a site that has exactly
what you are looking for, but you wonder...
are they a legitimate site? ... will you be
able to get redress if you have a problem?
... will this transaction leave your PC
vulnerable to viruses? ... will your
personal information be safe? You think you
have no way to check their "trust
credentials" and unless you are at a
"big" site you may not feel safe
shopping with them.
These
best practices put control of your Internet
activities back in your hands with
technology, tools and information that let
you assess the trustworthiness of the sites
you are visiting. In fact, with these simple
practices, your online shopping experience
will reach a new level of identity and trust
assurance that you have never been able to
achieve before.
Seven
Best Practices that every Consumer should
know to ensure identity and trust assurance
on the Internet - because
in a virtual world, you can't trust
virtually everyone.
1)
Verify the authenticity of a web site with a
new, FREE web content verification tool -
Comodo's VerificationEngine™ - "Green
is Good to Go".
The facts:
In
a world where a million web sites are
created every single day and you get lots of
emails asking for your sensitive
information, you need to establish the
legitimacy of entities with which you are
interacting. Now you can have it, for free,
with VerificationEngine (VE).
This
tool allows you to verify that specific
content is legitimate to the website it
claims to be. So for instance, if you go to
a PayPal site from an email notice, with
VerificationEngine, you can verify that the
site is really from PayPal (or eBay, or your
favorite bank).
With
VE installed, simply place your mouse over
the company logo/name and if a green outline
appears around your screen, the site is
verified as coming from the company it
claims to be. Green is Good to Go!
Simply
go to www.vengine.com
to download and install Comodo's
VerificationEngine plug-in for free (a very
small file that is less than the size of an
average HTML email).
2)
Make sure your emails can be trusted and
have not been tampered with.
How
can you ensure that people really know that
it was you who sent an email to them and
that the email was not intercepted during
transmission?
The
only way to guarantee this is to digitally
sign your emails. Download a free Comodo
email certificate to assure people that your
email is really from you. Ideal for those
sensitive and confidential transactions.
All you do is go to www.comodo.com/free-e-mailcert
for your free email certificate.
3)
Keep your passwords safe.
First,
pick "strong passwords" - that is
passwords that have special characters in
them, (e.g. %, ^ ) that cannot be easily
guessed by a Key-logger or Trojan. Also,
don't pick your birthday or your first/ last
name.
Another
option that is safer is to use password
protection software. There are numerous
solutions available to help manage all those
log-ins and passwords and many allow a
single click log-in to web sites. One free
solution is called iVault which can be
downloaded at: www.comodogroup.com/products/i-vault/
4)
Get your computer protected with security
solutions - Firewall, Anti Virus, Anti
Spyware and Anti SPAM.
a) Use a
firewall
A
firewall protects you against bad hackers,
some viruses and some spyware. It can also
stop your computer from being hijacked and
used to infect other machines or send spam
emails.
- If you
do not have a firewall installed, in
Windows XP, switch on Windows
Firewall.
- If you
use a broadband internet connection,
consider getting a router that has a
built-in firewall.
- For
older operating systems, get a
commercial firewall from a reputable
company.
There
are many firewall products on the market
today and one free, high quality and easy
to use firewall is Comodo's Personal
Firewall, www.personalfirewall.comodo.com
.
b) Use
anti-virus software
Anti-virus
software continually scans your computer
for viruses. It also checks incoming email
and web sites for viruses. It is not
included in your operating system so you
will need to get and install a copy.
Anti-virus
companies include Symantec, McAfee, and
Comodo. Microsoft publishes a complete
list of compatible software.
- Make
sure your anti-virus software is
automatically updated to identify new
threats as they emerge.
- Keep
your subscription current. An
out-of-date virus scanner is no use at
all.
- Don't
open attachments in emails from people
you don't know.
c)
Prevent spyware
Spyware
is a general term for a program that
surreptitiously monitors your actions.
While they are sometimes sinister, like a
remote control program used by a hacker,
software companies have been known to use
Spyware to gather data about customers. In
most cases a firewall and anti-virus
software will not prevent spyware. You
need additional software to keep it at
bay.
- Be
careful about programs you download
and install. Are you certain that they
won't harbor unwanted extra programs
or advertisements?
- Don't
install software from an unknown or
untrustworthy source?
- Be
careful about which websites you
visit. Are they trusted? Are they
reputable?
- Get an
anti-spyware program and keep it up to
date. Products include: Microsoft
Anti-spyware, Spyware Blaster, Spy
Sweeper, Spybot Search and Destroy and
AdAware.
d)
Filter out unwanted 'spam' email
There
are a number of tactics which can reduce
the volume of spam you receive.
- Don't
click on anything in a spam email,
even to "unsubscribe." If
possible, don't even open it.
- Use a
throwaway email address for trivial
online registrations.
There
are many excellent anti SPAM solutions on
the market today - many of which allow you
to control the security setting. A free
option is Comodo's anti SPAM solution at
http://www.comodo.com/home/email-security/anti-spam.php.
e) A
final note - Take advantage of Windows
Updates
Since
there are always people discovering new
ways to attack computers on a regular
basis you also need to update your
computer's operating system (the Windows
software which makes it work). This helps
stop worms attacking your computer but can
also deliver other performance and
security improvements.
- Go to
Microsoft's Windows Update site and
install all the recommended patches.
- In
particular, install Windows XP Service
Pack 2 if you don't have it already.
- Regularly
update Microsoft Office applications.
- Keep
anti-virus software and other
applications up-to-date.
5)
Don't forget the importance of backing up
your important data.
Make
a regular backup of your important data,
store it in a different location and
periodically check that it is actually
backing up the right data.
(www.backup.comodo.com)
6)
Physical security is always important.
- Security
mark your computers and other valuables.
- Keep a
note of all the serial numbers.
- Think
about locks, window locks, alarms and so
on to make your home safer.
- Don't
leave discarded computer boxes outside
your home - it's an advertisement to
burglars.
- Keep
laptops in a nondescript but padded bag.
7)
Avoid Identity theft and fraud.
Never
give anyone your user ID, PIN or password,
even if they appear to be a representative
of a trusted firm. (This is where
VerificationEngine can take the guesswork
out of verifying that the site can be
trusted.)
- Be
particularly wary of emails that appear
to come from banks, credit card or other
trusted companies asking you to update
your security information.
- Always
type the web address of trusted websites
into the browser yourself. Don't click
on links in emails.
- Don't
enter personal or financial information
unless the web address starts with
'https://' and there is a small padlock
in the frame of the web browser window.
(If you roll your mouse over the
padlock, you will see additional company
information to help establish trust.)
- If an
email offer sounds too good to be true,
it probably is.
- Be wary of
anything that tries to alter your
dial-up internet access.
Four
Best Practices that you should expect from
eMerchants
If
they don't follow these best practices -
they might not be keeping your private
information secure and private.
1)
Make sure your merchant uses a High
Assurance SSL Certificate.
SSL
certificates are the technical term for
certificates that verify that a site uses
encryption when it is receiving or sending
sensitive information and there is a
legitimate business behind the website. You
can tell if a site uses encryption by
looking for a gold padlock on the bottom of
any page that handles sensitive data.
But
all padlocks are not the same!
While
all padlocks look the same - they're not.
Some SSL certificates only ensure that the
site uses encryption. High assurance SSL
certificates, on the other hand, perform
both verification processes - the encryption
and business authentication process. Both
verification steps are critical for your
safety because encryption without business
validation is as risky as giving your house
key to someone you don't know - it puts your
privacy (not to mention your worldly goods)
at extreme risk.
But
since all padlocks look the same -- to
distinguish high assurance from low
assurance sites, simply roll your mouse over
the padlock (if you have installed VE) and a
high assurance site will list the business
name and address that owns the site. A low
assurance site will only include domain
information and no business information.
If
the site you are on only uses encryption
proceed with caution.
2)
Make sure your merchant performs regular
vulnerability scanning of their servers.
Why
do we suggest this? Even if merchants use
best practice High Assurance SSL
certificates on their web site to obtain
personal information from you, you need to
be confident that your personal and
financial information is not then vulnerable
to hackers at the merchant site.
Regular
vulnerability scanning using HackerProof™
( www.comodo.com/hackerproof
) gives you confidence that your data is
safe. How can you tell? Look for a web site
trust seal indicator that shows the merchant
is hacker proof.
3)
Look for logos that can be verified on
merchant sites.
Many
sites display many logos - BBB, FDIC, credit
card logos and such. But how do you verify
that the site is authorized to display these
logos? A Content Verification Certificate (CVC)
authenticates the legitimacy of brands and
logos. When a merchant uses CVC's, your
VerificationEngine, can verify that content
is legitimate (Green is Good to Go!), in
other words, when a merchant has a CVC, you
can verify that a brand or a logo or an
affiliation to another business is
legitimate such as BBB online or TRUSTe.
4)
Ensure that your Merchant uses a Corner of
Trust indicator.
By
using the innovative Corner of Trust logo ( www.trustlogo.com
) across their entire site, merchants have
the opportunity to demonstrate trust and
assurance on every single web page, so
regardless of what you are looking at, you
always have the ability to check the
merchant's trust credentials. The Corner of
Trust lets you instantly see the site's
basic trust credentials whether the online
session is encrypted and if the business
behind the website can be validated.
 Equal
Housing Lender |
