A
Adware
A form of spyware that enters your computer from an Internet download. Like spyware, it monitors your computer use, such as what Web sites you visit. Adware gets its name from also launching numerous pop-up ads in your browser.
Anti-Virus Software
Anti-virus software will protect your computer from viruses encountered on the Web. New viruses are born every day, so it’s important to update your anti-virus software regularly.
Attachment
A document, a picture, a video clip, program or any other kind of file that can be attached and sent with an e-mail or instant message. Malicious programs, viruses or spyware are commonly spread through attachments.
| What to do: Never open or download an IM or e-mail attachment from an unknown source or one that you are not expecting. Be cautious of attachments ending in .exe, .com, .scr, .bat or .pif. By simply deleting a suspect attachment or message, you take another step in protecting your computer. |
B
Backdoor
In a computer system, a backdoor refers to an overlooked or hidden entry into a computer system. A backdoor allows a hacker or other unauthorized user to bypass a password requirement and to gain access to a computer.
C
Cookie
A small data file that a Web site installs on your computer’s hard drive to collect information about your activities on the site or to allow other capabilities on the site. Web sites use cookies to identify returning visitors and profile their preferences on the site. For example, many online shopping sites use cookies to monitor what items a particular shopper is buying to suggest similar items. Cookies are somewhat controversial as they raise questions of privacy and can be used by hackers as spyware.
D
Download
The transfer of data from one computer (or server) to another computer. Downloading can refer to documents, software programs, photo, music or movie files. Often downloads can mask unwanted malicious programs.
| What to do: When you go to download that “free” screen saver, you may also be downloading spyware or a virus. Make sure you only download material from a legal, well-known source. Also, since instant message and e-mail sender names can be spoofed, only download instant message or e-mail attachments that you are expecting. |
F
Firewall
A security tool that protects an individual computer or even an entire network from unauthorized attempts to access your system. Firewalls often protect e-mail servers from receiving spam. A firewall will also scan both incoming and outgoing communications for your personal information and prevent it from leaving your computer without permission.
H
Hacker
A hacker is someone who has the technical know-how to intentionally breach or “hack” into a computer system to steal confidential information or to cause damage to a computer or whole network. Hackers are often looking to find financial or personal information in order to steal money or identities.
HTTP (Hypertext Transfer Protocol)
This is the standard language that computers use to communicate with each other on the Internet. Web addresses tend to start with http://www.
HTTPS
If a Web address begins with https, it indicates that the Web site is equipped with an additional security layer. Typically, users must provide a password or other means of authentication to access the site. This is often used when making payments online or accessing classified information.
| What to do: When asked to provide personal information online, such as a credit card purchase, always look for https in the URL before you do so. If it’s not there, the site is not secure–and neither is your information. |
I
Instant Messaging (IM)
Instant messaging rivals e-mail as the most popular form of online communication. IM allows users to relay messages to each other in real time for a “conversation” between two or more people. IM is also becoming the quickest new threat to network security. Because many IM systems have been slow to add security features, hackers have found IM a useful means of spreading viruses, spyware, phishing scams, and a wide variety of worms. Typically, these threats have infiltrated systems through attachments or contaminated messages.
| What to do: • Use a strong IM password. • Don’t automatically accept incoming messages or file transfers—even if you think you know the sender. IM addresses can be easily forged and file transfers are commonly used to launch viruses. • Don’t discuss personal or private information. Often, IM programs are easily compromised allowing hackers to read your messages as if they were postcards. • Watch for and download security upgrades from IM companies. Check them often for important patches and updates. |
M
Malware
This term refers to any “malicious software” created to damage or illegally access a computer or network. Computer viruses, worms, spyware, and adware are all examples of malware.
P
Personal Information
Any information that can personally identify you, such as your name, address, phone numbers, your schedule, Social Security number, bank account number, credit card account numbers, family members’ names or friends’ names.
| What to do: Treat your personal information with the utmost confidentiality on the Web. Finding this information is often the goal of hackers looking to steal your identity or your money. Also, don’t send personal information over e-mail or IM. These are insecure methods of communication and can be read or intercepted by outside sources. Remember; once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent. Keep your personal information private. |
Phishing
Like the sport it’s named after, phishing refers to an urgent instant message or e-mail message meant to lure recipients into responding. Often these messages will appear to be from a friend, a bank or other legitimate source asking for personal information such as names, passwords, Social Security numbers or credit card information. These messages might also direct users to phony Web sites to trick users into providing personal information. Users falling for the “bait,” often have their money or identities stolen.
| What to do: Be suspicious of any message asking for personal or financial information. If you are unsure about a message’s authenticity, never click a link within the e-mail taking you to any Web site. Banks or other legitimate organizations are not likely to contact you in this manner due to the security risks of sharing sensitive material online. If you think the message may be legitimate, call or contact the sender using contact information you already have, not the contact information provided in the suspicious message. These types of IM or e-mail messages should be treated like spam: delete them. |
Pop-up Messages or Ads
Unsolicited advertising that “pops up” in its own browser window. Adware programs can overrun a computer with pop- up ads or messages. If you are receiving a huge amount of pop- ups in your online sessions, your computer may be infected with adware, spyware or a virus.
S
Social Engineering
This refers to a direct communication, either in person, by phone, by fax or over the Internet, designed to trick you into providing your personal information. These messages usually ask you to “update” or “confirm” information by typing in a reply or clicking on a link. Legitimate institutions, such as banks, do not send e-mail or IM of this nature due to security concerns on the Internet. “Phishing” is a prime example of social engineering.
Social Networking Sites
These are Web sites, such as Facebook or MySpace, where users build online profiles and share personal information, opinions, photographs, blog entries, and other media to network with other users, to find new friends or find a new job. Unfortunately, social networking sites have become targets of online predators, spammers, and other dangerous forces on the Web.
| What to do: Keep in mind that the Internet is a public resource. Only post information you are comfortable with anyone seeing and we do mean anyone—your parents, your grandparents, your siblings, your teachers, your employer, even potential employers. It’s not uncommon for companies to run an Internet search of job applicants before they offer them a position. There are several stories of people being “weeded out” from a job search due to compromising or ill-advised photos and information found on the Web, usually posted by that very person! Even if you remove information, that same information may still be living on other people’s computers or networks. Also, don’t post information that would make you vulnerable to a physical attack, such as your address, your schedule or where you will be meeting friends this weekend. Most of all, be careful of people you meet on the Web. The Internet provides people with a certain amount of anonymity. The Internet makes it easy for predators to pose as something they’re not. |
Spam
Unsolicited, commercial e-mail messages that are sent out in bulk, often to millions of users in hopes that one person may actually reply. Spam messages often involve Internet hoaxes and should be deleted immediately. Responding to a spam message will confirm to the sender that they have reached a legitimate e-mail address and they will more than likely continue to send messages to that address.
| What to do: Never respond to spam! Delete it. |
Spim
A new term for spam messages being sent to instant message addresses.
| What to do: Simply ignore them. Also, never respond to a message that looks like spim. A response will confirm to the sender that your account is legitimate and it’s likely the messages will. |
Spoofing
Forging an e-mail or instant message address to make it appear as if it came from someone or somewhere other than the true source. Whole Web sites can also be spoofed, tricking users into providing their passwords or other personal information, such as their credit card information.
Spyware
Spyware refers to a software program that slips into your computer without your consent to track your online activity. These programs tend to piggyback on another software program. When the user downloads and installs the software, the spyware is also installed without the user’s knowledge. There are different forms of spyware that track different types of activity. Some programs monitor what Web sites you visit, while others record key stokes to steal personal information, such as credit card numbers, bank account information or passwords.
| What to do: Consider the reliability of the site offering the software download. Be careful if a download prompts you to accept the installation of additional software. Scan the fine print before downloading. If you see anything that refers to monitoring browsing sessions or collecting information, consider this your “red flag” that you may be installing spyware. |
T
Trojan Horse
If you read “The Iliad” in high school, you will remember that the Trojan horse concealed an army and fooled the citizens of Troy into taking it inside its city walls. Once inside the city gates, the army was let loose and brought Troy down. Similarly, in computer security terms, a Trojan horse refers to a malicious program that enters a computer or system disguised or embedded within legitimate software. Once installed on a computer, a Trojan horse will delete files, access your personal information, reconfigure your computer or even allow hackers to use your computer as a weapon against other computers on a network.
| What to do: Like most other viruses or malicious programs, Trojan horses are most commonly spread through e-mail or IM messages. Never open a message attachment unless you are expecting, even from someone you know. IM or e-mail addresses are easily forged and what you think is a message from your roommate could be from someone you have never met and would never want to meet. Also, check the file extension of all attachments you receive. If the attachment ends in .exe, .com, .scr, .bat, or .pif, be careful. These suggest a program that may start running on your machine if you click on it. |
V
Virus
A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft Office programs that allows users to generate macros.
W
Worm
Just as a worm burrows through an apple making it inedible, a computer worm is a program built to reproduce itself and spread across a network, rendering it ineffective. A worm may be designed to complete several different malicious activities. However, one common denominator is that a worm can harm a network by consuming large amounts of bandwidth, potentially shutting the network down. Viruses, on the other hand, are more limited to targeting computers one-at-a-time. A virus also requires other programs to execute and replicate, whereas a worm can act independently of other programs.
Z
Zombie
A computer overtaken by a hacker and used to perform malicious tasks. Commonly, zombie computers are used to send large amounts of spam or host fraudulent Web sites.
| What to do: If you believe your computer has been taken over by an outside source, first: disconnect it from the LAN. Then, contact the IT Department. |
