Tips to Protect Yourself from Online Frauds

Team Cymru has assembled a series of tips and best practices to help protect yourself, your family, and your organization from online frauds and security risks. We do not warrant these tips to be fully comprehensive, and we cannot guarantee that they will prevent you from being a victim of online fraud, but we believe that they will at least reduce your exposure, in some cases quite dramatically. If you have any suggestions, comments, or ideas for additional tips, we'd love to hear them, please contact us!

Everyday Tips

Tips for System/Network Administrators

Safe Internet Browsing Tips

The Internet has some pretty dark and scary back corners, and sometimes malicious software can pop up where you least expect it. No one can guarantee that you'll be 100% safe, but if you follow these tips and suggestions, you will definitely be safer, and able to browse with a bit more peace of mind.

  • Use an outbound traffic analyzer to be notified when an application begins emitting new or unexpected traffic.
  • Manually control web cookies while web browsing. The procedure for enabling this setting is different for each World Wide Web browser (Internet Explorer, Safari, Firefox, Opera, Chrome, etc.). In order to enable this setting in Firefox click on "Tools", then "Options", choose the "Privacy" tab at the top then check the boxes "Accept cookies from sites" and "Accept third-party cookies". In the drop down menu below those boxes select "Keep Until: Ask me every time". After setting this option you will be presented with a choice whether to accept or deny cookies for most of the websites you visit. If you deny cookies related to the website you are attempting to visit then the website may not function as intended. Generally, most third party cookies are safe to "deny", but not always.
  • Always keep anti-virus software definitions up to date. Upon installation, most antivirus software will ask you if you want definitions updated automatically. It will also be presented as an option within the software itself. Often your ISP (Internet Service Provider) will provide anti-virus software to you at no cost, so check their documentation for more information.
  • Practice "defense-in-depth" by installing more than one anti-virus and/or anti-spyware/malware application. Contrary to popular belief, anti-virus vendors often have widely variable delays before a particular signature gets into their database. While they may be effectively the same 30 days after a piece of malware is released, you are most vulnerable in the hours immediately after release, a time at which having multiple anti-virus applications may save you from infection.
  • Use a firewall. Firewalls come in many shapes and sizes with varying degrees of functionality and protection. Firewalls can be hardware or software based.
  • Remember that everyone on the Internet is exposed to online criminals. Sources of both commercial and free software are targets for hacking, and care should be exercised when downloading and installing Internet-based software.
  • Follow Microsoft's best practices for updating various Windows operating systems.
  • Never blindly accept a security dialog or execute an unexpected file, even if it comes from a web site that you visit often. Even the largest web sites can be compromised to include malware downloads and other security risks. Always carefully read and evaluate the provided text before making a decision. When in doubt - deny or cancel.

Credit/Debit Card Fraud Prevention Tips

Becoming a victim of credit or debit card fraud can be a very difficult experience, and one we would never recommend you experience. While we cannot guarantee that these tips will prevent you from ever experiencing this situation, we do believe that they will help you have a higher chance of avoiding it.

  • Always take the time to check ATMs and gas pumps for extra devices that may have been placed by fraudsters attempting to skim your card details. Do not use any ATM with loose parts or keypads missing the standard Braille dots - inform the bank or gas station of the potential problem and find another location to perform your transaction.
  • Be vigilant when using an ATM to avoid intentional distraction by fraudsters attempting to steal your card. Fraudsters have also been known to "shoulder surf" at the ATM in an attempt to view a victim entering their PIN, so be conscious of anyone very near to you at the ATM.
  • Try to avoid using standalone ATMs often found in convenience stores, hotels, bars, etc. Devices which intercept and record the ATM phone line tones can be utilized more easily in these locations than in more permanent ATM installations.
  • Take the time to carefully check your credit card statement for unauthorized charges. Checking recent activity online daily or weekly is even better than waiting for your statement (but be sure to follow Safe Internet Browsing practices when doing so!).
  • If your bank stores electronic copies of the checks you have written for online viewing, petition the bank to blur (or remove) the routing/account numbers on the bottom of the check. This will prevent fraudsters from obtaining the necessary information to perform an ACH (Automated Clearing House) transfer should your online banking credentials be compromised.
  • Never use your debit card for online purchases. It is much more difficult and time consuming to recover lost funds from a checking/savings account than it is to contest charges with a credit card company. Designating one credit card for online purchases only is also prudent because it limits exposure and allows you to quickly identify the method of compromise.
  • Explore using a credit card company that allows you to create secure virtual card numbers that are valid only for the first vendor they are used with, and which you can selectively disable without having to change your permanent credit card number.
  • Avoid using computers you do not have full control over for online banking. This includes any public venue that provides a computer with Internet access.
  • Be aware that if you give your debit/credit card to a restaurant employee for payment, when the employee walks away to charge the card it is relatively trivial for that employee to copy the card's magnetic stripe using a small handheld skimmer. These skimmers allow fraudsters to replicate your credit card at a later date for fraudulent transactions. This is why when you dine in the European Union, a restaurant employee often brings the mobile card processor to your table.

Identity Theft Prevention Tips

Identity theft is a serious and troubling crime that is affecting more and more people around the world each year. We've compiled a short list of tips that can help you keep your identity safe and secure. Please note that this list is not intended to be fully comprehensive, nor can we guarantee that the items listed will prevent your identity from being stolen, but they certainly won't hurt!

  • Always be wary of e-mails or websites soliciting confidential personal information. It is also prudent to be skeptical of messages from friends on social networking sites. When in doubt, always contact the friend directly (preferably not via the Internet) to confirm that a link or website was intentionally sent.
  • Enroll in an identity theft prevention service.
  • Monitor your credit report. U.S. federal law dictates that you may request and receive a free report annually from each of the three major U.S. credit bureaus.
  • Place your garbage receptacles at the curb as close to garbage collection time as possible each week. Putting your garbage out the night before pickup allows fraudsters to take your garbage and filter it for personal information and offers which may be applied for in your name.
  • Use a shredder for any documents containing personal or confidential information as well as offers from financial services companies.

Keeping Safe On Windows

Microsoft Windows is the most common operating system for home computers. Because of this, it is the most targeted operating system for malware. This page will give you a few tips to stay safe while using Windows.

Adobe Product Safety Tips

Adobe's products, particularly Adobe Reader, Adobe Acrobat, and Adobe Flash, are very frequent targets of malicious activity due to their wide use and adoption, as well as the fact that they offer the possibility of one exploit affecting multiple operating systems. Adobe works very hard to secure their products, and is to be commended for that, but it is not uncommon to see zero-day exploits in the wild. The tips below should help you keep safe every day, as well as when there are known unpatched exploits circulating.

  • As with all files, but particularly with regard to Adobe's products because of their large threat profile, be careful what you open. PDF documents are often thought of as safe because they're "just documents", but they are not. PDFs can contain many types of active scripting, and this scripting can be and has been exploited.
  • Consider disabling active content like Flash in your browser during normal browsing, and only enabling it when necessary, and on a site-by-site or even page-by-page basis. Tools such as the NoScript add-on for Firefox ( can make this easier, and protect you from a wide range of other scripting attacks as well.
  • Always keep your software up-to-date, especially Adobe Reader, Acrobat, and Flash! Use the links below to check for updates often, don't just trust the auto-updaters to do their thing.
    • Download Flash Player
    • Download Adobe Reader
    • When a known exploit is circulating without an available patch, consider uninstalling the affected products entirely from your system until a new version is available. This is often the only way to be certain you cannot be exploited. Adobe provides uninstallers for the Windows and Mac OS X versions of Flash as linked below.

DNS Security Tips

When it comes to your own DNS server implementation, there are a handful of questions you need to ask yourself. Your answers may differ from the next person's, but you need to at least ask them. You will be in a much better position to evaluate future threats and formulate a response if you can document your current DNS security posture and the trade-offs you may have had to make in a deployment.

1. How many authoritative name servers for your zone(s) do you have?
Two is the de facto minimum, but more might be better.
2. Are your authoritative name servers and resolvers diverse both from a geographical and network perspective?
They shouldn't all be in the same /24 or on the same physical LAN.
3. Do parent and child name servers agree on zone delegations?
Things might work if they don't, but often sub-optimally.
4. Are your resolvers open to the entire world?
If at all possible they shouldn't be.
5. Do your resolvers and zones have protection from answer spoofing?
Investigate how well your resolvers and zones stand up to spoofing attacks.
6. Do you know when your registered names(s) will expire, who has access to make changes, and how a registrar can help protect from name theft?
Many people don't think about this on a daily basis, so it's easy to forget.
7. What other services are running on your DNS servers?
SSH and NTP are reasonable services, properly protected, to run on a DNS server, but do you really need FTP, HTTP, SMTP and Telnet?
8. How do people remotely administer your DNS servers?
Even if your servers are locked down tight, never underestimate the power of SSH brute force guessing attacks or a remote admin's host having been compromised with a key logger installed. We see a lot of both.
9. How much memory (RAM) do you have installed and available on your DNS server?
RAM is often the key resource limitation for many DNS servers. Have not just more than enough, have way more than enough.
10. Are you filtering TCP DNS queries?
You probably shouldn't be. TCP isn't just for zone transfers.
11. Do you have the capability to see what queries are being asked and the overall DNS server health?
Logging and statistics monitoring is also absolutely necessary for successfully mitigating many security threats.
12. Are the DNS system clocks accurate? Have you considered setting the timezone to UTC?
Having an accurate notion of time is critical not only for many protocols to operate properly, but also to ensure you are able to correctly troubleshoot problems and security events across multiple systems and time zones.
13. Have you recently read RFC 2870?
You may not think it applies to you, but it gives some good general advice that is at least in part relevant to most DNS operators.

Now, go forth, do good work and don't panic!