Tips to Protect Yourself from Online Frauds
Team Cymru has assembled a series of tips and best practices to help
protect yourself, your family, and your organization from online frauds and
security risks. We do not warrant these tips to be fully comprehensive, and
we cannot guarantee that they will prevent you from being a victim of online
fraud, but we believe that they will at least reduce your exposure, in some
cases quite dramatically. If you have any suggestions, comments, or ideas
for additional tips, we'd love to hear them, please contact us!
Tips for System/Network Administrators
Safe Internet Browsing Tips
The Internet has some pretty dark and scary back corners, and sometimes
malicious software can pop up where you least expect it. No one can
guarantee that you'll be 100% safe, but if you follow these tips and
suggestions, you will definitely be safer, and able to browse with a bit
more peace of mind.
- Use an outbound traffic analyzer to be notified when an application
begins emitting new or unexpected traffic.
- Manually control web cookies while web browsing. The procedure for
enabling this setting is different for each World Wide Web browser (Internet
Explorer, Safari, Firefox, Opera, Chrome, etc.). In order to enable this
setting in Firefox click on "Tools", then "Options", choose the "Privacy"
tab at the top then check the boxes "Accept cookies from sites" and "Accept
third-party cookies". In the drop down menu below those boxes select "Keep
Until: Ask me every time". After setting this option you will be presented
with a choice whether to accept or deny cookies for most of the websites you
visit. If you deny cookies related to the website you are attempting to
visit then the website may not function as intended. Generally, most third
party cookies are safe to "deny", but not always.
- Always keep anti-virus software definitions up to date. Upon
installation, most antivirus software will ask you if you want definitions
updated automatically. It will also be presented as an option within the
software itself. Often your ISP (Internet Service Provider) will provide
anti-virus software to you at no cost, so check their documentation for more
- Practice "defense-in-depth" by installing more than one anti-virus
and/or anti-spyware/malware application. Contrary to popular belief,
anti-virus vendors often have widely variable delays before a particular
signature gets into their database. While they may be effectively the same
30 days after a piece of malware is released, you are most vulnerable in the
hours immediately after release, a time at which having multiple anti-virus
applications may save you from infection.
- Use a firewall. Firewalls come in many shapes and sizes with varying
degrees of functionality and protection. Firewalls can be hardware or
- Remember that everyone on the Internet is exposed to online criminals.
Sources of both commercial and free software are targets for hacking, and
care should be exercised when downloading and installing Internet-based
- Follow Microsoft's best practices for updating various Windows operating
- Never blindly accept a security dialog or execute an unexpected file,
even if it comes from a web site that you visit often. Even the largest web
sites can be compromised to include malware downloads and other security
risks. Always carefully read and evaluate the provided text before making a
decision. When in doubt - deny or cancel.
Credit/Debit Card Fraud Prevention Tips
Becoming a victim of credit or debit card fraud can be a very difficult
experience, and one we would never recommend you experience. While we
cannot guarantee that these tips will prevent you from ever experiencing
this situation, we do believe that they will help you have a higher chance
of avoiding it.
- Always take the time to check ATMs and gas pumps for extra devices that
may have been placed by fraudsters attempting to skim your card details. Do
not use any ATM with loose parts or keypads missing the standard
Braille dots - inform the bank or gas station of the potential problem and
find another location to perform your transaction.
- Be vigilant when using an ATM to avoid intentional distraction by
fraudsters attempting to steal your card. Fraudsters have also been known to
"shoulder surf" at the ATM in an attempt to view a victim entering their
PIN, so be conscious of anyone very near to you at the ATM.
- Try to avoid using standalone ATMs often found in convenience stores,
hotels, bars, etc. Devices which intercept and record the ATM phone line
tones can be utilized more easily in these locations than in more permanent
- Take the time to carefully check your credit card statement for
unauthorized charges. Checking recent activity online daily or weekly is
even better than waiting for your statement (but be sure to follow Safe Internet Browsing practices when doing
- If your bank stores electronic copies of the checks you have written for
online viewing, petition the bank to blur (or remove) the routing/account
numbers on the bottom of the check. This will prevent fraudsters from
obtaining the necessary information to perform an ACH (Automated Clearing
House) transfer should your online banking credentials be compromised.
- Never use your debit card for online purchases. It is much more
difficult and time consuming to recover lost funds from a checking/savings
account than it is to contest charges with a credit card company.
Designating one credit card for online purchases only is also prudent
because it limits exposure and allows you to quickly identify the method of
- Explore using a credit card company that allows you to create secure
virtual card numbers that are valid only for the first vendor they are used
with, and which you can selectively disable without having to change your
permanent credit card number.
- Avoid using computers you do not have full control over for online
banking. This includes any public venue that provides a computer with
- Be aware that if you give your debit/credit card to a restaurant
employee for payment, when the employee walks away to charge the card it is
relatively trivial for that employee to copy the card's magnetic stripe
using a small handheld skimmer. These skimmers allow fraudsters to replicate
your credit card at a later date for fraudulent transactions. This is why
when you dine in the European Union, a restaurant employee often brings the
mobile card processor to your table.
Identity Theft Prevention Tips
Identity theft is a serious and troubling crime that is affecting more
and more people around the world each year. We've compiled a short list of
tips that can help you keep your identity safe and secure. Please note that
this list is not intended to be fully comprehensive, nor can we guarantee
that the items listed will prevent your identity from being stolen, but they
certainly won't hurt!
- Always be wary of e-mails or websites soliciting confidential personal
information. It is also prudent to be skeptical of messages from friends on
social networking sites. When in doubt, always contact the friend directly
(preferably not via the Internet) to confirm that a link or website was
- Enroll in an identity theft prevention service.
- Monitor your credit report. U.S. federal law dictates that you may
request and receive a free report annually from each of the three major U.S.
- Place your garbage receptacles at the curb as close to garbage
collection time as possible each week. Putting your garbage out the night
before pickup allows fraudsters to take your garbage and filter it for
personal information and offers which may be applied for in your name.
- Use a shredder for any documents containing personal or confidential
information as well as offers from financial services companies.
Adobe Product Safety Tips
Adobe's products, particularly Adobe Reader, Adobe Acrobat, and Adobe
Flash, are very frequent targets of malicious activity due to their wide use
and adoption, as well as the fact that they offer the possibility of one
exploit affecting multiple operating systems. Adobe works very hard to
secure their products, and is to be commended for that, but it is not
uncommon to see zero-day exploits in the wild. The tips below should help
you keep safe every day, as well as when there are known unpatched exploits
- As with all files, but particularly with regard to Adobe's products
because of their large threat profile, be careful what you open. PDF
documents are often thought of as safe because they're "just documents", but
they are not. PDFs can contain many types of active
scripting, and this scripting can be and has been
- Consider disabling active content like Flash in your browser during
normal browsing, and only enabling it when necessary, and on a site-by-site
or even page-by-page basis. Tools such as the NoScript add-on for Firefox
can make this easier, and protect you from a wide range of other scripting
attacks as well.
- Always keep your software up-to-date, especially Adobe Reader, Acrobat,
and Flash! Use the links below to check for updates often, don't just trust
the auto-updaters to do their thing.
- Download Flash Player
- Download Adobe Reader
- When a known exploit is circulating without an available patch, consider
uninstalling the affected products entirely from your system until a new
version is available. This is often the only way to be certain you cannot be
exploited. Adobe provides uninstallers for the Windows and Mac OS X
versions of Flash as linked below.