Home

About Mortgages

About Credit

Calculators

Apply Online

Questions

Job Opportunities

Free Email    Staff & Contacts

Computer Security While Online
by:  Olen Soifer

As mortgage professionals, we are constantly concerned with protecting the security and confidential nature of your private information.  You can read about our Privacy Policy here.  For information about security OFFline, click here.

However, we cannot control what you do on your own to protect your own privacy, prevent identity theft, enhance your online experience, etc. We can only advise you that, with the increased exposure of computers and networks to outside influences via the internet and dial up access, it is prudent to gain an awareness of the vulnerability of your computer environment and confidential information when it is so exposed. With this awareness, you can arm yourself with tools and techniques that will protect your PC &/or network, the information on it and the information you send and receive. 

We are not suggesting that you become paranoid about the possible dangers but, if you continue to track and re-read this page periodically, you will find that it keeps getting longer.  Part of this is because the author is continually on the look-out for new threats and solutions.  Unfortunately, it is also true that threats continue to increase as "hackers" learn to exploit operating systems, browsers and software.  Therefore, bookmark any number of links that are included on the page and take the precautions that you consider appropriate.  

Ultimately, depending upon the value of your data and system, it is your own, sole responsibility to discover those measures needed to protect yourself, your privacy and your confidential information.  You must also recognize that this responsibility has to be a continual process as no one-time installation of security measures can assure you of the protection you need as time passes.  Because of the changing nature of computers and the online environment, by using this page of suggestions herein, you are acknowledging that you have read and agree to the terms of the disclaimer below.

Below, we provide you with a comprehensive list of computer-related &/or online-related actions you can take, and information you should know, to give a high measure of protection at work or at home. You can also read, here, about various non-computer security measures you can take.

Please Note:  Most of the programs mentioned in this article should be set-up to work silently, in the background, whenever your computer is on and, especially, when you are on-line.  They cannot help you if they are not running continually or run only when a serious security compromise has already occurred.

1. Install Virus protection, keep it up-to-date and keep yourself informed about new virus threats:  A virus' is a computer program that, like a biological virus, can invade other software or files and is able to generate copies of itself, and thus, spread. Most computer viruses have a destructive payload that is activated under certain conditions.  Viruses need to attach themselves to another program to run, while a "worm" is a virus that can run by itself.  "Trojan Horses" or "trojans" are viruses that enter a computer hidden in a file that is voluntarily installed by a user.  There are many pay and free virus protection programs.  A good free program is AVG.  Antivirus programs detect viruses by looking for virus names or "signatures" that are contained in a database you get when you install the AV program. It is most important that the virus database be up-to-date (set online updating to "on). Updates are available from the program's website, along with lots of other virus information.  Here are a few of the major anti-virus sites: Norton Antivirus/Symantec, McAfee, AVG, Kaspersky, f-Secure.  Also, click here to go to a link, below, that will help you make your Internet Explorer web browser be less vulnerable to online threats.

2. Virus Hoaxes and other Rumors...Be cautious about sending bulk email to friends and associates regarding virus threats or, for that matter, any rumor (aka "Urban Legends") passed on to you thru someone else's bulk email forwarding. While there many viruses and scams you should protect against, there are also many virus & other hoaxes that are no threat...except for the result of, basically, false panic by internet users. What usually happens is that a "reporter" publishes a story about a new virus threat without having verified what is actually a false rumor. Then, "helpful" people start warning against everyone they know and the warnings cascade and proliferate and the internet slows down to a crawl. There is a big difference between helping people you care about by warning of a genuine threat and panicking a nation based on the spread of a hoax because few people take the time to check their sources or the facts before passing on the rumor... 20 people spreading a rumor to 20 others, thru 6 generations, is 64,000,000 useless emails that waste a lot of internet bandwidth! Before perpetuating a rumor about a new virus, do you own checking at your virus protection program's website. Before spreading an "Urban Legend", read about these rumors at Snopes.com.  If you have the time to spread a rumor, you should make the time to research it!  

3. Use caution when selecting an anti-spyware program: Some of the hardest trojans to remove are, supposedly, anti-spyware programs called Spy-Axe and Spy Falcon. These malicious programs cause popups that warn you your computer is virus infected (even if it is not...) and try to get you to buy their product. When the Trojan infects your computer, it will change your computer's registry, add files and DLL's, hijack Internet Explorer, etc. Removing them manually can be time-consuming (10 hours or more); they may require a new install of Internet Explorer and may not be removed by many genuine anti-spyware programs...we, however successfully removed it with SuperAntiSpyware. 

4. Remember, very little free stuff for your computer does NOT have a hidden price (including trojan horses that get installed with the gift).  Be cautious about downloading and installing free screen savers, search tool bars, automatic dialers, anti-spyware programs (see #3, above), etc.  "Free Downloadable Gifts" are a major source of viruses and Trojan Horses. Unfortunately, there is a big difference between "Freeware", which are truly free programs, and programs that are advertised as having a "Free Download". Most freely downloadable programs are really "shareware"...these are free for awhile but, at some point, they stop working fully unless you pay for them; they are partially "crippled" from day one until you pay or they may (such as many virus scanners) detect problems on your computer for free...but only fix them for a price. If you don't pay, you may also be in for endless "dunning" until you pay or delete them...and deleting them (such as Spy Axe) may not be all that easy. Again, use caution regarding free downloads. Remember the saying, "There's no such thing as a free lunch."

5. Use a program to prevent the downloading of "phishing" or "Trojan horse" software.  Free programs such as SPYBOT and MICROSOFT ANTI-SPYWARE  are quite good. SuperAntiSpyware has a free and a pay version (with more features) but the free version works quite well.

6. Be very cautious if you receive an email that asks for you to confirm confidential information.  This may be a "phishing" email that is just trying to get that information for use in identity theft.  For help in detecting these phony emails, read this article about detecting "phishing" emails; read this longer one from the FTC and check out the Anti-Phishing Working Group.  It is likely that, sooner or later, you will receive very legitimate looking emails from E-Bay, Chase Bank, Mid-America Bank, etc. asking you to confirm your account &/or password information "or your account will be deleted or deactivated..." Legitimate companies NEVER ask you to confirm confidential information, like that, by means of emails. Report these emails to the appropriate authorities. If you receive a suspicious email that asks you to confirm confidential information, passwords, etc, you may want to forward it to check@phishfraud.com and they will email you back after looking the email over.

7. Be especially cautious of emails offering you, possibly, millions of dollars if you help get money out of a foreign country...most notably, Nigeria, but it could be anywhere.  This is probably an "advance fee fraud".  Read about the "4-1-9 fraud" here.  This scam could cost you a fortune or get you killed if you are hooked by the perpetrators.

8. Do not, in general, utilize the "opt-out" link in any unsolicited email.  More often than not, the opt-out link just confirms that your email address is "live" and will result in more, not less" spamming because the same people who send you the unsolicited mail will, very often, make money by selling "live" email addresses to bulk emailers.

9. Never click anywhere within a pop-up window except the "X" at the extreme upper right...that includes avoiding the "cancel" button or some such similar button.  If you use Google for searches, consider installing their free pop-up blocker on the Google Toolbar.  It works as well as many pay blockers and avoids the annoying hidden software that is often downloaded unknowingly with "free" pop-up blockers.

10. Consider using a "disposable" email address (hotmail, etc) for online dealings that will not require future contacts or when it is possible that furnishing your email address may result in spamming...so, if need be, you can just close that email box.  There are programs to filter emails but none are perfect and you always risk filtering out at least some desirable email.

11. Spam...IncrediMmail and various other email programs can be programmed to automatically sort out junk mail, but you will probably need to buy a "for pay" version to get the best results.  It will also take some time to set up just which mail to dump.  Do bear in mind that all email programs will trash at least some mail you wanted to receive.  If you use a program that sets up a spam folder (sort of a spam recycle bin) and you are missing important emails, they are probably in that folder.  It is suggested that you do NOT set up this folder to automatically empty itself periodically.  
    
    In terms of specific spam, here are the worst offenders:  Foreign pharmacies:  Some of these are legitimate, some are not.  Those that are not might take your money and run or steal you identity from your credit card purchase.  Caution!!!  Those that are legitimate will have secure order pages, and will provide reasonably fast, efficient sales and delivery of quality generic (usually) medicines. Here are two legitimate firms: Budget Medicines and OffShore Rx. We let you decide about the legality of ordering prescription medications from outside US borders.  Stock Tip Spam:  Stock spam is email that touts stock, usually penny stocks, as about to rise dramatically.  They tout real companies, but their information is not to be believed.  Their goal is to get stocks to rise for a little while and then they dump their own shares.  One study of 37 stocks showed a drop in value after these spams came out, of 86%.  The folks who put out this spam are crooks and they are breaking the law.  See the Security & Exchange Commission article about "micro-cap" stocks.  Knock-off watches, etc:  You don't need to deal with a foreign company to buy this crap.  You can get the same stuff at your local large "flea" market...and you don't risk identity theft!
    

12. Consider eliminating "click and email" links to email addresses on your web pages. There are a number of internet "worms" that search the web for email addresses. The email addresses that are "harvested" by the worms,  are added to bulk email lists and the addressees end up bombarded with "spam". A good way to avoid this spam is to replace email contact addresses on web pages with a form or help ticket program. Talk to your internet provider about making this change if you are being slammed with useless spam.

13. Don't open any attachment to an email unless you know who the sender is. If you do choose to open an unknown attachment, you should have protection installed, such as ZoneAlarm (which includes email protection), or another program that scans for dangerous email attachments that can harm your system. Viruses have been sent in seemingly harmless screen savers, as "love letters", etc. In a really ominous twist, they have been sent as software purported to be protection from viruses, when in fact what was sent WAS a virus.  One of the most prolific "worms" is presently spreading thru the web in an email stating it is from the FBI!

14. If emails you send or receive are valuable and sensitive, you can get encryption software like PGP (Pretty Good Privacy) which uses 2 different software keys to scramble and unscramble your message. A public key which you freely distribute scrambles the message, but only your private key can unscramble it. If the people you correspond to want the same protection, they need to get the software, generate their own keys and provide you with their public key. PGP is free for private use.  You can also use S/MIME (Secure Multipurpose Internet Mail Extension) which is similar to, but incompatible with, PGP.  A free S/MIME toolkit is available here.

15. Get a firewall to control who has access to your computer or network from outside the network, via the internet, etc. ZoneAlarm is just one that is available and is free for private use.  As mentioned, above, ZoneAlarm also includes email protection.  See here for a bit more firewall information and tips for ZoneAlarm.  If you think you may have been "hacked" (broken into from the internet), you should perform a search of your PC &/or network to see if the hacker has installed a hidden web server such as Back Orifice on it. With no firewall and BO installed, your hacker can access your machine as if he were sitting right at your keyboard...write, change, delete files; change settings, etc. Here is more information on dealing with BO type servers. 

16. Be cautious of Word and Excel documents that are sent or given to you if they contain macros. Other programs that generate documents with macros should be suspect also. Macros can be tremendous adjuncts in documents, but can be made to damage computers/data also. In Microsoft Word or Excel, you set the macro security level by clicking Tools, then Macro, then Security. A security level of medium is adequate for most users. It lets you choose in each document you open whether to allow the macros to run, or not. Word or Excel files you download for our site are either written by us or checked, to the best of our ability, to ensure they are safe.

17. Ask your ISP if they try to ensure secure transmissions through the use of SSL or other measures. Generally, in order for transmissions to be fully secure, both the initial ISP and the final recipient's ISP must use the same security measures, unless you are encrypting your documents yourself. Realize that an email or web page may go through 30 or 40 computers/routers to get to its destination.

18. Use random passwords rather than names, addresses, phone numbers, etc. A quick way to come up with a password that is random, but easy to remember, is to use the first letter of the first six to 10 words of a favorite poem, song or bible verse, etc. Such as: "Ring Around The Rosie, Pocket Full Of Posies", generates a password of ratrpfop. Again, the password is random but the phrase that generated it is easy to remember.  It is best to change passwords periodically.  (By the way, that little song isn't as happy as it sounds. It was written during, and describes, the Black Death Epidemic in Europe.)

19. Don't write down passwords where others can find them and don't give your passwords out to others, either in person, by email or on the phone unless you are sure of who you are talking to AND sure they will not abuse the information.

20. In general, you should always guard your confidential information and give it out sparingly to others...and that includes lenders!  Make sure the lender you are talking to is genuine...check licensing, etc...if you are not sure, don't give out the information.  REMEMBER, it is not appropriate to have your social security number on a driver's license any longer.  If you have an older license with the SS#, replace it.

21. Use a "re-loadable" payment method for online payments: These can prevent recurring payments that you did not authorize OR payments for unauthorized merchandise from being charged to you.  One option is Paypal.  Paypal did have a recent, serious security compromise, but it will probably be corrected quickly as it is owned by Ebay, who cannot afford to NOT do so.  Another option is a re-loadable debit card.  These can be "re-loaded" online from a normal credit card and can be left at a low balance until you need to charge something to them.  Netspend is probably one of the better ones, here described by one user: "They were the only one I found that doesn't have any application fees, membership fees, minimum balance, need a checking account or have any recurring monthly fees. You pay a one-time $20 set-up fee, $1.50 to reload it and $1.00 per transaction."  (If you have a vendor that continually keeps trying to collect money from Netspend after you have notified them that this was not authorized, Netspend will cancel the card and issue you another one.  That is more convenient than trying to deal with a traditional credit card company to get them to reimburse you for unauthorized charges.)

22. Beware of scams perpetuated online: Many of these could use print ads or direct mail to offer their scams and many do so along with the internet...so they are being mentioned here.  Some scammers have been around for years and just "change skins" if the get caught. The internet makes that easy.  Before being roped into any money-making opportunity, check out what other people say about them.  Go to  ripoffreport or World Wide Scams to see what other people are saying about, for example, Bruce A. Berman or Carlton Sheets.  For an honest critique of a whole host of "real estate gurus", go to John T. Reed's website.  Be very cautious of other, supposedly impartial sites, that rate money-making opportunities...unfortunately, most of them are fraudulent sites that are owned by the people they are "reviewing".

23. If you are worried about access to sensitive data on your PC, you can store it on removable media like floppies or CD's or install encryption in your file storage. You may want to consider encryption software for your entire hard drive. ScramDisk is one example.  You can also use PGPDisk which is free up until version 6.5.

24. Java, Javascript and ActiveX scripting in web documents can be used to create havoc on the machine of someone receiving the page. If you are nervous about that, then disable Java and Javascript. In Netscape, click Edit, Preferences, Advanced and deselect Java/Javascript. In Internet Explorer, click Tools, Internet Options, Advanced and scroll down to Java VM.  Deselect the 3 Java settings.  You can also select Security in the Internet Options and raise the security level in the "slider".  Bear in mind that turning off Java/Javascript/ActiveX may disable portions of many web pages these days.

25. Many pages use cookies to keep track of people that have been to their pages previously. Some information about you is handed out when you return the cookie by revisiting the page. If this worries you, you can change settings in the advanced tab (see above) to refuse cookies or be asked if you will accept them. For the most part, either choice makes annoying pop-ups appear on your machine. The better choice is to get shareware that lets you delete the cookies, or deals with cookies as they are about to be handed to your PC. Cookie Crusher is an example of the latter.

26. Consider using a true browser like Opera or FireFox which are free, or Netscape, except when the site you are accessing will not work anywhere except Internet Explorer.  Unfortunately, Internet Explorer is actually a web server that acts like a browser.  It's server aspects make it subject to hacking that lets it transfer your private information to the hackers.  On the other hand, removing IE, if your operating system is Windows, is probably not practical because it is firmly interwoven with the operating system.  You can, however, take steps to secure your web browser by configuring those IE features that are the most vulnerable in an online environment.  In an online software application you must use will only work with IE, pester the manufacturer to make the application work with other browsers.

27. Keep your operating system and software updated with the latest security updates available from the manufacturer's websites.  For Microsoft operating systems and software, click here.  Apple/Macintosh updates are available here.  It is suggested that you check for updates manually, and periodically, as the automatic updating that is available can intolerably slow down your computer.

28. Investigate spam-blocking software that can automate the process of rejecting and deleting unsolicited emails that can clog your in-box. We have recently installed an email program called IncrediMmail which is available in a free version and works nicely with Outlook and some other standard email programs. The are some nice graphic features which you may like, but we especially like spam/fraud blocking abilities it provides.  Our initial experience with IncrediMmail is that it has not included any unwanted "Trojan Horses" or other nasty things.  Cloudmark has similar spam/fraud abilities, but it features become limited after a month, unless you agree to start paying a monthly fee. Unless you enjoy being solicited to: buy replica watches; accept a mortgage with impossibly low rates; enlarge your penis, breasts (or both); or enhance your sex like with drugs (proven successful or otherwise), you may want to consider one of these products. 

If your computer has been "hacked" or someone has perpetrated a computer crime against you, file a complaint with the Federal Trade Commission.  You may also consider contacting your (US) state's Attorney General's Office or the Attorney General's Cyber-crime Department (or your country's equivalent) and (in the US) the Internet Crime Complaint Center or contact the  FBI's National Computer Crime Squad (NCCS) at nccs@fbi.com or, by telephone, at (202) 324-9164.  If you suspect that your "identity has been stolen", read here about filing a Fraud Alert and ID Theft Affidavit with the three major credit repositories.

• Other agencies involved in investigating computer and internet crime include the US Secret Service, the US Postal Inspection Service and the Dept. of Homeland Security, the Internet Fraud Complaint Center and the Identity Theft Resource Center.  The crimes that these organizations investigate, and attempt to educate the public about, include, among others: invasions of privacy, identity theft, industrial espionage, threats to computer networks or crimes involving 2 or more computers in different states and crimes in which a computer is a major factor in committing the crime.

• A web page of this nature can hardly be more than a summary of information and suggestions. For more information regarding computer privacy issues, it is suggested that you visit the above-referenced sites and the Electronic Privacy Information Center. There is also a more complete list of software resources for computer privacy from the EPIC.  

Disclaimer:  Neither the author, nor Family Home Lending, guarantee that this page is fully comprehensive or that the suggestions herein (or linked hereto) are safe on all, or any, systems or situations. Every effort has been made to provide this page as a valuable security resource. However, as a condition of your use of this page, or any information within it, you acknowledge that the neither the author, nor Family Home Lending Corp, have guaranteed that this web-page is current or all-inclusive of every possible threat or solution that is available.  In addition, you agree to hold the author and Family Home Lending Corp harmless in the event any loss of any kind is suffered as a result of taking of the recommendations herein, or on any other page within this website or on site links within our pages.

8-4-2006