The Cranberry Eagle
If the print dialog box does not automatically appear, open the file menu and choose Print.


Article published January 16, 2013

Unwary computer users face serious Internet threats

By Eric Freehling
Eagle Focus Editor

There's someone on the Internet who wants to get to know you better. But it's not an old high school buddy looking to reconnect on Facebook.

It's more likely a career cybercriminal from some Eastern European country you can't pronounce.
And because you can't be bothered to come up with a decent password or update your computer's security software, some thug with too many vowels in his name is going to make off with your personal information, empty your bank account and hijack your computer.
That's the opinion of Butler County computer security experts who say too many people treat the Internet as a walk in the park when instead it's a trek through a jungle filled with predators.
“People don't understand they must protect their personal computer,” said Fred Kelly, the owner of Itame, a computer consulting business in Cranberry Township.
“They take it for granted, it does things for them It must be secured. To be secured, they need to be educated,” said Kelly. “Take a class, read a book, get some one-on-one tutoring.”
“The threat level is large,” said John Stepansky, a retired state trooper who now teaches classes in digital forensics at Butler County Community College. There are a lot of criminals out there, he said, drawn by sure profit and uncertain punishment.
“If the victim is in Pennsylvania and the perpetrator is in another state or country, if you are out a couple of hundred dollars, the prosecutor is not willing to prosecute on such a small amount,” said Stepansky, who started working computer crimes for the state police in 1998.
“It's profitable for the bad guy,” said Stepansky. “If he's not running up a pretty big tab, not too many people are going to raise eyebrows at him.”
Common computer crimes, said Stepansky, include ordering merchandise using a pilfered credit card number and online auction scams.
Phishing — sending an e-mail to a user falsely claiming to be a legitimate business in an attempt to trick the recipient into surrendering private information that will be used for identity theft — is a big problem, said Roger Lutz, director of network operations for the Butler Health System.
Unfortunately, said Lutz, criminals are getting more sophisticated and reaching out of the computers and into their victims' lives.
“The more information you put out there, that information can be used to take advantage of you,” said Lutz, speaking of the popularity of social networking sites such as Facebook.
“Personally, I know someone who got a call from someone who pretended to be their grandson and asked them to wire him money,” said Lutz. “He said he was in jail in Mexico.”
“Fortunately, they called his parents, who called their son, who wasn't in Mexico or in jail,” said Lutz. The caller had learned enough information from social websites to almost pull off the impersonation, Lutz said.
“You would think that everybody would know at this point never to open an attachment from somebody you don't know,” said Cletus Scalo, president of Total Technology Integration, a business computer and networking company in Middlesex Township.
“Never open an attachment from anyone you are not expecting one from,” said Scalo. “It's simply not enough to say 'I know this person, this attachment has got to be good.' I've had friends whose computer's address book was invaded by a virus that sent out fake e-mails.”
“You'll get an e-mail with phishing links embedded in it. Like 'You got a package from UPS, click for more information,” said Lutz. “Never click that link. You could be redirected to a site distributing a virus. At the very least, you will be linked to someone who tries to sell you something you don't want.”
“Ninety percent of the viruses come from websites set up to get people drawn to them,” said Jody Ellis, president of Advos Information Technologies, an information technology infrastructure firm in Adams Township. “Just visiting the website can give you a virus.”
“People e-mailing a virus to one another is rare anymore,” Ellis said.
And then there's “spear phishing,” said Bret Morey of the Penn State Electro-Optics Center in the Northpointe Industrial Park in South Buffalo Township, Armstrong County.
“That's where someone already has some information about you and is using it to target you or your company,” Morey said.
“The person knows something about you and uses that information to make his phishing attempts seem that much more legitimate,” Morey said.
So, how do you protect yourself, your information and your computer from ever more sophisticated criminals trolling the Internet for victims?
“For home security, at the very least, you should have a firewall/router guarding the perimeter between your home or home office and the Internet,” Scalo said. “It's a piece of hardware that is inexpensive, $100 to $150.”
Invest in good security software and anti-virus software, Kelly said.
Ellis also recommended an anti-virus package but said if you feel a more sensitive system is compromised, say a personal banking system, “I would be real tempted to call in an expert.”
And if you are on social network sites, know what your privacy rights are, Kelly added.
“The companies running these sites are advertising companies,” Kelly said. “They generate income from advertising and they are sharing your information with third parties. You have a chance to opt in or out of this.”
Don't make it easier for criminals by choosing a quickly deduced password, Stepansky said.
“Passwords need to be generally something not related to you,” said Stepansky. “Pet names, birth dates, maiden names are not a good choice. They can be broken very easily by social engineering.”
“Passwords should be combinations of letters and numbers and other keys such as the pound sign and upper and lower cases,” Stepansky said.
“Try passwords that are longer and less related to an actual word,” advised Lutz. “Come up with a phrase of at least eight or nine characters.”
“It's getting to the point where passwords aren't enough anymore,” said Lutz. “The next level will be multifactor authentication. Not just a password but also a code. Banks sometimes do that, a password and a code. I think probably that's where things are going.”
If you have a wireless connection in your home, Kelly said, check the manual to see what it takes to secure that connection.
“The default settings on a lot of wireless routers are wide open,” Kelly said. “In my neighborhood there are a lot of wireless connections and I can see that a lot of them are unsecured. It allows someone sitting in a car in front of your house to connect to your network and if a computer is set up to share anything, they can get access to your information depending on how savvy they are.”
If you are disposing of an old computer, said Stepansky, “Don't set a computer out on the curb with the hard drive. Take the hard drive out. Most people carry their lives in their computer.”
“There's software available that allows you to wipe the old hard drive. Or smack it with a hammer a couple of times. Once you hear pieces rattling around, you can be pretty sure no one's going to get any information off it,” Stepansky said.