On receiving an email about a lucrative moneymaking scheme, Sri Kumara registered as a member for free on the website www.legend-mails.com. The idea was simple—get paid to receive emails. To maximize his profits, within a month he upgraded himself to a diamond membership on the site by paying $269 (Rs 12,110). After the payment, he got no response to his emails. He also never received any of the money promised by the site.
Stay alert: Use different passwords for various online activities. Raajan/Mint
Though viruses and malware top the list in online crime, such phishing emails are fast catching up. If you haven’t faced a virus threat, a password attack or a genuine-looking phishing email, count yourself lucky. But there is no harm in being prepared. Here are simple tips to browse securely.
Give out information only on secure sites
Any site which asks for your personal information (login ID, password, bank account details, credit card information), be it bank sites, shopping sites or email accounts, should have secure network indicators. First, check if the site has https written before its address. “Most websites are http only. An https site means it’s secure and encrypted," says Ankit Fadia, an ethical hacker who works with the Union government on cyber crime, is the host of MTV What the Hack and has written 14 books on computer security.
An alternative symbol for a secure site is a small yellow padlock on the bottom left of your browser. Another one is when your URL bar goes green. “These symbols mean that other people in the same network cannot tie up into your communication or conversation. One of these pointers needs to be there before you enter any personal details online," says Fadia.
“The most common mistake people make online is yielding to greed," says G. Sivakumar, professor, department of computer science and engineering, IIT Bombay. “Expecting to win prizes, lotteries or receive handsome amounts of money, many users give away valuable personal information and also infect their computers with malware." There are no free lunches, he stresses. If an email, especially by a stranger, makes an offer which is too good to be true, one should simply delete it.
Stay vigilant on your browser
Tab napping, a phishing scam, targets users who open lots of tabs on their browser at the same time. It replaces an inactive browser tab with a fake page set up specifically to obtain your personal data, such as a bank site. “You won’t even realize that it’s happening," says Fadia. So if the bank site is open on a particular tab while you are working on another one, when you return to it, double-check before you enter the data. Malicious code can replace the Web page you opened with a fake version that looks virtually identical to the legitimate one. “Always retype a website address and then add your bank account or password to it," he adds.
Also, almost all browsers support a private browsing mode. Make use of it. “This prevents storage of cookies and other personal information on the computer and makes it less vulnerable," says Sivakumar.
Always cross-check bank emails with the bank
Especially if it’s asking for your account information or your I-pin. “A bank will never send out an email to ask for your account information," says Vakul Sharma, a Supreme Court
advocate who has been dealing with cases of cyber crime. If you have any doubts, call up the bank and countercheck to see if they have sent out any emails. As a rule, be as stringent online as you would be in the real world. Would you provide your ATM pin to a person who comes knocking on your door and claims to be from the bank? Treat emails from the bank the same way. “Never input any sensitive information that might help provide access to your bank accounts, even if the link shows a page which appears legitimate," warns Sharma.
Be alert when shopping online
Online shopping is one place where having multiple identities is recommended. “Use different IDs/email
addresses and passwords for various online activities," suggests Sivakumar. Have a credit card meant only for online transactions. It should have a small credit limit so that in case someone else uses it, your losses are not too high.
Stick to a reputed website for shopping and use the virtual keyboard to enter details wherever you have the option. “Criminals use key loggers to record your passwords so a virtual keyboard is another level of protection," says Fadia.
Opt for a secure password
“The most common reason for identity theft online is an easy-to-crack password," says Sivakumar. According to him, a good password is a mix of uppercase and lowercase letters, numbers and one or more symbols such as !, @, # and ,. Avoid an actual English word as a password, as software is now capable of checking your password against a complete dictionary in some seconds.
Also, never select “remember my password" when prompted by your browser. This makes passwords pointless because anyone who gains access to your computer could gain access to your online bank and shopping accounts if you are using the same password everywhere. Practise using different IDs and email addresses with different passwords for various online activities. This means that in case someone is able to crack one of your social identities, the others will be safe. “If you find it difficult to manage various passwords online, you can use a password manager," says Sivakumar. And change your password frequently. Experts suggest that you should do it once every couple of weeks.