What may be the least obvious but most susceptible to online security threats?

Because internet threats are always evolving and because web browsers are used so frequently, it is imperative that they be kept up to date.

Pharming: Pharming (aka DNS poisoning) attacks are dangerous because they are able to redirect you to a fraudulent website even if you type the domain name in your browser's address bar.

How does this online security threat work?

In simple terms, a host file (on your computer) or a Domain Name Server - DNS (on the internet) is used to match up domain names and IP addresses. As an example, if you type in SiteSell.com in your address bar, the host file or DNS checks its list to find the IP address that matches SiteSell.com and then sends you there. Malware can get on your computer that changes or corrupts your host file and hackers can get into the Domain Name Servers and change the addressing system. It's similar to someone changing a signpost along the road which diverts you to another location. With pharming, that new location is a copycat website designed to capture your personal or financial information - which you willingly input because you believe you are on the legitimate site. And sometimes, those clever thieves will even display an error code stating you didn't input your ID and password correctly and to please try again while they bounce you back to the legitimate site - where upon you re-enter your data and access your account successfully - and you are none the wiser (but perhaps much poorer after identity thieves clean out your account).

Spoofing: The online security threat of spoofing is related to pharming in that a legitimate website is spoofed - meaning it is made to look exactly like the trusted website you expect to see - usually a bank's website or a PayPal website for example - any site where a visitor might enter their ID and password or financial information. Most spoofing is of the URL type where software attacks, via compromised or malicious websites, exploit web browser security holes in order to display incorrect URL's in the browser's address bar.

Browser Hijacking: The online security threat of browser hijacking occurs when malware gets in and reconfigures your browser settings. Your "favorites" get replaced, links get changed, your default home page gets redirected, etc. The malware can arrive via an unprotected computer, an outdated browser or by malicious websites that take advantage of security holes. Attempts to return to your original settings are fruitless because often your computer's registry files are rendered corrupt and the hijacking just continues at the next reboot.

Drive-By Downloads: The online security threat continues with drive-by downloads of malware. This may happen through the exploitation of your web browser when you visit a website, view an e-mail message or by clicking on a deceptive popup window. You may click on the popup window under the impression that you are simply closing a benign advertisement unaware that you have just initiated a malicious software download.

JavaScript Code: JavaScript is a scripting language that adds functionality to websites and may also be a potential online security threat. JavaScript in itself is not bad and is in fact a necessary part of the browser and internet landscape. However, some JavaScript is written to take advantage of web browser security holes and flaws. It can get fairly technical from this point on so I'll spare you the sleep-inducing details. Just know harmful JavaScript code can infect your computer with malware just by hovering your mouse over a link!

First, make sure you have updated your operating system software to address the latest security holes - auto updates are best.

Second, make sure you have updated your browser with the latest security patches - or you may need to download the latest browser version. Just visit your favorite browser's website for exactly how to do that (e.g. Internet Explorer, Firefox, Netscape, Opera or Safari). Don't worry, it's very simple.

Third, keep these tips in mind:

-To help combat pharming attacks and spoofed websites especially when shopping or banking online, look for the little padlock icon in your browser before submitting personal or financial data. Also look in the address bar for the letters "https" (the "s" stands for secure). Depending on the browser you are using, the padlock can be in the bottom right corner and/or at the end of the address bar field. Its absence indicates an insecure site - don't go forward with the transaction.

-Be careful about misspelling your intended website name. Scammers purposely setup spoofed websites based on commonly misspelled domains just to catch the unwary and capture personal or financial information. To help with this, I use a simple browser extension called Spoof Stick.

-To further reduce the possibility of being redirected due to a pharming attack, consider using an anonymous surfing product which re-routes your internet traffic through their secure Domain Name Servers and bypasses the use of your local computer's host file altogether. This same service can also alert you to spoofed, fraudulent or phishing sites.

Leave ONLINE SECURITY THREATS and return to HOME page.