Computers and IT

Internet security and scams

I wrote the following article for the Elmdon Gazette last year. It is still relevant. I will add other advice as it arises.

I thought it might be timely to remind everyone of the dangers of responding to calls concerning Internet security, viruses and alleged computer malfunction. One of our Elmdon residents received a telephone call purporting to be from a legitimate organisation; the caller saying that potential faults had been identified in his computer and inviting him to connect to a website so that diagnostics could be performed. There are many versions of this scam and you may have experienced similar calls. The individual eventually became suspicious and called me for advice. Here was my advice with some other related facts.
1. It is not possible for any remote individual to know anything about your computer, possible viruses or Internet based malicious software. That of course will only be the case if your Internet connection is through a recognised router with the firewall switched on.
2. Any such calls must be bogus and fraudulent. The aim of the caller is simply to encourage you, the victim to launch his software which could allow him to access the internals of your machine - for example your saved passwords, your Internet browsing history and so on.
3. The reason that they go about it in this way is that only you can initiate access to remote Internet applications or websites. The router and associated firewall are designed to block all access from outside. So the caller will ask you to access a website which will, unknown to you, run a program to connect his machine to yours and within a few seconds his machine will find and transfer the information that he wants. The exact same principle is used by email based phishing (so called) attacks. With these, you receive an email with an embedded link from someone you don't know. When you click that link it will launch a malicious program which in turn will automatically connect to the rogue machine.
4. So the remedy is simple. Never continue with any call from someone making suspicious claims - put the phone down immediately. Never click on links in emails from people you don't know. Remember that it is also easy for fraudsters to spoof emails from people you may know. So you may think the email is genuine; but look carefully: is the email formatted in the usual way, is the signature familiar, is the language used in the email correctly spelled and grammatical? Fraudulent emails purporting to be from banks are very common. If in doubt contact the sender and ask first. And always use a very strong password for your email accounts - many fraudsters can, through brute force attack (or guessing) compromise your server email account and get access to all sorts of private stuff. It has happened to me in the past - and to our neighbour who reported the recent incident to me.
5. And a word about routers and their firewalls. If you have access as an administrator (which is possible with most makes) please be careful not to fiddle about with things you don't understand. All ports should be blocked against external access - apart from port 80 may be used for remote administrative access to your router from the Internet. If you don't know what that means ignore it! And if you do use remote administrative access from the Internet, make sure you use a robust password not the default one supplied with the machine. And also, don't fiddle with the Network Address Translation table (NAT). Again, if you don't know what that means, ignore it.