Here’s another highly important rule which all internet users need to know.

NEVER CLICK ON A LINK IN ANY EMAIL SENT TO YOU.

Once you have memorised this rule, make sure you clue your family and friends in on it as well. This rule can save you serious money as well as heartache.

Why is it so important?

There’s bad people out there in the world who would like to get things from you and one way they can achieve this is by getting *you* to give them your username, login, and credit card information.

How do they do it?

They try to fool you. They send you emails from ebay, paypal, all kinds of banks, credit card companies, internet service providers (AOL has been a target for this since the early 90’s) as well as many other companies which tell you that you need to log in to do something – they might say your account has been compromised or that you need to log in to confirm your details or a truckload of other things. There’s so many variables on this that they can use, and they are working 24/7 to make their emails more believable so that more people fall for them.

What they are hoping is that you have an account with that company, and that you will panic and click on the link in the email. When you do, it takes you to a website the scammers have set up, not the actual website of the company you think sent you the email. Some of these can be so realistic that even people who *work* for that company cannot tell the difference between the real website and the fake one.

So how do I make sure I don’t fall for them?

If you follow the rule of never click on a link in your email you’ve got a very good chance of making sure you don’t fall for them. If you have an account with any company you receive an email from and you get one of these emails, type the URL of the company into your location bar yourself, and log in to the REAL website instead of their fake website.

NOTE – Just clicking on the link can install nasty software on your computer. So again, NEVER click on a link sent to your email, even if you think it is from friends or family!

What happens to the information people enter onto one of these fake sites?

Generally it is saved to a text file which is online at the website they have put up, every time someone submits information the text file is updated. From time to time, the victim support groups that I volunteer with are given text files from web hosts and legal authorities who have shut down these phishing sites and we are asked to pick through the text and warn the victims. I’ll tell you, this is a nightmare job and very time consuming. The text files are full of peoples personal information, from names, addresses, email addresses, passwords, credit card numbers.. and you would be surprised how many people get caught by this.

More on phishing and other scams can be found here – http://www.fraudwatchers.org and there is an excellent wikipedia on this topic here – http://en.wikipedia.org/wiki/Phishing – Also google is your friend. ;)

I’m not going to get all technical on you. I’ll try to keep this as simple as possible. It’s not really a huge deal but it’s good info to know.

As you cruise around the internet, you are giving some basic information to the sites that you visit. Generally, it is stuff that will not identify you personally in any way, like what kind of web browser you use, what kind of operating system your computer runs. However, there is one thing that you can be “traced” by – your IP address.

When you connect to the internet, you login with your username and password (you may not do this manually anymore, but it still happens) and then your internet service provider (ISP) gives you an IP number from their pool of numbers.

So realistically the closest anyone can get to you personally is to know what ISP you are using, and which state/country that ISP is in. Each time you send an email, your IP address goes out with that email, which makes you traceable back to your ISP. When you post on a forum, the forum logs your IP address.

For most this is a reasonable level of security. If you did something wrong, the police could ask your ISP for your details, I’m no legal expert but they’d need some kind of court order as far as I know. ISPs have to keep logs of who is using what IP address when, so you can be identified later on. Otherwise, that information is supposed to remain strictly confidential. People who work for the company could probably out who you are, but that would be about it.

For a scambaiter like me, it’s not really enough given that the people I’m emailing are criminals, and I don’t know anyone personally at my ISP – so who knows how safe my real info is? But thankfully free email providers like gmail and fastmail *hide* your IP address for you. Which is yet another reason I recommend gmail – if it’s secure enough for me, it’s secure enough for anyone. ;)

Do you want to see your IP address? Click here. It may also give you a location, and the location might be close or it might be way off. ;)

I guess the important thing to remember is, people can be traced if they do enough wrong to get the police interested and a court order issued. It’s good to keep that in mind.

In this day and age, it is one major way that we keep in touch with each other. If you have never received a spam or scam email, you are extremely lucky. Imagine trying to wade through hundreds of spam trying to find the important emails you need to read. It happens every day to people who aren’t expecting it. Here’s a screenshot from one of my now abandoned email accounts –

So what do you do when you are bombarded with spam? You don’t really have much choice but to open a new email account and start again. It’s very frustrating and extremely annoying not to mention time consuming. But spam is only an annoyance. Scam can lose you money, and there’s so many of them on the internet it is virtually impossible to keep up to date on the latest scams which are out there.

Why have an email plan? Because if you only have one email account, and that gets bombarded with spam and scam mails, it can be a real pain in the rear. So how does it work? It will seem complicated but it is actually very simple.

Basically you make one central gmail account. Let’s call it Snoskred1, for example. This email address is NEVER given to anyone. Nobody. Not even your closest family. Why? Because you can’t trust them. Trust me on that. ;)

Then you make an email account that you use for signing up for things on the internet. Let’s call it Snoskred2. It’s handy to have all that in one place for many reasons. You can’t trust any place on the internet to keep your email address to themselves because they earn money for selling email addresses and it is impossible to know which places will do that, and which places won’t, so it is easier just to treat them all as if they’re going to sell your email address.

However, you *can* trace how people got your email address by using another great gmail trick. There is a feature in GMail where you can add a + to the address and it will get to your email address. So if you sign up to an internet forum, you can put the name of the forum into the actual email address itself, exactly like this – snoskred2+forumname@gmail.com – which means if you start to get spam on that email address, you then know where the spammers got your email address from. And it does work, I have tested it.

Gmail allows you to forward mail to another account, so you simply forward Snoskred2 to Snoskred1. *ALL* mail sent to Snoskred2 will be forwarded except for mail gmail thinks is spam – and most of the time gmail gets it right. It’s as easy as putting in an email address.

So then you make an email address which you give to friends and family. Let’s call it Snoskred3. But these are your friends and family, and surely they won’t give your email address to spammers and scammers, right? Wrong. How many times have you got a mail from them with FWD in the title? If you look closely at that mail, you’ll probably see a bunch of email addresses in the CC field.

There are companies on the internet which try to trick your friends and family into giving out your email address by giving them a free Ipod for every 10 email addresses of friends and family that they “refer” – though they never give them the Ipod. And if your friends and family sign up for a new service, they are offered the option to let others know about it by email, which puts your email address out there and at risk.

Again, you can use the gmail trick to trace which of your friends and family are giving out your email address – snoskred3+friendname@gmail.com – and if you start to get spam to that email address you’ll know, next time don’t give them your email address. ;)

Gmail allows you to forward mail to another account, so you simply forward Snoskred3 to Snoskred1. *ALL* mail sent to Snoskred3 will be forwarded except for mail gmail thinks is spam – and most of the time gmail gets it right. It’s as easy as putting in an email address.

So by now you’re probably starting to get the idea but you’re still not sure why we’re doing this? Because if snoskred3 gets bombarded with spam, you turn the forwarding to snoskred1 off, and then you’re back to a spam free email account. You can make a new snoskred3 account which you personally give to the friends and family who didn’t give your address to scammers, forward that one to snoskred1, and once a week or so manually log in to check the old snoskred3 account to make sure you aren’t missing any important mail.

I recommend having two more email accounts, one for official stuff, one for work colleagues and acquaintances, but it’s up to you.

Confused yet? I hope not. ;) I’ll post this and you can let me know if you found it too confusing, I’ll try again. ;) But also have a look at this chart, and if you understand that you can turn any of the pink arrows off anytime you like then this post may make more sense. ;)

Em from Three Times Three had a little scare the other day, and it’s inspired me to write some blogs on internet security. I thought rather than trying to cover everything in one day, I’d do a week’s worth – your basic guide to keeping safe on the internet. So to start with, a little info about me and how I know anything at all about internet safety.

I’ve been on the Internet since 1992, in fact before the internet was as you know it. When I first got onto the net, I knew a girl who was “stalked” before stalking became popular. She made the mistake of using her real full name on a bulletin board. A guy took her real full name and found out where she lived, and turned up on her doorstep. Lucky for her nothing serious happened because of it, but it taught me right from the word go, the most important rule of being on the internet.

NEVER EVER USE YOUR REAL LAST NAME.

This is majorly important. You can be traced, even if you do not have your last name listed in the phone book. There are many ways it can be done and there are even companies on the internet who sell information about people, especially in the USA.

I started out using my first name and a made up last name. As time went on, I decided that even though my first name was the same as millions of other people, if I am going to use an alias on the internet I might as well choose another first name. After all, your parents choose that for you and nobody is ever really happy with it, so why not use the first name you’ve always longed to have?

There’s some other really basic important rules which I follow, so let’s cover them off right away.

1. Don’t give out any information about yourself on the internet. This includes phone number, address, shoe size, bank account details, social security number, passport information, car registration, anything which could be traced back to you or could be used to “steal” your identity.

2. Passwords are majorly important. Use lots of them. Write them down in a book.

If you use one password for everything, and your password is stolen, whoever stole it now has access to everything you signed up for on the internet. How often do passwords get stolen? A fair bit actually. There are scammers on the internet who “phish” for passwords. Many internet cafes have programs running on them which send your password to criminals. Have you ever used an internet cafe to check your email?

Not only that, but most people on the internet *join* things like forums, websites, blogs, all kinds of things. You don’t always know who has access to the information you put in when you register on a forum. For example, phpbb is one popular type of internet forum. It is also full of security holes and many such forums show your passwords to the *owner* of the forums. If you use the same password for a forum as you do for your email which you signed up with, you’ve just given someone the password to your email account.

Whoa, right? Yeah I bet you never thought of that. So how to fix it? Step one is change the password to your main email account ASAP, to something you haven’t used anywhere before. Step two is a bit more painful – the changing of *all* your passwords on forums and websites, and your blog, etc. Just take them one at a time.

3. Don’t use your internet service provider email account on the internet. There are plenty of free email providers, make use of those. Have one password for your ISP account and DO NOT DO NOT DO NOT EVER use that password for anything else on the internet.

This one is a biggie for me. Your ISP email account – ISP is how you connect to the internet, so it will end with the name of the company you are accessing the internet through, eg @bigpond.net.au @aol.com, should be given out rarely and never used as a contact email address for you on the internet.

Why?

This account identifies YOU to your internet company. Your internet company knows your real name, address and more than likely your billing information. There’s a lot of reasons why it isn’t a good idea to use it. I could go into them. The stories are long. So if you really want to know say so in the comments, I’ll blog it on its own.

So what email address should you be using on the internet? I think the best idea is to use several Gmail accounts. The reason I say that is, gmail allows you to forward to other email accounts for free. So I have a plan of how to use the accounts, which I will blog tomorrow, but here’s a sneak preview, a map.

The reason for using so many accounts is, if one of them is compromised in some way (say one of your friends is silly enough to send out a forward with your email address along with 200 of her closest friends which means spammers get the email address) then you can shut the forward off for that one and make a new one. It does work, and if you’ve ever had spam coming to you at the rate of 10 per hour you can see the benefits of doing this. Especially if it is all viagra or enlarging the size of something you don’t have because you’re a woman. ;)

5. When making an email account, always expect the spanish inquisition. Or, expect spam. The way a lot of internet spammers work is, they use a “dictionary attack” – which means they send email to every word that is found in the dictionary, and every surname found in the telephone book, and every first name they can think of. You can outwit them simply by making your account two things – not a person, place or thing, and using numbers. I like words spelt backwards – sdrawkcab760 would be a great username.

Of course, doing the above will do you no good if you go and put sdrawkcab760@gmail.com as the contact me email address on your blog. Why? Because the spammers have access to email extractors which grab email addresses from the internet. But you want people to be able to email you, right? This is where my email plan (seen above) can really be of benefit.

That’s just the tip of the iceberg. It may have been a little overwhelming, but your security is important. More to follow in the days ahead, so keep checking back. ;) And if you have any questions or specific concerns or need me to explain something more clearly, you can email me or put it in the comments, and I will address it.

Here’s to staying safe on the internet ;)