The OneMinute Geek

Beware new Internet scams

The Problem:

Remember 'phishing?' That was the Internet scam of choice last year that used fake emails from banks and other businesses to trick you into providing confidential data at forged websites. These days, the evildoers on the net are more tech-savvy and more committed than ever. The cat and mouse game between the 'good guys' and the 'bad guys' will almost certainly never end. Just when you think you've employed a pretty good shield, the dark side devises a new sword. So what's next?

The Solution:

Hackers recently started using two new tricks to steal online identities. These scams are called Evil Twins and Pharming and are quite difficult to detect. For example, have you ever powered up your laptop inside an airport lobby or outside your favorite coffeehouse and noticed the pay-per-view wi-fi connections offered? Most are legitimate. But how can you tell?

Evil Twins are wireless networks which are identical to the look and feel of those legitimate wi-fi connections you've grown accustomed to, but are specifically designed to pillage your name, password and credit card info and - potentially - to infect your computer with viruses and spyware.

Hackers have always eavesdropped on wireless users in public spaces. And as a precaution, users have thwarted such intrusions by encrypting their connections, but the evil twins ploy presents new problems. They are very easy to setup and difficult to detect. My advice: Turn off your laptop's wireless capability when not in use, so you avoid accidentally connecting to a rogue network. And if you're interested in creating an account for one those legitimate wi-fi providers, enroll via a safer, landline Internet connection instead of a wireless one.

Pharming is a relatively new hacker tactic, which involves the 'hijacking' domain names. By secretly changing the web address' info stored on your ISP's servers, hackers can redirect the user to a fraudulent web site even when the user types in a correct web address into his browser. In this case, you may enter 'www.dictionary.com' but still end up - unbeknownst to you - at a phony site. Hackers in South Korea used this trick last March when individuals tried to access websites of American Express, Citibank and Microsoft. Instead of redirecting victims to imposter sites, the attack sent the users to a site that surreptitiously installed spyware to track their web activities. To protect yourself from pharming, be vigilant about warning messages your browser may give about mismatched digital ID certificates. And always look for secure pages when entering personal info online. Those pages should begin with "https" rather than the usual "http."

James Kerr is President/CEO of SuperGeeks, a Hawaii-based computer service and repair company (www.supergeeks.net). Please feel free to send your questions, comments and suggestions to Mr. Kerr. He can be reached at help@supergeeks.net and 942-0773.