7. Attachments and downloadsIf you've ever looked at spam and wondered how anyone could be fooled by the atrocious grammar and ridiculous promises, perhaps next time the joke will be on you. The messages are getting more polished and more targeted.
MessageLabs has seen a sharp increase over the last four years of targeted Trojans. These programs lurk inside something that appears innocuous, such as a Word document or spreadsheet. When that document is activated, the Trojan gets to work, perhaps shipping information out of the My Documents file. "These usually get sent to a single individual, so they rarely get on the radar of the broader security community," Sunner says.
"Never open or execute any e-mail attachment if you don't know the person," suggests Miner. "Consumers think that they can recognize a spam attack, but the attacks are becoming very regionalized and they look just like something you might expect to get from somebody. You shouldn't view, open, or even execute e-mail attachments unless you know the source, it's expected and you know the purpose of it."
Sometimes your friends are the unwitting messengers of malicious code. Even forwarded messages that legitimately come from friends might shuttle recipients to a dangerous URL where, as Miner illustrates, there's a list of "20 ways to take your 30-year marriage and make it go to 60" and, while you're reading it, in the background a piece of code is slipped on your computer that will start taking information.
Tip: If you enjoy sharing jokes or feel-good messages that are sent to you, copy the information into the body of a new e-mail message rather than forwarding the attachment. Learn more about surfing safely online.
8. Avoid going publicPublic cafes are great for surfing, but you really need to recognize the risk of inputting confidential information. There's not much you can do to improve information safety at a public computer. You're at greater risk because you're dependent upon on a third party for security.
"Someone else who came in before me might have put in a flash stick that is gathering information," says Miner.
"I would seriously consider if you want to use a shared computer that remotely relates to confidential or identity information," Marcus says, "simply because you don't know if it's got a keyword logger or if all the tracking is turned on on that machine.
"It's a large risk that people really need to weigh. If there's no other access available and there's no other way of getting it done, you take the risk. But if it can wait until you can get home, it might behoove you to wait."