Cybercrime

Some online activities are riskier than others. Fenton says that downloading movies and video from peer-to-peer file-sharing sites like Bittorrent is extremely hazardous.

"The bad guys like to infect the most popular files with trojans, and they’re usually ahead of the antivirus software so they don’t get detected," he said

So think twice before you try to save a couple of bucks by downloading Spiderman 3. Other dicey sites are porn, online gambling, and just about anything else your mother would disapprove of.

But simply staying away from the seamier side of the internet is no guarantee that you won't run into malware.

Sophisticated crooks have taken to hacking into legitimate sites and infecting them with trojans or viruses that can be passed on to you. Cluley notes that about 8,000 websites a day are infected with malware, and 70 per cent of those are what are commonly considered to be safe, mainstream sites. That means that you can pick up an unwanted intruder while innocently shopping for electronics or checking the weather.

Terminology

• A BOTNET, or robot network, is a group of web-linked computers — sometimes called zombies — that have been commandeered, in some instances by criminals, to perpetrate all kinds of online nastiness. Typically a 'bot' is installed on a machine through a trojan, an insidious program that can find its way into an insufficiently protected computer in a variety of ways, such as when a user clicks on a link to an infected web page or e-mail message, views an infected document, or runs an infected program. Once the bot has made itself at home, it "opens the doors" of its new host computer to its master, who can instruct the machine to engage in various nefarious activities such as sending out spam and phishing e-mails, or launching the distributed denial of service or DDOS attacks like the kind that almost brought down the internet. In some cases, these nasty little robots can steal personal data and return it to a central site to be used for identity theft purposes.

• MALWARE

  is a catch-all term for malicious software such as computer viruses, spyware, trojans and so on that compromise the security or function of people's computers.

• PHISHING

  is a technique in which criminals try to trick people into disclosing sensitive information, such as online banking names and passwords, and is often conducted through e-mails that direct people to a bogus website.

• PHARMING

  is an attack in which malicious individuals try to redirect internet traffic from a legitimate website to a false one. This is sometimes done to collect a person's login or password information.

• TROJANS

  are programs that appear to perform one function in order to hide a malicious function — for example, a downloaded game might contain a virus. Like the mythological Trojan horse such programs are named after, the deception tricks people into granting an outsider access to their computer.

• ZOMBIES

  are computers that have been hijacked to perform commands and functions issued to them by the attackers, often without the owners' knowledge. They are typically infected by Trojans, a type of software that enables attackers to use them in a botnet. An infected computer is sometimes referred to as a bot — short for robot.

Experts now recommend keeping two computers — one for sensitive online transactions like banking or business, and another for general surfing. This is especially important if your kids are computer users, as they tend to be more adventurous in their surfing than adults.

An alternative to having two computers is to equip your machine with a removable drive tray that fits into a computer's standard CD/DVD bay (less than 10 minutes of work with a screwdriver, or you can have one installed at a computer store). It allows you to put hard drives into cartridges that can be swapped in and out of the machine in seconds. You can set up one "secure" drive with an operating system for things like banking, e-commerce and office work, and set up another drive that you and the kids can use for general surfing.

Using removable drive trays is almost as simple as swapping a DVD in your home theatre system: Power down the computer, remove one drive, slide the other drive into the computer to replace it, and reboot. A removable tray and medium-capacity hard drive can be had for around $100, saving money and space since you only need one computer, mouse, keyboard and monitor.

Malware often gets into your machine by exploiting loopholes in operating systems and other software. Make sure you download available patches and updates to fix these vulnerabilities as soon as they become available.

Most good software will do this automatically — all you have to do is say "yes" when it asks you whether you want to install an update. With older software and peripherals, you may have to visit the manufacturer's site yourself to check for updated software and drivers.

Cluley notes that around 40 per cent of people use the same password for all applications and websites, a dangerous practice. Vary your passwords, and don’t use obvious ones like kids’ names or a birthday. They’re the first things crooks try.

The same principle applies to security questions. You don’t have to enter your mother’s real maiden name, which is a matter of public record, just because someone asks for it. Type in "supergirl" or the name of your favourite actress instead.

You did not win a lottery, get a job with an international bank, or inherit $10,000,000 from someone you don’t know. Don’t answer those e-mails, or anything else offered from an unknown source.

Likewise, banks, financial institutions and government departments will never ask you for sensitive information or to confirm passwords via e-mail. Phishing scams are e-mails which pretend to be from banks or internet providers and ask you to click through to their sites and enter personal data. Don’t.

If you get an e-mail that informs you that, say, your bank wants to update your password so you need to click on a link in the message and type in your old one, or that a government agency wants to confirm your social insurance number, ignore it. Call your local bank branch or the government department if you want to check the authenticity of the request (using numbers from the phone book, not those from the e-mail in question), but never enter sensitive information online in response to an e-mail.

Det.-Const. Fenton says he’s amazed at how many people still fall victim to these kinds of cons. "I’ve had lawyers, doctors, engineers call me to say 'my Viagra never got delivered' after they ordered it by responding to an e-mail. How do you deal with people like that?"

If you’re active on any online social networks, be careful what information you reveal.

Cluely says that in a study of Facebook users, 25 per cent disclosed their full address on their online profile, and 78 per cent gave a home phone number.

"Some of these people will then actually announce to their network that they’re going on holiday," he says. "You think, what are you doing?"

Never do any sensitive business like banking on public computers, whether it's a public terminal or a machine at an internet cafe. There could easily be software that steals your information as you’re typing, sending it off to identity thieves.

It's also a bad idea to conduct sensitive transactions using a public WiFi wireless hotspot. Unencrypted transmissions can be monitored, and even "secure" encrypted links can be cracked.

The best advice? Don’t take anything you see on the web at face value.

"The problem is that people today just aren’t paranoid enough — they aren’t acting carefully," Cluley says. "It’s as if the motorcar had just been invented and everybody went racing down the freeway without taking any lessons."