Any tips for keeping you safe online?

scotty on 30/04/2013 - 00:02

Hi all,

Yes it's the kind of question that's asked by a lot of online shoppers, and I believe the kind of question many OzBargainers have answers for. I am basically looking for your best tips for keeping you safe online, in the context of online shopping. For example, how to check whether you might be dealing with a scam site, how to make sure your credit card information is secure, etc. I'm always impressed how some members can spot a scammer miles away.

Just to give some background. Earlier this year OzBargain was asked by Department of Broadband, Communications and the Digital Economy to help promoting the up-coming Cyber Security Awareness Week (20-24 May). They have recognised that OzBargain is in a strategic position of helping shoppers in Australia to find the best deals, hmm I mean to avoid being scammed online. It's also great that the government is doing something to help the consumers.

Anyway, here are some good tips from their website — useful stuff, although I guess many OzBargainers already know it. They are also trying to advertise their Alert Service where you get occasional emails from .gov.au about the latest online threats.

As for me, practising google-fu certainly helps, as many scams are actually known and researched by others already, and can be easily found with a bit of search. Some other frequently used website — ABR, ASIC, AusRegistry or even Dun & Bradstreet — these would give you a lot of background behind the business, to give you a vague picture on what kind of business you might be dealing with.

Any online tips from fellow OzBargainers? What do you usually do to keep you safe online?

Disclaimer: No, OzBargain don't actually receive any financial incentive from the government to help promoting this event (doh), although I do hope to score a free lunch with Stephen Conroy at their event :)

General Discussion

Comments

  • Gina Rinehart on 30/04/2013 - 00:51
    +2

    I always check websites that I'm unfamiliar with by doing a quick search. If anything comes up that smells fishy, I'll dig a bit deeper.

    I like to check if a website has a proper contact page with good information on it, like address, phone number, etc and not just a web form or email address.

    Also never send money by bank wire, Western Union, etc. Not only is it against Western Union's policy to send money for goods, it reeks of a scam. Bank transfers are often safe, but you never know. Credit card is probably the safest in my opinion, as most credit cards have a basic level of fraud protection.

    Otherwise it's pretty much common sense - stay away from poorly presented websites that you have a bad feeling about, and do your research if you're not sure. Usually you can find a whirlpool thread or something genuine with proper feedback about a website's authenticity.

    But yeah, it's worked for me so far (I've never been a victim to a scam site). You can never be too careful.

    • scotty on 30/04/2013 - 12:53
      +2

      Great suggestions — yes. We often need to find a balance between "maximise saving" and "online security". I would never do bank transfer to pay some unknown merchants or eBay sales, not that you don't get instant feedback on the transaction (wire transfer can take days before your invoice can be marked as paid), but also there's little protection.

      • _Bruce_ on 30/04/2013 - 13:16

        This raises a side point that I am interested in - who decides what is authentic and how is it enforced?

        Specially for digital goods the following may occur:
        - Data provided but royalties not paid to the correct parties
        - Data provided but DRM schemes may retract access to data at some uncertain future point
        - Data provided but DRM schemes retract access to that data AND other data at some uncertain future point

        The main issue here is that it is not in the interest of the more well established (/expensive) providers to make it clear which other providers suffer from this issue. This can be seen with people selling steam keys but also applies to a number of other areas. Is there any method to validate such services? Do we need one? How might it work?

        • scotty on 30/04/2013 - 13:37

          I think it would be a question of ethics & morality, which unfortunately people do have different standard, and can be difficult to police or enforce. Personally I won't touch a lot of deals here — CD keys, price errors, etc — but then OzBargain is a lot more than just "scotty's site" these days. This place is also moderated by a team of moderators who also happen to be unique individuals with different view points.

          For validating steam key sites for example, it's actually quite complicated. It still comes down to whether we need to do a black listing or white listing model. We shall discuss that in another thread.

        • _Bruce_ on 30/04/2013 - 14:04

          I was thinking more internet-wide as this is not an OzB exclusive issue. I think this issue will get a lot worse before it gets better.

  • goers on 30/04/2013 - 07:21

    I use creditcard through Paypal as that way you have 2 ways of recourse. Never had a problem.

  • _Bruce_ on 30/04/2013 - 07:37
    +3

    I always felt that security is a mindset rather than a set of specific techniques. It can't be taught in a rote way, the concepts need to be understood. This of course makes problems like this very hard.

    I think if you can at least get people to be aware enough to seek out help on an issue this might be the best you can hope for.

    • scotty on 30/04/2013 - 13:03

      Indeed. Sometimes the news reporting of "terror" (i.e. online fraud, scams, security breaches, etc) can raise people's awareness. It helps people to be more careful and cynical when step into a realm of unknown.

      However I'll argue that you need both the mindset and the techniques (yes mindset comes first), as pure mindset without the techniques (to research/investigate) probably just give people unfounded cynicism about everything.

      • _Bruce_ on 30/04/2013 - 13:10

        I don't think I expressed myself very well. I intended to suggest that understanding the basic concepts of internet commerce and security helps you to understand when to be on your gaurd.

        To just take the example of a man in the middle attack, understanding that this is what certificates are for, and that any malware on my local machine makes everything untrusted. If you teach more specifically how to check the certificate in a specific browser and that paypal is safe but other places aren't you open this up to social engineering and becoming quickly outdated advice.

        Not saying I have the answers, just identifying part of the problem.

        • scotty on 30/04/2013 - 13:21

          Yes I completely agree with what you are saying — the basic concept rather than specific actions. People need to be aware that SSL is there to safe guard them so the transmitted packets can't be sniffed by MitM attack, don't re-use passwords so one hacked site won't lead to other accounts compromised, etc.

  • samfisher5986 on 30/04/2013 - 12:28

    For me the biggest problem seems to be database hacks.

    Assuming that every single site I buy from will have their database hacked seems to work well as it really does happen.

    Buying with Paypal,Amazon etc seems to be the best solution.

    Also don't use a debit card for buying online, if they clear out your card then they clear out your bank account which means you can't pay rent or buy food while hoping the bank will refund your money.

    A fee free credit card like 28 degrees is perfect for this situation.

    • cwongtech on 01/05/2013 - 10:34

      Also don't use a debit card for buying online, if they clear out your card then they clear out your bank account which means you can't pay rent or buy food while hoping the bank will refund your money.

      Or what you could do is have a separate debit card purely for online purchases - mine only has max of $100, even if I get rolled on the street or if some hacker manages to get my debit card and goes on a shopping spree, the damage is limited.

      They can only clear out the account linked to that debit card. When you need to break your $100 limit, just transfer more money into the debit card account, simple.

      • samfisher5986 on 01/05/2013 - 11:02

        err so my understanding of that is…

        As soon as you want to spend more then $100, you have to wait 1-2 days for a bank transfer?

        Wouldn't really suit 99% of people. I randomly make $500+ transactions depending on the bargain etc.

        You'll miss the sale/bargain every time.

        • cwongtech on 01/05/2013 - 11:36
          +7

          As soon as you want to spend more then $100, you have to wait 1-2 days for a bank transfer?

          That's if you're transferring between different banks.

          A debit card isn't linked directly to your main savings account, for ANZ it's the cheque account. Transferring between your own linked accounts (in the same bank) are instant, i.e. from your savings account into your cheque account. Takes like 2 minutes to log in to ANZ and transfer it.

        • samfisher5986 on 01/05/2013 - 11:42
          +1

          Good point. That seems like a very safe way to have a debit card then.

        • scotty on 01/05/2013 - 12:06

          @cwongtech — great suggestion!

        • pg88 on 02/05/2013 - 12:18

          +1 to this. I would assume most people have a smart phone now, :) takes closer to 1 minute to jump on and transfer the required amount of money with the ANZ gomoney app. Pretty much only have 50 dollars my transaction account at any one time… + it means I'm maximising the time that my money is in the high interest online saver account

  • mafmouf on 30/04/2013 - 12:35
    +1

    Scotty: "Although I do hope to score a free lunch with Stephen Conroy at their event :)"

    As expected!

    Ps. Can I come too?

  • 2ndeffort on 30/04/2013 - 12:45
    +2

    For online shopping sites - Red Flags for me:

    • Product description doesnt match product
    • Very familiar looking web layout…almost like I have seen the same stock/template webshop elsewhere
    • Product description written in broken english
    • No contact details (phone number or email address) If there is an email address is it a yahoo or gmail one
    • If the only contact facility is a webform.
    • What other stuff does the site sell, pirates and frauds often sell the same types of things, fake watches/handbags/sports shirts/sunglasses/running shoes etc. If I was in doubt about a site selling uber cheap watches and i saw they also sold uber cheap NBA jerseys, handbags and oakley sunglasses I would be very suspicious.
    • Anything that says AAA Quality. Original goods are normally expected to be top quality, why would you have to specify that. If there is no bullet proof guarantee that everything is genuine OEM goods, close the site.
    • The Biggest of all though is…WESTERN UNION. If this is the preferred or worse, only method of payment, run, dont walk, run away quickly. Western Union has no recourse at all once the $$ are sent. Scammers and pirates love this because they can disappear with your cash and unlike banks/Paypal etc there is no way to track them.

    In terms of Scams, have a read of 419eater.com and scamwarners.com some funny stuff on there sticking it to evil scammers!! Anybody that believes they have been chosen randomly for some kind of wierd internet windfall, lottery win, fraudulent funds transfer etc is crazy. Do not ever reply to these emails ever.

    If by some craziness you have been involved already, stop replying to these guys. You will be hit at some point probably for a version of the old 'advanced fee fraud'. You'll be asked to send them $$ for 'taxes, bribes, administration' etc. No matter how much you send the big box of Saddam's secret gold is never going to turn up at Adelaide airport, there will always be another fee or charge somewhere. Dont think you can play them, some of these guys are seriously nasty types, just stop responding they'll quickly move onto somebody else, time is money for them. Don't think your shipment of the dead african treasurer's stash or the massive euro lottery win that you never bought a ticket for is different. They are all scams and every $ you have sent them is lost. Dont throw good money after bad.

  • leonheart1 on 30/04/2013 - 13:02
    +3

    In addition to the above, letting other ozbargainers take the plunge first never fails. Sometimes the hilarity is worth more than the actual bargain itself.

    • samfisher5986 on 30/04/2013 - 13:06
      +2

      It actually can fail pretty easily.

      I missed out on my $25 or whatever it was G27 steering wheel assuming dse would just reject their purchase…

      • leonheart1 on 30/04/2013 - 16:40

        I was mainly referring to dodgy ass retailers.
        I too would jump at bargains from well known stores like dse or ones I've purchased from before.

        The risk vs reward would also be an influential factor.

  • cheepwun on 30/04/2013 - 14:49

    What do you usually do to keep you safe online?

    • Ignore gov propaganda.
    • Ignore gov scams.
    • Ignore most media
    • Install a basic free antivirus.
    • Install NoScript for Firefox (annoying for average users).
    • Install Adblock Edge
    • Use (un?)common sense.
    • cwongtech on 01/05/2013 - 10:42
      • Install a basic free antivirus.

      I buy cheap licenses from online.. $25 a year is a small investment to make.

      • Ignore gov propaganda.

      Yep. I remember at highschool Police came to "Educate" students how to stay safe online, and it had a powerpoint sponsored by Microsoft. "Play only on Xbox360, the only safe platform".
      P.s. They were wasting their time, the highschool they were trying to educate is ranked 2nd in HSC 2012.

  • altomic on 30/04/2013 - 16:01

    when I'm online I don't drive.

    but seriously, for online shopping only use paypal for sites that haven't been "proven safe" e.g. half a dozen ozbargainers swear by the site.

    Ok if it's reputable site e.g. ASOS, expedia, etc. then CC or paypal.

    Don't ever use western union or wire transfers. If an overseas online shop doesn't take paypal then avoid. and run away.

  • georgedeka on 30/04/2013 - 16:34

    I know its on the list, but specifically I use 1 password for my email that is not used by any other service. So when livingsocial is hacked they have not suddenly got access to my entire life.

    Make sure the site if Australian has an ABN and check it up on the ABR site.

  • John Dough on 30/04/2013 - 17:33

    I have been scammed via Ebay a couple of years ago…

    Check that the seller has at least a few months of sales (not buying only history)

    Never trust an online seller that hides the details of the previous transactions. Some personal listings/sales may be an exception to the rule.

    If its 'No Paypal' its no sale!

    If its excessive posting time - it's no sale!

    If it is too cheap to be true - It is a scam.

    My scam was a seller that had good feedback for a couple of months but on closer inspection was just $0.99 online digital delivery items, and he was selling an item per 15 minutes on ebay for 2 months, all electronic goods like guitar hero and PS3 games etc.

    He sent a few items early on to keep people happy then stopped posting and kept selling. He had 'no pick up' on his page, and was using a fake bank account.

    His registered ebay address was a nursing home in Sydney.

    I contacted repeatedly and every time was very polite and seemed genuine - all tactics to make me wait a long time before reporting to ebay.

    Ebay were COMPLETELY USELESS in co-operating and a few months after he was closed down, I alerted them to ANOTHER scam and they did nothing.

    I was so angry, I went to the police who did actually try and follow it up as I found a great cop up in Brisbane who gets off on catching online scamming bastards, but alas he called me and said that the trail has hit a brick wall.

    My 10c worth, Ebayers beware!!

  • ciab on 01/05/2013 - 10:09

    Not totally related but I've just installed a couple of addons for chrome

    https://www.ghostery.com/ Ghostery allows you to block scripts from companies that you don't trust, delete local shared objects, and even block images and iframes. Ghostery puts your web privacy back in your hands.

    https://chrome.google.com/webstore/detail/https-everywhere/g… It automatically switches thousands of sites from insecure "http" to secure "https". It will protect you against many forms of surveillance and account hijacking, and some forms of censorship.

  • scrimshaw on 01/05/2013 - 14:38

    Turn on two factor authentication for your emails and other online accounts where possible.

    Have seperate email accounts for different purposes. E.g Work / personal correspondance, Online purchasing, and another to solely to receive subscriptions (spam).

    When selling on eBay, firmly reject any offers to buy your item outside of eBay. For e.g you have an auction for an item currently at $100, a buyer messages you and offers $120 to purchase it now (end the auction early on your part). Never agree to this type of transaction — just message back and tell them to bid on it if they want to win.

    As a buyer on eBay, it pays to read the feedback history of the seller you're purchasing from. Even though it may appear the seller has sold quite a lot and accumulated a lot of legit feedback, it is possible for the seller to have "farmed" the feedback scores by selling or buying a lot of low value items in order to boost their credibility rating.
    Once they have enough positive feedback they will start listing high value items (usually smartphones or tablets) at attractive prices and people will be tricked into purchasing, and that's usually when the fraud starts — you won't get your product or your money back.

  • skimp on 01/05/2013 - 22:04

    I was once scammed on eBay on a $800 item, fortunately I paid by PayPal so lodged a dispute and got the money refunded. I was very lucky though because the scammer sent a blank envelope by registered post to a random address in my suburb, they even gave me the tracking number. Had the recipient picked up the item I would have no recourse for a dispute. To cut a long story short I was lucky to have the help of the local Auspost agent, and the address was a vacant house for sale.

    On another occasion a $1500 item I bought on eBay arrived damaged, but even though I paid by PayPal they couldn't help me because I lapsed a timing condition in the dispute process. Fortunately I used my CBA credit card in my PayPal account so disputed the charges with the bank and got my money back that way.

    My tips are:
    * For high value items think about using a courier so at least the tracking extends to your address not just the local post office.
    * Use PayPal because if you jump through all their dispute resolution hoops they will get your money back.
    * Use a credit card within PayPal for a second avenue for disputes.
    * Keep very good records of damage, postal receipts, dates, ref no. etc, because both PayPal and the banks want a stack of evidence for disputes.
    * Act quickly if you want to dispute because both PayPal and the banks have timing conditions starting when the charges are made, not when they are received. Esp true if the shipment was slow to arrive from O/S.

    • cwongtech on 01/05/2013 - 23:14
      • For high value items think about using a courier so at least the tracking extends to your address not just the local post office.

      +100
      I consider anything over $50 high value, at least for the basic signature-required option.
      Anything over $100 should definitely be under courier, because Auspost can be dodgy (Lost a TVPad2 due to Auspost man, although technically it was the sellers fault because they used eParcel and not registered post.. the purchaser in my family decided to pay for a new one to be sent at a "discounted" rate, would've been cheaper just to buy it direct from the official TVPad site delivered via FedEx.
      Here's the story:
      Ebay Seller skimped out on postage option and chose the cheapass one. Auspost man stole it for sure, made up that he delivered it to the receptionist who left early that day and according to the "tracking" on the website, it was delivered after she had left the office. Auspost claims because it's eParcel, there was no Proof Of Delivery required, and no tracking either (yet.. there it is, on the AusPost site). Second delivery was via Home Address, the local postie is very trustworthy and it was delivered. We were out of pocket %125 for something that was the seller's fault)

      By the Auspost dude's call center logic, "it was delivered, there is nothing we can do about it" with eParcel, that's just freaking BS. By that token, we could say "It was delivered into a trashcan, and we can't track it any further. Investigation closed."

    • John Dough on 03/05/2013 - 08:52

      Yes acting quickly on paypal claims is key, I too have been burned by this. I think is is absolute rubbish that there is such a short time limit for claiming.

  • DrStinge on 01/05/2013 - 22:18
    +2

    I started writing this up a while ago but never got around to finishing it… a lot are just general "how to get it cheaper" hints too.

    Purchasing Online:
    Ebay
    - Always “sort by Postage + Price, Lowest First” and navigate between buying in Australia and World
    - Always pay with PayPal to take advantage of the Buyer Protection.

    Paypal
    - Buyer protection only lasts 45 days, if you have a dispute or believe your package won’t arrive, open it early.

    Unknown Sites
    - If you’re purchasing off a site you are unsure of try googling it first for a reputation; Whirlpool or Ozbargain are often good sources of potentially unscrupulous sites.
    Google: sitename + “ozbargain”
    Or
    Google: sitename + “whirlpool”

    Gumtree
    - Lots of bargains can be had by Gumtree; don’t be afraid to haggle. I always email upfront with the price I want to pay “Hi there, will you take X for this”; straight to the point. Boom.
    - When returning email in Gumtree, remember to remove your email address from the Email Body to protect your privacy
    - If the goods are quite expensive, get the persons ID. If someone refuses, refuse the sale; easy done.
    - Someone sell their iPhone 4, 4S, or 5 on Gumtree “$150” is not legit. (Per below)
    - Use common sense, if someone is selling someone ridiculously cheap what could be wrong with it?
    - Never pay for goods without having seen them

    Buying Used Mobile Phones Privately
    - Ask if the box and receipt are included; it helps eliminate the potentiality the phone was stolen / found.
    - It’s hard to tell whether a phone may be water damaged luckily some phones come with certain indicators. Google the phone you are buying plus “check for water damage” to see tips on buying it.
    - If buying a phone that will be posted ask if you can pay with Paypal (make sure they send the payment request to you as an invoice). This will protect you in case it magically doesn’t arrive.

    Buying a Used Car Privately
    - Have patience, what’s the rush yo?
    - Never put a deposit down on a car until you have verified it’s the owner you are giving the money to, the car is in good sound condition, and there is no finance (loans) left on the car.
    - Look up a mobile mechanic in your area and get the car checked out. Ask them to do mobile inspection, should cost around $150. That small amount of cash can save you a lot of pain if it turns out to be a lemon.
    - Ask for the VIN number and get a check online to make sure it’s not financed. Honestly do this, it costs $10 and it could save you thousands. Don’t be lazy.
    - Always get the drivers licence of the person buying the car and make sure the car is registered in their name.

    Buying a New Car from a Dealer
    - Have patience, what’s the rush yo? A dealer will more than likely play on your sense of urgency.
    - Have a maximum price you want to pay, that should include: on road costs, “delivery”, etc.
    - Beware of the usual tricks when buying at a dealers like “Oh I have to go check if I can do that price with my manager” then they walk off for ten minutes and leave you there. If they do this either leave or tell them “I know you can do the price”.
    - Dealers will often sell you the car first and then after your agreed price try and sell you the extras, make sure these are included first.
    - Don’t put a deposit down on a car even if its “refundable”, it’s an easy way of assuring you come back to the dealership. If you want the car they can get it for you.
    - Verify (in writing) the shipping date before you sign up. I have too often seen friends buy cars and then magically the car won’t be available for “three months”.
    - When buying a sports car, your insurance will go up. Remember that.

    • blablabla23 on 02/05/2013 - 21:39

      some pretty good advice to be had but with regards to buying mobile phone privately,

      It’s hard to tell whether a phone may be water damaged luckily some phones come with certain indicators. Google the phone you are buying plus “check for water damage” to see tips on buying it

      quite a few phones come with stickers that change colour when in contact with water (usually red), but that doesn't stop would-be scammers from changing it back to its original state (usually white). This is an unfortunately simple procedure, which is why you can't rely on it exclusively to tell if the phone was water-damaged.

      now i don't know the convention of buying second-hand phones online but i'd be needing a lot more than just pictures if i'm going to be buying a second-hand phone from a faceless stranger.

  • netsurfer on 02/05/2013 - 07:56

    Some tips to keep you safe online:

    • (A tip from my friend who works in security) Setup a VM dedicated for just Internet browsing. That VM should be very plain, no personal file whatsoever. Obviously, still need to have anti-virus and proper firewall.
    • If you have to buy from a site that's very new, use Paypal. If that site does not support Paypal and you are still very tempted to buy from them, then ask yourself the following question, are you willing to take a gamble and buy it (coz. it is a real bargain)? If yes, use a prepaid credit card with very little credit in it.
    • Realise and remember that it is ALWAYS better to buy from a retail shop / proper shop EVEN if that shop has an online sales group. I won't name the companies BUT a lot of them treat over the counter retail customers way better than online purchasers (when it comes to refund especially).
    • When a deal is too good to be true online, determine whether it is a pricing error. If you believed strongly it is, then you are taking a risk when placing an order as it could well be rejected later on and you will need to go through refund process. Only big stores like Coles, Woolworth and DSE care about their reputation to the extent that they will honour them. Most other stores, including Harvey Norman, won't honour them and the refund will take a while (so you shouldn't bother even buying them from those stores).
    • Even if a store is willing to offer the deal in case of a pricing error, if that deal was posted on OZB and you weren't one of the earlier ones to purchase it, the store may not have stock to fulfill your order (and many other orders). It could still be a long wait. Again, there is always more risk when it comes to pricing error deals.
    • Be aware that a lot of sites do profile / analyse the sites you go to. Ever wondered why so many sites are able to offer you ads which are "relevant" to you more and more often? Do you know Google, Yahoo, Microsoft, Apple AND pretty much all those free e-mail services (GMail, Yahoo Mail, Microsoft Hotmail/Outlook Online etc…) scan through your e-mail? In order for Google Now to auto alert you about your next flight, it obviously checked your e-mails. There is a reason why Facebook, LinkedIn and a lot of other services online are free (they don't just want to show you ads).
    • Also note that auto recurring payments ARE allowed in paypal. If you agreed to let a site do that (even if it were by accident because you did not read the whole service agreement), don't be suprised when they keep on charging your paypal. Treat Paypal like an account of yours. Don't "assume" Paypal = safe purchasing.
    • Just as sites can elect to keep your credit card details (to "speed up" your next purchase), they can do the same for your Paypal account too. Using Paypal does not mean they have to ask you to enter the password everytime. So if someone hacked your account….
    • Consider having multiple Paypal accounts. Have one linked to a prepaid credit card or a bank account with very limited fund.
    • Have a special credit card just for online purchasing with very low credit limit.

    Be careful when shopping online.

    • _Bruce_ on 02/05/2013 - 08:40

      (A tip from my friend who works in security) Setup a VM dedicated for just Internet browsing. That VM should be very plain, no personal file whatsoever. Obviously, still need to have anti-virus and proper firewall.

      I don't understand what this is meant to acheive. Most exploits are only interested in account details from your browser and/or acting as a relay all of which the VM is just as vulnerable to. The only thing I see this kinda-almost helping with is targetting personal attacks.

      Frankly I think that for anyone how understands how to do this the benefit is near 0, and if anything probably just provides a false sense of security for significant inconvenience.

      • scotty on 02/05/2013 - 08:53

        I think the idea of a "browsing appliance" is to

        • Reduce the attack vector. Less installed app ~= less vulnerable
        • Easy to restart anew, in case of getting infested with malware or hit by a virus. Most VM allow restoration to a checkpoint.
        • Running a more secured (or more obscure) OS. For example having Linux+Chrome or ChromeOS VM for browsing

        It's quite a bit of hassle to setup though.

      • netsurfer on 02/05/2013 - 23:25

        Like Scotty pointed out, it is to prevent malware and virus. Since it is a VM that's very basic, you would keep a copy.

        The idea is that when you don't trust a site, it is fine if it completely stuffs up a VM, all you do is to start browsing again from another copy of the "clean" VM. In fact, you would use a clean VM on a regular basis.

        When you are using the VM, it reminds you that you don't really trust the site enough. It is not just the shopping sites, it is the other sites that you "also" visit which could be harmful to your PC. How about the applications you use? Things you download could be unsafe.

        If you really want to be safe, you need to do more. If you couldn't be bothered, then it is fine too. The message I am hoping to get across is, if a security person would do such a thing, you know one thing is for sure: Internet is not as safe as you think.

  • Linkwick on 02/05/2013 - 09:09
    +1

    Something that I don't think anyone's mentioned above - if you're using a MS email (Hotmail, Live, Outlook.com), add an alias email address (or multiples) to act as spam filters/protect your original email address on shopping sites.

    Emails can be sent to the alias address as normal (and you can send emails back from the address too), but only your "original" email address can be used to log into the account - if someone else tries to log in it'll say "this email does not exist". It's basically a redirect.
    You can register up to 5 new alias IDs per year, and have up to 15 active in total. (Also worth noting you can change the original email address to another & keep the old one as an alias, just in case you've missed updating it on some sites.)

    If you use Gmail, you can create a separate "spam/shopping" email & link your emails together. It means you'll have 2 conplete email accounts but only need to log into 1 to see both.

    Also (as mentioned by others), set up 2-step verification. Google, MS, most banking sites etc. offer it, and it's worth the extra couple of seconds logging in (if you don't save the PC as authorized).

  • fryandlaurie on 02/05/2013 - 13:37
    +1

    Good advice here so far.

    I'd like to advocate password and identity security:

    Paswords

    It is very easy to think your password is secure. You may have a really good password or passphrase. However, if you start using it multiple times on multiple services even with a slight variation it can be very damaging. For example, you use your good password on a site like Livingsocial and a few weeks later it's hacked and your password is released in plain text. Some brute forcing attempts later your other services are compromised as well. One may be your personal blog or bank account etc. You would be royally screwed. While this is an extreme example it can definitely happen. To make life easier I highly recommend employing services such as Lastpass to manage all your different passwords for different services and websites. It's free, cross platform and is easy even for the normal user to undertake and set up.

    Pair this the with the previous suggestion for two factor authentication for your bank, email and other sensitive websites and you have a pretty good solution. Just a tip, commbank actually give you a free device for two factor authentication if you ask for it. It's a little device with a screen and a button. It displays random numbers once you press the button which is tied to you account. So without that key you cannot login to your netbank/phone banking even with your password.

    If you do choose to use Lastpass I highly recommend making a really good master passphrase or password. Mozilla has a really good example here. In summary it's choosing a phrase, mixing it up a bit with a rule only you know, adding special characters and then add special bits anywhere in the password to associate it to an account e.g. xxxxx:YT for Youtube (where xx is the passphrase) xxx:AMZxxx for Amazon etc.

    TL;DR: Don't use same passwords everywhere, get lastpass or similar, put all passwords secuirely in there, create a good passphrase as detailed here and stick to it, get two factor authentication for sensitive sites.

    Now that you have passwords under control:

    Identity:

    There is something called 'doxxing' on the internet. It is using your internet footprint to find out your real identity. This can result in identity theft, major security concerns for the rest of your sensitive data and even things such as blackmailing if you have anything incriminating. What's of concern here is that your real name could be found out from an ozbargain account, things would be learned about you and perhaps it could be used to incriminate you, bully you and/or attack you online by using that information and gaining access to your bank or apple account maybe through social engineering. So here is what you do:

    • Never use your real name as your user name
    • Always use different user names for websites that require accounts
    • either get a disposable email for one off registrations (www.dispostable.com is good) and/or use an alias e.g. [email protected] (Adding the plus still gets the message sent to your account but you know where it came from and they don't have your real email address allowing you to block them easily).
    • never use a really weak password for a small website that you plan on going just once. Always make the password somewhat good (Lastpass has a good generator).
    • If you have used real names tied to a common username it is quite easy to fix. Just go to the website and either change the real name or delete the account. Emailing the admins also fixes it.
    • Check out http://namechk.com/ to see how many times you've used your username in different services. If you get a lot of unavailable statuses then it means you're making it really easy for anyone to find out your identity.
    • MOST IMPORTANTLY go to www.pipl.com or a similar website and type in your name to see what anyone else could uncover. I found I had some picasa web albums left as public with actual images of me. That could be worrysome if someone wanted to stalk you or bully you. Whatever you find, take action and make it private.

    TL;DR: Never use the same usernames on multiple services, operate with pseudonyms (www.fakenamegenerator.com) where possible, never put your full name out on a social website where possible, vary your passwords regardless of how insignificant the site, ALWAYS use either disposable emails or a separate email address for online activities, google your name and see what can/should be hidden.

    Hope that helps.

Login or Join to leave a comment
Login Join