If you think pharming is some kind of drug manufacturing process, that phishing is a new kind of angling, or spam is something good to eat, read on.
In theory, warnings of new security threats on the Web are a good idea, but what`s the point if few people understand them or know how to protect themselves?
A recent survey carried out in the UK found that the average computer user does not understand the terminology used to warn of threats online.
Junk mail is not as much a threat as it is a nuisance and waster of time, but the survey found that although 76% of those surveyed were concerned about junk e-mails, 16% had never heard the term "spam" applied to unsolicited e-mail.
The survey concluded that many people were left vulnerable despite warnings because they did not understand the nature of the threat, and consequently did not know how to respond to threats from viruses, phishing, pharming, keylogging and Trojans.
Arguably, being told to "take appropriate evasive action to protect against a rapidly approaching projectile" would be a far less effective warning than "Quick, duck - bullet!" Why then do most warnings about threats online take the former rather than the latter approach?
Acronyms are a favourite bugbear, but the survey highlights the fact that much of the terminology used to describe threats online, presents as much, if not more of a challenge when it comes to deciphering meaning.
For example, the survey found that 84% of respondents did not know that "phishing" refers to e-mail scams in which victims are typically tricked into revealing banking or other personal details, as in: "Phishing attacks are becoming more sophisticated and South Africans have reason to worry, says Symantec`s bi-annual security report."
Although 25% claimed to be familiar with the term "spyware", the survey found that almost 10% of those thought it was a type of software used for spying on unfaithful partners. In other words, relatively few people knew the term refers to programs that secretly monitor and report Web activity often for illegal purposes.
The survey found that few people knew that "keylogging" refers to various techniques for recording every key pressed on computers to get access to passwords as in: "First National Bank`s introduction of its DigiTag digital security solution eliminates the risk posed by keylogging software."
Pharmers and phishers
Arguably, being told to "take appropriate evasive action to protect against a rapidly approaching projectile" would be a far less effective warning than "Quick, duck - bullet!"
Warwick Ashford, Technology Editor, ITWeb
Even though I am familiar with the practice of redirecting Web users away from legitimate sites to fake ones for the purposes of phishing, the term "pharming" was new to me, as in: "E-mailed viruses that rewrite local host files on individual PCs have been used to conduct smaller-scale pharming attacks."
Typically, pharmers redirect users without their knowledge and consent from legitimate commercial sites to bogus sites. These sites often look the same as the genuine site, but when users enter their login name and password, the information is captured by criminals.
For anyone familiar with the classical tale of the Trojan horse, it would be relatively easy to work out how a "Trojan" works in the computer context, but only 39% of survey respondent knew that that the term refers to malicious software that installs itself on a computer without the user`s knowledge, hiding until triggered to do something malicious like delete important information or transmit information to criminals.
As the number of people active on the Web and the level of sophistication of online threats both increase, so it becomes more important that users increase their knowledge of those threats and how to protect against them. Around 21% of respondents admitted they did not know how to protect themselves online.
Ducking the bullet
Fortunately, there are a few simple things that can be done to protect oneself from the plethora of threats with bamboozling names. Now that you are familiar with some of the most common terminology used for online threats, it`s time to get real about the fact that it is necessary to get protection if you are intending to venture out onto the Web.
Start with the obvious, like installing anti-virus and anti-spam software and keeping them up to date. Also make sure your browser and operating system security patches are up to date. Experts also make simple recommendations like not opening suspicious e-mail and not replying to spam messages. You should also be extremely cautious opening unknown or unexpected mail attachments.
The spread of malicious programs designed to damage data, called viruses, is commonly done through e-mail and e-mail attachments. These are best regarded with suspicion if the sender is unknown.
Perhaps a little less obvious, never respond to e-mails requesting personal financial information. Experts advise contacting your financial institution by telephone, even if the e-mail looks legitimate. Also, when visiting bank Web sites, rather type the URL into the address bar instead of clicking on any embedded links.
A handy way of helping identify if a Web site uses encryption to protect personal data is by looking at the Web address to see that a secure protocol is being used. This is indicated by "https" instead of the usual "http", without the "s". Submitting personal details via sites that are not secure is generally inadvisable.
When it comes to the Web, proceed with caution and get protection. Then as far as possible, use common sense, or you could be the next victim of some new scam with an obscure name.
Share