Category: Internet Security

Online Banking & Security Q&A



Approach your online security with the right frame of mind.

Q. What’s the safest way to do my online banking: over a wired connection, powerline networking or Wi-Fi?

A. The answer doesn’t matter as much as you might think, but asking the question does mean you’re approaching your online security in the right state of mind.

Overall, a wired ethernet link is more secure than either Wi-Fi or powerline networking, in which the electrical wires in your home carry Internet data. To compromise an ethernet network, an attacker needs to get into your house and plug in a laptop, while Wi-Fi signals go beyond your home and powerline networks can leak information to adjacent dwellings.

Both Wi-Fi and powerline setups come with encryption options to scramble data flowing over the network; once you switch them on, an attacker would need to know the password to break in. But Wi-Fi’s obsolete WEP encryption can easily be defeated — and is still presented as a valid option in routers’ setup routines.

Furthermore, if you leave a router on its default administrative password, somebody who connects to your network can also monkey with the router’s settings to redirect your traffic to rogue sites. For much the same reason, you shouldn’t automatically trust third-party wireless hot spots.

Financial sites use encryption of their own to scramble data flowing to and from your computer — as reported by your browser with a lock icon in its toolbar that, when clicked, should display an info sheet including the bank’s name — and that should almost always outweigh the security of your local network.

(A determined attacker could defeat a bank’s login security by persuading a user to connect to a router running malware that subverts this encryption, but this seems to have been a theoretical exercise to date.)

Your local network, however, makes up only one part of the “attack surface” of online banking, and it may not be nearly as profitable as two others: your computer and your mind.

If an attacker can get a keylogger on your computer to record your keystrokes, the strength of your bank’s encryption and the complexity and novelty of your password won’t matter at all — each tap of the keyboard will have already been recorded and transmitted.

That’s why it’s important to keep up with security updates for both your operating system and your browser (if you haven’t disabled Oracle’s vulnerability-prone Java Web plug-in, now would be a fine time to do so).

And if an attacker can fool you into typing your username and password into a phony site by sending you a phishing e-mail, your security-fix fastidiousness won’t matter either.

You can thwart phishing attacks with the extreme measure of using a separate computer for online banking and nothing else (recommended at a panel on identity theft that I moderated earlier this month) or the lesser step of throwing a Linux LiveCD into your regular PC and booting off that for online banking sessions isolated from your usual software. But it’s just a little easier to remember this basic rule: Never log into a bank account by clicking on a link sent in an e-mail.

If you’re not sufficiently depressed about the state of financial security online, Target’s massive credit-card breach — apparently executed by exploiting the retailer’s in-store systems — offers a reminder that many account compromises happen in places we can’t control.

And the best way to watch for them is to monitor your account for unusual transactions — which means you should do more online banking, not less.


Many major sites, from Facebook to Google to Microsoft to Yahoo, now allow “two-step verification” to protect users’ logins from the loss of a password. That option requires users to vouch for all logins, or only those from strange computers or locations, by typing in a one-time password sent to their phone via text message or to a specialized app like Google Authenticator.

Most financial institutions, however, have yet to tune in to this trend. There’s Bank of America’s SafePass, CitiBank’s identification codes Ally Bank’s Security Code, and not much else. But if your bank offers this option — which may require looking around its site — you should enable it right away. And if it doesn’t, you might want to ask why.

Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, e-mail Rob at Follow him on Twitter at@robpegoraro.

Craigslists—Love it or Fear it?

Craigslists—Love it or Fear it?

Craigslist; seems most things bought or sold are found on Craigslist. Once a popular internet site for people to sell, buy or barter merchandise or services, it has evolved into a dangerous place for some. I’m not putting Craigslist down; in fact I still use it all the time. It’s a great place to sell, buy or give away stuff, or to find people for services you need such as garden work, hauling or skilled workers. Awhile back Craigslist became a popular place for erotic services which became a cover for prostitution. While there are still sex-for-hire ads hidden in certain categories, Craigslist took steps to reduce the amount of blatant ads for sex services.

Searching for sex from Craigslist ads is a dangerous thing to do. A lot of people are robbed or assaulted when they show up at a motel or a prostitute comes to their home. Many times the young lady someone thinks is coming over to give them an erotic massage with a happy ending brings her male friends with her who end up robbing and beating them. Are there legitimate ads for massages and casual encounters on Craigslist? Sure, but there are also a lot of criminals lurking and waiting for unsuspecting people to answer their fake ads so they can rob them. And it usually goes unreported because very few people who become victims report the incident to police due to the embarrassment or they don’t want their “significant other” to find out they were looking for sex elsewhere. Bottom line is Craigslist is a dangerous place to solicit strangers for erotic encounters.

Fake ads for rental property have really increased lately with all the foreclosed and abandoned properties out there now. Criminals break into a vacant home, change the locks, and then advertise the property on Craigslist as a rental. They request cash for 1st, last and security deposit and provide a bogus lease they printed out from the internet. The suspects then disappear with disconnected phone numbers and the unsuspecting victim gets kicked out of the house by the bank.

As for selling or buying merchandise, Craigslist is still a great place but it has also become a place for criminals to find unsuspecting victims. Criminals post merchandise with “too good to be true prices” and agree to meet the unsuspecting victim in a parking lot or shopping center. The criminals know people shopping for cars, motorcycles or electronics will show up with a pocketful of cash. Recently there have been dozens of incidents of people being robbed at gunpoint or by force when they arranged a meeting to sell or buy a laptop, ipad, motorcycle, car etc. The criminal pulls a gun and either takes the property someone is selling or takes the cash someone brought to buy an item.

We had an incident in our city where a person was selling a motorcycle and he arranged to meet the buyer in a parking lot late at night. The “buyer” and seller agreed on a price and the buyer handed the seller the cash. Immediately two other suspects walked up and pulled a gun robbing the seller of the money that was just handed to him. The “buyer” took off on the motorcycle and the suspects took off with the cash. Luckily the dumb suspect used a real phone number when he arranged the sale so police were able to use the GPS feature to track him down and recover the motorcycle. It was all a planned scam and pre-arranged robbery.

The most common robbery is when unsuspecting victims arrange to sell or buy a laptop or other electronics and are asked to come to an apartment complex. When they arrive they are met out front or in the parking lot by suspects with a gun who take their property and cash. It still happens daily even though the incidents are usually in newspapers or on the news. Some police departments with large numbers of Craigslist robberies in their cities have offered their lobby to conduct transactions.

While some criminals use Craigslist to find victims, there are also people out there who use Craigslist to deceive people. I recently looked for an older Honda to buy as a commuter car and I decided to purchase a 30-day CarFax service to run license plates and VIN numbers of cars I was interested in. I couldn’t believe the fraud I found;

Cars advertised with 95K miles or low mileage actually had 200K+ miles according to CarFax records.

Cars advertised with clean titles actually having salvage or junk titles according to Carfax.

People saying they were the original or 2nd owner while Carfax showed 12+ previous owners.

Cars advertised as “recently passed smog” actually showed numerous failed smog tests and were labeled a gross polluter according to Carfax.

Cars advertised as never being in an accident were found to have accidents with major damage listed on Carfax.

The amount of cars advertised with false mileage (actual mileage much higher) or false information that was caught on Carfax was shocking. If I didn’t use Carfax I could have easily been duped. While Carfax may not catch everything, it was the best $50 I ever spent, saved me from buying a lemon or someone else’s junk.

Criminals will always find new ways to find unsuspecting victims and Craigslist happens to be an easy way to find victims for them. While Craigslist is still a great place to buy, sell, barter or find services, you need to take precautions.

· If it seems too good to be true follow your instincts. Criminals advertise non-existent cars and merchandise at ridiculously low prices to attract a fast victim. A 2004 Honda Accord for $5000 or a high-end laptop for $500 will attract many people with a pocketful of cash.

· Be wary of sellers or buyers wanting to meet you at nighttime or want to meet in a parking lot like an apartment complex. Offer to meet in daytime at the local police department lobby. Or meet inside a Starbucks or other business where there are a lot of other people around. If it’s a criminal looking for a victim they probably will refuse to meet at safe places like that. If a seller offers to meet you at their residence it’s much safer than a parking lot.

· Don’t fall for “too good to be true” prices. It may be stolen property you are purchasing or you are being set up for a robbery.

· Don’t solicit sex from Craigslist. While some people may have had uneventful encounters in the past it’s a matter of time before they get robbed.

· Verify the license plate or VIN number of big purchases such as a motorcycle or car to make sure it’s not stolen. Make sure the seller has a title that is preferably in their name. Never give cash in advance without a title.

· Be wary of taking a pocketful of cash to buy a car. In the least, leave the money in the trunk of your car or locked in the glove box until you feel the sale is legitimate. Or see if the seller will accept a small deposit and arrange another meeting at a police department or busy location to finish the transaction if you feel more comfortable.

· If possible do not go to transactions alone, go with another person.

· Keep serial numbers and model numbers of property you are selling. If you do get robbed the police can enter the information into the stolen property system.

· Verify rental property before you give a large amount of money to someone. Be wary of a renter wanting all cash for deposits. Ask to see a driver’s license and copy down the license number, name and address. Also copy down the license plate number and description of the car the person showed up in. In the event you were duped at least the police have a lead to go on.

· If buying a car, get it checked out by a mechanic. If that is not possible, at least run a Carfax on the car to find the history on it. If you purchase Carfax (one time and unlimited 30-day option) it shows you how many previous owners, any damage or accidents reported to them, if the title is clean or salvage, passed and failed smog checks, service records, mileage inconsistencies etc. It really can steer you away from someone trying to deceive people to unload a junker. Also be wary of people selling a car that is not in their name or one they have only had a short time. These people usually buy a wrecked junker, put a few parts on it to make it look OK then flip it for a profit. The car may have major problems or damage that isn’t visible.

Bottom line is being careful. Craigslist can be a wonderful place for some and a bad experience for others. Be careful; use your head and common sense.

Two great ways to increase your online safety!


About GetNetWise

What is GetNetWise?

GetNetWise is a public service brought to you by Internet industry corporations and public interest organizations to help ensure that Internet users have safe, constructive, and educational or entertaining online experiences. The GetNetWise coalition wants Internet users to be just "one click away" from the resources they need to make informed decisions about their and their family’s use of the Internet. More information is available. GetNetWise is a project of the Internet Education Foundation.

Who is involved?

GetNetWise is more than a Web site. It’s a Web-wide partnership. It includes, through our corporate partners, many of the Net’s most well-known, trusted, and popular portals and content providers, all of whom are committed to providing Internet users with valuable information and tools. Many organizations and individuals with expertise in online child safety, privacy, security and spam issues provided valuable assistance developing GetNetWise.

The Internet Education Foundation would like to thank the many people who worked to bring GetNetWise to the public.

2011-02-21_100609 provides practical tips from the federal government and the technology industry to help you be on guard against internet fraud, secure your computer, and protect your personal information.

The Federal Trade Commission (FTC) maintains with significant contributions from partners on this page. The Flash tutorials were created by the Internet Education Foundation (IEF).

Online Safety Resources–Kids and Parents



  • A COMPREHENSIVE DIRECTORY OF ONLINE SAFETY RESOURCES Keeping kids safe on their Internet journey and encouraging responsible behavior online is a common goal of parents and teachers everywhere. This frequently updated directory provides easy access to hundreds of resources that have been developed worldwide.
  • SAFEKIDS.COM One of the Net’s oldest and most comprehensive Internet safety sites, operated by ConnectSafely co-director Larry Magid
  • NETFAMILYNEWS.ORG As a public service for parents, educators, and everyone interested in young people’s use of technology, NetFamilyNews is the "community newspaper" of a vital interest community. Founded in 1999 by co-director Anne Collier as a nonprofit
  • CYBERTIPLINE.COM The Congressionally mandated CyberTipline is a reporting mechanism for cases of child sexual exploitation including child pornography, online enticement of children for sex acts, molestation of children outside the family, sex tourism of children, child v
  • CENTER FOR SAFE AND RESPONSIBLE INTERNET USE Operated by Internet educator and author Nancy Willard, CSRIU provides excellent advice and analysis about cyberbullying and other aspects of online safety.
  • CHILDNET INTERNATIONAL A UK-based nonprofit organization, Childnet provides online safety education to youth, parents, educators, and policymakers with a great deal of input from young people themselves. Its long list of resources include a powerful short film on cyberbullying,
  • ENOUGH IS ENOUGH A non-profit organization dedicated to protecting kids from pornography as well as sexual predators. They tend to take a bit more of a rules-based approach than we do, but we respect their commitment and passion for keeping kids safe.
  • FAMILY ONLINE SAFETY INSTITUTE The Family Online Safety Institute is an international non-profit organization that facilitates the meeting of thought leaders in technology and policy in order to find innovative solutions for children’s online safety.
  • GETNETWISE.ORG Run by the Washington, D.C.-based nonprofit Internet Education Foundation, GetNetWise is one of the Web’s most comprehensive collections of information about children’s Internet safety and family computer security. Includes a searchable database of parent
  • NETSMARTZ.ORG Online-safety education for kids, parents, educators, and law enforcement from the National Center for Missing and Exploited Children (which also operates
  • SAFETEENS.COM The sister site to with Net safety advice for teens and parents of teens from Larry Magid, co-director of