Common Threats
Is your Road Runner email as secure as it can be?
Is your Road Runner email account as secure as it can be?
Do you have account security questions set up in case a bad guy tries to guess your password?
Does your Road Runner email password contain both letters AND numbers?
Q: I don't know how to set up security questions for my email accounts. How do I do that?
A: It's easy! Go to http://www.help.rr.com/ and choose one of three options: Chat Online, E-mail Us, or Call Us. A Road Runner representative will assist you with setting up your security questions. Your security questions will also help you access your email account if you forget your password, too!
Q: Why should my password have letters and numbers? It's harder to remember.
A: Attackers have sophisticated programs that can perform what is known as a Dictionary Attack. This software will try to guess your password, using every word in the dictionary, until it gets access to your account. Having a password with letters and numbers mixed is harder to compromise than a password that is a regular word. Another good idea is to mix capital letters with lowercase letters and numbers.
Q: Where can I get more information about safe passwords?
A: We have a page dedicated to this! Click here to go to the safe passwords page.
Most users ignore security certificates
CIO.com - Warnings of invalid security certificates for websites can mean that there is a technical problem with the site or that the Web user is being directed to a fake website.
The warnings will usually say something like "There is a problem with this Web site's security certificate", and believe it or not, a study showed that 55-100% of web users simply ignored the warnings, clicked through, and continued to surf. Even when visiting important sites like banks!
Security professionals have been aware of this problem for some time and are analyzing how warnings with different verbiage affect users' habits. They are also discussing whether or not a system built into the browser should just go ahead and analyze the issue. If the site and certificate pose enough of a risk, it would block the user altogether.
Read Full Article
Phishing and Pharming
Phishing & Pharming techniques are both used to fraudulently acquire personal information, like credit card numbers, account data, passwords, social security numbers and other private information. An email, phone call, or even regular mail (letter), is crafted in such a way as to represent legitimate companies like Visa, Master Card, American Express, Discover, eBay, PayPal, Amazon.com, etc. As a rule of thumb, banks, online retailers, etc. do not ask you for personal information via phone, email or a letter. If you think you have received a legitimate request for your personal information, simply call the company requesting it, yet use the number on their Website, in the phone book, on the back of your credit card, or on their own literature instead of number in the message. If it's a phone call, tell them you'll call them back, and do not accept/use the number they give you. Visit http://www.antiphishing.org for more information on protecting yourself, how to report phishing and joining the Anti-Phishing Working Group (APWG).
Phone Scams
E-mails or phone calls that try to get you to call 809, 284 or 876 area codes may be scams! Social engineering tricks include making you think you've won a prize or that one of your relatives is sick or has died.
For more info, see about.com
Pop-up Security Warnings
Pop-up Security Warnings Are Usually Malicious
Pop-up security warnings may actually infect your computer, even if they claim that they will remove viruses or protect your PC. This is a common trick known as social engineering. Do not click on any pop-up security warnings. To safely close them, hold Alt, then hit the F4 key on your keyboard. You can find reputable (and often free!) anti-malware through our software links page.
Safe Social Networking
Social networking sites are online community sites where users can network with other people. Some examples of social networking websites are Facebook, Myspace, and LinkedIn.
Even if your information is set to "private", it is easily obtainable by a third party. For example, did you know that applications (games) access your entire profile?
Check out the FTC's guide and Tom Eston's social media security site about online safety tips on social networking websites.
Take me to the social networking info page!
Virus Hoaxes
There are a lot of viruses out there, yet some aren't really out there at all. Virus hoaxes are most often received as email messages with strong and frightful warnings that urge the recipient to forward them to as many people as they can. The tactic is used to get that email into as many mailboxes as possible. The actual threat they're publicizing is completely false. Virus hoaxes are more than mere annoyances, as they may lead some users to routinely ignore all virus warning messages, leaving them vulnerable to a genuine, destructive virus. Not all hoaxes appear as virus warnings, however. Some instead tell a sad or magnificent story, again urging the recipient to forward it to as many people as possible. When you receive an urgent virus warning message or any email that asks you to forward it to others, research it on any of these sites:
For an example of a virus hoax that has been used in the past (called the "postcard virus"), click here: http://urbanlegends.about.com/library/bl_postcard_virus.htm