Online


Scenario 1
You get an email from your credit union asking you to verify your account by clicking a link and logging in. Do you:

  1. Reply to the email with your account information.
  2. Open your browser, type your bank’s web address and login.
  3. Click the link, log in and verify your account settings.


You definitely don’t want option A. Remember, email is not a secure channel. Any email you send is delivered unencrypted and stored on any number of servers. Your internet provider, your employer, and the recipient’s server may all have copies of whatever email you have ever sent, depending on where you sent it.
Unlike a secure web site, email is not encrypted; anyone with access can read your messages. Same goes for your instant messages if you’re into chat rooms. Think about that next time you think about emailing your friends about that embarrassing medical condition.
Back to the scenario, option C’s no good either; this is a classic phishing technique. There are all kinds of ways to hide information in emails, from the sender’s identity to the provided URL. Whether the email is legitimate or not, you should never follow a link in an email. You just don’t know where it could lead.
In a phisher’s case, links in emails lead to web sites that look like your credit union’s web site, but is` really a trap to capture the financial data of you and your fellow credit union members.
Looks are deceiving. Always make sure you’re on the web site you think you’re on.

Scenario 2
You’re shopping online. Ready to checkout, you notice the web page with the credit card form doesn’t have the little lock in the bottom corner. Do you:

  1. Ignore it. It’s not like the lock means anything.
  2. Proceed cautiously, looking for other means of ordering or a secure form page.
  3. Abandon your cart and shop somewhere else.


First, the lock means your data is not only being encrypted, but your secure connection is with the web server it’s supposed to be.
Anyone can establish a secure connection. What the lock icon means, is the server has been registered and certified. A third party company like Thawte or Verisign verifies the company and the web server match.
Still, don’t trust just the certificate. Whether the page you’re on is secure or not, as long as the destination is secure, that connection is secure. Unfortunately, the opposite is also true. Even if you’re on a secure page now, if you submit a form to an unsecured page, that connection is wide open. Sometimes, it’s okay to proceed even if you don’t see a lock icon - just be sure of what you’re doing and where that data is going. Your web browser has built in settings to help you make those choices.
Of course, this is the Internet we’re talking about. Everything is for sale from any number of companies. If a business doesn’t try hard enough to make you feel secure in your shopping, go to an online vendor that does.

Pages: «Back |