National Webcast Initiative

Cyber Security Tips During the Holiday Season
Thursday, December 15, 2005

Question and Answer Transcript

The following is a compilation of questions submitted to the presenters through the written Q and A tool during the webcast. The transcript has been edited for relevance.

 

Question: Why don't computers off-the-shelf come with antivirus, anti-spyware, and firewalls already included and properly configured?
Answer: A majority of computers do come with anti-virus installed but frequently it is only a 90-day version. An operating system may also have a built-in firewall but some vendors default to having it turned off because they don't know how computer users plan on using the PC.

Question: What about keeping port 80 open for inbound traffic?
Answer: The only reason to keep port 80 open for inbound traffic is if you are running a web server. Blocking port 80 inbound will not prevent you from surfing the web.

Question: Was the AOL/National Cyber Security Alliance study an American study?
Answer: For more information on the AOL/NCSA study, please visit http://www.staysafeonline.info/pdf/safety_study_2005.pdfpdf

Question: Do the automatic updates still occur if the PC is in stand-by mode?
Answer: No, the PC is not active in stand-by-mode.

Question: What if you unknowingly give sensitive information to a Phisher?
Answer: The information could be used in identity theft or credit card fraud. If something goes wrong with your online transaction and you feel you may have become a victim of identity theft or credit card fraud, you should immediately contact the local police to file a report and contact the credit card company or bank.

Question: Is there a web site where one can go to find lists of phishing e-mails?
Answer: Please visit the Anti-Phishing Workgroup Group at http://www.antiphishing.org/(New Window) and click on the "phishing archive" link.

Question: What was that statistic on the number of phishing incidents?
Answer: Please visit http://www.antiphishing.org/(New Window) for more information.

Question: Where do I report obvious phishing emails?
Answer: See http://www.antiphishing.org/(New Window) or http://www.ftc.gov/bcp/menu-internet.htm(New Window) to file a complaint

Question: Where online can I find examples for a phishing quiz?
Answer: Please visit http://survey.mailfrontier.com/survey/phishing_uk.html(New Window) .

Question: Usually how long does it take for an individual who has their identity stolen to find out? Is there a way to find out sooner before the damage accumulates?
Answer: Banks and credit card companies help by identifying abnormal spending but the best way is to closely monitor your accounts and monthly statements. Also you should check your credit report at least once a year.

Question: Don't some credit cards allow for one-time numerical sequences for a particular transaction?
Answer: Yes, that is correct.

Question: When using one of my Internet browsers, sometimes the "lock" is red colored and sometimes it is yellow colored, what does this mean when I am in a secure site?
Answer: A yellow lock means that everything on the page was encrypted. A red (broken) lock means that some parts of the page were not encrypted while others were.

Question: What happens if some “https” sites produce a dialog box stating that there are some non-secure items on that page and asking if they should be displayed? Should we allow this or not?
Answer: It depends on how much you trust the web site. For example, some secure sites have advertisements that are not secured. That could be a reason why you get this message.

Question: What stops someone from embedding a virus/worm/trojan by presenting what appears as a reasonable email from a company/store with offers, but do not request your information (for phishing purposes)?
Answer: This happens frequently and the best protection is up-to-date anti-virus software.

Question: What is being done to catch the Phishers?
Answer: As they are reported, the malicious sites are brought down by law enforcement, the Federal Trade Commission and other appropriate organizations.

Question: Is eratic mouse behavior indicative of a security breach on my computer?
Answer: It may be an indicator but it could also be a hardware problem with your mouse or an overloaded system.

Question: How important is it to use web sites for online shopping that use https? Does that really make any difference?
Answer: You should never type your credit card information or personal information into a web site that just uses “http” - only do this if it uses “https” and shows the lock on the bottom right corner.