Online jargon
Anti-spyware program
Anti-spyware programs are designed to protect your computer from spyware (see under 'S'), and are useful in ensuring that your computer and your personal details remain secure.
Antivirus software
Antivirus software is designed to detect known incoming viruses (typically via e-mail) and prevent them from infecting the PC
New viruses can spread very quickly, so you should ensure that your antivirus software is always running and is updated on a regular basis at least weekly.
Popular sources for antivirus protection software are McAfee, Symantec (Norton) and Sophos. Private individuals can also download free versions of this type of software from the Internet.
Broadband
A high-speed method of connecting to the Internet, faster than a traditional modem. Although it costs no more to leave the Internet connection on, it is good practice to disconnect from the Internet when not being used as this helps reduce risk exposure.
Browsers
A browser is software that provides a way to view web pages. The two most popular web browsers are Microsoft® Internet Explorer and Netscape® Navigator.
Cookies
Cookies are small files stored on a computer's hard drive. Cookies are generally harmless and are used to recognise a user so that they can receive a more consistent experience at a particular website.
Cookies can contain information about your preferences that allows customisation of a site for your use.
Digital certificates
A digital certificate is an electronic ID card that helps establish your identity when doing business via the Internet. Such certificates can be browser based ("Soft Certificates") or embedded into a smart card ("Hard Token") and used with special card readers.
Encryption
Encryption converts your data into an encoded form before it's sent over the Internet, stopping unauthorised users from reading the information. At HSBC, we use 128-bit Secure Socket Layer (SSL) Encryption, which is accepted as the industry standard level.
You know that your session is in a secure 'encrypted' environment when you see https:// in the web address, and/or when you see the locked 'padlock' symbol at the bottom right corner of your browser window.
Filename extensions
A filename extension is simply the last three letters (or numbers) of the full file name. They are normally used by the operating system to associate a program with a particular file.
Firewall
A firewall is a small program that helps protect your computer and its contents from outsiders on the Internet or network. When properly installed, it prevents unauthorised traffic to and from your PC.
There are many effective programs to choose from. Common commercial examples are from Zone Labs, Symantec (Norton), McAfee and Computer Associates.
In many cases there is a freeware version of commercial software that is free of charge for personal users.
Identity theft
Identity theft is a crime in which a fraudster obtains key pieces of personal information, such as date of birth, bank details, or driver's license numbers, in order to impersonate someone else.
The personal information discovered is then used illegally to apply for credit, purchase goods and services, or gain access to bank accounts.
Fraudsters often take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed (children's names, pet names, addresses, or birth dates).
Keystroke capturing/logging
Anything you type on a computer can be captured and stored. Such covert activity can be via a hardware device attached to the PC or by software running almost invisibly on the machine.
Keystroke logging is often used by fraudsters to capture personal details including passwords. Some recent viruses are capable of installing such software without the user's knowledge.
The risk of encountering such keystroke logging is greater on PCs shared by a number of users, such as those in Internet cafes.
Running anti-spyware software would reveal the presence of any such software on your PC. Users can download free anti-spyware.
Plug-in
A Plug-in is a software module that adds a specific functionality to the web browser. For example, plug-ins for Netscape Navigator and Internet Explorer allow the browsers to play various types of audio and video messages or view popular Adobe® Acrobat® (PDF) files.
Privacy policies
Today, many companies are required to publish a Privacy Policy to provide customers with details on how the company keeps information private, how the information is shared and why it's collected. It is good practice to read the Privacy Policy of a company with which you may have an account or financial dealings. Most Privacy Policies also explain how customers can request removal of their names and particulars from promotional mailing lists. Read about HSBC's Privacy Policy.
Secure sessions
When you log in to Internet Banking you are said to be in a "secure session".
SSL technology is used within your Internet Banking session to encrypt information before it leaves your computer, in order to ensure that no one else can read it. Depending on your browser settings, a pop-up window may appear to notify you that you will be entering a secure page.
You will know that you are on a 'secure' page when you see the 'https://' before the web address. You will also see a closed padlock symbol in the lower right hand corner of your browser window.
SSL
Secure Socket Layer (SSL) protocol provides a high level of security for Internet communications. SSL provides an encrypted communications session between your web browser and a web server. SSL helps to ensure that sensitive information (e.g. credit card numbers, account balances and other proprietary financial and personal data) sent over the Internet between your browser and a web server remains confidential during online transactions.
Security vulnerabilities
Security holes/bugs are faults, defects or programming errors. These may be exploited by unauthorised users to access computer networks or web servers from the Internet. As these vulnerabilities become known, software publishers develop 'patches', 'fixes' or 'updates' that you can download to fix the problems.
Session timeout
This is an automatic disconnection, for security reasons, from any secure session after a period of server inactivity. It may occur even if you are typing something into a page or data field, the event being triggered by no communications with our servers, rather than by keyboard or mouse inactivity. All our Internet banking services have this protection.
Spam
Unwanted e-mail messages offering products and services of dubious benefit are often called Spam. Various types of anti-spam software are available, but the first line of defence may be your own Internet Service Provider, many of whom offer spam filtering services.
Spyware
These are programs/files that may already reside on your PC. These programs often arrive as hidden components of "free" programs. They monitor web usage and report back to bona-fide companies who may then sell the aggregated statistics. They are relatively benign, but in their more extreme forms can include key-stroke logging and virtual snooping on all your PC activity.
Trojan horse
Any apparently legitimate software that carries an unwanted destructive payload. Typically the payload is a virus that is used by hackers to gain unauthorised access to computer systems.
Virus
A computer program designed to replicate itself by copying itself into other programs stored in a computer. It may be benign but usually has a negative impact, such as slowing a PC's or corrupting a computer's memory and files.
Viruses are now mainly spread by e-mail and by file sharing services. New viruses are discovered on a daily basis.
Virus definition file
This is a file used by antivirus software to identify specific viruses, worms and trojan horses. For this reason you should regularly download the latest version from your software supplier, or set your software to "auto-update".
Worm
A malicious program that replicates itself until it fills all of the storage space on a drive or network.
Such Worms may use up computer time, space, and speed when replicating, with a malicious intent to slow or bring down entire web servers and disrupt Internet use.
Phishing
Phishing scams
An increasingly prevalent scam currently being employed by unscrupulous individuals is phishing.
Phishing involves an e-mail message being sent out to as many Internet e-mail addresses that the fraudster can obtain, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer or similar. The e-mail requests the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PIN numbers, etc. Some of the e-mail messages include a threat that failure to update or validate will result in, for example, the account being frozen. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organisation being imitated, to respond to the e-mail and to provide the information being requested.
The e-mail will contain a link that takes you to a spoof web site that looks identical, or at least very similar, to the organisation's genuine site. In some cases, when the link in the e-mail is clicked, the genuine site is accessed, but is overlaid with a smaller window with the spoof site, making it more believable. Clicking on a link may also download malicious software, known as "spyware" onto your PC which will record your use of the Internet and forward this information, and possibly a log of your keystrokes, to the fraudster. The fraudsters will use this financial information to compromise bank accounts, credit cards, etc.
To avoid getting phished you should never respond to e-mail messages that request personal or financial information and never click on a link in such an e-mail. Reputable organisations do not send unsolicited e-mail messages asking their customers to update or verify their personal and security details. If you are in doubt about the legitimacy of the e-mail, or if you think that you have been a victim of a phishing scam, you should contact the organisation in question immediately. You should, however, be careful to use the normal method you use to contact the organisation in question, rather than use any suggestions included in, or by responding to, the e-mail.
Phishing mules
Once the fraudsters have collected financial information of individuals via phishing, they are then in a position to abuse this information and steal money out of the compromised accounts. In order to cover their tracks, however, they recruit unsuspecting individuals to act as go-betweens by placing a variety of tempting job adverts on the Internet promising the chance to earn money quickly without expending much effort. These recruits are known as mules.
The bank accounts of the mules will be used to accept transfers of money from the compromised accounts. The mules will be asked to withdraw the money from their accounts in the form of cash and forward it, minus their commission, to the fraudsters using an international money transfer agency. The fraudsters can therefore maintain their anonymity, but there is a trail to the phishing mules, which can be followed by the authorities.
Be very careful about job offers which involve the acceptance and release of funds to a bank account in return for commission. Mules recruited by phishing fraudsters are money laundering and are likely to face criminal prosecution.
Other online fraud
Advance fee or "419 Fraud"
This involves unsolicited letters and e-mail messages offering the recipient a generous reward for helping to move a staggeringly large balance of funds, usually in US Dollars. These funds are said to be anything from corporate profits / accumulated bribes / unspent government funds to unclaimed funds belonging to a deceased person.
The fraudsters are after banking details. The transactions typically require the recipient of the letter or e-mail message to pay something like a fee/tax/bribe to complete the deal - this is the Advance Fee. Such fees will be lost.
A recent development is to convince the recipient that the funds are ready to be moved by getting them to log on to a fake bank website and look at a specific account which shows a credit balance of tens of millions of dollars. These funds do not exist.
It is also common for recipients' details to be used to perpetrate in other types of fraud.
Lottery fraud
This involves letters or e-mail messages which advise that the recipient has won a prize in a lottery. To obtain the funds the recipient has to respond to the letter or e-mail message. A request will then be made for the recipient to provide his/her bank account details to allow for funds to be transferred. The recipient may also be asked to pay a handling/processing fee. This fee, if paid, will be lost. Also any details given will probably be used to perpetrate other fraud.
Virus hoax e-mail
It is a sad fact of life that there are those who enjoy exploiting the concerns of others. Many e-mailed warnings about viruses are hoaxes, designed purely to cause concern and disrupt businesses.
Such warnings may be genuine, so don't take them lightly, but always check the story out by visiting an antivirus site such as McAfee, Sophos or Symantec before taking any action, including forwarding them to friends and colleagues.
Resources
For more information on computer security visit some of the sites included below.
Antivirus software
Popular sources for antivirus protection software are:
- McAfee
- Symantec (Norton)
- Sophos
Firewall software
Common commercial examples can be obtained from:
- Zone Labs
- Symantec (Norton)
- McAfee
- Computer Associates
Anti-spam software
Common commercial examples can be obtained from:
- Symantec (Norton)
- McAfee
- Sophos
Anti-spyware and anti-trackware software
Programs that detect and offer you the choice to delete any spyware that might already be on your PC can be obtained from:
- Lavasoft's Ad-aware
- PepiMK's Spybot Search & Destroy
Free security software
If you are more familiar with the Internet and have the necessary technical skills, you can also download and install free versions of these types of security software from the Internet.
For example a search on Google for "free antivirus", "free firewall", "free anti-spam" or "free anti-spyware" will provide links to popular programs, and related articles