Can you trust a stranger?

Can you trust strangers? That really depends on the context.

I was on a crowded train recently when two fellow passengers started reading out credit card details down their mobile phones.

I had my laptop open. Had I been in a malicious frame of mind, I could have stored their credit card numbers, security codes, start and expiry dates, and their dates of birth.

Only when I couldn’t stop myself from expressing surprise that they were prepared to divulge this information to what was effectively a roomful of strangers did they pause. When I said I didn’t think it was a good idea, they agreed, and said they’d thought twice about it but decided to go ahead anyway.

Not a good decision. Interesting that, as a side issue, they trusted me when I said that but then decided not to trust everyone else in the carriage, as they stopped reading out a further card number.

Similarly, one US man decided to trust a flashing box on his screen that appeared to be offering him free money. It said he was the millionth reader and that he’d won a $1,000 gift certificate to Wal-Mart, and all he had to do was supply his email address, age, household income, years of education completed and a bunch of health questions. Phew. All for a Wal-Mart voucher.

The pay-off, as you might have guessed, was not a $1,000 voucher but, within an hour, a deluge of spam about educational opportunities, medical supplies, dating services and laptops. He tried to unsubscribe from the emails yet each day brings 20 to 40 new items.

Fortunately, as far as we know, the spam has yet to deliver more than irritation as opposed to malware — though that’s pretty likely at some point, which is when he’ll need adequate protection from good quality, regularly updated AV software.

The moral of the story is not to assume that such pop-ups are anything to do with the site you’re visiting and not to trust strangers. At least, those with whom you’re not eyeball to eyeball — in which case you’ve slightly more of a fighting chance to use your common sense to decide whether or not they’re on the level.

My fellow passengers eventually made that judgement and, fortunately for them, I didn’t record any of the information they splashed around. For their sakes, I hope none of the fellow travellers did either.

Who do you think you are?

Who you are matters. Thing is, you know who you are but, to the Internet, you’re a collection of data. This includes your name, date of birth, address, mother’s maiden name, names of your pet, siblings and so on.

If someone wants to steal or imitate your identity, all they have to do is collect enough of those pieces of information to fool a computer system into thinking that they are you. You’re not significant enough? It doesn’t matter: crooks will be happy to get small amounts of money every month from your credit card — yours and those of hundreds of thousands of other people — amounts small enough for you not to notice or want to go to the trouble of reporting.

You’ll probably have seen some of the warnings from your bank telling you to look out for bogus emails asking for your password and so on. That’s one way for crooks to steal pieces of your identity. That way, and by installing Trojans via infected websites that log your keystrokes and beam them home.

Of course, you should never pass details such as that over the Internet unless at the very least you are certain you trust the source of the request, and the link is encrypted. (You do encrypt your outgoing emails, don’t you? If not, go to your email program now and change the SMTP settings that to prevent anyone else reading the emails you send.)

And we’re now hearing of bogus phone calls to individuals warning that their PC is infected, and suggesting how to put it right. It’s in our nature as human beings to trust others but you have to assume that, unless you know the individual calling you, calls such as this are designed to extract personal information from you that can at some point be used to your disadvantage. Moral of the story: never give your passwords to anyone.

If it so happens that your PC does become infected, don’t panic — find a reputable anti-virus application and use it according to the instructions. And don’t assume that free means worse: in the world of software, it’s not better just because it carries a price tag.

Are you a nerd?
Don’t go to nerdtests.com. Avast’s user community has discovered malware (a hijacked google analytics script)on that site — and from the screenshot of the page on Avast’s blog, it looks like Avast was the only AV package to pick it up.

If you’re an Avast user, be pleased with yourself — and keep your eyes open and your software up to date.