In our world today, more and more of the daily activity is concentrated on the Internet. While this makes many things easier and to go faster, it also means that more and more information that can be considered confidential are passed through the information superhighway. Of course, this has drawn interest from shady parties that are trying to take advantage of this and capture those private information for their own purpose.

Credit card numbers, PIN numbers, banking account credentials are just the tip of the iceberg, they are just those information which can be used for direct monetary gain. But email credentials, digital signature credentials, social networking site passwords, confidential document attachments and so on can be even more damaging when they fall into the wrong hands.

On the Internet, your “representative” (so to speak) is your browser. It has become such a regular tool that many people don’t give it much thought when using it but this is quite a dangerous approach since all the information you pass online go through the browser. Consequently, any problem the browser might have means you should open an extra eye when doing your business online while using information which you wouldn’t want fallen in the wrong hands.

As an example, a recent flaw in Internet Explorer (which, if exploited, would allow access to information stored on your computer) forced Microsoft to advise Internet Explorer users to use other browsers (source). Surely enough, all browsers have issues but until now, no company went as far as to advise moving towards a competitor’s product. I guess you can see there’s a problem.

So, what can you do to stay safe?

For one, keep your eyes open and think twice before giving away information on a website. I’m sure you heard about “phishing”, a plague that has hit Internet banking services and banks all over the world. Phishing consists in convincing someone that a reliable party needs a set of confidential information … for example, a phishing artist would try to make you think that he is from a bank and needs you to give up your full credit card information. The safest way for a hacker to do this is by email since a well-crafter email could very well resemble an official bank message, especially if the hacker is privvy to your bank’s services.

So, what can you do when you receive an email, apparently from your bank? Well, ideally you should try to establish the true provenience of the email, but that might be too hard for a non-technical user to do. Still, there are a couple of things you can try.

So, do you have the email opened in your favorite email client? (may that be Yahoo mail, Thunderbird, Outlook, MSN, etc) Good. The easiest way is to look at the sender’s email address. Does that resemble your bank’s website in a way? An email address from BCR (Romanian Commercial Bank) would likely be something like office@bcr.ro, as the bank’s website is www.bcr.ro. Email addresses such as @bcrbank.ro, @rcb.ro or anything else would raise alarm bells in my mind. If you can’t see the email address (maybe your MSN will only show you an official sounding name instead of the actual address), just hit the reply button and see what address appears in the “To:” field.

Of course if in both cases you see apparently legitimate emails addresses, it means nothing, they can still be forged, but if they clearly are not from your bank’s domain then you’re dealing with a fraud attempt from a sloppy hacker.

Next step would be to look at the email itself. What information does it ask for? Most bank will never ask you for stuff like credit card number but some do. One thing no bank will ever ask for is username and password confirmation for you already confirmed internet banking account. Here is a list of potential scenarions:

* if the email has input fields where you’re expected to input anything, don’t. Having input fields in an email is extremely insecure (Thunderbind will not even let you receive emails containing forms and will buzz you to convince you not to open it) and even if you’re positively sure the email is legitime, don’t give information this way, ever! Email forms are easy to hijack even if the original source is true.

* if the email gives you a link where you’re supposed to give up information, you can open it but look at the address you browser is opening! If it’s not the official domain of your bank (again, using BCR as example, you shoud have something like www.bcr.ro/xxx/xxxx, this would be a legitimate redirect, but if you have something like bcr.geocities.com, then it’s definitely a free site trying to appear as your bank for the purpose of cheating you) then stay clear of giving away anything.

* if you get emails that need you to give up information to other sites, but pretending to come for you banks (for some contests, giveaways, etc) just check first with your bank. Stuff like these will definitely be found on your bank’s site and you can easily confirm if they’re true.

The main idea is to check. Even if all appears ok, you should simply send a mail to your bank (use an email from the official website, a contact form or just call). It’s better to take precautions than be sorry and proceed in a rational way rather than rush head-first and be sorry later or simply giving in to panic.

If you fail to confirm the provenience of an email, don’t simply delete the mail. Remember: all is ok as long as you don’t type confidential information. Keeping the email in a separate folder might prove later useful. Say that you do lose information later: in this case the fraudulent email might constitute evidence that you were specifically targeted and it may prove to be a lead in a subsequent investigation. Also, you might want to forward a copy to your bank, to make sure they know their clients are being targeted and give them a chance to issue an early warning on their website.

Other good tips include reading your bank’s news, to see whether they have phishing reports or warnings you might want to take a note about.

Another tip from my personal experience is to use Opera. Unlike Firefox or Internet Explorer, Opera has a few safety advantages related to banking: it uses 256-byte SSL encryption as opposed to 128-byte offered by Internet Explorer and Firefox, it is low-profile and fast and it is also cross-platform. These things can be quite significant for communication safety so, if your bank allows, use Opera.