To borrow from an old safe-sex axiom, surfing the Internet without protection is like sky diving without a parachute. If you're not careful, your personal information -- passwords, financial information and Social Security number -- can become public knowledge in a matter of minutes.
"The average length of time it takes to compromise a new computer that is connected to the Internet is less than 30 minutes," says Hal Berghel, co-director of the Las Vegas-based Identity Theft and Financial Fraud Research and Operations Center.
While it may not be possible to protect yourself entirely, here are a few smart -- and simple -- steps to decrease your risk of cyber-hijack.
DON'T TAKE THE BAIT: In a "phishing" attack, users are baited with an e-mail that appears to be from a legitimate business, such as a bank or commerce site. The Anti-Phishing Working Group, an organization that tracks and fights Internet scams, estimates that between 75 and 150 million phishing e-mails are sent to in-boxes every day.
These e-mails usually request verification of personal information -- a password or account number, for instance. Respond with the requested data, and you likely have provided enough information to hack into your account.
Berghel advises users to avoid e-mail entrapment by withholding personal information from network communication. "If you aren't willing to post it on your front door, don't post it on the Internet," he says.
If you're tempted to respond to an e-mail inquiry, be wary of clicking on any embedded links in the request. Phishing notes typically include links that redirect a user -- so while you may think you're logging on to eBay, you're really being taken to a phony site.
Instead of trusting a link in an e-mail, type the company's Web address into the browser yourself or use a bookmark to access the site. And if you are prompted for a password, type in a phony one first: A legitimate site won't accept an incorrect password, but a fraudulent site won't recognize it as fake.
BEWARE OF SPYWARE: A 2004 study found that spyware -- software that secretly records and reports user activity -- is on four out of five home computers, and 89 percent of its victims were unaware of the problem. While some spyware programs are annoying but harmless byproducts of free software, other programs record and report keystrokes, including vital info such as credit card numbers and passwords.
The best way to protect yourself is to download and use anti-spyware software such as Ad-Aware (www.lavasoftusa.com) or Microsoft Windows AntiSpyware (www.microsoft.com), both of which are free. Also make sure you are using the latest version of your Web browser, and if you use Internet Explorer, set the security settings to high.
Berghel also recommends disabling cookies in your browser. While this might make surfing less convenient, "when it comes to computers, security and convenience work against each other -- you can't have both," he says.
PROTECT PASSWORDS: If you're like most people, you use a variation of the same password on multiple sites -- not always a smart idea. Bruce Schneier, a security technologist and founder of California-based Counterpane Internet Security says that while it's fine to have the same password for low-security sites, such as newspaper archives, "never reuse a password for something you care about."
Instead, Schneier recommends selecting passwords that are "too complicated to remember," and then writing them on a piece of paper kept in a secure spot. For those who find paper-based password protection passe, Schneier suggests Password Safe (www.schneier.com/passsafe.html), a free program that allows users to save their passwords on a single secure database.
PREVENT HOME INVASION: With the trend toward always-on high-speed connections and open wireless networks, home computers are more vulnerable than ever to a cyber-invasion.
To shore up your system, consult your router or wireless access point's instruction book and make sure that you enable the encryption system that came with your connection. Also turn off the default setting for broadcasting your service set identifier (SSID), the name of your wireless network. (Under the default setting, many home WiFi systems broadcast the SSID constantly, making it easy for outsiders to enter the network.)
Home WiFi hardware typically comes with an administrator account that has an easily hacked password. It's a good idea to change this password, and high-speed users should erect a firewall on their networks. Your router or access point most likely came with one, but free firewalls for PCs are available at www.free-firewall.com.
And what about that WiFi connection at your favorite coffee shop? Schneier acknowledges that it's probably safe, but advises vigilance, "Yes, it can be eavesdropped on, but it probably isn't. If you're worried, don't use your valuable financial passwords when you're using an open wireless connection."
Bridget Bentz Sizer
WHERE TO TAKE ACTION
Anti-Phishing Working Group. Help bust cyber-crime by reporting the rackets. APWG's Web site hosts an archive of phishing e-mails and tips on how to spot the scams. www.antiphishing.org.
Federal Trade Commission. Afraid that spyware might be lurking on your hard drive? Check out this site for a list of telltale signs of infection: www.ftc.gov/bcp/conline/pubs/alerts/spywarealrt.htm. The FTC also recommends steps to take if you believe your identity has been stolen. www.consumer.gov/idtheft/.