Online Safety and Security Tips
This page provides useful tips to protect your computer
from unauthorized access by fraudsters. Many
websites recommend changing your password often and
making it hard to guess, however those tips are
nearly useless. Remember that online security is as
strong as its weakest link, and the weakest link is
your email account.
Tip #1: Keep Your Email
This is the most important security tip to remember. If someone can access your email
messages, even without knowing your email password, then he can reset the password of
almost any of your online accounts, including your iGolder account. iGolder relies on the fact your email is private to you, and
you alone can access your email messages.
If your email account is compromised, then a hacker can simply
reset your iGolder password.
The hacker simply has to open the email containing the instructions to reset
the password and type a new password, therefore having full access to your
iGolder account. iGolder also sends email messages to confirm a
transaction, however, however if your email account has been
compromised, then the confirmation will fall into the hands of the hacker
which will happily approve the transaction.
By the way, protecting your email password is a universal tip - is not something unique to
If someone knows your email password, then your
personal information is as vulnerable with other websites, including your
online bank. We don't want to scare off our customers, however we
prefer to make you aware of the risks involved with online transactions so
you can better protect yourself.
At iGolder, we are fully aware your email
password may have been compromised. If you
forgot your iGolder password, then iGolder will send
two confirmation emails at intervals ranging from
one day up to one week. The first email
requires you to follow the initial steps to initiate
the password reset, and the second email contains
additional steps to reset your password. The
between the emails varies
according to your account balance, the length of
time you have been a member and how long it has been
since your last login. For instance, if you
have a large balance and did a login yesterday, and
somehow you "forgot" your password, then the delay
to reset your password will be much longer.
People forget their password when they rarely use
their account. A hacker
requesting a password reset must wait several
days before being able to login into your account,
thus giving you time to discover the
security breach and report it to iGolder.
Tip #2: Never give your password to anyone for any reason, including any
operator at iGolder
iGolder does not need your password to access your account
and execute your transaction, regardless of the transaction complexity.
If anyone asks for your password to verify your identity, verify some
documents, or verify the status of a transaction, please contact us (without giving
your password of course) and we will see what we can do to further protect
your account. If you don't feel contacting iGolder, then ignore
the request, however do not respond by giving your password.
This tip is also good for other websites. A well designed
website does not require you give your password to any operator, regardless
of the situation. If the operator, such as a bank teller, has
legitimate access to your account, he/she does not need your password to
perform his job. The operator will however ask you personal question
to identify you making sure you are the legitimate account holder.
Tip #3: Learn to detect suspicious emails and don't respond to it
- Any web page requesting you to enter personal
information from an email is suspicious. Unless
you are expecting such email, it is better to ignore it.
- Any email requiring immediate action under threat of account
suspension is a sign of phishing. Hackers usually send spam to
thousand of email recipients, and they need you to act quickly
to maximize their scam before being discovered.
- It is very easy to fake an email address, so don’t assume that
because an email appears to be from a trusted organization that it is
not a phishing attempt. Do not reply to the email
- replying to the email will just confirm you have opened it and you are
doing business with that organization.
If you are not sure, contact the sender by phone to
verify the legitimacy of the message, or compose a new email with the
contact you have in your address book.
- When you enter personal information on the web, make sure you initiated the action by
typing the URL in the address bar of your web browser. Clicking on a link
from an email may redirect you to a fake website looking identical to
the legitimate website. The hacker will use that information to
access your real account, typically making a transaction to transfer
funds or purchase something with your money.
- Any respectable web site asking for personal information should be
secure. Hackers don't care about the safety of your personal
information; they rarely take the time to purchase and install
an SSL encryption certificate to secure the website they use for
stealing your personal information. Some don't even bother
purchasing a domain name which costs less than $10. Instead, they
use a direct IP address to access web pages. Any URL without "https"
(notice the "s") is
not secure, regardless of the fancy graphics claiming a
Tip #4: Be careful using public computers to read your emails
Installing a keylogger is a trivial operation, and you never know for
sure what software is installed on a computer you don't own. The
simple action of checking your email is enough for a hacker to get your
email password and access your personal information. Since the hacker
has your email password, he can reset the password of your other accounts
and access your online banking. Try avoiding using public computers, or use computers
from reputable places from known Internet Cafe. Those Internet Cafe
care about their reputation and are less likely to install spyware.
(Just think about the loss of business the Internet Cafe would suffer if the
word was out that they install spyware - many customers would stop using
their Internet services).
Also, type your password in
pieces, by entering a portion of your password, clicking with the mouse, and
complete the password.
For instance, if your password is "abcdef", then type "cd", then click at
the beginning and type "ab", click at the end and type "ef".
Although mouse clicks may be recorded by the key logger, the keylogger will
not be able to easily reconstruct the password.
Some websites recommend using the On-Screen Keyboard (OSK.EXE)
for typing your password. The rationale is clicking with the mouse on
this virtual keyboard will prevent a keylogger from recording your password,
however it is completely false. Although using the mouse will fool a
keylogger, the On-Screen Keyboard converts mouse clicks into keystrokes and
feeds those keystrokes to the global keyboard handler. A
keylogger is a piece of software recording activity on the global keyboard
handler. Sure enough, the On-Screen Keyboard will protect you against a
hardware keylogger, however such type of keyloggers are incredibly rare.
At iGolder, we provide you a built-in
Virtual Keyboard to enter both your email
and password. This Virtual Keyboard is
different from the Windows On-Screen Keyboard
click with the mouse directly into the email or
password field, thus bypassing the global keyboard
handler. Our Virtual Keyboard is the ultimate
tool to protect your account from keyloggers.
Tip #5: Think what happens if your computer is stolen
It is quite easy to steal an unattended notebook when you leave for lunch
or go to the restroom. Your notebook may also be a target for thieves
if visible when you park your car. Yes it can happen to you - not just
stealing computers are mostly interested finding information they could
use to make money, such as identity theft or blackmailing you.
If you use an email client such as Outlook
or Eudora and your password is already entered, then it is very easy for the
thief to access your emails and reset passwords of your other accounts. One solution is to encrypt your sensitive files. Windows XP
built-in encryption, or you can use a software like TrueCrypt which will do
the encryption. Without your password, the hacker won't be able to
open the encrypted files. You won't notice any performance hit while protecting
your most important data.
If you do not encrypt your email files, then a hacker simply has to
re-install Windows and access your files. The encryption is the real
protection - not the Windows Login.
Tip #6: Avoid using Internet Explorer when surfing the Net
Catching viruses while surfing the Net is not something that only happen
to others. If a website contains advertising, then there is always a
risk for your computer to catch a virus from the advertising content. How it
happens? Well, the advertising contains a script which opens a popup,
then another window - typically a command prompt - and injects the virus.
If you visit a website and all of the sudden you see popups appearing on
your screen, or a
tiny window at the bottom-right corner of your screen, then you are at risk.
Many times, a virus will install itself without actually running. The
virus will be active next time you reboot your machine. Use Hijackthis (see
below) to find out if there is any new software components installed.
Years ago, I caught a virus by mistyping Google.com. The fake
website instantly opened a command prompt and installed unwanted software.
By the time I pulled the network plug, the virus was already installed. I
personally caught viruses using Internet Explorer simply by reading news
from a reputable website such as a national newspaper.
How do I know it? It was a brand new machine with only Internet
Explorer and no other software installed. I went to check the news and
saw the virus being installed on the screen. It took me about one hour
to remove this nasty virus.
In my opinion, Internet Explorer is the most powerful browser. IE
has many great features with a powerful interface for third party plugins.
Unfortunately, this plugin interface is also a security problem because
hackers can use it to install trojans and viruses under the guise of browser
extensions and ActiveX controls. By the way, other browsers also have
their security flaws, however because they are not as popular, they are
rarely a target for hackers. For instance, a hacker will prefer to
write a virus for Internet Explorer than writing a virus for a web browser
on Amiga or Atari.
I recommend using Mozilla Firefox or Chrome as your default browser. I
use Internet Explorer only for websites I own and for visiting websites I am
100% certain there is no danger of catching a virus. I have a good
confidence in Google Chrome for its safety, and as a proof of confidence, it
is my default browser. Chrome was designed from scratch with security in
Tip #7: Install the freeware HijackThis
HijackThis is a freeware listing important components installed on
your computer. Running HijackThis won't protect you computer per se, however
get familiar with your machine. If you see something new in the list,
then you can detect a possible trojan or virus. If you have
poor memory, then save the log, so next time you do a scan, you can easily
compare the logs and
notice anything new. I personally removed dozen of viruses using HijackThis on
other's computers and a few times on my own machine.
Always reboot after removing unwanted software - just to make sure the
virus does not re-appear.
Disclaimer: The tool HijackThis is for computer experts.
Do not use click on the button "Fix checked" unless you are certain of the
component(s) you want to remove. iGolder is not responsible
for your actions.