Online Safety and Security Tips

This page provides useful tips to protect your computer from unauthorized access by fraudsters.  Many websites recommend changing your password often and making it hard to guess, however those tips are nearly useless.  Remember that online security is as strong as its weakest link, and the weakest link is your email account.

 

 

Tip #1: Keep Your Email Messages Private

This is the most important security tip to remember.  If someone can access your email messages, even without knowing your email password, then he can reset the password of almost any of your online accounts, including your iGolder account.  iGolder relies on the fact your email is private to you, and you alone can access your email messages.

 

If your email account is compromised, then a hacker can simply reset your iGolder password.   The hacker simply has to open the email containing the instructions to reset the password and type a new password, therefore having full access to your iGolder account.  iGolder also sends email messages to confirm a transaction, however, however if your email account has been compromised, then the confirmation will fall into the hands of the hacker which will happily approve the transaction.

 

By the way, protecting your email password is a universal tip - is not something unique to iGolder.  If someone knows your email password, then your personal information is as vulnerable with other websites, including your online bank.  We don't want to scare off our customers, however we prefer to make you aware of the risks involved with online transactions so you can better protect yourself.

 

At iGolder, we are fully aware your email password may have been compromised.  If you forgot your iGolder password, then iGolder will send two confirmation emails at intervals ranging from one day up to one week.  The first email requires you to follow the initial steps to initiate the password reset, and the second email contains additional steps to reset your password.  The delay between the emails varies according to your account balance, the length of time you have been a member and how long it has been since your last login.  For instance, if you have a large balance and did a login yesterday, and somehow you "forgot" your password, then the delay to reset your password will be much longer.  People forget their password when they rarely use their account.  A hacker requesting a password reset must wait several days before being able to login into your account, thus giving you time to discover the security breach and report it to iGolder.

 

Tip #2: Never give your password to anyone for any reason, including any operator at iGolder

iGolder does not need your password to access your account and execute your transaction, regardless of the transaction complexity.  If anyone asks for your password to verify your identity, verify some documents, or verify the status of a transaction, please contact us (without giving your password of course) and we will see what we can do to further protect your account.  If you don't feel contacting iGolder, then ignore the request, however do not respond by giving your password.

 

This tip is also good for other websites.  A well designed website does not require you give your password to any operator, regardless of the situation.  If the operator, such as a bank teller, has legitimate access to your account, he/she does not need your password to perform his job.  The operator will however ask you personal question to identify you making sure you are the legitimate account holder.

 

Tip #3: Learn to detect suspicious emails and don't respond to it

  • Any web page requesting you to enter personal information from an email is suspicious.  Unless you are expecting such email, it is better to ignore it.
  • Any email requiring immediate action under threat of account suspension is a sign of phishing.  Hackers usually send spam to thousand of email recipients, and they need you to act quickly to maximize their scam before being discovered.
  • It is very easy to fake an email address, so don’t assume that because an email appears to be from a trusted organization that it is not a phishing attempt.  Do not reply to the email - replying to the email will just confirm you have opened it and you are doing business with that organization.  If you are not sure, contact the sender by phone to verify the legitimacy of the message, or compose a new email with the contact you have in your address book.
  • When you enter personal information on the web, make sure you initiated the action by typing the URL in the address bar of your web browser.  Clicking on a link from an email may redirect you to a fake website looking identical to the legitimate website.  The hacker will use that information to access your real account, typically making a transaction to transfer funds or purchase something with your money.
  • Any respectable web site asking for personal information should be secure.  Hackers don't care about the safety of your personal information; they rarely take the time to purchase and install an SSL encryption certificate to secure the website they use for stealing your personal information.  Some don't even bother purchasing a domain name which costs less than $10.  Instead, they use a direct IP address to access web pages.  Any URL without "https" (notice the "s") is not secure, regardless of the fancy graphics claiming a "secure connection".

 

Tip #4: Be careful using public computers to read your emails

Installing a keylogger is a trivial operation, and you never know for sure what software is installed on a computer you don't own.  The simple action of checking your email is enough for a hacker to get your email password and access your personal information.  Since the hacker has your email password, he can reset the password of your other accounts and access your online banking.  Try avoiding using public computers, or use computers from reputable places from known Internet Cafe.  Those Internet Cafe care about their reputation and are less likely to install spyware.  (Just think about the loss of business the Internet Cafe would suffer if the word was out that they install spyware - many customers would stop using their Internet services).

 

Also, type your password in pieces, by entering a portion of your password, clicking with the mouse, and complete the password.  For instance, if your password is "abcdef", then type "cd", then click at the beginning and type "ab", click at the end and type "ef".  Although mouse clicks may be recorded by the key logger, the keylogger will not be able to easily reconstruct the password.

 

Some websites recommend using the On-Screen Keyboard (OSK.EXE) for typing your password.  The rationale is clicking with the mouse on this virtual keyboard will prevent a keylogger from recording your password, however it is completely false.  Although using the mouse will fool a keylogger, the On-Screen Keyboard converts mouse clicks into keystrokes and feeds those keystrokes to the global keyboard handler.  A keylogger is a piece of software recording activity on the global keyboard handler.  Sure enough, the On-Screen Keyboard will protect you against a hardware keylogger, however such type of keyloggers are incredibly rare.

 

At iGolder, we provide you a built-in Virtual Keyboard to enter both your email and password.  This Virtual Keyboard is different from the Windows On-Screen Keyboard because it uses JavaScript to feed the keys you click with the mouse directly into the email or password field, thus bypassing the global keyboard handler.  Our Virtual Keyboard is the ultimate tool to protect your account from keyloggers.

 

 

Tip #5: Think what happens if your computer is stolen

It is quite easy to steal an unattended notebook when you leave for lunch or go to the restroom.  Your notebook may also be a target for thieves if visible when you park your car.  Yes it can happen to you - not just others.  People stealing computers are mostly interested finding information they could use to make money, such as identity theft or blackmailing you.

 

If you use an email client such as Outlook or Eudora and your password is already entered, then it is very easy for the thief to access your emails and reset passwords of your other accounts.  One solution is to encrypt your sensitive files.  Windows XP Professional has built-in encryption, or you can use a software like TrueCrypt which will do the encryption.  Without your password, the hacker won't be able to open the encrypted files.  You won't notice any performance hit while protecting your most important data.

 

If you do not encrypt your email files, then a hacker simply has to re-install Windows and access your files.  The encryption is the real protection - not the Windows Login.

 

Tip #6: Avoid using Internet Explorer when surfing the Net

Catching viruses while surfing the Net is not something that only happen to others.  If a website contains advertising, then there is always a risk for your computer to catch a virus from the advertising content.  How it happens?  Well, the advertising contains a script which opens a popup, then another window - typically a command prompt - and injects the virus.  If you visit a website and all of the sudden you see popups appearing on your screen, or a tiny window at the bottom-right corner of your screen, then you are at risk.  Many times, a virus will install itself without actually running.  The virus will be active next time you reboot your machine.  Use Hijackthis (see below) to find out if there is any new software components installed.

 

Years ago, I caught a virus by mistyping Google.com.  The fake website instantly opened a command prompt and installed unwanted software.  By the time I pulled the network plug, the virus was already installed. I personally caught viruses using Internet Explorer simply by reading news from a reputable website such as a national newspaper.  How do I know it?  It was a brand new machine with only Internet Explorer and no other software installed.  I went to check the news and saw the virus being installed on the screen.  It took me about one hour to remove this nasty virus.

 

In my opinion, Internet Explorer is the most powerful browser.  IE has many great features with a powerful interface for third party plugins.  Unfortunately, this plugin interface is also a security problem because hackers can use it to install trojans and viruses under the guise of browser extensions and ActiveX controls.  By the way, other browsers also have their security flaws, however because they are not as popular, they are rarely a target for hackers.  For instance, a hacker will prefer to write a virus for Internet Explorer than writing a virus for a web browser on Amiga or Atari.

 

I recommend using Mozilla Firefox or Chrome as your default browser.  I use Internet Explorer only for websites I own and for visiting websites I am 100% certain there is no danger of catching a virus.  I have a good confidence in Google Chrome for its safety, and as a proof of confidence, it is my default browser.  Chrome was designed from scratch with security in mind.

 

 

Tip #7: Install the freeware HijackThis

HijackThis is a freeware listing important components installed on your computer.  Running HijackThis won't protect you computer per se, however you will get familiar with your machine.  If you see something new in the list, then you can detect a possible trojan or virus.  If you have poor memory, then save the log, so next time you do a scan, you can easily compare the logs and notice anything new.  I personally removed dozen of viruses using HijackThis on other's computers and a few times on my own machine.

 

Always reboot after removing unwanted software - just to make sure the virus does not re-appear.

 

Disclaimer: The tool HijackThis is for computer experts.  Do not use click on the button "Fix checked" unless you are certain of the component(s) you want to remove.  iGolder is not responsible for your actions.

 

HijackThis displays important components installed on your computer

 

 

 

 

 

Since August 1st, 2013 iGolder is no longer accepting new accounts and balances can only be redeemed. During the past years, we have been recommending Bitcoin more than our own payment system. We believe in physical gold ownership, and developed iGolder as a mechanism for people to acquire physical gold by trading with one another.

Since iGolder has a central point of failure (our server may be raided by thugs wearing some kind of uniform), we feet it is safer for us to cease operations. The iGolder experiment has been personally rewarding as we met many gold enthusiasts and also learned about Bitcoin in the process. For those who have no idea what Bitcoin is, we recommend doing your own research. Bitcoin is far superior to iGolder in every way, both in privacy and security as our server is always vulnerable to confiscation. Bitcoin is a communication protocol with a built-in "escrow service" capable of protecting both the buyer and the seller, rendering our Safetransit completely redundant. To learn more about the Bitcoin protocol and its feature, please watch "http://www.youtube.com/watch?v=mD4L7xDNCmA (Bitcoin 2012 London: Mike Hearn).

For those having gold in their iGolder account, we will ship the physical metal to anyone having more than 1 ounce of gold, assuming the owner is willing to assume the shipping costs. For smaller quantities, we offer to settle in Bitcoin, however we will also settle with any other reasonable payment system. We will give everyone at least two full years (until 2016) to contact us to claim their gold. After that period, any unclaimed gold will go to fund an economic development project in Honduras helping local people to become entrepreneurs.

We sincerely wish you the best in life and hope to keep in contact with you.

Yours in liberty,
The iGolder Team.


Update 2014: Since we announced we no longer accept gold transfers, we have received countless emails asking to keep the free gold charts and the PGP encryption tools. We plan to keep running the domain iGolder.com for both the gold charts and the encryption tools. Better, we are developing state of the art open-source software for a secure decentralized social network with a built-in wallet. We will announce when we have a product ready for use. Stay tuned!