Security 101: April – Questions & Answers

As previously announced, we continue to answer questions received from the readers of the PC.COM magazine.


How does a phishing website gets access to our account number

A phishing websites try to fake official websites of financial corporations (banks, unions, credit card companies) or webshops (amazon, ebay, etc.)  in order to trick the users to enter their login credentials.

The user receives usually an email which pretends to come from entities like the above mentioned (phishing email) which  urges the user to login on the fake website. Once the user logins with his correct credentials, they are saved by the fraudsters and misused later.

Fortunately, more and more websites (especially financial) have introduced multi-factor authentication which adds another layer of protection. The classical authentication represents something that the user knows because it is based on user/account and password/PIN. The multi-factor authentication introduces another element which usually represents something that only the authorized user has, like a mobile phone (the user receives an SMS to authorize financial transactions) or a token generator (which generates a unique token for each transaction).




How can I prevent virus from attacking my PC, besides installing antivirus?

Malware (viruses, trojans, adware, etc.) can these days attack the PC from multiple directions. It can be delivered while browsing a webpage (drive-by downloads), reading an email (malware attacked) , reading a specially crafted document (allows exploits) and others. This is why it is very important to protect all these attack directions by installing dedicated security solutions for protecting these entry points in the PC: web surfing protection, mail protection, patch management. Last but not least, a very important factor of protection is represented by user’s know-how. So, user education is becoming increasingly important in today’s rapidly changing world.


Sorin Mustaca

Data Security Expert