Online Cyber Safety
Cyber Safety Glossary Protecting Yourself Useful Links
Go
Security Software
Online Shopping Tips
Report Piracy
Inquire with Questions

Report Fraud

Cyber Safety Glossary

report fraud Digital Signatures

Also Known As:
Public-key digital signature, Message Authentication Codes.


Description:
It is routine to be asked to show photo ID when paying with a check. Very few people think twice when a sales clerk verifies a signature before handing back a credit card. The photo and the signature are used to verify that the person making the purchase is who he says he is.

Because there is no physical way to verify the identity of a person making an online purchase, businesses rely on what is called a digital signature. A digital signature ties a person to a specific address, in this case an email address and possibly a street address, and a unique identifier — a password. The two pieces of unique information, address and password, identify the person. Once a digital signature is established, the online business or organization can convey special privileges, such as creating personal shopping lists or identifying and receiving news stories on specific topics. To buy something online, one more step is required — linking credit card and billing information to the digital signature.

Trust Goes Both Ways:

Digital signatures are good for the online business, but what is the business doing to assure the consumer that it is a legitimate enterprise? Reputable businesses verify their identity by obtaining and displaying certification from trusted third parties. These third parties can be the Internet service provider that hosts the Web site or certification companies.

The certification process involves a thorough review of the business. After a successful review the certification company issues a digital certificate authenticating the Web site. Digital signatures and digital certificates create the foundation of trust on the Internet.

Keeping Financial And Identity Information Secure:
One of the reasons why you should never send sensitive information — credit card or bank account information — via email is because it can be viewed by anyone with a measure of technical ability. Email, in effect, is sent over the Internet in plain text. Credit card and other sensitive information on a certified website, however, are not transmitted in plain text. The data is encrypted — locked away and effectively hidden — from prying eyes.

Companies with valid digital certificates use a form of encryption called public-key cryptography. When a purchase is made and credit card information is transmitted, a “public key” locks the transmission — encrypting it and effectively hiding key information in the transmission. Only the certified business has the “private key” that can open it.

Recognizing Sites That Are Secure:
When determining whether a Web site is secure, the first thing to look for is a logo of a certification company on pages that are asking for sensitive information. That indicates the page is likely certified.  However, don’t rely on certification logos alone.  Online thieves have shown the capability to highjack browsers and mimic or spoof legitimate looking websites.  A more reliable check is to look at the URL in the browser window to see if it displays “https:” at the beginning, instead of “http:” The “s” means the Web page resides on a secure server. Https should appear on any page where sensitive information is requested.

Internet Explorer users can determine a Web site’s encryption level and certificate information through the following:

  • On a page that asks for a digital signature or credit card information, right-click on the page. Then select Properties. A box will appear and will give information on the level of encryption — 40-bit or 128-bit. 128-bit is the highest level. Click the Certificates button to find out which organization issued the digital certificate.

Netscape users should follow these steps to see what level of encryption is protecting their transactions:

  • On the secure page, click the Security button in the Navigator’s toolbar. The Security Info dialog box indicates whether the Web site uses encryption. If it does, click the Open Page Info button to display more information about the site’s security features, including the type of encryption used.

Taking these steps helps ensure secure transmission of sensitive financial and identity information.
Select a Term

Adware  
  Annoying pop-up and banner ads? System slowdowns? Your computer may be infected with Adware
Bots & Botnets  
  Hackers use bot programs for theft, fraud, and denial-of-service attacks on Web sites
Browser Highjacking  
  Malware used by hackers to direct your computer to their websites, regardless of the address you entered.
Cookies  
  A Web page that welcomes you by name uses cookies
Counterfeit Products  
 

Businesses rely on what is called a digital signature to recognize their customers
Digital Signatures  
 

Businesses rely on what is called a digital signature to recognize their customers
Extortionware  
 

A software program that encrypts essential personal files - taking them hostage and demanding money for their safe return
Keylogger  
  Hackers illegally use software keyloggers to identify their victims’ computer passwords, login names, bank account and credit card numbers
Malware  
  Any software program developed for the purpose of doing harm to a computer system or to create mischief
Man-in-the-Middle Attack  
  Cyber criminals eavesdrop on electronic communication between a consumer and a legitimate organization
Nigerian Scam  
  Unsolicited email messages from a stranger who promises great wealth — a get-rich-quick scheme
P2P File Sharing  
  Peer-to-peer file sharing is very popular on the Internet, but it can also lead to virus infections and a host of other problems
Pharming  
  A technically sophisticated scam designed to trick individuals into disclosing sensitive information such as bank account, credit card, and Social Security numbers
Phishing  
  Official looking and sounding messages that urge immediate action to update sensitive financial and identity information
SMishing  
  Designed to trick you into divulging identity information, SMishing is Phishing over cell phones and other mobile devices.
Social Engineering Scams  
  A scam that preys upon our acceptance of authority and willingness to cooperate with others
Social Networking Sites  
  Never under any circumstances should your child or young teenager agree to meet in person someone from one of these sites
Software Piracy  
  The illegal use and/or distribution of software protected under intellectual property laws
Spam  
  The cyber equivalent to junk mail – spammers have developed many ways of obtaining email addresses
Spim  
  Unsolicited product or service advertisements that appear as instant messages
Sping  
  Spam from a fake blog tricking the unwary into visiting
Spit  
  A spam campaign against VOIP voicemail
Splog  
  A spam campaign directed against blogs
Spoofing  
  A criminal pretends to be a business or organization in order to gain access to a computer user’s sensitive information such as bank account, credit card, or Social Security numbers
Spy-Phishing  
  In a successful Spy-Phishing attack, a Trojan and/or Spyware is downloaded onto your computer from a Phishing message.
Stealth, Polymorphic, and Armored viruses
  These viruses hide, copy, or “armor” themselves in an attempt to avoid detection and removal from a computer.
Bots & Botnets  
  Hackers use bot programs for theft, fraud, and denial-of-service attacks on Web sites
Trojan Horses  
  Files or software programs that appear to be legitimate, but once installed can cause havoc
Viruses  
  Malicious programs or codes inserted into computer systems without the user’s permission
Warez Sites  
  Any site that hosts pirated software
Worms  
  These malicious software programs spread automatically from computer to computer
Zombie Drones  
  Personal computers secretly under the control of hackers
   
   



Business Software Alliance
Cyber Safety Glossary | Protecting Yourself | Useful Links
©2008 Business Software Alliance