Warning Signs

General warning signs to watch for

• Your computer feels different
  This warning sign is too vague to stand on its own. It's really a sign that you should perform a thorough system check. It's a bit like walking in the door to your house and feeling like someone else has been there. You know your computer. You probably use it every day. If something doesn't feel right, there may be a good reason for it.

• Programs or commands don't run properly
  Has a particular program started crashing recently? Are you getting output from a command that's different than what you expect? It's possible that someone has gotten into your computer and is trying to hide the signs of entry.

• Unexpected network use
  If you have a firewall on your computer and unfamiliar programs are asking for network access -- or if you notice a higher-than-usual amount of network activity even without a firewall to warn you -- your computer may be being used to launch attacks on other computers, whether through email or through a network-bombing strategy referred to as a "distributed denial of service" (DDOS).
  
  If you're not running your own mail server, no program should need to connect to the network from port 25; unfortunately, DDOS attacks can be launched from nearly any port. If you see high levels of unexpected network use, scan your system for viruses, because most antivirus programs will also detect known email and DDOS attacks.

• An administrator tells you your computer has a security problem
  You may hear it from CITES Security Services, another campus network administrator, or another Internet service provider's administrator. In any case, your best response is to disconnect your computer from the network and do a thorough system check.
  
  However, legitimate warnings from a known system administrator about your own computer should never require you to click on an emailed link to log in to a system. Legitimate security warnings are not the same as the fraudulent "warnings" requiring a click on an emailed link for access to an online account, described below.
  

Warning signs by operating system

More specific warning signs to watch for:

• Windows warning signs

• Unix/Linux warning signs

False alarms and scams

• "Your account has been locked" and similar warnings
  If an email says that your account has been compromised and that you must click a link and renew or verify your information, DO NOT CLICK THE LINK. In nearly all cases, these emails are sent under forged headers from third-party sites who are trying to extract account information and passwords from you. No reputable site should ever require you to click a link as the only method of accessing financial information, and very few of them will contact you by email.
  
  Instead, type the company's URL into a new browser window, and make sure that you're still visiting the same web site you intend to visit. If you don't see anything on the legitimate web site about "your account has been locked," and you probably won't, then the email was sent by a phishing scam. (More information about how to foil phishing attempts.)
  
  Similarly, if someone who isn't an administrator emails you and says "you sent me a virus," it doesn't necessarily mean you're infected. Many modern viruses raid people's address books and inboxes for other people's identities, in order to make the virus emails appear to be from someone the victim knows. So the virus email may appear to come from you, but someone else may be the person actually infected.
  
  Administrators can track down the original source by using email headers and tracking info hidden in the email; most ordinary users don't know how to track through headers, and only recognize the name the email claims to have come from. On the other hand, better safe than sorry: It never hurts to run a virus check during a time when you're not using the computer heavily.