Using Instant Messaging Safely
Why do I need to use instant messaging differently?
We've seen attacks using e-mail (spamming, phishing, viruses, etc.) for years. We've learned to look at our e-mail and think before responding to messages or clicking on links.
Now, attacks are appearing against instant messaging. Instant messaging is done quickly, with little time given to detecting and analyzing potential threats. Attackers take advantage of the immediacy of instant messaging to send spam, phish, and spread viruses, worms, and other types of malware.
What can I do to protect myself?
Here are a few tips on how to use instant messaging programs more securely:
- Configure your software to only receive messages from people on your buddy list. With this option turned on, most IM clients will prompt you before accepting messages from users who are not on your buddy list. This allows you to see who the sender is before accepting messages from people not on your buddy list.
- Always keep your software up-to-date. Patches and new versions are released to fix discovered security vulnerabilities and/or functionality issues in the existing software.
- Turn off features that automatically download files. Otherwise, if your "buddy" gets a virus or a piece of spyware, you'll get it too.
- Click on links and open file attachments only in the context of a conversation. When you get a URL or attached file, respond. Don't just click on the link! If it's from a buddy, check with the buddy to make sure he or she sent the message.
- Do not allow direct connections from anyone through your instant messaging client. There are other methods for transferring photos and other files that are much more secure, and often faster, than sending them through instant messenger.
- Close and ignore any SPIM (Spam from Instant Messaging) you receive. You may also want to block the sender. By only allowing people on your buddy list to send you instant messages, you can avoid most (if not all) SPIM.
- Check your profile for strange links and text. If you find links or text in your profile that you did not put there yourself, you may be infected by malware. Try to stay off instant messenger until you can confirm that your computer is free of malware, otherwise you may accidentally infect other users.
- Never give out private information to anyone through instant messenger. Instant messenger traffic can be easily intercepted by attackers, especially over wireless networks. Always keep in mind that anyone could be "listening in" on your messages.