Do you want to learn how to protect your computer from viruses and other threats, but don't know where to look? October is National Cyber Security Awareness Month, and it might be a good time to take a look at some of the tips and facts offered by the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT).

Apparently hackers have been busy. According to US-CERT, if you're connecting a new computer to the Internet, nowadays it can take only minutes for a hacker to exploit the security on some networks. See the Tech Tip for how to protect your new computer before connecting it to the Internet.

Some tips to keep your computer secure:

• Maintain up-to-date antivirus software. 
• Download software programs and updates directly from the vendor's website.
• Don't follow unsolicited links or open unsolicited e-mail messages (pdf).
• Use caution when visiting websites you don't trust. Ditto for downloading and installing programs.
• Protect your privacy and avoid social engineering and phishing attacks (when an attacker contacts you under false pretenses and tries to trick you into providing your private information).
• Sign up for cyber security alerts and cyber security tips.

And if the security of your computer has been compromised, see how to recover from a Trojan horse or virus (pdf), report a phishing site, or notify federal law enforcement if you're a victim of Internet fraud.

For more information on common online threats, protecting your privacy and maintaining your security, and reporting Internet fraud and Internet-related crime, visit USA.gov's FAQ and the Federal Citizen Information Center's publications.

Last week I got a rather panicky call from a friend of mine.

"I think I just got scammed on Craigslist," she said. "How can I report it?"

I asked her to give me some more details so I could tell her the best place to report.

Here's the gist of the story.

My friend and her roommate are moving at the end of next month so they have been searching Craigslist for apartment listings. They'd responded to several ads and found one apartment that sounded extremely promising -- good location, reasonable price, utilities included. When they contacted the poster, he sent them back an application form to fill out.

One part of the form required them to supply their credit score. That sounded a little odd. When I moved, my landlord ran the credit check himself, but I figured maybe this guy wanted a ballpark figure and then he would run it himself too. My friend went to Annualcreditreport.com to find her report.

Both girls filled out their forms and were getting ready to turn them in when they noticed something in the email said it was mandatory that they use a Web site he provided to find their credit score because supposedly the guy had been scammed too many times by other sites. They both thought that was very strange.

Turns out the whole thing was a giant phishing scam. The link for his "safe" site looks like the apartment complex's real site, but instead it steals personal information, like names and social security numbers. Thank goodness my friend and her roommate hadn't noticed that link until later or that guy would have gotten all of their personal information.

I directed my friend to scam resources on the Federal Citizen Information Center Web site and told her to check out the links for the Internet Crime Complaint Center and the Federal Trade Commission. USA.gov also provides information on Internet fraud.

Do you know of any other resources for reporting online scams?

Have you ever opened your e-mail inbox to find a message from a wealthy foreigner who offers you a huge payment to help him move money out of his country? All you need to do is provide your U.S. bank account number.

Or maybe you’ve been nominated for the “Oprah Millionaire Contest Show” and all you need to do to is send money for your airfare and tickets to the show.

Perhaps you’re personally eligible for some money from the Economic Stimulus package and all you need to do is provide bank account information so that the money can be deposited directly into your account.

Sometimes these types of scam emails come from e-mail addresses you should be able to trust: fbi.gov, irs.gov, even usa.gov.

Does all this sound too good to be true? It is!

The sad truth is that many, many unsuspecting people fall for these scams every day, and they pay dearly for their mistakes. They lose thousands of dollars, have their identity stolen and worse. But because these scams really work, people will continue to prey on the unsuspecting.

What can you do? Be alert and use your head – if it sounds too good to be true, it probably is.

If you’re not sure if an email is legitimate or not, do some checking. A quick internet search can usually give you a pretty good idea. The Federal Citizen Information Center also lists fraud schemes and scams. If you don’t see it on the list, find yourself an alternate, trusted way to reach the alleged source of the email and find out if the offer is for real. You can report e-mail scams to the Federal Trade Commission. Your complaints help them detect patterns of wrong-doing, and lead to investigations and prosecutions.

There wasn't a whole lot of April Fooling going on at Gov Gab headquarters this week, I'm sorry to report—except for the person who went nuts with a roll of double-face tape at lunchtime and stuck the office refrigerator door shut. I don't know who would do such a thing. But I regress. I mean, digress...

I wanted to tell you about another kind of fooling involving your email and tax season.

This year, more than 80 million tax returns will be filed electronically. And with America's growing comfort with online transactions—from shopping and auctions to banking and investing—scammers know you'll pay attention when you get an email that seems to be from a company or government agency you do business with, saying that there's a problem with your account. Scammers have gotten so good at spoofing—masquerading online as legitimate government agencies and businesses—to "phish" your personal and financial information out of you that even really web-savvy people are being fooled.

As we’re approaching tax time, scammers in the guise of the IRS are sending email messages reporting that you have an unexpected tax refund. And, they say, if you click the link in their email and enter information about yourself and your bank account, they'll send your refund. Don't believe it. Follow those instructions and you're likely to have your bank account drained instead.

How do you know what's real? Take a minute right now to read the IRS' alert about phishing emails and other tax scams. They also explain how to report fraudulent IRS email messages so they can investigate and catch the scammers.

If your email in-box is anything like mine, besides the confidential messages from Nigerian bankers and spam offering cheap prices on medications, you'll see other phishing schemes. I've gotten fake email allegedly from eBay, PayPal and more than a dozen banks and mortgage companies--most of which I don't even do business with. And they all request personal and financial information from me because my "account has been breached" or they want to update my records. Baloney. The government agencies and companies you do business with will not email you out of the blue about your account. When you get email messages like these, avoid opening them. But if you accidentally do, don't click any links in the email—they'll take you to a spoofed site instead of the real thing.

To find out if an email message is really from a company or agency, type the company or agency’s name or url into a search engine to make sure you get onto the legitimate site. Then on the home page, look for "contact us" or "security" or "report fake email/phishing" for instructions on determining whether an email is the real deal, and on reporting or forwarding the fake email for investigation.

As I've been writing this, I got another fake IRS email. It looks a lot like this. I forwarded it right on to the IRS for investigation. It makes me really mad when someone tries to take advantage of me—and of you. Please be careful online, and I'll do the same.

It finally happened to me, I got "phished" or "vished" -- whichever you prefer. I never thought it would happen to me since I've been giving the public information about protecting themselves from phishing and ID theft for years. It sure is different to be the one faced with fending off the crook, though.

So, here's my story: 

A couple weeks ago I was driving home from our office picnic when my personal cell phone rang. I usually don't answer if it's an unknown number, but for some reason I picked up anyway. A woman with a syrupy southern accent started the conversation by saying she was from the State Department, she then told me I was using a cell phone number the government was paying for and nicely asked me to provide all the information about myself I possibly could that might help her "resolve this issue."

My first instinct was to help the woman out.  My heart had started beating like crazy as I wondered what I had fouled up this time.  I just wanted this situation resolved ASAP.  I mean, who wants the State Department on their case?  Then, my red flags started going up.  Why would the State Department call me directly instead of calling the cell phone company to ask about the bill? And, if  the State Department really wanted information about me, couldn't they get it another way, like send me a certified letter on government stationary? Besides, I pay the bill for that phone number every month, how could they be paying it, too? Whew, I finally had my wits about me and I hadn't given up any of my personally identifiable information (she already had my name and cell number).

With that brief moment of panic behind me, I kindly and firmly replied that unless she could prove what she was saying I had every reason to believe she was just trying to steal my identity, and, NO, I would not be sharing any personal information to help her out.  Then the threats started -- "I'm going to have the State Department's head of security call you" "and my director, too."  My favorites were "you're stealing from the government and committing a crime" and "we're going to have your cell phone turned off." I told her to feel free to have them contact me since I wouldn't be sharing any information with the head of security or her director either unless they could prove what was going on.  Exasperated, I excused myself from the conversation and hung up.

What did I learn from all this?

1. It's harder to resist the phisher than I thought, and it's also scary to consider "what if they're telling the truth"?  I still wonder about this one, but, I haven't gotten a call from the State Department's head of security and no one has shown up at my door yet.  I'm comfortable this one was a hoax.
   
2. Phishers don't just email, they can also call.  It's harder to fend off a caller than just deleting an email.  When in doubt just hang up.
   
3. Be tough and if what the caller says sounds fishy or just doesn't make sense, it probably isn't legitimate. DO NOT answer any questions -- even if the caller threatens you!!
   
4. Don't be afraid to ask for proof of the caller's identity.  If the caller's claim is legitimate they won't hesitate to prove themselves to you.
5. Report email phishing to the US-CERT.  Report phone phishing to the National Fraud Information Center.