We have quite a bit of content for Online Safety. We will cover some of it, but please spend some time with the web lesson (below) and/or the handout.
Review from last time ( web browsers)
Presentation
If time, the online quiz in our lesson below
Homework:
Review web lesson. Lots of information.
Spend time looking at resources, both if you have had a breach and how to be safe.
Do the activities and the challenges and let us know how you do (via email, discussion board or in our Zoom class)
Look at some of the suggestions for a safer you and consider making some changes.
Review resources at the bottom of this lesson.
Presentation on Online Safety
Zoom room:
Either: https://sdccd-edu.zoom.us/j/9191959460?pwd=OXh0RE9ZTVZTWElTMUQ0ZzAxQzExdz09
OR: Meeting ID: 919 195 9460 with password emeritus
In case we do not have class, here are some activities to help you with this lesson.
Watch this video for some examples of email scams
Open your email program and click on the spam folder (REMEMBER YOU WILL NOT CLICK ON ANYTHING, JUST OPEN)
Today’s class is all about online safety. We will discuss different types of malware, and how that malware gets onto your system. We will learn how to minimize your chances of downloading malware, and will discuss what to do when you think you have it on your system. In addition, we will discuss anti-virus programs, passwords and apps, how to stay safe and a list of resources to help if you are a victim of a breach or identity theft. Lots of information in today’s lesson!
Malware is any software installed on your machine which performs unwanted tasks, often for another party’s benefit. They can just be annoying (popups) or serious (stealing passwords or data or infecting other computers on network). Malware gets through by bundling (attached to other software), email attachments or links, or finding security holes in your browser. If you get a note saying that software is needed to view a site, this may be malware. Or, a site may say that clicking on certificate verification will make it safer. Not the case! Once installed, it can be very difficult to remove.
Malware is spread using different methods including:
Free software offers
File sharing
Torrent (sharing music or movie files through a service)
Malicious files and mobile apps
Removable media (like thumb drives, external drives and discs)
Phishing emails
Smartphones: Your smartphones are not immune to malware.
Some apps may send premium text messages running up charges. They may also enroll your smartphone in a malicious “bot” network, which uses cellular data.
In the wrong hands, your cellphone can get infected with malware which can steal money and credit card information, view and contact your contacts and photos, track your location, read your text messages, save your passwords, send texts in your name and more.
You can also get malware from clicking on a link in your text
Unsolicited calls may also result in malware (or other security problems). Watch for people claiming to be government, utilities or tech firms. Charities can be scam as well as calls pitching for products or services too good to be true. Suspect any offers for free product trials, cash prizes, cheap travel, medical devices, preapproved loans, debt reduction and more.
Social networks are also vulnerable.
By merely receiving a notice in messenger that a friend has mentioned you, you click on it. You are taken outside Facebook to download malware. Attacker adds the post to your timeline so others can click on it. Malware takes over (hijacks) your browser, which is disguised to look like the real one. The attacker captures traffic and hijacks accounts. In the background, others scripts download which protect the malicious code from analysis and makes it invisible to antivirus software. Attackers now own the Facebook account (and anything associated with the hijacked browser (Google drive, Microsoft One Note).
Malicious email:
If malware is software that performs unwanted tasks, email is the vehicle that delivers it to your device. Emails can be harmful to your computer, causing you to click on sites that can leave malware on your system, or trick you into providing some personal information. You may find yourself in an Email scam by responding to a questionable email. Some of these include the old-fashioned fraud emails (business opportunities, health and diet, cable descrambler kits), discount software, advance fee fraud (like the Nigerian Prince), Phishing email (looking for information) or Trojan Horse emails (entice you into installing software, then turning on you).
Malicious email attachments:
According to a 2017 Verizon report, 66% of malware was installed via a Malicious Email attachment. With a malicious email attachment, the attacker will fool the user into downloading malware or other things which can include invoice fraud. Downloading the attachment alone can release the malware and do damage.
Malicious attachments that look like legitimate file attachments, usually an invoice, software update, or other file that seems urgent in nature. These attachments can infect your device with malware that can spread to other systems. Some attachments will take you to a website which asks you to enter your credentials to access the file. However, the file is bogus, and your credentials are now in the hands of the attacker.
Websites:
Sometimes a fairly innocuous site may contain links to sites which are not to be trusted. One way is through clickbait. Clickbait is when you see a headline on a website, but you can’t reveal the answer until you click on it. Clicking on the image will not give you malware, but it will send you to yet another web page, which may contain additional links which are not reputable. Clickbait is attractive because we don’t like ambiguity, and we find it difficult to leave a site after having our interest piqued.
Hacker sends out virus or worm to infect vulnerable home computers. This creates a slave network called botnet. In the next stage, the hacker sells or hires out the botnet to other criminals who use it for fraud, spamming, DDS attacks and other cybercrimes.
We don’t like those ads. But sometimes, the ad blocker can be fake and might have the ability to remotely inject malicious code into unsuspecting customers of the ad blocker. Some browsers, such as Google Chrome, now have built-in ad blocking, which blocks negative ads such as popups, auto-playing video ads with sound, ads with a countdown and large stick ads. If the browser suspects a website is running these ads, they may choose not to load any ads on that website.
Virus: A self-replicating code. It must be opened or executed to run it. It looks for programs to infect. It can live in the system (resident), which would mean it could strike again. Or it can only be activated when clicked (non-resident). Computers can become infected with a virus in a number of ways including:
· Accepting software or download without reading the fine print (Trojan Horse)
· Downloading infected software from a bad source
· Opening email attachments containing a virus
· Using an infected disc or thumb drive
· Visiting a malicious site
· Not running updates on browser, programs and operating system
· Using a file distribution network for pirated movies/software
Signs you may have a virus:
· Clicking on an icon or program does not work
· Your device is crashing, freezing or rebooting by itself
· Your antivirus and/or firewall is suddenly disabled
· You see unexpected advertisement windows
· You cannot print
· You no longer have the icons on the desktop, and/or program files in your folder
· You have major problems installing or downloading software
· You can’t access your disk drive or hard drive
If you think a file is suspicious, you should first scan the file for viruses. Using your antivirus program, right click on the file and select “scan for viruses”.
If you are concerned that you are infected, use your antivirus program to run a full scan. Open the program and select full system scan.
If a virus is found, a prompt will be given to move the virus or delete the files. Both are ok.
If you don’t have an antivirus program installed, find a free one online by a reputable company such as Bitdefender, ESET, Trend Micro, Kaspersky or Symantec.
Phishing is an attempt to get information from you. It is intentionally designed to trick you into believing. What does phishing look like?
Malicious attachments (like invoice, software or another file that seem urgent). They can infect your device with malware, or send you to a website where you enter sensitive data
Malicious links: They take you to an imposter website like the real one. They want to fool you into entering credentials. The links can be imbedded in email or as links in a website
Requests for sensitive data designed to seem legitimate.
There are ways to spot possible phishing attempts. They include:
Unknown sender, sender you recognize with a suspicious looking email, or incorrect address
The sender doesn’t seem to know you. ( “Dear Customer”)
Embedded links: Hover over to see if it is from a trusted source
Language, spelling and grammar: Many of these are created in other countries and translated into English. Content is bizarre or unbelievable: Think of the Nigerian Prince.
There is a “call to action” button. This is encouraging you to click there, which can trick you into downloading a malicious code.
View this assortment of phishing examples. Would you have spotted them?
How did you do?
This quiz has 14 screens. You look at the screen and decide whether it is Phish or Real. When you are done, you can see the things that indicate that something was phishing.
Clickbait is a technique used in websites which is designed to have you click on links that look interesting. In fact, the goal of clickbait is for you to click on the link. It really doesn’t care if clicking on the link provides you with a satisfactory answer. They get paid either way! Clickbait is not in itself malware but could direct you to a bad website.
Examples of clickbait:
· She dragged her plate across the pool. What happened next blew my mind
· When you read these 19 shocking food facts, you'll never want to eat again
· He thought it was Bigfoot's skull, but then experts told him THIS
· 87 yr old trainer shares secret to losing weight
Clicking on any of these links will only disappoint you (see the presentation).
Why are we attracted to clickbait? It is because of our “curiosity gap”. That is the difference between what we know and what we want to know. This is powerful because
· We do not like ambiguity (not knowing). By clicking now, we will discover the answer
· We are most likely to remember an unfinished task. That fascinating headline will bug us until we look for the story.
We all have a fear of missing out (FOMO). What are those shocking food facts anyway?
Software that provides unwanted advertising. Includes pop-up ads, banners and in-text links. May redirect to another website, install third party software, track or affect system performance. May even prevent you from using ad removal software.
Script which collects information about your device and transmits it to other sites. So, these sites know where you have visited and will provide sometimes fake websites that would interest you.
Software that captures anything that you type. Not only dangerous for your devices (think passwords) but also in terminals at gas stations and ATM machines (known as POS or point of service terminals)
RAM scraping malware is also used for POS interactions, where data is stored unencrypted for just a couple of milliseconds. RAM scrapers use this window of time to grab card data and save as a .txt file.
Advertising software that modifies your browser settings. Although installing a program may result in a new default browser (not too bad), this new browser can have malicious links in it (that is bad). Always check when installing new software for permissions.
A particularly malicious software which blocks access to your computer until a sum of money is paid, usually in bitcoin or gift cards. The ransomware encrypts your data in such a way that only they can unencrypt. It is not recommended, though, that you pay the ransom. Instead, contact a professional if this happens to you.
Hacking is unauthorized intrusion into a computer or network. Uses scripts or code, gains access through methods such as passwords, bundled software or email. The hacker will find scripts, learn about hacking opportunities and share what they find on the Dark web using special browsers like Tor. They will then share what they have found using Tor (a private browser) to set up botnets, break a security network or share sensitive documents. There are also forums on the dark web where sensitive information is shared. There is a site on the dark web called FreeHacks, which give tips on how to hack and example of hacks to try.
If malware is software that performs unwanted tasks, email is the vehicle that delivers it to your device. Emails can be harmful to your computer, causing you to click on sites that can leave malware on your system, or trick you into providing some personal information. You may find yourself in an Email scam by responding to a questionable email. Some of these include the old-fashioned fraud emails (business opportunities, health and diet, cable descrambler kits), discount software, advance fee fraud (like the Nigerian Prince), Phishing email (looking for information) or Trojan Horse emails (entice you into installing software, then turning on you).
According to a 2017 Verizon report, 66% of malware was installed via a Malicious Email attachment. With a malicious email attachment, the attacker will fool the user into downloading malware or other things which can include invoice fraud. Downloading the attachment alone can release the malware and do damage.
Malicious attachments that look like legitimate file attachments, usually an invoice, software update, or other file that seems urgent in nature. These attachments can infect your device with malware that can spread to other systems. Some attachments will take you to a website which asks you to enter your credentials to access the file. However, the file is bogus, and your credentials are now in the hands of the attacker.
Do not open any attachments that you were not expecting. Documents, PDFs, images and other attachments might be dangerous. When in doubt, contact the sender and ask. But don’t contact by using the reply, as it might be malicious. Call and ask if they did indeed send you an attachment.
There is no sure way to tell if it is malicious. Still, here are some things to consider:
· Your email provider should be scanning for malicious attachments. If a virus is included in the attachment that you are trying to send, you will see a “Virus detected”” error message. You can choose to send without an attachment. If the virus is attached to an email sent to you, they should reject the message and let the sender know. If the virus is found in an attachment in your inbox, you won’t be able to download the attachment. This is true in theory, but things can still get through. So, keep reading!
· Filenames: avoid bizarre filenames and misspelled words. Spreadsheets are usually not named a random string of symbols (this would be suspicious as well)
· EXE files: These are executable files. Only open if you have downloaded them from a reputable source. Do not open an EXE file in an email attachment.
· Zipped files: If you have any doubt, confirm by phone or email (but not replying to this email because you are not sure if it is legitimate)
· Office documents: These can contain hidden macros or scripts that will “allow macros” without knowing what you are allowing to run. Macros can then enable installed malware.
Rogue Email:
This presentation was created for a past class to help identify how to tell when an email has gone bad. Learn anything?
There are ways to spot possible phishing attempts. They include:
Unknown sender, sender you recognize with a suspicious looking email, or incorrect address
The sender doesn’t seem to know you. ( “Dear Customer”)
Embedded links: Hover over to see if it is from a trusted source
Language, spelling and grammar: Many of these are created in other countries and translated into English. Content is bizarre or unbelievable: Think of the Nigerian Prince.
There is a “call to action” button. This is encouraging you to click there, which can trick you into downloading a malicious code.
Unknown sender or even a sender you recognize with a suspicious looking email. Or the address is incorrect. Check the email as well as the sender name. And remember the sender address can be different by just a letter or two. So, look carefully!
The sender does not seem to know you. They address you as “Dear Customer” or may have no contact information.
Embedded links: You can see a link by hovering over it as it is on the page. Before clicking on a link, hover your mouse over the link. This will show you the actual web address embedded in the link. Check this against the actual web address of the trusted source. If you are still unsure, contact the source through another trusted channel (for example, a customer support number listed on the official website) to verify the email is legitimate.
Language, spelling and grammar: Many of these are created in other countries and translated into English. Look for mistakes, even minor ones.
Content is bizarre or unbelievable: Think of the Nigerian Prince.
There is a “call to action” button. This is encouraging you to click there, which can trick you into downloading a malicious code.
The email is asking for sensitive information, hoping that one person will fall for it! (This is known as phishing)
There is no sure way to tell if it is malicious. Still, here are some things to consider:
Your email provider should be scanning for malicious attachments. If a virus is included in the attachment that you are trying to send, you will see a “Virus detected”” error message. You can choose to send without an attachment. If the virus is attached to an email sent to you, they should reject the message and let the sender know. If the virus is found in an attachment in your inbox, you won’t be able to download the attachment. This is true in theory, but things can still get through. So, keep reading!
Filenames: avoid bizarre filenames and misspelled words. Spreadsheets are usually not named a random string of symbols (this would be suspicious as well)
EXE files: These are executable files. Only open if you have downloaded them from a reputable source. Do not open an EXE file in an email attachment.
Zipped files: If you have any doubt, confirm by phone or email (but not replying to this email because you are not sure if it is legitimate)
Office documents: These can contain hidden macros or scripts that will “allow macros” without knowing what you are allowing to run. Macros can then enable installed malware.
A scamming website performs its work in 3 steps:
1. Bait: Draw users in via email, social media, texts, messaging, other websites
2. Compromise: Users do something to expose information or devices to attackers
3. Execute: Attackers exploit the users to misuse their private information
Look for these clues:
Emotional language (is there an elevated level of urgency, optimism or fear?)
Poor design quality (low resolution images, odd layouts)
Odd grammar (spelling mistakes, broken or stilted English or grammar errors)
Absence of identifying web pages (is it missing contact us or about us? Is there a phone number? Can you call it?
Check the spelling (there is a difference between amazon.com and amozon.com)
Check the prefix (Phishers are now learning that many browsers ignore the prefix, which should be http:// or https://. So they are using http:\ as their prefix. This can send you to a non-legitimate site.)
Check the domain name (usbank.com is not the same as usbank.co, FBI.gov is not the same as FBI.com)
Occasionally, you will be contacted by a specific person or representative of a business (such as bank) or government (such as IRS). They might call, send a text or email. Here are some warning signs that this may not be legitimate:
· Money needed immediately
· You need to pay a fee to get somethings for “free”
· You won a prize, but they need more information
· Something is wrong with your computer
· A friend or relative needs to borrow money
· A person or business requests money in the form of a gift card, wire transfer or prepaid debit
· Social security scam calls
· Parcel tracking text scan
· Amazon Prime Renewal phone scams
· Gift card scams
· Navy Federal Credit Union scams through email
· TSA Precheck Renewal
· Email asking to validate your COVID-19 status
· Scammers promoting local police support
· Letter from a law firm telling you that you have inherited money
· Note from company (Netflix) saying you need to update your billing information
· Phone call from tech support saying your device is not working properly
· Message from Publishers Clearing house claiming you are a winner
Can you spot an online scam? Try this short quiz to find out.
No, but you can get other forms of malware which may steal money, steal credit card information, steal contacts and sensitive photos, track your location, read text messages, save passwords, send SMS messages, and spend your money.
Unlikely, although it has happened. To be sure, only install apps from the Apple App store. These apps go through thorough testing and verification prior to release. Your iPhone is protected as long as you did not jailbreak it or use third party apps. Apps outside the Apple App store require that you jailbreak the phone.
· Not necessarily safe if in the Google or Apple App store
· Definitely can be unsafe if not on the Google or Apple App store
· Who makes the app? Special caution for beauty apps, VPN apps, and antivirus apps
· Find out how the app uses your personal information. If it is sharing with others, it could be malicious. How do you know? First, if it is free, they are not obligated to disclose their advertising and tracking service, so it is probable they are tracking you.
· Permissions: The app may require permission for certain features. For example, a heart rate workout tracker would want access to your health access, and you might have to enable certain aspects of that health data. Once set up, the permissions are made and the data will be exchanged. Make sure it makes sense. A flashlight app will need access to the camera flash, but nothing else. A book app does not need access to the camera. On an Android device, app permissions are included in settings. ON the iPhone, clicking on the app in settings will show you what it has access to. Beware of apps which ask for lots of permission (such as managing files, using contact information from friends, or camera).
· Understand when and why the app will track your location. This information would be part of the license agreement that we often scroll past.
· More research on the app:
o Look at the developer’s name right under the app’s name. You can do a Google search to find more information about the developer such as a website. If they have created a number of apps (well-reviewed), then it is probably safe.
o Look how many times it has been downloaded. The more downloads, the safer it may be (to an extent of course!)
o Look for an app that has been around for a while, but has been recently updated. In the Google Play store, you can find this information under “read more”.
o Read reviews. There should be lots of reviews, and they should have some positive and some negative points in them.
o Spelling and grammar errors: Since often apps are created in other countries, the grammar or spelling may be incorrect. This is a red flag.
o Unbelievable discounts: If it seems too good to be true, it probably is!
· Avoid third-party apps: These are ones which are found outside the App Store or the Google Play Store. Third party apps bypass security measures making it easier for a hacker to infect your device with a bad app.
· NOTE: If you suddenly have lots of ads after downloading an app, you may be a victim of “targeted advertising”. Although not malicious, they can be annoying and might slow down the phone. Delete any apps which seem to get these ads.
Research the person, business or government agency to see if they are a scam
Hang up if it is a computer issue
Don’t trust caller ID
Don’t send money to someone you do not know
If someone claims to be a friend or relative, validate before giving money.
Contact your financial institution (as long as you did not pay with a gift card, prepaid debit card or wire transfer)
Report the scam
Contact FTC at 1-877-382-4357 (or online at reportfraud.ftc.gov
Report it to the FBI Internet Crime Complaint Center
Report to your local police department
If it is a tech support scam:
Disconnect your computer from the Internet immediately
Use another PC to change passwords
Check browser for unfamiliar extensions or add-ons and remove them
Run your anti-virus and ant-malware programs
If your computer is acting differently (can’t turn it off, running slowly, opening pages you didn’t select, popups) then you may have been hacked. Steps to take:
Stop: Stop shopping, banking and entering passwords until the problem is resolved
Update: Update your security software. Install a new version.
Find and Delete: Using security software, scan your system. It will flag malware, which you can delete (or archive). Restart your computer. Contact a professional if problems persist.
After cleaning: Change critical passwords to long and strong passwords
Final notes: Keep your operating system and web browsers up to date
A breach typically exposes personal information and not passwords, but if there is a concern, change your password. If you have used the password in other places change them. If your account has been hacked as well, you will need to confirm or repair all recovery information. Consider two-factor authentication. Additionally, if your accounts are breached, you can:
• Freeze your credit. Make sure to include all three credit bureaus
• If it was your phone account, change your cell phone account password and PIN numbers.
• Consider multifactor authentication
• Follow the advice of data breach letters and take advantage of free monitoring if offered
• Be on the lookout for phishing. They may want to exploit what they know already.
• Monitor your financial accounts (credit cards, banking, utilities)
• Contact the DMV is your license has been exposed
Website: Have I been pawned? This website will check if your email or phone is in a data breach. https://haveibeenpwned.com/
Consider contacting the Identity Theft Center . You can call (888.400.5530) or live-chat on the company website www.idtheftcenter.org. You can also check their website for information on latest breaches and additional resources.
Norton (as in anti-virus) provides information on 5 different types of breaches and what to do in each one.
Were you affected by the T-Mobile breach? Here are some suggestions from Consumer Reports
Want to cut down on data collection and hackers? Consumer Reports offers a free personalized plan to help you organize your digital life. Here were the suggestions made when I completed the form.
There are many antivirus programs available. Some are free, others have costs involved. Unfortunately, you may find that the anti-virus program you downloaded is actually malware! And, when googling anti-virus programs, you may end up with malignant sources as well. The go-to site for best antivirus programs can be found at AV-Test, which is an independent IT-Security Institution. On this site, you choose your device (mobile Android, Windows, Mac or Business) and you can see the operating systems which were tested during that period. Sites are tested for protection, performance, and usability. Some will receive a top billing. For example, the top-rated antivirus programs for Windows 10 are: Avira, Bitdefender, Kaspersky, Quick Heal and Trend Micro. Unfortunately, among the lowest scoring for protection is Microsoft Windows Defender. You can learn more about this by visiting their website at: av-test.org
· Web of trust (https://www.mywot.com/): Uses community input to verify the safety of a site. Needs to be installed on each browser.
· Web address: HTTPS should begin the web address if you are putting in sensitive information like address, birthday and credit card information
· Security symbol: Besides HTTPS, you should also see a lock someone on the browser’s address window.
· Update your browser regularly. Each browser has its own way of doing this, so become familiar with your browser. (Google Chrome: Settings > About> It will tell you if it is up to date)
· Strong (over 8 characters include letters, numbers and symbols. Mix letters and numbers.
· Do not use personal information in a password
· Use a password generator to set one up, and to store passwords. Examples include Last Pass (https://lastpass.com/) or Dashlane (https://www.dashlane.com).
· Do not share with others
· Don’t store them on your device. If you must, hide and encode.
A VPN (virtual private network) is a method used to add security and privacy to public and private networks. It allows the user to send and receive data across public networks, using a private network instead of the public network. There are many types of VPNs. Some are free, and others cost money. It is better to pay a little, as the free ones may often violate privacy standards. Remember if you are using your own Wi-Fi or a cellular connection, you probably do not also need a VPN. Also, if your surfing on public Wi-Fi systems is pretty basic (web searches, basic websites), then a VPN is not necessary. Some possible suggestions:
· NordVPN (https://nordvpn.com/): Between $4 and $8/month, depending on how long you commit.
· VyprVPN (https://www.goldenfrog.com/vyprvpn): A little more expensive, but can be used for multiple devices
· TunnelBear (https://www.tunnelbear.com/): Can connect up to 5 computers, tablets or phones. There is a free version, which is OK if you use less than 500GB data a month, or between $5 and $7 a month.
The website whatismyipaddress.com lists a number of VPNs and includes some specifics about them. While you are there, learn more about IP addresses, checking how sent you that email, and are you blacklisted? Someday, we will do more on this interesting topic!
Many cell phones offer the capability of using your cellular connection for a portable Wi-Fi. This is especially useful when you are away from home and want to access a sensitive site. The process involves setting up your phone for this, which will include a password, then opening your other device and looking for your phone network. You will have to enter your password on your phone onto the other device. A purchased hot spot will be set up in a similar fashion.
Website: What are some common email scams and what can you do to avoid them? This is an interesting assortment of them. Particularly intrigued by Swatting...
Activity: How good are you at spotting Email scams? BTW, I took these quizzes and did miss a few. Fun way to see how much you learned!
Here is the Phishing quiz by Google that we did in class
Another good phishing quiz. It asks for your email address, but you don't have to fill it in.
This is a nice basic quiz designed for seniors.
Website: All about Email scams. Includes activities and lots of examples.
Resource: Have you been a victim of Identity Theft? Visit the Identity Theft Government site to learn more.
Resource: Hacking is a problem that seems to affect all of us at one point or another. Here is a great informational site on hacking.
Interesting web article: How does the information used by hackers become available? Follow this story as the author goes onto the dark web to discover more about Russian hackers.
Adware: Learn more about adware, and then learn how to clear your browsers of adware.
Ram scraping: How do they do it? This article outlines how ram scraping is done. Maybe a little technical, but eye-opening!
Website: The FDA offers some tips on preventing skimmers at the pump. Very informative!
Online presentation: At a 2018 conference, information was presented on some prominent Russian hackers. This presentation shows what they did, how much money they made, and what was used. Very fascinating!
Video: Street Smarts for Seniors, a presentation by the Brooklyn Police Department. It is about 30 minutes long, but easy to follow and very useful.
Tutorial: Avoiding Malware from GCFLearnFree
Flyer: Basic tips for online safety
News article: Sure, a VPN offers secure connections. But they are not all the same. And some are worse than public Wi-Fi!
News article: Here are some of the more reputable VPNs (includes more information on VPNs)