You are here: Home / Archives for Protection

Phishing is Online Fraud

December 18, 2010 By Leave a Comment

Phishing is online fraud. More specifically, phishing is the term used to describe attempts to gain personal or sensitive information about individuals in order to steal money from them. This crime was originally committed by mailings to people advising them that they had either won a prize or were in jeopardy of having an account closed. Since the act was committed using the U.S. Mail and was investigated and prosecuted by the U.S. Postal Inspection Service.

With the advent of the Internet and personal computers, criminals saw a new way to work their scams. Some of the first phishing attempts were documented by AOL using their Instant Messenger application in 1995. Today, the most common way phishing scams are committed is through email. It is punishable under state and federal law.

The scam typically involves sending a large number of emails to users, telling them that they have either won a large amount of money or alerting them to a problem with a bank account or credit card that must be resolved quickly. The message is worded to motivate the reader to act immediately. The recipient of the email is directed to a website and asked for personal information such as an account number, user name or password for “verification.” Once the criminals have the requested information they can do serious damage to the victim’s finances.

According to the Federal Trade Commission (FTC), over five million consumers were victims of phishing scams and lost an average of $351. Today, eCrime gangs operate all over the world and focus increasingly on online classifieds, social networking and gaming as their main source for scams. This activity currently makes up around 17 percent of eCrime activity and is growing. Europe and Asia are the most prolific phishing scammers and India is the single largest source of phishing scams.

Filed Under: Common Solutions, Protection Tagged With: , ,

Phishing Awareness Tips

December 17, 2010 By Leave a Comment

Online phishing is a subtle crime. These scams are designed to excite or alarm the recipients and put them in a position where they feel like they have to act on the email message immediately. Therein lays the reason why many of these scams are successful.

There are techniques that can be used to avoid being taken in by phishing scams. The first step to avoid being taken in by one of these emails is to stop and think rather than react. Scammers rely on overreacting. Once composed, look at the email carefully and do not click on or open anything in the message. Also, do not open any attachments. Part of the scam may be malware that is activated when the message is acted on.

Official looking scam emails often have a generic greeting rather than addressing the intended victim by name. This should raise a red flag in the recipient’s mind.

Look at the design of the email carefully. While a scammer’s email may look official, there is usually something subtly wrong with the design. Look at the sender’s address by resting the arrow – without clicking – on the address. Typically the actual scammer’s email address revealed is masked and is different from the address in the “from” line.

If the sender’s address looks familiar and legitimate at first, read it letter by letter. A phishing scam email will typically have a one or two letter difference or an extra add-on in the address – enough to indicate that it is a completely different address.

One of the newer defenses against phishing scams is Microsoft Windows 8′s Smart Screen Filter. This addition to Windows helps detect unsafe sites.

Also, avoid making any payments using a wireless Internet device. Cyberspace is much less secure than a computer with security software and all home computers should have strong security software installed to protect users.

Filed Under: Common Problems, Protection, Software Tagged With: , ,

Protection Needed for Mobile Internet Devices

December 9, 2010 By Leave a Comment

Mobile Internet devices are the latest wave in communications technology. Beyond the laptop computer and PDA, devices like the smart phone and iPad are breaking new ground in advertising, services and rapid communications from anywhere. However, as the use of mobile Internet devices expand, the danger of intrusion by cyber criminals will also expand because organizations and devices users continue to ignore the need to protect them from attack and spying.

Since these devices are mobile, business travelers depend on them for information including contacts, data and email. What is surprising is that on most hotel networks it is easy for criminals to eavesdrop because all unencrypted packets of data can be intercepted for extraction- by anyone.

The vulnerability of these devices is further compromised because firewalls are improperly configured. The lack of an end user security perimeter in devices puts data at risk on public networks.

Fortunately there are steps that can be taken to protect communications and data stored on mobile devices. First and foremost, store only the essential data that is needed on a mobile device. The less sensitive information that is available, the better.

Encryption of all outgoing voice and email data is the single most effective way to deter intrusion on public networks or in hotels. Additionally, use only SSL connections to check on email and organization data.

Establish a strong security perimeter around devices. Note that personal firewalls are included for free on Windows XP and Vista as minimal protection on laptops. Firewalls are also available for other mobile devices. There are also several security suites available that do a much better job of protecting mobile devices.

Bluetooth users need to configure their devices to block access from outside intrusion.

Finally, keep track of mobile Internet devices. A lost or stolen device could compromise the owner’s personal information and his employer’s important data.

Filed Under: Hardware, Protection Tagged With: , ,

International Cyber Crime

December 8, 2010 By Leave a Comment

Cyber crime, or eCrime, is a worldwide problem that goes beyond consumer fraud. It has a direct impact on the security of every country that uses the Internet. For those reasons, there has been an international effort to enact laws to punish attacks on personal, corporate and government computers – for whatever reason.

In the United States the most current statute is 18 U.S.C. 1030. The language in Section 1030 is part of the Fair Credit Reporting Act and makes it a federal crime to:

“intentionally access a computer without authorization” and thereby obtain information contained in a financial record or of a credit card user or contained in the file of a financial institution”

Section 1030 further defines the scope of the act to include, “knowingly and with the intent to defraud, accesses a protected computer.”

How prevalent is cyber crime? The results of a Gallup Poll released on December 13, 2010 indicate that 11 percent of those polled knew someone or had personally been the victim of a computer attack – an increase of eight percent from a previous poll on the same question.

In 2009 alone, the Internet Crime Complaint Center (IC3) received 336,665 computer attack complaints in the United States – a 22.3 percent increase over 2008. Of the complaints, 146,663 were turned over to law enforcement for action. The financial loss from the attacks referred to law enforcement agencies amounted to $559.7 million, an increase of $264.6 million over 2008′s total.

Cyber crime does not recognize international boundaries and it is difficult to track the criminal activity back to its source. While an attack may originate in a country half way around the world, it travels through several zombie computers and server before reaching its mark.

Governments affected by cyber crime realize that fighting and prosecuting computer attacks will require a concerted and coordinated effort by agencies in every country.

Filed Under: Common Problems, Protection, Software Tagged With: , ,

Federal Cybercrime Law – Part II

December 7, 2010 By Leave a Comment

The Homeland Security Act of 2002 was one of the first federal legislative efforts to address cyber crime. Section 225 of the act, commonly referred to as Cyber Security Enhancement Act of 2002 amended language in Title 18 U.S. Code 1030 and established factors for determining if a cyber crime was committed. These factors include (1) he potential or actual loss involved. (2) The level of sophistication and planning involved. (3) Whether the offense was committed to gain commercial advantage or to gain private financial benefit. (4) Whether the defendant acted with “malicious intent to cause harm.” And (5) the extent to which the computer user’s privacy was violated or damaged.

The most recent piece of federal law targeting Internet crime is The Identity Theft Enforcement and Restitution Act of 2008. This law also amends Title 18 U.S. Code, Sections 1030(a)(4) and (a)(5) as references for determining the level of crime and the appropriate punishment.

Section 1030(a)(4) states that any person who “knowingly and with intent to defraud, accesses a protected computer without access…” commits the fraudulent act and obtains up to $5,000 during a one year period is guilty of a felony and imprisonment for up to five years on the first offense and up to ten years on subsequent offenses.

Section 1030(a)(5) addresses the issue of “knowingly” transmitting codes with the intent to causing damage to a computer. This section defines damage as impairment to the “integrity or availability of data” and monetary losses.

Penalties are determined by the severity of the act. An “intentional” act is a felony punishable by imprisonment for up to ten years on the first offense and 20 years for subsequent convictions. A “reckless” act is also a felony that carries a penalty of five years for the first conviction and up to 20 years for any further convictions. “Damage” is a misdemeanor for the first offense. Subsequent convictions carry a felony sentence of ten years.

Filed Under: Common Problems, Protection Tagged With: , ,

Coordinating the Fight against Cyber-Crime

December 6, 2010 By Leave a Comment

One of the most commonly cited impediments to effectively fighting cyber-crime is the lack of uniformity among state and federal laws. Although the federal government has enacted legislation that expands federal agencies ability to prosecute a wider range of cyber-crime and provided victims with the right to get restitution, there needs to be legislative agreement among the states as to what constitutes cyber-crime and a coordinating effort among state agencies in pursuing and prosecuting cyber criminals. The federal government also needs to be part of this effort.

Some states have proposed adopting model laws that would put all jurisdictions on the same page. However, this idea has not taken root among all 50 states. It is worth noting that the European Union has successfully enacted uniform cyber-crime statutes that apply to all member nations.

One of the few coordinated federal efforts is the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C). Their mission is to receive, develop and refer cyber-crime complaints to the appropriate law enforcement agency. The IC3 estimates that a complaint is filed for one in seven cyber-crimes. Their concern is that the actual number of cyber-crimes committed and the losses incurred could be as much as seven time larger than reported. A 2005 FBI survey found that losses to U.S. organizations totaled $67 billion.

The Government Accounting Office (GAO) estimates of the economic impact of cyber-crime concur with the FBI’s survey. In another report, the GAO noted that there are four challenges to effectively combat computer related crime: (1) every cyber-crime needs to be reported. (2) All law enforcement agencies must have the technological resources and expertise to identify and pursue cyber-criminals. This is the GAO’s biggest concern. (3) Agencies need the ability to work with each other in a borderless environment. And (4) computer user security practices need be implemented and constantly used, and awareness of cyber-crime needs to be raised.

Filed Under: Common Problems, Protection Tagged With: , ,

Cyber Crime Activity and Trends

December 5, 2010 By Leave a Comment

Cyber criminals are busy these days. According to securityweek.com cyber gangs create 57,000 fake websites each week to lure unsuspecting victims. Online shops make up 26.81 percent of the sites, with eBay at the head of this category, constituting 23.1 percent of fake online shopping websites. Banks make up the most heavily targeted group of websites, accounting for 64.72 percent of the criminal activity.

Statistics for victims of these illegal websites is equally disturbing. Globally, 65 percent of computer users have been targeted. In the United States alone, 73 percent of users were victims.

Social community websites such as Facebook and MySpace have also become popular cyber crime feeding grounds. US Today reported that Facebook accounts are increasingly hijacked and set up in “botnets” to infect other computers in the Facebook community.

A Discover.com article cited statistics from the security firm Sophos indicating a significant increase in cyber crime activity on social networks. A total of 57 percent of users reported spam in their community networks- a 70.6 percent jump from last year. Malware was sent to 36 percent of the users – that is a 69.8 percent increase from the previous year. Possibly the most disturbing statistic in the article is that 49 percent of businesses allow their employees to access Facebook at work.

Consumer Reports 2010 “State of the Net” report stated that 23 percent of Facebook users either do not know about privacy controls or simply do not use them. A survey conducted by the magazine found that 1,300 of the 2,000 people surveyed used social networks – twice as many as in the previous year. The survey also reported that 40 percent of the social network users posted their full birthday – a possible source of ID theft. Another seven percent posted their full address.

The use of the Internet by cyber criminals is growing exponentially. Organizations and users clearly need more education and tools to fight the spread of malware.

Filed Under: Common Problems, Protection Tagged With: , ,

The Growing Danger of Botnets

December 4, 2010 By Leave a Comment

Botnets are a rapidly growing cyber crime industry. While there are not any firm estimates of the number of cyber gangs operating botnets, organizations that track botnet activity report that one network hosted 50,000 bots, also known as zombie computers.

How does a botnet operate? Basically, a botnet is a group of computers that have been infected by software that gives control of the computer to the botnet manger, or herder. Once controlled by the herder, these computers can be instructed to send email, exploit browsers and other scams to other computers. Typically, the owner of a computer under the control of a botnet is unaware of the situation other than the possibility of reduced computer speed and performance.

How pervasive are botnets? It is estimated that as many as 25 percent of home computers using the Internet may be part of a botnet. A 2009 quarterly report issued by McAfee stated that 12 million new IP addresses had been added to botnets since January 2009 and that the largest number of these addresses – 18 percent – was located in the United States.

The March 16, 2008 addition of USA Today research indicated that as many as 40 percent of the eight million computers on the Internet were botnets. A graph included in the article showed that between August 2006 and January 2008 the number of botnets had grown from 333,023 to 7,303,148.

Russian based Kasperksy Labs and Symantec have both stated that botnets pose a much larger Internet threat than viruses of any kind. The also noted that social networks are rapidly becoming a favorite target for botnets to compromise.

Can botnets be detected and defeated? The way in which botnets are dispersed in a region and the sheer volume of traffic make it extremely difficult to track a botnet to its originating source. Cyber gangs are agile and smart at moving networks to avoid detection.

Filed Under: Anti-Virus, Protection, Software Tagged With: , ,

The Internet’s Unwanted Triangle

December 1, 2010 By Leave a Comment

Think of today’s Internet as a triangle with a source of activity at each of the three corners. In one corner are the 155 million websites supplying services, information and social interaction on the Internet. Commercial websites make up as much as 70 percent of this group and social networking sites like Facebook increasingly draw in more traffic. This corner generates revenue from sales and advertising.

In the second corner are the Internet’s users – around two trillion of them – using the businesses, information sources and social networks to purchase, learn and socialize with other users. This group spends a significant amount of money on the Internet. They are essential to the survival of the first corner of the triangle.

In the third corner of the triangle are the Mafia-like cyber criminals who prey on the other two corners operating on the Internet. These gangs perpetrate a number of sophisticated scams and activities designed to spread their illegal activities to other networks, servers and personal computers. In 2009 alone investigated crime losses totaled $559.7 million. For this group the triangle is one way connections to the other two corners – there is no voluntary reciprocation because they are stealing.

How did the third corner – cyber gangs that steal from the other two corners- gain such a foothold on the Internet? The Internet is a modern day technological marvel that has grown at an uncontrolled and exponential rate, generating a significant amount of money from advertising and sales. Criminals are drawn to environments where they can operate in relative anonymity and realize huge profits. The Internet fit that description.

Ideally, interaction between websites and users is represented by a straight line, with different users at one end and a diverse variety of websites at the other end. A straight line was the original intent of the Internet – driven by mutual trust among all the players. The current triangle needs to be flattened.

Filed Under: Common Solutions, Protection Tagged With: , ,
Newer Posts »