Online Threats Get Personal
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
An e-mail communication that reads like this has probably appeared in your inbox recently. Sounds official, doesn’t it? Judging from the header on the e-mail, a trusted source has sent it – a government agency, your bank, your Internet service provider.
What will you do?
Anytime you receive an online request for personal information, you should treat it with a healthy dose of suspicion. What appears to be a trusted source may, in fact, not be what it claims to be. Chances are high that you have become a target of a highly individualized and persuasive attempt to steal your personal information for malicious purposes. Phishing, as this type of attack is called, has become increasingly common.
A phishing attack can originate when personal data is stolen. Not much is required. Bits of data can be simple enough, such as your e-mail address, telephone number and birthday. But those bits hold the potential for creating a profile of you that can be easily expanded through access to other sources of online information.
Resumes and CVs are a reservoir of useful data. As recently as August of this year, resumes and CVs were the target of an attack on Monster, a popular employment website. The attack, which began with stolen login credentials, enabled hackers to gain access to the Monster site and gather the personal information of over a million of its users. According to news agency Reuters, Monster responded by shutting the server that was used to access the information, and contacting the affected users.
But the Monster security breach was only the start of the phishing attack.
Phishing e-mails can be tailored to exploit the information at hand. For example, a Monster user could receive an e-mail that claims to be from a recruiter. Upon clicking a link in the e-mail, the user could be directed to a fraudulent website that looks legitimate. From there the possibilities for acquiring additional data are limitless.
Some phishing e-mails contain software that can harm your computer or others, or track your activities on the Internet without your knowledge.
How can you avoid being the victim of a phishing scam? The U.S. government, through its OnGuardOnline.gov website and National Cyber Alert System, has some practical tips to keep you safe online.
Responding to E-mail – If you are not sure whether an e-mail is legitimate, try to verify its identity. Contact the source directly by using any previously obtained information – telephone number or type in the correct web address – instead of using the information provided in the suspicious e-mail.
Providing Information – Do not provide personal or financial information in an e-mail, or by clicking on a link included in an e-mail. E-mail is not a secure form of communication and legitimate companies do not ask for information in that way. Also, do not send sensitive information over the Internet before checking a website’s security policy or looking for evidence that your information is being encrypted.
To help identify a malicious website, take note of its URL and see if it uses a variation in spelling or domain (such as .com versus .net).
Checking your Records – Review your bank and credit card statements as soon as you receive them and check for unauthorized charges. Since victims of phishing can also become victims of identity theft, check your credit report periodically to see if any new accounts have been opened in your name.
Reporting Phishing Scams – Report these by sending an e-mail to firstname.lastname@example.org. The Anti-Phishing Working Group, a consortium of security vendors, financial institutions and law enforcement agencies, uses that information in their fight against phishing.
When it comes to the using the Web, nothing is quite like content. Internet users spend more time online viewing news or entertainment content than on sending e-mail, shopping or searching for information. A study conducted by Nielsen/ NetRatings logged a 37 percent rise in the amount of time spent viewing online videos and news. Overall, nearly half of time spent online in 2007, 47 percent, is made up of viewing content. The study sites the explosion of web content, like social networking sites, along with an increase in online speeds as factors in the increase.
Term of the Month
The Hosts File is a file stored on your computer that is used to look up the Internet Protocol (IP) address of a device connected to a computer network. Some spyware changes your Hosts File in order to redirect you from a site you intended to visit to sites that the spyware company wants you to see.
Source: Anti-Spyware Coalition Glossary
You already know the paid versions of Lavasoft’s anti-spyware software have vital real-time protection to relieve the burden of constant malware attacks. But Ad-Aware 2007 Plus and Pro versions also include built-in privacy and security tools, for example, the Hosts File Editor. You can use the Hosts File Editor to take control of your Web navigation by blocking advertisement sites, reversing browser hijack entries, assisting with parental controls, and creating navigation shortcuts. To use the Hosts File Editor in Ad-Aware 2007, from the “Tools and Plug-ins” tab, select “Tools” and then click “Hosts File Editor.” New users can find more specific directions in the Ad-Aware 2007 Product Manual.
Creating strong online passwords is one piece of the security equation. If you are wondering just how secure that password you have created really is, Lavasoft News has come across a website you can use to rate passwords, to help you learn how to create better ones. Try out the “Password Strength Meter” on Securitystats.com. Remember, even though the site will not store the passwords you enter, test a password similar to one you might use (not your real password), as the site advises.