Harmful Phishing Attacks Get Personal
USA Today | Kim Komando
You know to watch for phishing attacks, which use e-mail messages purporting to be from legitimate businesses to trick you into divulging private information. You’re cautious and use a good spam filter, but phishing messages still get through. And these messages are more dangerous than ever.
According to Cisco, almost 200 billion spam messages are sent daily. They have one thing in common: They want your money.
Most computer users can spot phishing messages. Unfortunately, cybercriminals have become more sophisticated, too. Targeted phishing attacks account for 0.4% of spam. That may seem minor, but it’s 800 million messages a day.
For example, you receive a message purportedly from your Internet service provider. It greets you by name and says your billing information is outdated. It says you must click a link to update your information. If you comply, your information will be stolen. This is the type of targeted attack you will see more of in 2009.
Phishing on the rise
Small phishing attacks don’t receive much publicity. And the scammers’ use of personal information to hook you increases trust. So, small, targeted attacks are often more lucrative than large ones.
Criminals can pull information about you from public sources, or someone may be tricked into disclosing it. Either way, it is used to tailor the messages.
You won’t see a long list of recipients in targeted attacks. You may also notice a difference in the sender’s address. Criminals used to spoof e-mail addresses. Spoofing is a quick, easy way to cover tracks. But spam filters can spot questionable e-mail addresses. Criminals now create new accounts with reputable providers. Or, they hack users’ e-mail accounts. This helps criminals get past spam filters.
People who do business with large financial institutions are still prime targets, but clients of small or regional institutions are also targeted, along with those of ISPs and alumni organizations.
Phishing messages generally request your personal information. They may also instruct you to install a fake security update or a malicious browser plug-in. Do that, and kiss your personal information goodbye.
Criminals reverse engineer updates to understand the flaws they fix. Then they start probing computers over the Internet for vulnerabilities. If you’re accessing the Internet without using a firewall to keep out intruders, keylogging software could be installed on your machine. Or, your computer could be added to a botnet, a group of compromised computers doing the scammers’ bidding.
Criminals get social
Criminals aren’t just targeting e-mail accounts. They’re also turning to social-networking sites. For example, a recent worm infected Facebook users’ computers with malware. Compromised accounts were then used to send spam.
There’s also the case of College Prowler. It created more than 300 Facebook user groups. The company was probably gathering information for marketing purposes.
College Prowler may be legitimate, but this case underscores one thing: Marketers and criminals alike will do anything to get your data.
Your best defense is vigilance. Only a company run by dummies would request personal information via e-mail. It’s possible, but it’s unlikely.
Let’s say you get such a message. Hover your mouse cursor over any e-mail links. This will get you the real e-mail address. So, does your bank have a server in Bulgaria? Probably not. Better delete that e-mail.
You could receive a message purportedly from your boss. Why would he need your Social Security number at 3 a.m.? And why does he want you to reply to Outer Mongolia? At the least, talk to him before answering.
Standard security measures are still important. Keep your antivirus and anti-spyware software updated and running. Install Windows updates when they’re released. Criminals are exploiting disclosed bugs faster than ever.
Earn Your Administrative Degree!
An administrative degree can help you develop skills and help you pursue your dreams, so why not get started? Our degree finder can help you find programs online and in your area.
Use a spam filter. You’ll find links to free spam filters and security software at www.komando.com/news.
But remember, you’re never 100% safe. Approach requests for personal information carefully. Don’t let criminals take advantage of you.
And do your friends and family a favor. Forward this column to them now. Wish them a less spammy 2009!
Kim Komando hosts the nation’s largest talk radio show about computers and the Internet. To get the podcast or find the station nearest you, visit www.komando.com/listen. To subscribe to Kim’s free e-mail newsletters, sign up at www.komando.com/newsletters. Contact her at firstname.lastname@example.org.
Courtesy of © 2008 YellowBrix, Inc.