honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Thursday, January 8, 2009

Be on alert as phishing attacks become more sophisticated

By Kim Komando

You know to watch for phishing attacks, which use e-mail messages purporting to be from legitimate businesses to trick you into divulging private information. You're cautious and use a good spam filter, but phishing messages still get through. And these messages are more dangerous than ever.

According to Cisco, almost 200 billion spam messages are sent daily. They have one thing in common: They want your money.

Most computer users can spot phishing messages. Unfortunately, cybercriminals have become more sophisticated, too. Targeted phishing attacks account for 0.4 percent of spam. That may seem minor, but it's 800 million messages a day.

For example, you receive a message purportedly from your Internet service provider. It greets you by name and says your billing information is outdated. It says you must click a link to update your information. If you comply, your information will be stolen. This is the type of targeted attack you will see more of in 2009.

PHISHING ON THE RISE

Small phishing attacks don't receive much publicity. And the scammers' use of personal information to hook you increases trust. So, small, targeted attacks are often more lucrative than large ones.

Criminals can pull information about you from public sources, or someone may be tricked into disclosing it. Either way, it is used to tailor the messages.

You won't see a long list of recipients in targeted attacks. You may also notice a difference in the sender's address. Criminals used to spoof e-mail addresses. But spam filters can spot questionable e-mail addresses. Criminals now create new accounts with reputable providers. Or, they hack users' e-mail accounts. This helps criminals get past spam filters.

People who do business with large financial institutions are still prime targets, but clients of small or regional institutions are also targeted, along with those of ISPs and alumni organizations.

Phishing messages generally request your personal information. They may also instruct you to install a fake security update or a malicious browser plug-in. Do that, and kiss your personal information goodbye.

CRIMINALS GET SOCIAL

Criminals aren't just targeting e-mail accounts. They're also turning to social-networking sites. For example, a recent worm infected Facebook users' computers with malware. Compromised accounts were then used to send spam.

There's also the case of College Prowler. It created more than 300 Facebook user groups. The company was probably gathering information for marketing purposes.

College Prowler may be legitimate, but this case underscores one thing: Marketers and criminals alike will do anything to get your data.

IT'S BEST TO BE VIGILANT

Your best defense is vigilance. Only a company run by dummies would request personal information via e-mail. It's possible, but it's unlikely.

Let's say you get such a message. Hover your mouse cursor over any e-mail links. This will get you the real e-mail address. So, does your bank have a server in Bulgaria? Probably not. Better delete that e-mail.

You could receive a message purportedly from your boss. Why would he need your Social Security number at 3 a.m.? And why does he want you to reply to Outer Mongolia? At the least, talk to him before answering.

Standard security measures are still important. Keep your antivirus and anti-spyware software updated and running. Install Windows updates when they're released. Criminals are exploiting disclosed bugs faster than ever.

Use a spam filter. You'll find links to free spam filters and security software at www.komando.com/news.

But remember, you're never 100 percent safe. Approach requests for personal information carefully. Don't let criminals take advantage of you.