There's a crime wave going on, but it's not on the streets. Today, more than ever, criminals are hitting you where you least suspect it — through your computer. This new trend in illicit activity is called "cybercrime", and if you don't protect yourself it could be coming to a computer near you.
According to Symantec's 2006 Internet Security Threat Report, cybercrime is on the rise and the techniques used to propagate it are becoming more diverse and more sophisticated. Just in the last few years, a new type of cyberscam has emerged called "phishing."
While the methods of today's online bandits may have changed, the goals haven't. Cybercriminals, just like other thieves, want to steal your stuff. They want your confidential information, your financial documents and anything else they can parlay into a quick buck.
The annual cost of computer–related crime is staggering. According to a 2006 FBI study, cybercrime costs US businesses $67.2 billion per year. That's a whole lot of moolah. $67 billion would be good enough to land cybercrime at the #20 spot on the Fortune 500 — if, of course, it was an actual company.
"When we're looking at the broader picture of phishing, fraud, spyware and viruses, it really does impact everybody equally, from home users all the way up to large enterprises," said Vincent Weafer of Symantec.
What is it?
Phishing is a new twist on an old–school hustle. Remember that old Paul Newman and Robert Redford movie "The Sting," where they swindled a guy out of $500,000 by setting up a fake horse–racing OTB parlor?
Well, phishing has taken "The Sting" into the 21st century. Today, there are thousands of scam artists like Newman and Redford, only now instead of fake parlor fronts they're creating fake Web sites that mimic PayPal, Bank of America and even eBay. They're after your money, and, boy, have they been rolling it in. Even though only 5% of phishing attacks are successful, victims still lost $2.8 billion in 2006 (according to Gartner Research), with the average attack costing $1,244.
The scam involves phishers sending authentic–looking emails that appear to come from legitimate companies. These emails include a link and instructions to log in, so that your account information can be verified. The link sends you to a spoofed site that captures your username and password when you type them in. These emails can be faked to looked like they come from banks, online payment providers (like PayPal), sweepstakes companies and online auction sites (like eBay). Cybercrooks sent out 6.1 billion phishing emails in 2006.
Once the phishers have your information, everything in your account is up for grabs — money, confidential information and account access. Don't take the bait. Learn how you can avoid being one of the nearly 300,000 that were reeled in by a phishing scam.
How can I protect myself?
Here are eight ways to guard against phishing attacks:
- Filter up – Make sure your email spam filter is turned on. This should prevent most phishing attempts from even reaching your inbox.
- Guard the perimeter – Take your security to the next level. Ensure that every computer, server and network is protected by a firewall and antivirus software.
- Don't talk to strangers – Never open emails from people you don't know. Most are harmless spam, but some may be phishing attacks.
- Missing links – Never click on links embedded in suspicious emails. You may end up at a spoofed site and at the mercy of a phisher.
- Lock down – Any site that transfers confidential information should have encryption capabilities. Look for a lock on the bottom right of your browser window to make sure the site is secure.
- "S" is for security – Most legitimately encrypted sites use URLs that start with https:// instead of http:// — so keep an eye out for the little "s."
- Dial up – Phishers will claim just about anything in their spoof emails to get you click on their link and enter your username and password, including threats of account deactivation or even IRS penalties. When in doubt, just call that company's customer service and ask them to verify that they sent the email.
- Spell it out – Many phishing emails are rife with grammatical and spelling errors. Sometimes all it takes is a quick perusal to figure it out.
What are they?
Computer viruses are small software programs designed to spread from one computer to another and can corrupt data or even delete your entire hard drive. A 2006 Consumer Reports survey, found that in the last two years Americans have lost $5.2 billion because of viruses — mainly in technical support and computer repair costs.
One thing that makes these little buggers so incredibly pesky is that they're easy to pass along. A virus can literally circle the world in a matter of hours via email and instant message attachments. Couple that with the 21,000 new variations of viruses and worms that are introduced every year1
, and you've got a pervasive problem.
So you may be wondering why computer viruses are classified as cybercrime. Well, unlike biological viruses — like the flu — computer viruses don't simply evolve on their own. They need a little of that human touch. Programmers create viruses for a variety of reasons. Some viruses are little spyware scripts designed to steal financial information. Many are created just for fun, as a prank or an act of vandalism. A cybercrook's version of spray painting a subway car.
How can I protect myself?
Many of the suggestions to prevent phishing attacks also apply to computer viruses. Here's how you can avoid being infected:
- Put up a wall – Install a firewall and use the latest antivirus software. Also make sure you download the newest virus updates from your software's site.
- Don't get attached – Never open an email attachment from someone you don't know. Be wary of attachments from people you know, unless you know exactly what it is. The sender may have unintentionally passed along a virus.
1From "Internet Security Threat Report: Cybercrime continues to rise," Symantec.com, April 4, 2006.
[an error occurred while processing this directive]