surfingdemon
Senior Member
With new phishing techniques you have now have to filter the mail so it never makes it to your inbox, this information and lots of other good advice in this article
http://www.alwayson-network.com/comments.php?id=P5009_0_6_0_C
Latest Net scams, viruses now harder to dodge.
Navigating the online land mines
CBS MarketWatch
NewsTeam | CBS [MarketWatch]
SAN FRANCISCO -- These days, even veteran surfers are finding it difficult to avoid the latest Internet land mines.
From hidden viruses that commandeer PCs via trusted Web sites to next-generation phishing e-mails that plant information-gathering devices on your computer, the online world is beginning to feel more like a dangerous war zone than a fun place to surf.
Even those who study Internet commerce are a bit more nervous about the online experience. "I've always shopped online; I've certainly been more concerned in the past six months than I've ever been," said Bruce Cundiff, an analyst with Jupiter Research, echoing comments by other Internet experts.
These days, extra precautions are more important because it's not enough to avoid suspect Web sites or delete fraudulent e-mails purporting to be from your bank.
In the latest phishing (as in fishing for personal data), the spam e-mails contain code that installs a keyword logger on your computer, which then starts collecting personal data, even if you never clicked on the message but previewed it in the viewing pane.
Earlier variants of phishing, such as messages that mimicked bank e-mails, are "a classic con game," said Peter Cassidy, director of research programs of The Anti-Phishing Working Group, a consortium of companies working to eliminate such scams.
"People said, 'All you have to do is ignore those messages.' With the new stuff, it's a different thing. You have to filter the mail so it never makes it to your inbox," Cassidy added.
The scammers' aim is often personal financial data. "The end goal is to get something on your computer to download a key logger or a data miner that will deliver to the attacker your personal financial data, which can then be used to log into your bank account."
That's the same aim of hackers who've compromised some Web site pages, so visitors unwittingly download viruslike code that hijacks their PCs.
NetSec, an Internet security company, announced last month that 50 Web sites, many of them trusted names, had been hacked in this way, with untold numbers of home PCs infected.
"All you have to do is open up a Web page [and] this appended a program to it," said Chris O'Ferrell, chief security officer of NetSec. That program is then used to steal personal information.
NetSec would not release names of affected sites, and some experts say those Web destinations have already patched the problem.
"The scary thing about it is, who knows how long it was going until we discovered it?" O'Ferrell observed. "We know there was a lot of information being sent to servers over in Russia."
While most Internet users are now savvy enough to ignore the first-generation phishing messages, the Web site scams and latest e-mails are tougher to crack.
With the newest phishing messages, "if all you did was preview them in Microsoft Outlook ... it had already installed a Trojan horse to do key logging on your PC," said Bill Franklin, an investigator for the Anti-Phishing Working Group, and president of 0Spam.Net, a company that monitors e-mails for spam, viruses and phishing.
Trojan horses and system monitors wind into your computer and sit there collecting data. "It's going through all the files on the PC and trying to find any kind of access devices -- the equivalents of passwords, usernames, things that can unlock someone's identity," Franklin added.
Other spyware waits until you go to a bank or other financial institution site so it can then collect password keystrokes, he noted.
More than 500,000 instances of Trojan horses and system monitors were found in 1.5 million scans of customers' computers year to date, according to EarthLink and Webroot, which makes security software.
"I don't see it slowing down anytime soon. It's a problem that's growing like viruses did and just like spam has been," said Scott Mecredy, senior product manager at EarthLink. "We're dealing with a very savvy group of thieves that are motivated by economics. They stand to gain fairly substantially from their efforts."
But consumers have their own weapons in this fight. For one, simple street smarts can help. If a Web site's pages seem to blink or look different, consider ending the transaction.
"Take note of how your normal banking procedures run," Cassidy said. "If a page has blinked and come back, you should be suspicious. You think you're on the bank site, but you're not. Be aware of how the system works."
Some phishing attacks come through instant messages now, so be sure you trust the sender before clicking on links or attachments received via an IM.
When surfing, if a Web site has misspellings or seems unprofessional, refrain from doing business there. "If these people don't have their act together enough to proofread their site, how good can their security be?" O'Ferrell said.
Also, when transmitting personal or financial data, look for the picture of the lock as the promise of an encrypted transmission.
Use credit cards rather than debit cards online, and consider the temporary account numbers offered by some credit card companies, including Citibank and MBNA. Once the transaction is over or a certain dollar limit is reached, that number no longer works.
Online street smarts aren't enough. Consider the following steps as well to help protect yourself from harm:
To find out what might be on your computer already, EarthLink and Webroot offer a free spyware detection scan. See Webroot's Web site or go to EarthLink's page.
Some argue that switching software applications can help. "Hackers are writing code for the most popular Web applications," O'Ferrell said, such as Windows and Internet Explorer. "If you run some other browsers like Mozilla ... you will be unaffected by the majority of vulnerabilities."
The Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center, details new online frauds and hoaxes, and lets consumers file complaints. Go to the Internet Fraud Complaint Center Web site.
The U.S. Computer Emergency Readiness Team, a partnership between the Homeland Security Department and the private sector, has information on some of the latest viruses and threats, and on how consumers can protect themselves. Go to the US-CERT Web site.
There's probably no way to avoid some risk, no matter where you go online or off. "There is risk to life," said Cassidy, an avid shopper of books online.
"The only thing you can do is update your browsers, update your antivirus and hope for the best."
http://www.alwayson-network.com/comments.php?id=P5009_0_6_0_C
Latest Net scams, viruses now harder to dodge.
Navigating the online land mines
CBS MarketWatch
NewsTeam | CBS [MarketWatch]
SAN FRANCISCO -- These days, even veteran surfers are finding it difficult to avoid the latest Internet land mines.
From hidden viruses that commandeer PCs via trusted Web sites to next-generation phishing e-mails that plant information-gathering devices on your computer, the online world is beginning to feel more like a dangerous war zone than a fun place to surf.
Even those who study Internet commerce are a bit more nervous about the online experience. "I've always shopped online; I've certainly been more concerned in the past six months than I've ever been," said Bruce Cundiff, an analyst with Jupiter Research, echoing comments by other Internet experts.
These days, extra precautions are more important because it's not enough to avoid suspect Web sites or delete fraudulent e-mails purporting to be from your bank.
In the latest phishing (as in fishing for personal data), the spam e-mails contain code that installs a keyword logger on your computer, which then starts collecting personal data, even if you never clicked on the message but previewed it in the viewing pane.
Earlier variants of phishing, such as messages that mimicked bank e-mails, are "a classic con game," said Peter Cassidy, director of research programs of The Anti-Phishing Working Group, a consortium of companies working to eliminate such scams.
"People said, 'All you have to do is ignore those messages.' With the new stuff, it's a different thing. You have to filter the mail so it never makes it to your inbox," Cassidy added.
The scammers' aim is often personal financial data. "The end goal is to get something on your computer to download a key logger or a data miner that will deliver to the attacker your personal financial data, which can then be used to log into your bank account."
That's the same aim of hackers who've compromised some Web site pages, so visitors unwittingly download viruslike code that hijacks their PCs.
NetSec, an Internet security company, announced last month that 50 Web sites, many of them trusted names, had been hacked in this way, with untold numbers of home PCs infected.
"All you have to do is open up a Web page [and] this appended a program to it," said Chris O'Ferrell, chief security officer of NetSec. That program is then used to steal personal information.
NetSec would not release names of affected sites, and some experts say those Web destinations have already patched the problem.
"The scary thing about it is, who knows how long it was going until we discovered it?" O'Ferrell observed. "We know there was a lot of information being sent to servers over in Russia."
While most Internet users are now savvy enough to ignore the first-generation phishing messages, the Web site scams and latest e-mails are tougher to crack.
With the newest phishing messages, "if all you did was preview them in Microsoft Outlook ... it had already installed a Trojan horse to do key logging on your PC," said Bill Franklin, an investigator for the Anti-Phishing Working Group, and president of 0Spam.Net, a company that monitors e-mails for spam, viruses and phishing.
Trojan horses and system monitors wind into your computer and sit there collecting data. "It's going through all the files on the PC and trying to find any kind of access devices -- the equivalents of passwords, usernames, things that can unlock someone's identity," Franklin added.
Other spyware waits until you go to a bank or other financial institution site so it can then collect password keystrokes, he noted.
More than 500,000 instances of Trojan horses and system monitors were found in 1.5 million scans of customers' computers year to date, according to EarthLink and Webroot, which makes security software.
"I don't see it slowing down anytime soon. It's a problem that's growing like viruses did and just like spam has been," said Scott Mecredy, senior product manager at EarthLink. "We're dealing with a very savvy group of thieves that are motivated by economics. They stand to gain fairly substantially from their efforts."
But consumers have their own weapons in this fight. For one, simple street smarts can help. If a Web site's pages seem to blink or look different, consider ending the transaction.
"Take note of how your normal banking procedures run," Cassidy said. "If a page has blinked and come back, you should be suspicious. You think you're on the bank site, but you're not. Be aware of how the system works."
Some phishing attacks come through instant messages now, so be sure you trust the sender before clicking on links or attachments received via an IM.
When surfing, if a Web site has misspellings or seems unprofessional, refrain from doing business there. "If these people don't have their act together enough to proofread their site, how good can their security be?" O'Ferrell said.
Also, when transmitting personal or financial data, look for the picture of the lock as the promise of an encrypted transmission.
Use credit cards rather than debit cards online, and consider the temporary account numbers offered by some credit card companies, including Citibank and MBNA. Once the transaction is over or a certain dollar limit is reached, that number no longer works.
Online street smarts aren't enough. Consider the following steps as well to help protect yourself from harm:
To find out what might be on your computer already, EarthLink and Webroot offer a free spyware detection scan. See Webroot's Web site or go to EarthLink's page.
Some argue that switching software applications can help. "Hackers are writing code for the most popular Web applications," O'Ferrell said, such as Windows and Internet Explorer. "If you run some other browsers like Mozilla ... you will be unaffected by the majority of vulnerabilities."
The Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center, details new online frauds and hoaxes, and lets consumers file complaints. Go to the Internet Fraud Complaint Center Web site.
The U.S. Computer Emergency Readiness Team, a partnership between the Homeland Security Department and the private sector, has information on some of the latest viruses and threats, and on how consumers can protect themselves. Go to the US-CERT Web site.
There's probably no way to avoid some risk, no matter where you go online or off. "There is risk to life," said Cassidy, an avid shopper of books online.
"The only thing you can do is update your browsers, update your antivirus and hope for the best."
