More Articles from

What’s Scarier Than Halloween? Cyber Crime

Every October 31 we dress ourselves in scary costumes, carve scary jack-o-lanterns, and celebrate Halloween. We have been carving pumpkins for Halloween in the United States since the mid-1800’s, and dressing in scary costumes of various supernatural figures since the early 20th century. More recently, however, October has become a time to focus attention on something even scarier: cyber crime.

October has been National Cyber Security Awareness Month since 2004. This year, we’ll give you an overview of online threats – and ways to protect yourself – in a two-part blog installment.

Cyber crime is on the rise. Dramatically. Cyber crime is now an underground economy that is estimated at $100 billion (annually) worldwide.

The banner ad pictured above (posted on an underground forum) is a solicitation from a criminal gang offering a base salary of $2,000 per month in exchange for a “long-term partnership” creating “crypters.” Crypters are programs that make other programs mostly or fully undetectable by anti-malware programs. The ads lead to a sign-up page where interested coders can leave their résumé and contact information, and state why they think they are qualified for the position. Some of the positions even offer healthcare and other benefits!

2011 has been a year of widely-publicized hacks and data breaches impacting large corporations, government contractors and, ironically, information security firms. Quite literally millions of confidential records have been stolen. However, not all of the hacking has been aimed at corporations. Consumers have been targeted also.

Some of the ways that cyber criminals have been attacking consumers include:

Phishing and Spear-phishing – sending e-mails claiming to be from legitimate companies in order to trick people into reveal personal information, such as credit-card numbers. Spear-phishing attacks are narrowly targeted versions of phishing.

Tips to Protect Yourself:

  • Don’t reply to or click on links in emails that ask for personal, financial, or account information.
  • Instead of clicking the links in emails, go to the websites directly by typing the web address into your browser or use bookmarks.
  • If on a secure page, look for “https” at the beginning of the URL and the padlock icon in the browser.
  • Keep your computer’s antivirus, spyware, browser, and security patches up to date and regularly run system scans.
  • Review your accounts regularly and check for unauthorized activity.
  • Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).

Smishing – the mobile phone counterpart to phishing. Instead of being directed by e-mail to a fraudulent web site, a text message is sent to the user’s cell phone with some ploy to click on a link.

Tips to Protect Yourself:

  • Don’t click on links in texts from numbers that you don’t know or if the text was unexpected.
  • Don’t call the numbers in unexpected or anonymous texts. Look up and call the number of the company identified in the text to see if the message was legitimate.
  • In many cases the text message will come from a “5000” number instead of displaying an actual phone number. This usually indicates that the SMS message was sent via email to your cell phone and not from another cell phone.

Vishing – using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoiP) to gain access to private personal and financial information.

Tips to Protect Yourself:

  • If you receive an email or phone call asking you to call back and you suspect it might be a fraudulent request, look up the organization’s customer service number and call that number rather than the number provided in the solicitation email or phone call.
  • Forward the solicitation email to the customer service or security email address of the organization, asking whether the email is legitimate.

In our next installment, we’ll review other threats and how to guard against them, including skimming, man-in-the-browser attacks, and scareware.

Remember that the Internet can be a scary place, but you’re more likely to stay safe if you learn how to identify threats and avoid them. Check out the good advice at the NCSAM page at What tips do you have to help people stay safe online?

This guest blog submission was contributed by Ken, Susquehanna Bank’s Chief Information Security Officer.

[] [Digg] [Facebook] [Google Buzz] [Twitter]
Tags: , .
Posted in Banking Basics, Industry News.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>