Cybercrime gets personal
2008-11-07 14:27
- Article Tools
- Share
- Get News24 on
Johannesburg - Cybercrime is becoming increasingly personal as criminals collect data from social networking web sites, data breaches and other sources, according to a McAfee report released recently.
In the bi-annual McAfee Security Journal threat report, international security experts from McAfee's Avert Labs found an increase in the use of social engineering techniques used to exploit human nature and maximise profits.
"Cybercriminals are crafting attacks that are virtually impossible for computer users to identify," says Jayson O'Reilly, McAfee acting regional director for Africa.
"Phishing scams, e-mail attacks, Trojan horses, and other attacks are so personalised that even someone with the most watchful eye could fall for a carefully socially-engineered trap."
Exploiting human emotions
In the past six months, cyber scammers have exploited human emotions and curiosity in attempts to lure victims and steal personal information.
Recent scams have revolved around news and events such as the Olympics, natural disasters, and the presidential election in the United States.
"No matter where you live or what language you speak, cyber crooks will exploit basic human nature, zeroing in on emotions of fear, curiosity, greed, and sympathy," says O'Reilly.
"Criminals understand human weaknesses and will increasingly use the power of the Internet to exploit those weaknesses. It's an easy way for cyber crooks to make money and for spies to steal sensitive data."
McAfee Security Journal outlines four major global trends:
1) The depth of personalised attacks will increase.
As users become more comfortable posting information about themselves online, coupled with the increase in user-generated applications, cybercriminals are using information and vulnerabilities in social networking sites to create attacks.
McAfee predicts that users will be taken off guard by the level of detail and personalisation in attack messages from cybercriminals.
2) Socially engineered spam will explode.
Cybercriminals lure countless victims by faking believable spam messages based on real information. For example, cyber crooks will use information collected from data breaches to fake customer loyalty programmes or offer discounts to recent shoppers.
McAfee predicts the trend will continue, as scammers glean personal information about users from social networking sites or data breaches to understand users' credit card information, interests and behaviours.
3) Stock scams will rise.
The growth of social engineering will be used increasingly to affect stocks and shares, going beyond the common "pump and dump" scam used by spammers to claim that a low-priced stock is about make tremendous gains.
Taking a page from historical "penny stock" scams, Avert Labs researchers expect even bolder attempts by cyber scammers to create profitable fluctuations in the equities and derivatives markets, such as falsely advertising security vulnerabilities in software or management changes at a public company.
4) Criminals will capitalise on users' desire to protect their PCs, as more scammers fake security updates.
McAfee has tracked an increase in malicious software posing as applications from "security" vendors.
Criminals use pop-up ads to tell users that their computers are infected and that only the vendor's software can clean the machine.
Not only does the software fail to deliver increased protection, but it can often lead to downloading new malware onto a user's machine.
McAfee believes cybercriminals will step up their efforts to lure victims with fake security updates.
Cyber attacks by the numbers:
- 1.1 million - Total US dollars stolen from customers of the Swedish Nordea Bank in the world's biggest online theft on record
- 84% - The percentage of security breaches attributed to human error by the US Department of the Interior
- 1980 - The first appearances of "Trojan horses" on electronic bulletin boards
- 419 - The section of the Nigerian Criminal Code that outlaws the infamous and ubiquitous Nigerian spam e-mails
- 150% - Percent growth of Trojans using social engineering since 2006
- 742 - Number of typosquatting domains for freecreditreport.com, each one waiting to cash in on the victim's misspelling of a legitimate site
- 320 - Number of typosquatting domains for YouTube, the third most typosquatted site. Other popular sites for squatters include the CartoonNetwork.com, Craigslist.org, and ClubPenguin.com
Cybercrimes are being fought on three separate planes:
1) Update your security technology.
Businesses and consumers must update their security software to include the latest versions of anti-virus software, spam filters, anti-phishing browser plug-ins, and web safety detections.
2) Practice safe computing and safe surfing.
Users should be wary of offers that come through e-mails, IMs, or social networking messages that sound "too good to be true". Likewise, users should never click on an email from someone they don't know.
3) Know your legal rights.
The security industry and law enforcement is fighting against cybercriminals through tracking and prosecuting offenders.
For a full copy of the McAfee Security Journal, click here
- News24