There was time when we lived in fear of our computers being infected by viruses. In the same way that burglary leaves us feeling violated, catching computer virus (or trojan, worm, whatever guise they take) also makes us feel violated, and somewhat ashamed that we’ve allowed it to happen.
In the early days we didn’t take kindly to friends and colleagues who unwittingly passed their viruses on to us, however, today we understand that these things are, to large extent, out of everybody’s control. We simply download the latest anti-virus update, quarantine the culprit, and get back to work.
Nowadays it is deliberate online fraud and scams that have more potential to damage businesses – which is why we must keep our anti-spam programs up to date alongside our firewall and anti-virus software.
The latest form of attack in this regard is what is commonly referred to as “phishing”.
Phishing scams use combination of ‘spoofed’ emails and phoney websites, which lure users into providing financial data (such as credit card and bank account numbers), account user names and passwords. The emails appear to come from trusted senders such as banks and online retailers, and direct recipients to real-looking bogus sites where they are asked to fill out forms. Maybe you or I would smell rat, but there are many unsuspecting people out there who are simply too trusting.
This phishy business can be very convincing though – the State Services Commission recently warned of emails that appeared to come from the www.govt.nz portal. Of course, this is domain name, not an email address, which should immediately trigger warning bells. The emails, which originated offshore, were apparently advising of mail server failure at that site and inviting users to open file that would automatically forward their mail on to them. This information would then be used by hackers to conduct other fraudulent activities.
It all reinforces the fact that we should be extremely wary of unsolicited email, particularly emails with attachments, or those requiring executable files to be installed. I dump anything that looks even remotely suspicious.
Phishing attacks have been proliferating at an alarming rate in recent months. According to anti-spam technology provider Brightmail, worldwide phishing has increased from 300 million messages in August last year, to more than 2.9 billion last March. This represents around five percent of all internet email worldwide.
Banks especially have had to introduce measures to foil the scams of phishing groups – recent targets have included Citibank, Barclays, and Australia’s Westpac.
Scammers were infecting host PCs with trojans and using keystroke loggers to steal passwords. Banks retaliated by allowing users to pull down menus to enter passwords rather than key them in directly. new trojan was then discovered that attempts to steal passwords by stealing screenshots instead of keystrokes.
It is an ongoing battle that will have the experts phishing for an answer for some time.
Glenn Baker is regular contributor to Management.
Email: [email protected]