The nature of computer crime is changing. Attackers are moving away from broad attacks on corporate firewalls--the high-profile stunts that wreak havoc on millions of computers--and instead are focusing their efforts increasingly on narrow targets, such as desktop computers and Web programs that allow an attacker to capture personal, financial and confidential information. Whereas in the past the point was often high-tech high jinks that showed off the skill of the computer hacker, the goal of many cyber criminals today is financial gain. The new threats to cyber security have the potential to make investment advisors--and their clients--especially vulnerable as they exchange sensitive and confidential information. It's more important than ever before to heed the advice of cyber security experts and follow safe cyber practices.
Traditional attacks that were often designed to destroy data have given way to attacks designed specifically to steal information, often for financial gain, according to a recent report on Internet security published by leading anti-virus maker Symantec. The report identifies "a notable increase in threats designed to facilitate cybercrime, criminal acts that incorporate a computer or Internet component, and an increase in the use of crimeware, software that is used in the commission of cybercrime activity." The report also states that the industry targeted most frequently by hackers is financial services, followed by education and small business. Symantec expects to see an increase in the theft of confidential, financial and personal information for financial gain in the future.
Cyber criminals deploy several techniques to capture your sensitive data. One technique is known as "phishing," and it is on the rise. Phishing uses email messages that look like legitimate inquiries from legitimate businesses to trick you into divulging personal information. A classic phishing scam is an email message that looks like it comes from your bank and asks you confidential information about your account, such as your password or your social security number--information that can make you vulnerable to identity theft. Identity theft tops the Federal Trade Commission's current list of consumer complaints, accounting for 255,000 of more than 686,000 complaints filed with the agency in 2005.
"Keylogging" is another technique in the hacker's arsenal. Keyloggers are programs that infiltrate your computer without your realizing it. You could pick one up inadvertently while swapping music files or while downloading a free program from the Web. Keyloggers document every keystroke you make, searching for patterns that indicate credit card numbers and other personal information. Malicious code threats that could reveal confidential information rose 6 percent in the second half of last year, involving 80 percent of malicious code threats identified by Symantec's research.
The good news is that there are many ways to protect yourself from these scams. "Individuals often make mistakes online that can be easily avoided," explains Oliver Schmelzle, group manager of Symantec Security Response. "Consumers are often too trusting when they are online. They need to look at suspicious e-mails and Web sites with a careful eye and understand that most legitimate companies, financial institutions and government entities do not reach out to their customers for personal information via email."
The FTC provides a wealth of resources on how to avoid becoming a victim of cyber crime. Here's the agency's advice on avoiding phishing scams:
Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message. Don't cut and paste a link from the message into your Web browser--phishers can make links look like they go one place, but will actually send you to a different site.
If you are concerned about your account, contact the organization using a phone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself.
Use anti-virus software and a firewall, and keep them up to date.
Don't email personal or financial information.
Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
Forward email messages phishing for information to firstname.lastname@example.org and to the company, bank or organization impersonated. You may also report phishing email to email@example.com, an industry consortium.
Make sure you aren't your own worst enemy, caution experts. "Email tends to be conversational and easy, but the problem is it will all come back to haunt you," advises Mike Rosenfelt, executive vice president of MessageOne, a company that specializes in business continuity software, including secure email systems. "My number one tip is: Don't put anything in email that you don't want to see again. No financial advice, investment recommendations, trade confirmations, proprietary information, or account numbers in email." In other words, don't give the cyber thieves anything to steal.
Mary Kathleen Flynn is a technology reporter based in New York City. A frequent contributor to U.S. News & World Report, she is a former technology correspondent for CNN and MSNBC.