ContentWatch Security Blog

Viewing entries tagged with '$

Mon

Mar 3, '14

The Real Enemy in the Battle Against Phishing

If you are have been using the Internet for a while, you will remember the Anna Kournikova virus that tempted users with a message “to see hot pics of Anna Kournikova, click here.”
 
You also probably remember the Nigerian money scam where email recipients were offered to receive millions of dollars for providing a bank account into which funds could be deposited to save someone’s inheritance.
 
We laugh now at how incredibly obvious these scams seem, but at that younger stage in Internet history, most of us were more naive and trusting than we are now.
 
By 2003, the term “phishing” was widely accepted and used by most technologists to define the method of extracting personal or confidential data from unsuspecting users.
 
Fast forward to today. Users have become wiser, more pessimistic, and less prone to take the bait of a phishing scam, but scams have evolved to become much more elaborate, deceitful, and dangerous.
 
Today, phishing scams range from fake websites that appear to look like American Express or Visa to direct phone calls from your bank to verify account information. The data that these scams are phishing for has also evolved.
 
Modern phishing scams look for spreadsheets and documents on infected computers, or scan contacts and emails for personal identity data and credit card information. Phishing scams are also known to target corporate financials, source code, and even intellectual property (see http://blogs.wsj.com/cio/2013/02/22/why-engineers-fall-for-phishing-attacks).
 
Some technologies have been developed to help safeguard against phishing techniques such as site reputation services, identity monitoring and data loss prevention software. But the truth is, phishing is not really a technology issue but rather a “people" issue.
 
Legions of IT professionals and millions of dollars spent on high tech solutions will not stop users from providing personal data, installing apps, or clicking on a tempting link in hopes of obtaining riches and being entertained.
 
The best protection from phishing exploits is largely done by training and constantly enforcing a culture of common sense and caution.  
 
None of the following statements and suggestions are new or groundbreaking.  I suggest these concepts be included in personnel training, frequently reviewing them with and including them as part of a corporate Internet usage policy might help breed a culture of common sense and caution.
 
Don’t believe everything you read, hear, or see online. Actually, be slow to believe.
 

Wed

Jan 29, '14

Tax Season is an Identity Thief’s Favorite Season

Stealing tax returns is just another method for identity thieves to steal your identity. This occurs when another person secretly uses an individual’s Social Security Number to secure and file a false tax return. Once the actual owner of the Social Security Number attempts to file their own return, they will be rejected because IRS records indiciate that they have already obtained a refund.

Wed

Dec 18, '13

Hackers Steal 150 Million Passwords

Adobe recently announced that they were targeted and hacked. The sophisticated hackers leaked nearly 150 million passwords and usernames and shared all the information on public websites. The classified information spread and affected many social media profiles and other accounts; several pages and inboxes were filled with advertisements and spam.

Thu

Sep 12, '13

Common Sense Is Best Prevention for Online Scams

The Internet Crime Complaint Center (IC3) accepts complaints from Internet crime victims or from third parties to the victims. Each year they receive nearly 350,000 complaints. To put it in daily terms, 1000 people fall for online scams each day.  $350 million accumulated dollars are stolen from victims’ each year. Although people are becoming more tech savvy, scammers are still winning.

Thu

Feb 23, '12

What's so bad about BYOD?

These days, if you don't know what BYOD stands for, you've just never seen the acronym. Companies around the world are implementing this long-term, "cost reduction" plan. In essence, it's happening as your employees bring their own mobile devices to use at work. If you are not seeing the challenges, your IT guys do.