Email address worth $0.0000385
Harvesting programs scour the web for text containing an @
character. Some newsletters use un-subscribe functions to verify addresses.
Thieves can send lots of advertising junk. Usually for Viagra.
What users can control, however, is the amount of data they
put up online in the first place, especially on social network sites. Users can
also keep an eye on the security issues, which are an everyday occurrence
because more often than not, passwords are stolen because individuals make
errors or unwittingly install malicious programs on their machines.
Email address
worth $0.0000385
For home and business users, there are, according to
security company GData, a number of real threats from spyware, spear phishing
and targeted attacks and botnets, and people need to be very much on their
guard against each one of them.
With spyware, for instance, cyber criminals use programs
that secretly monitor activity on your computer to discover passwords, online
banking details and credit card information. Spyware gets onto a machine by
disguising itself as freeware or shareware, by hiding in a website or in an
HTML email. It then sits quietly in the background, usually unnoticed, secretly
capturing computer activities. It may involve a key-logger, which tracks the
keys you hit on your keyboard, enabling cyber criminals to work out passwords.
An estimated six million LinkedIn passwords were stolen in a security breach
Spear phishing and targeted attacks use information openly
available on the internet, combined with information on social media sites.
Cyber criminals can find out personal details, which they use to win the
interest of specific individuals. For example, an individual could posts on his
or her Facebook page that they are really excited to be going to see the new
Batman film. The cyber-criminal will spot this and sends an email or a social
media message, saying, 'Check out this exclusive video of The Dark Knight
Rises'.
Getting hold of that email address may not be as difficult
as your imagine - consider how many corporate sites have details of them, for
instance - and the criminals are also quite savvy in used shortened links,
which conceal the real, dangerous destination. When the individual clicks on
the link, they may end up unconsciously downloading malware onto their system
such as spyware and key-loggers, which will eventually lead to their passwords
being compromised.
Botnets are another major problem. This refers to an
association of networked computers, which are under the control of a so-called
bot-master and which, without the knowledge or consent of the owners of the
individual computers, can be remotely controlled by the bot-master. This is how
cyber criminals can get onto a computer system to deploy spyware to track
activity.
“There are people who say 'but I'm not technical at
all'," said Krause. “My advice to them would be to get technical. You need
to understand how your data is stored and learn what steps you can take to
protect it. Electronic storage of personal information isn't going to go away,
so family a rise yourself with the basics. And then keep up to date. If you
don't, then someone will take advantage of your ignorance - just the same as
people have always done."
HSBC issues customers with a Secure Key to ensure safer log ins to its
banking service
“Fingerprint scanners would ensure only the user could gain
access but this means having extra, costly hardware”
One of the best ways of protecting yourself is to avoid
easily interpreted passwords. Since there are so many websites around that
require login and password details to access a user account, it's all too
common to see people adopting straightforward, easy to memorize passwords that
could simply be guessed. A survey by data security firm Imperva analyzed 32
million passwords to find the top-ten most commonly used. Five of the top ten
were simply sequential digit strings such as '123456', with the remaining
including 'password' and 'abc123'.
Other favorites include personal information such as a
mother's maiden name, favorite pet, birthplace or date of birth. This sort of
information is frequently used to confirm authenticity with online banks and
services, and could therefore be subject to key-logging and phishing scams. The
advice is to use a combination of letters and numbers in a password as well as
a word that would be very difficult for a third party to guess.
The advice: don't
click on links you don't know and you've possible reason to believe are not
legitimate
“You also need to wary of someone shoulder-surfing -
standing behind you and looking at what you type," said Krauss. “But there
are also issues with key loggers; not logging off or locking your device when
you step away from it for a few minutes; not having a password or having your
email, Twitter or Facebook account set to remember your password so they
automatically log in; or trusting friends, colleagues and family to not just
'take a look'.
"So the advice is simple: be aware of who can see your
screen; run a decent anti-malware product; don't click on links you don't know
and you've possible reason to believe are not legitimate; don't open email
attachments unless you're sure of the content; check the rear of your work and
home PC for any new or unrecognized items plugged into them; ensure that your
computer or mobile device is password protected; set your computer or other
device to lock out after five to ten minutes of inactivity; do not allow your
email, Twitter, Facebook pages to remember your username and password; don't
implicitly trust those who have access to your computer or mobile phone; and
back up your data regularly"
If all of that sounds exhausting, then consider this: more
than three billion malware attacks are reported annually with, on average,
260,000 identities exposed per data breach. Social networking sites continue to
grow as an attack distribution platform and shortened URLs that hide malicious
links are increasing infections.
Mobiles are making things worse. Attackers are exhibiting a
notable shift in focus toward mobile devices. The data they receive is valuable
too. Credit card data can be sold on underground forums for as little as 4p
with factors that dictate prices including the rarity of the card and discounts
offered for bulk purchases. The threat is out there.
