The quest to thwart cybercriminals never ends. As security software and firewalls become more sophisticated, so do cybercriminals. No longer do they simply upload malware or viruses or send clever email messages designed to trick recipients into clicking on links that lead to malicious websites. They have concocted far more devious methods of gaining access to your personal computer or business network.
- Browser attacks. Forget about being careful not to click on links in email messages. Cybercriminals have graduated to embedding links to malicious sites in search engine results. Fortunately, there are certain security software programs, like Norton for example, that can detect dangerous sites and warn you before you click on the links that take you to them.
- Keylogging. With this type of attack, a hacker first manages to infect a person’s PC with keylogging malware then waits for his victim to log in to an online bank account or e-commerce website and steals the victim’s user name, password and, ultimately, money. According Gonsalves, some businesses have moved to protect their customers by creating two-layer protections such as sending a secret code or password to a customer’s cell phone in real time. To access her account, a customer must type in this one-time code or password, in addition to her established user name and password, before the site will grant her access. Well, hackers have found a way around that, too. “Creative crooks have bypassed the added security through malware that collects login credentials, sends them in real time to a command and control server and blocks the user for several minutes in order to give the fraudster time to access the site” says Gonsalves.
- Site impostor. Something that Gonsalves calls the “man-in-the-browser” malware is scary because it tricks the victim into believing that the additional information that he’s being asked to provide “for security” is going to the legitimate site he’s visiting. Not so. This additional information goes straight to the cybercriminal who can then use it to pretend that she’s the customer and gain access to everything she needs to steal money or the customer’s identity. If the cybercriminal takes advantage of an employee and gains access to a company website, she could end up gaining access to the company’s financial accounts or clients’ personal information.
- The humanoid. Cybercriminals have devised a type of malware that’s designed to get around server security that can tell the difference between human and bot activity. Says Gonsalves, “Cyber-criminals have figured out how to create malware that meticulously imitates user actions.” This makes it tougher to recognize a bot. It probably also explains why the codes that you have to type in order to prove that you’re a human often have lines going through them or the letters and numbers are wavy, hollow or have been altered in some other way to make it more difficult for the bot to read them and as a result, bypass the security measure.
- Blocked authorizations. This nasty piece of malware is used by cybercriminals who’ve already misappropriated a person’s credit card or bank account information. Since a lot of businesses will issue email authorizations once a transaction is complete, the cybercriminals insert malicious codes into emails like AOL, Hotmail and Yahoo that will block the authorization messages and prevent the victim from knowing about the fraudulent activity. This is where having something like LifeLock can help. The company offers fraud protection for individuals and businesses and promises to alert a customer the moment signs of fraudulent activity appear on her account.
- Transaction validation scam. This is complicated. Some banks, again in an effort to protect customers, have devised elaborate validation methods that require customers log in to their online bank accounts and then enter specific pieces of information to confirm that they did indeed make the purchases that are registering on their accounts. To get around this elaborate validation process, hackers trick customers by using malware that presents them with a “system upgrade” message after they’ve logged on to their banks’ websites. The customers are then instructed to transfer funds to a fictitious account in order to assist with this process. No legitimate bank would ever do this. This scam is similar to the one where cybercriminals send an intended a victim an email telling him that he just won $1,000,000, but in order to claim his prize, he must send $500 for processing or taxes or whatever. A prize isn’t a prize if you have to pay for it.
Shopping and doing business online gets more dangerous every day. There are ways that individual consumers and businesses can protect themselves, but it clearly involves staying up to date with the latest threats that are going around. So, thank you Antone Gonsalves for sharing this very useful information.