Our digital lifestyles are giving Internet pickpockets new opportunities for online shakedowns.
So consumers and regulators are increasingly demanding more protection from Internet companies. Last week, the advocacy group Center for Democracy and Technology issued a report that said Internet companies are responding by offering more online security and policies, such as erasing search histories.
Security experts, however, say some of the most important protections aren’t found online but in the heads of Internet users. All too often online consumers drop their guard, exposing themselves to fraud, spyware and other malicious attacks.
“In this Internet era, people are so focused on finding the best deal that they get away from fundamental suspicions,” said Scott Petry, founder of Postini, a Redwood City-based e-mail security company. “There is no technological solution here. Any deal that seems too good to be true probably is too good to be true.”
Today’s Internet users are under siege from an array of malicious traps and scams – from phishers, who lure people to fraudulent Web sites, to remote-controlled robots that take over PCs. They need to constantly be on their toes – or, rather, fingertips – for professional online thieves.
It wasn’t long ago that those who launched attacks on unsuspecting Internet users were pursuing hacker glory, not your personal identity, said Tom Powledge, vice president of product management for Cupertino security software company Symantec. For example, the variant of the Blaster Internet worm that crippled some 50,000 computers in 2003 was launched by a 19-year-old living with his parents.
“It crashed PCs, stealing some of your time,” Powledge said. “Now it’s getting more serious. These things are being written by professional organizations.”
Those using Windows-based PCs, which are more vulnerable to attacks because of their ubiquity, need to stay attuned to new security patches issued by Microsoft. “Our data shows an unprotected PC connected to the Internet via broadband on average will be attacked in eight seconds,” said Laura Yecies, vice president of Redwood City software security company Check Point.
But many online criminals are not just picking technological locks. They are scamming the masses through a sort of sleight of mouse. So whether one is an Apple Macintosh user, or one of the Windows-using masses, unguarded Internet behavior can put him or her in danger that no firewall or anti-spyware will protect against.
Multi-tasking Internet users, in particular, can fall pray to requests from e-mails purporting to be sent from a bank or another financial service. Users are directed to a fraudulent Web site. Distracted, they fill in the requested personal information, such as credit card data or even a Social Security number.
“Your bank is never going to send you a message that says, `Please put your personal information here,’ ” Symantec’s Powledge said.
Even tech-savvy young people are vulnerable to hackers and data miners lurking on social networking sites, said Amol Sarwate, manager of vulnerability research labs at Qualys, a Redwood City software security company. That’s because people willingly store vast amounts of personal information on their social networking pages.
“Social networking sites are by far the No. 1 place where identity theft can take place,” he said.
Sarwate and other experts say people who post information such as their phone numbers and street addresses are courting disaster. Sarwate recalls a friend who was tricked into handing over personal information to someone impersonating a credit union representative. The scammer got his phone number from his social networking page.
Some experts even warn against putting up photos of yourself or family.
Even a social networking Web page closed to public view can be vulnerable; a hacker can gain access to the site by impersonating a friend.
Though he admits some may say he’s paranoid, Sarwate said he does not have a Myspace or Facebook page. “It’s a lot of fun,” he admitted. “But it’s so easy to leak information – like where you did your master’s degree, who are your buddies,” Sarwate added.
Chris Boyd, director of malware research for FaceTime Security Labs in Foster City, has recently detected Nigeria-based scams aimed at people using real estate and rental Web sites in tight housing markets. Home hunters post income information and phone numbers, as well as e-mail and instant messenger addresses. Using this detailed information, scammers contact renters and offer great rates on apartments – if they send a security deposit via Western Union.
“It’s quite a sophisticated operation,” Boyd said. “It’s only a matter time when someone will be scammed in the purchase of a house.”
Some online thieves actually use low-tech schemes to trick people. It can be as simple as using a fake cashier’s check to buy an item through Craigslist, Petry said.
“My advice is, always be suspicious,” he said. “Skepticism pays off.”
Contact John Boudreau at jboudreau@mercurynews.com or (408) 278-3496.
