Phishing is a scam designed to get e-mail recipients to disclose sensitive personal information such as log-on details and account numbers. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing is based on long-established forms of social engineering. Most phishing schemes use messages delivered in e-mail documents that look like they come from real companies or from valid electronic addresses. Some phishing attacks use malicious Web sites to solicit personal, often financial, information.
Pharming attacks trick users into being redirected to a look-alike Web site. Pharming is very much akin to domain spoofing.
Unlike phishing attacks, pharming victims do not have to click on a link in an e-mail message to activate the attack. Pharming victims do not even realize that their Web browser has been tricked into seeing a false URL as the intended Web site.
ID Theft
The newest ID theft threats coming from two sources. One is the open vulnerabilities in the computer and vendor communities from unpatched systems. As long as people continue to use the Internet without applying the security software patches from Microsoft and other software vendors, computer users will remain potential attack victims.
The other source of ID thefts is the constant stream of variants from existing attack worms such as Saser and Mydoom. Computer systems that are already compromised continue to be used to carry out new directions and overtake other unprotected computers.
Some Internet security experts said the best way to defend against these threats is to adopt a layered security approach. Layering protection protects five key access levels within an IT environment. These include the perimeter, the network hub, the host file, the network application and the stored data.
Within an enterprise environment, protection should include intrusion detection and prevention (IPS) software, as well as vulnerability management software. Another essential security component, according to experts, is an endpoint compliance policy used in conjunction with a hardware firewall, antivirus software and a Virtual Private Network.
Privacy Concerns For Consumers
Internet banking has grown steadily since it became an option for household banking customers 10 years ago. The 10 biggest U.S. banks alone had more than 34 million customers turning to the Internet at the beginning of this year, a more than 50 percent increase from last year.
At some of the biggest banks, more than half of personal account-holders bank online. The numbers drop below 20 percent at many community banks.
A range of conveniences draws customers to the Internet. Some users log on just to check balances. A smaller number of more sophisticated users routinely jump online to transfer money between accounts, pay bills automatically and apply for loans, essentially eliminating paper from the process.
Recent national surveys suggest that a clear majority of the nation's bank-account holders don't trust their banks, the Internet or their own technology acumen enough to bank online. For many, the risks simply seem too ominous.
Whether it's real or perceived, the threat of financial fraud on the Internet has millions of consumers worried. And bankers are still trying to figure out how to create a safer environment, in part by better informing customers how to safeguard their personal data.
In general, banks are quick to stress that far more fraud stems from stolen bank statements and ATM cards -- often perpetrated by deceptive relatives, friends and co-workers -- than originates through purely online channels.
However, that's not the impression created by millions of fraudulent phishing e-mails that flood e-mail in-boxes every day, often in the guise of a message from a bank, urgently demanding recipients' confidential account numbers, passwords and Social Security numbers. Experts caution that criminals are always looking for growth opportunities, and that as more banking customers move online to manage their checking accounts and pay bills, the opportunity for fraud increases.
Potentially more dangerous than illegal withdrawals, a thief with access to an online bank account could steal the victim's identity and establish credit in the person's name.
What could go wrong?
If your Internet bank account is compromised, here are some ways you could be defrauded:
Unauthorized withdrawals: A thief could log on and initiate a wire transfer or use an online bill-paying service to issue checks.
Identity theft: Someone could use details gleaned from your online bank account to set up new credit accounts in your name. Details commonly viewable on online accounts include name, address and phone number. Check images might include a driver's license number or Social Security number. Online accounts also might contain payment details revealing who your employer is and what credit cards you hold.
Check fraud: Combining offline and online theft, a criminal can get check images from your online account and use them to create new checks in your name.
Conclusion
In conclusion, the best advice that I can arm anyone with to combat those relentless theives and hackers is to be aware and be smart! Make it a point to stay up on new ways to protect yourselves. Your identity is worth protecting.
