A new white paper from McAfee Inc's Avert Labs highlights the latest computer and online identity theft trends, and features major increases in keyloggers and phishing scams.
Entitled "Identity Theft," the report notes that keyloggers (malicious software code that tracks typing activity to capture passwords and other private information) increased by 250 percent between January 2004 and May 2006 while phishing alerts tracked by the Anti-Phishing Working Group multiplied 100-fold over the same period of time.
Dave Marcus, security research manager for McAfee Avert Labs, said the increase in keyloggers is due to financial institutions being the biggest targets for malware writers.
Marcus added that he is still amazed at how successful attackers are in luring people to give up personal information.
"You would think people would have learned by now not to fall for emails that that you didn't ask for. But, we still get a lot of email attachments that will have password Trojans on them and also at the same time there is a rise in spam and phishing attacks that directs people to what they think is a valid site," said the McAfee security researcher.
While keylogging and phishing are done by different people, Marcus said at the end of the day the rise in both is because their target is the same.
"These two different techniques have shown a lot of development but they're really both geared at the same thing, either getting someone to enter login information or getting them to come to a site and capturing information through something that is introduced onto the machine," he added.
The report noted that organized crime, petty criminals and terrorists are the groups most likely to conduct online identity theft attacks. Marcus said that what attracts these organizations is the sense of anonymity and the fact that there is very low-risk when it comes to identity theft.
Some of the techniques that these criminals have used aside from phishing and keylogging include traditional hacking to penetrate a Web server to steal a database. Non-technical tactics include dumpster diving and shoulder surfing, where someone will look over at a person's computer screen searching for any personal information.
Also, the sites that attackers have developed have become increasingly professional over the years, said Marcus.
"If you look at some of the phishing, pharming and spam sites from two years ago, you will notice that it was poorly produced with bad grammar, poor text and bad graphics but now most spam and phishing sites are perfect replicas of valid sites," he added.
These professional looking sites have fooled tens of millions of people yet the McAfee white paper discovered that complaints from victims of identity theft are low.
"People don't like to report something like this because they feel embarrassed and feel stupid that they can fall for things like that," said Marcus. "You also have a large percentage of people that may not even know identity theft actually happened to them."
When people do complain about identity theft, Marcus noted the report indicated that 18- to 29-year olds seemed to be the ones to complain the most about it. He added that this statistic doesn't necessarily mean they are the most targeted but that they are the most vocal about it.
To help protect users from being victims of identity theft, the report outlined some practical tips such as using caution when opening email attachments no matter who sent them; using strong passwords; and installing security software and keeping them up to date. Additional tips include not clicking on links in emails to visit Web sites, but instead manually type them into a browser.
As well, Marcus suggested that people be careful when sharing information online such as not filling Web forms if one doesn't have to. Also, he added that people should get in the habit of saving files instead of clicking to open them.
"Saving them first gets them scanned by anti-virus and security software so you can open them with some confidence and safety and not hose your computer," said Marcus.
At the end of the day, Marcus said that identity theft will never truly be eradicated as there is too much money to be made and attackers will always come out with new methods but believed that identity theft can be controlled and managed as long as people watch what information they share online.
RE: Keylogging up 250 per cent in two years
By: NetWarden on: Tue 16 of Jan., 2007 18:50 EST (1737 Reads)
|
Keylogging up 250 per cent in two years
Source: eChannel Line By Vanessa Ho http://www.echannelline.com/canada/story.cfm?item=DLY011507-5  15 January, 2007 |
