Five ways to lose your identity (and wallet) this holiday season
How online shoppers can make their systems more attractive to online thieves
Computerworld - The holiday season is almost here, and even in a recession, huge numbers of people will likely be shopping online for gifts this year.
The rush by shoppers to the Web makes the season a great time for online retailers. It's also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.
The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups and various government agencies to come up with lists of precautions that consumers can take to avoid becoming victims of online fraud. Such lists can be a benefit to consumers, but unfortunately, some people ignore the warnings.
For those unwary consumers, Computerworld this year offers a handy list of tips that can help maximize the their exposure to online fraud.
Tip No. 1: Open all attachments from strangers and click on all embedded links in such e-mail messages. Such actions remain one of the most effective ways to provide thieves with personal information and financial data. All a hacker needs to do is find computer users who instinctively open e-mail messages from strangers, even those who write in a foreign language. The action can open the door to keystroke loggers, rootkits or Trojan horse programs. Crooks can also easily install back doors to steal data without attracting any attention. Once installed the programs are installed, hackers gain unfettered access to personal data and can even remotely control and administer systems from anywhere.
Tip No. 2: Respond to Dr. (Mrs.) Mariam Abacha, whose name is used by many hackers who say they have close friends and relatives in Nigeria who have recently been widowed or deposed in a military coup and need your help to get their millions of dollars out of the country. Users are told they will undoubtedly be rewarded for helping to get "well-packed trunk boxes" full of cash out of Nigeria. And make sure to provide bank account information, log-in credentials, your date of birth and your mother's maiden name so that they can wire the reward directly into your checking account in time for the holidays.
Tip No. 3: Install a peer-to-peer file-sharing client on your PC, and configure it so all files, including bank account, Social Security and credit card numbers, along with copies of mortgage and tax return documents, are easily available to anyone on the same P2P network. Your personal data will stream over the Internet while you check out what songs you can download for free without getting sued by the RIAA.
Tip No. 4: Come up with passwords that are easy to crack. It saves hackers from spending too much time and effort trying to access your PC. Clever sequences such as 123456 and abcdef and your firstname.lastname all make fine, easy-to-remember default passwords for you and for hackers. For maximum exposure, keep passwords short, don't mix letters and numerals, and use the same password for all accounts.
Tip No. 5: Avoid installing the latest anti-malware tools and security updates. Keeping operating systems properly patched and antivirus and antispyware tools updated makes life hard for hackers. Users can help them out by making sure their antivirus software and antispyware tools are at least 18 months out of date, or by not using them at all. Either way, it's very likely that your computer will be infected with a full spectrum of malware.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts