Cyber criminals want your bank account and credit card numbers so they can take your money and use your credit while stiffing you with the bill. They want your social security number so they can apply for credit in your name, stealing your identity. They have even begun selling stolen medical insurance information.
Cybercriminals steal your sensitive personal information by taking control of your computer. This control also lets them install rogue programs on your computer, turning your computer into a zombie under their control—the cyber-equivalent of Night of the Living Dead. Even reasonably well-protected computers can be turned into computer-zombies if users unwittingly click on Internet links, visit sabotaged web-sites or open attachments on emails.
The consequences of having your computer turned into a zombie under the control of a cyber criminal can be devastating. Just ask the owner of the escrow company in Redondo Beach after cyber criminals withdrew $400,000 from her bank account using the firm’s on-line bank id and password which they stole after turning her computer into a zombie. You can read about her and other victims of on-line bank fraud indexed under Financial Systems Security on our blog: http://blog.citadel-information.com.
Online bank fraud is just one of the ways cyber criminals can make money from turning your computer into a computer-zombie. Besides stealing your credit card numbers and the login credentials to your online bank and brokerage accounts, these cyber criminals also display annoying pop-up ads on your computer, send spam from your computer and use your computer to commit a wide variety of sophisticated computer crimes.
Cybercriminals take control of your computer by exploiting four weaknesses:
- Every computer program running on your computer has subtle programming errors (vulnerabilities) that cybercriminals exploit to take control of your computer.
- Legitimate internet web sites often fail to prevent cybercriminals from installing malicious programs on their web sites. When you visit these sites, these malicious programs silently install Trojan horses and other malware on your computer.
- Default settings for many computer programs make it easy for cyber criminals to take control of your computer.
- Users often don’t know what they need to do to minimize the dangers and risks of cybercrime, particularly the need for defense-in-depth.
Defense Strategy 1: Keep Cybercriminals Off Your Computer
- Keep Systems Patched: Software manufacturers issue program updates containing patches to fix known vulnerabilities. Set Microsoft Windows and Office to automatically update. Manually update other programs like Adobe Acrobat, iTunes, Flash and Java. We list available updates for some of the more common programs in our Weekly Patch and Vulnerability Report, available on our blog: http://blog.citadel-information.com.
- Limit Exposure: Create separate accounts for all family members. This is done in the Control Panel. Set account type to “Limited” unless the account needs to run programs as “Administrator.” This will make it harder for cybercriminals to install malware on your computer.
- Protect Your Desktop: Install a reputable antivirus / antispyware product & keep it up-to-date. If you’re technical, run Firefox with the NoScript add-on inside of sandboxie and install a host intrusion prevention system. Sophisticated cybercriminals can get past basic antivirus/antispyware software. Antivirus is necessary. It is not sufficient.
- Secure Your WiFi: If you have a wireless network, encrypt it with WPA2 encryption. Otherwise anyone near you can eavesdrop on your communications and piggy-back on your connection.
- Stay Away from P2P Networks: Don’t run Peer-to-Peer or other file sharing programs, such as Kazaa, Limewire or BitTorrent. These networks provide strangers access to your computer.
- Beware of Scams, 1: Don’t click on web-site ads or pop-ups offering to scan your computer for free. Cybercriminals love to take advantage of people’s fear of getting a virus. Instead of scanning your computer, these programs will infect it. Always be wary.
- Beware of Scams, 2: Don’t open unusual or unexpected attachments, not even from people you know. It’s easy to send an email so it looks like it came from someone else. Also, how do you know your friend’s computer hasn’t been taken over? Always be wary.
- Beware of Scams, 3: Don’t follow links in unfamiliar or unusual emails, especially those requesting your user names, passwords, or financial information. A SPAM filter can help you avoid these e-mails but you must be on guard for emails that get past your SPAM filter. Always be wary.
Defense Strategy 2: Be Careful With Your Financial Information On-Line
- Don’t send your Social Security Number, bank account numbers or credit card numbers in unencrypted email.
- Use different strong passwords [8+ characters, upper & lower case, numbers, characters] for all eCommerce websites. Use Password Safe or RoboForm to securely manage online passwords.
- Only buy on-line from merchants using SSL, which means the website address begins with https://. Look for the “lock” on the title bar of Internet Explorer or Firefox’s lower right corner.
- Use a credit card rather than a debit card when shopping on-line. Link PayPal to your credit card, not your bank account. Federal law limits your credit card exposure to $50. There is no corresponding limit if you use a debit card (even though many banks cover debit card fraud).
Defense Strategy 3: Protect Your Information Away from Home
- Keep your laptop with you at all times. Never leave it unattended in your car.
- Keep WiFi and Bluetooth turned off except when you are using them.
- Encrypt the hard drive of your laptop, protecting it with a strong 15+ character passphrase. If you lose the laptop, the information is still safe. You can get free encryption software at http://www.truecrypt.org/.
- Never use a public computer, Kiosk, or public WiFi for online banking, shopping or to access sensitive information. Since you don’t know how secure these are, prudence requires you to assume they are insecure.
Defense Strategy 4: Watch Your Credit
- Subscribe to a basic credit monitoring service (AAA California offers members a free service)
- Regularly review your bank, credit card and investment accounts for fraudulent activity.
Defense Strategy 5: Better Safe Than Sorry
- Always think about the information you are giving out.
- When in doubt, don’t.
- Stay up-to-date by reading our blog: http://blog.citadel-information.com.