Block Spam |Stop making it easy for cybercriminals to steal your data!

Posted by Geraldine Hunt on Wed, Oct 3rd, 2012

Nearly 20 million pieces of private information have been illegally traded online this year according to the latest findings from Experian's "Life in a Box" experiment, which has found that 19.7 million pieces of information were bought and sold illegally between January and June 2012 – more than in the whole of 2011, when 19.04 million records were traded. The experiment found that although Steve, the subject of the research showed himself to be a knowledgeable web user, like many people he made basic security mistakes in his hurry to get things done.

The research involved Steve taking part in a series of online challenges to determine  how secure personally identifiable information like names, email addresses and dates of birth were.

Top 3 email / web security mistakes Steve made :

• Using the same password across multiple accounts
• Failing to update his web browser to a newer, more secure version
• Not checking  that websites were secure by looking for the padlock icon when purchasing online.

The results shows that within just 5 hours the eight temporary email addresses used by the subject were taken over, with the majority of credentials highjacked within five minutes by criminals in countries ranging from Albania to South Africa.

It’s never been easier to become a successful cybercriminal

These results prompt many questions; firstly what kind of information do criminal trade and  what do they do with the information once acquired?

We all freely exchange a vast amount of valuable information online and via email everyday including email addresses, passwords, email address and password combinations, your mothers’ maiden name, address and credit card details. Deficient email and web security as well as sloppy security habits leads to ccriminals successfully getting their hands on this information and assuming someones identity. This lack of attention can lead to a criminal successfully compromising your or your companys’ credit or bank information so that they can go on to assume your identity and use this information for their own malicious intentions.

Credit card fraud has many faces, a scammer can go on a spending spree with the stolen card details initially unknown to the victim; an identity thief  can use your data in many ways, to rent apartments, buy equipment or take out cell-phone accounts; or a company may take your credit card payment over the Internet and not send the goods.

How do cybercriminals get access to this information so easily?

Cybercriminals and scammers use  a variety of methods to get access to your online information including social engineering, phishing,  trojans and money mules; these are just some of the methods scammers use to get access to your online information. Cybercriminals are, if nothing else, resourceful and new methods are developed and used on a daily basis. With the numbers of people using email and shopping on line growing it’s never been easier to become a cybercriminal, especially in an environment where security precautions and security awareness is not a priority.

How can people and companys protect themselves from phishing attacks?

• Employees should never respond to spam email with confidential or sensitive information, a legitimate companies will never ask for sensitive information via email.
• Make employees aware of what a spear phishing attack is and to be on the look out for anything in their in-box that looks suspicious. The best way to avoid your company becoming a victim of a spear phishing attack is to improve awareness of what’s happening before anyone loses any personal information.
• Never give out company financial information such as banking numbers to an email enquiry. Your bank does not need you to confirm your account information – they already have this information.
• Make sure your network is protected with up-to-date virus, anti spam and malware protection. Ensure you update the software regularly and use a trusted and recommended solution.

Are your employees phishable?

If a phishing email succeeds in getting a user to click a url this can , unknown to the user, download and installs a Trojan which is capable of recording your passwords and other details by capturing your keystrokes. These details are then sent to a fraudster  and used to access  your account. The best way to protect your employees and company network from trojans is to install  powerful internet security software on your network and ensure these are always up to date.

As the Experian experience proves, despite the well-known consequences – people and companys still take risks with email and web security. Experian also advised consumers check for SSL Encryption, which is used to protect confidential information. Most enterprise level email security solutions such as  SpamTitan anti spam include such features. Keeping these solution up to date and using a trusted and recommended solution is crucial.

Educating employees around a range of security issues is an important step that many companies ignore. Yes, robust, powerful and updated security solutions are crucial but this doesn’t mean that companies can afford to ignore the ‘softer’ behavioural issues associated with security.  It only takes one employee to open the wrong email to give access to sensitive company data bring a whole company’s IT systems to a halt.