Current trends in attacks Attacks come from the most popular services, E-Mail, Web Browsing, File Sharing, and Software installation. Most Common problems encountered by users: Infection (WORM / Virus / Trojan Horse) SPAM E-Mail (Phishing) Wireless Sniffing / Theft Pop-Ups Spyware Adware
Phishing for your personal information Using a combination of fraudulent websites & spoofed E-Mail, attackers blend social engineering with software flaws to steal private information. Phishing is quickly becoming the fastest growing threat to have developed on the Internet in the past six months, growing 180% from March 2004 to April 2004.
The goals and targets of phishing Financial institutions (online banking) and E-commerce sites are major targets of impersonation. Information they want from you: Credit Card Numbers Bank account numbers, PayPal accounts Social Security Numbers Passwords
Defending against Online fraud Attacks such as phishing rely on convincing users to reveal private information. The best defense is keeping your guard up. Ask why you’re giving out information. Tips for safety: Enter URLs yourself, don’t follow links. Don’t trust links that use IP addresses. Be suspect of forms requesting PIN or Credit Card numbers. Verify and or Update personal information over the phone. Change passwords often.
Wireless Networking Risks Wireless networking is inherently an insecure method of communication. Information is broadcast over a radio, and can be overheard by anyone listening. Considerations: Instant messaging, E-Mail are sent unencrypted Financial transactions must use SSL to be protected Usernames and passwords can be stolen Wireless networks are the easiest to attack
Home Networking Risks Home network security has become increasingly important, as home computers endanger our internal security. VPN connections such as MCC@Home can allow WORMs and Viruses to enter protected networks. What you can do: Keep all Critical Windows updates current Install and use Anti-Virus software Use a router to protect home computers
Questions & Comments Related Links: http://www.antiphishing.org http://www.securityfocus.com