Organized criminals in Bulgaria, Romania and Russia may have “reeled in” your Social Security number, your bank account number or your credit card number.
Some “spy” who does not work for the CIA may know what your favorite Web sites are.
A worm put all South Korean computers offline and sent North Korea on full military alert.
These are only three problems caused by computer hackers described by Professor Joe King, a Bakersfield College and current engineering professor at the University of the Pacific.
His lecture Feb. 28 at BC was titled “Phishing – the Fraudulent use of E-mail to Steal Your Money and Your Identity.” Identity theft by hacking through e-mail, known as “phising”; bogus spyware, browser-hijacking web sites, Trojan horses with disguised viruses and worms spawned through e-mail attachments are several insidious devices employed by resourceful hackers.
Phishing, which is becoming increasingly popular among organized criminals in Eastern Europe as well as in America, is a “growing problem,” according to King, who also works as a consultant for Internet —–security four months out of the year in Washington, D.C.
King explained the phising concept: He said it is a is a crafty way to acquire data from unwitting victims. The goal is identity theft.
Phishing is the act of transmitting an e-mail that purports to be from a bank or other legitimate venture. The e-mail tricks the user into visiting a phony cloned Web site where the victim is lured into supposedly “updating” personal information that may include social security, bank account and credit card numbers.
Criminals have learned to fake overlay windows for bank Web sites, such as Bank of America and Washington Mutual, as well as digital certificates from these establishments. King said it is usually young American males who “phish” for credit card numbers to sell.
The credit card numbers are not difficult to trace in America, but the numbers are harder to trace if the perpetrators operate from central and eastern Europe.
One way, King said, to check for the authenticity of a so-called bank site is to put the computer’s curser onto the status bar, which will show where the user is going. If the link offered by the site does not match up with the address shown in the status bar, the site is not legitimate.
King admonishes users to never respond to requests for personal data for “updating” purposes through e-mail. Instead, the user should call the establishment.
The user should also regularly consult bank, credit and debit card statements to make sure that all transactions are legitimate, and if any transaction appears suspicious, the user must get in touch with the bank and credit care issuers.
King said the safest way to give out credit card numbers is to contact the Web site. The user must also check for the yellow lock symbol located on the browser status bar. Another clue to a website’s authenticity is to check the address, which should read https:// rather than just http://. A suggested Web site for protection against identity theft is the “Protecting you Identity in the Digital Age” Web site. The address is: http://its.med.yale.edu/security/goodmeasures/ProtectingYourIdentity.html.
Spyware, explained King, is any software that secretly collects computer user information. This device observes the user’s Internet habits and conveys the information to the hacker through the Internet. The hacker sells the purloined data. The Spyware is routinely camouflaged as part of “free” programs that can be downloaded from the Internet.
RealPlayer is a form of Spyware that taps into your listening habits, and Gohip is Spyware that lures the user into using a “free” video player, and then Gohip changes the user’s home page. The red-flag sign of a Spyware infection is the slowed pace of Web browsing.
PCs can be infected with anywhere from 50 to 1,000 Spyware programs, according to King. Increased surfing increases the likelihood of infection.
“Spyware is the No. 1 computer problem for 2005,” King said.
Intrusive Spyware programs appearing on an individual PC can be numerous.
“My average is about 75,” King said. The worst case appearing on a PC was 1,000, he added.
King said the deluge of Spyware is not always a result of the user accepting free items.
“Six months ago it was like that,” he said. “But the Internet is changing all the time.”
Nevertheless, be leery of accepting so-called “free” software, King said, and be alert for slow Web browsing. The best Spyware remover available is Spy Sweeper. Spybot is also available and Search and Destroy is free but “works imperfectly,” King said.
Browser Hijacking, another form of hacking that can corrected, is a flagitious way to bait the user into visiting Web sites whose proprietors pay the computer hacker for luring the user to their sites.
Tell-tale symptoms will show that the user’s default start page is changed, and porn and gambling sites appear on the screen. The iniquitous Web site initiates changes to the user’s computer through vulnerabilities. However, changes can be easily fixed through “patches” or service packs offered by companies such as Microsoft. Often it is essential to edit Windows’ registry.
However, the hijacking software often redoes the hacked settings each time the user reboots the computer. So, no matter how frequently the user sets it right, they are hacked again the next time the computer is rebooted. King recommended that computers be regularly “patched.”
A Trojan Horse is a standard application, such as a game or a self-displaying photo, but it has a secret program, usually a pesky, intrusive virus that comes into play when the Trojan is fired up.
The virus, often using the e-mail-attached Trojan, is a program that attaches itself to another program in order to replicate without the user’s knowing it. This degenerate parasite’s goal is to replicate itself as much as possible, often employing the user’s e-mail address book as a means to locate new hosts, according to King.
To avoid the virus, never double-click an e-mail attachment if unsure of its contents, King said.
The bottom line, King said, is that computer hackers want to spread viruses for the thrill of it, establish disguised programs to spy, try to get the user to visit unsolicited websites, and lastly, hackers crave money and identities.