02.Web surfing and malware
Threat 1: Surfing the web
Google’s analysis of 4.5 million websites in 2007 found that 10%, or 450,000 websites, contained malicious code. While you'll often avoid this by having up to date anti-virus software and by being careful about which links and pop-ups you click on, in some cases just by visiting a site you could unwittingly install software that records your keystrokes or steals sensitive information.
Google calls this ‘drive-by downloading’ and says there’s no way for average computer users to protect themselves from this threat. “The victims are completely unaware of the ghost in their browsers and don’t know that their keystrokes and other confidential transactions are at risk of being observed by remote adversaries.”
What to do
Keep your anti-virus software up-to-date. Be judicious about the websites you visit — reputable companies are more likely to have good security systems that protect users. But there are no guarantees.
Threat 2: Company databases
Your details are likely to be on at least 100 databases — government agencies, financial institutions, employers, social clubs, retailers, loyalty schemes, video libraries, airlines … the list is endless. But how safe is that information? What’s to stop hackers stealing it, or unethical employees selling your details, for example?
Bulk theft of identities from large databases is attractive to hackers. In August 2008, the US Department of Justice charged 11 people from five different countries with the theft and sale of over 40 million credit and debit card numbers. The criminals had used ‘war driving’ –- cruising around in cars with laptops looking for accessible wireless networks to hack into and steal details from.
This follows US retailer TJ Stores (which includes the discount department store TJ Maxx) confirming in 2007 that account information for 45.7 million credit card and debit cards, and 450,000 records containing customers’ names, driver’s licence and social security numbers, were stolen from its systems by internet fraudsters. The perpetrators had access to the data over 17 months. US banks claim that 94 million accounts were accessed as a result of the theft. TJ Stores doesn’t know who the intruder was, or whether there was more than one. If your details were stolen from a database in this country, you might never know — until you were defrauded or your identity was hijacked. Australian organisations aren’t required to inform customers or a regulator of such data thefts.
What to do
Read companies’ privacy statements to check how your information will be used. Opt out of allowing your details to be passed to third parties and marketing companies, providing more opportunity for ID theft. Only give the information that companies really need to know.
Threat 3: Malware
A recent OECD report said that malware, or malicious software, is a security threat to the internet economy. It takes many forms, including:
Trojan A program that appears legitimate but can get around security measures to carry out attacks.
Virus A hidden program that spreads by infecting another program.
Keylogger Software that records the information you punch into your computer, and forwards it to fraudsters. Keyloggers aren’t detected by many anti-virus software programs.
Malvertising Ads, even on reputable and legitimate sites, can have a malicious purpose, hiding dangerous code that installs trojans, viruses and spyware if you click on them.
Spyware This sends information to a third-party computer without your permission or knowledge. As soon as you connect to the internet, you’re at risk from attack. A recent survey found that 23% of PCs are infected.
What to do
- Keep your anti-virus software and firewall up-to-date.
- Install spyware scanners.
- Conduct regular scans of your computer; some security programs allow ‘real-time’ protection, a monitoring system that recommends actions against spyware when detected.
- Don't click on pop-ups and banner ads unless you trust the source. One dangerous example is being prompted to click on a link to scan your PC for viruses, but when you do, a virus is installed.