What Every Parent Should Know About Computer Crime
Unless you were off the planet last Christmas season, you undoubtedly heard about the nightmare visited upon Target’s CEO Gregg Steinhafle, who lost his job when cyber criminals:
- stole 40 million credit and debit card numbers
- infiltrated 70 million customer records, along with names, addresses, and telephone numbers
- caused a 46 percent drop in Target profits from the previous year
- cost $200 million as credit unions and banks had to reissue 21.8 million credit cards
According to a recent piece on Krebs on Security, it only gets worse. Hackers probably generated about $54 million from the sale of about 2 million cards stolen from Target and subsequently resold on the black market.
It’s only the beginning…
The nightmare computer security breach at Target is only the tip of the iceberg in the shark-infested waters of the Internet and opportunities for computer crime. According to an emc.com white paper, The Current State of Cybercrime 2014:
- The threats and fraud tactics “continue to increase in number and sophistication as the profitability of cybercrime transforms the nature of the game.”
- Phishing scams alone bilked nearly $6 billion from global organizations.
- Three-fourths of all data breaches are in pursuit of money from unwary victims.
- The bad guys — cybercriminals — are becoming increasingly better organized and are even developing “fraud-as-a-service” business models. Technically unsophisticated — i.e., not computer-savvy — criminals are rushing to get online and try their luck as malware becomes more widely available.
Your Smartphone can be dumbed down through malware
The white paper reports that the biggest trend in cybercrime is threats to your constant companion, your smartphone. An astounding one billion units were shipped during 2013, up 38 percent from the 725 million sold in 2012. We don’t just use our smartphones to talk, there are those millions of apps we download from Google Play and the Apple Store.
Poison apps abound
Cybercriminals are busy trying to serve up their poison dish of malware and phishing. Android apps, the most widely downloaded, are the most targeted platform. The Android operating system is open-sourced and susceptible to mobile threats. Last year Android detected over a million attacks and a significant proportion was “disguised as fake or malicious versions of popular apps.”
The case of the booby-trapped Netflix app
If all that is not scary enough, consider the example of a malicious app that was pre-installed on new smartphones. Last March criminals were successful in installing, “several variants of a fake Netflix app that steals personal and credit card data” on some models of Android phones and tablets. No one knows for sure how they did it, but it is likely that the crooks penetrated the supply chain, where a large number of individuals ship and handle the product to stores and customers.
Your e-mail inbox may be ticking
Spoofers and imitators are out there and they are casting a wide net looking to scare you into disclosing personal information. By now, everyone has received or heard about the Nigerian scam e-mail campaigns. Someone closely related to a rich government official has millions of dollars in an account and would love to share the money with you, etc.
While we smile and add that e-mail to our junk mail stack, we could easily be taken in by these five scams highlighted in the Washington State Attorney General’s web piece:
1. You get a real-looking, but fake e-mail
You could get an authentic-looking e-mail from a bank or PayPal, complete with a logo. An immediate giveaway that it is fraudulent would be that:
- the e-mail expresses a sense of emergency and urges you to act in order to protect your account.
- your name is nowhere on the e-mail; instead, the salutation might read something like, “Dear Valued Member.”
- the e-mail asks you to confirm and verify your account by providing your user name and password. No — repeat, no — reputable online website or financial service will ever ask you for that information.
- there are multiple links tempting you to click. Don’t do it. You could be downloading malware.
2. You receive an “urgent, exclusive” loan offer from a company you never heard of. Here are the signs it is a fake:
- If you never heard of the company, chances are the offer is fake. Real companies do not send out random e-mails offering loans.
- The fact that the offer is labelled “exclusive” is a dead giveaway. How could it be exclusive if they don’t even know you?
- You are asked to click on a link and enter personal financial information. Don’t do it.
- Big red buttons and many other links appear to tempt you to “calculate your savings,” etc. Again, don’t click.
3. You receive an especially scary e-mail from a “government agency,” saying that you need to take some immediate action. For example, just after April 15 this year, the IRS reported scammers were sending out fake notification e-mails acknowledging receipt of tax payments. It was a phishing scam. In this case, the dead giveaway is that the IRS never sends official notices by e-mail.
4. You won the lottery! Foreign lottery scams rely on them especially gullible victims who will believe that:
- you can win a lottery without even entering it.
- if you did enter the lottery, you could actually win the millions.
- the lottery sponsor would actually know your name and e-mail address.
Lottery scam e-mails typically:
- do not have the sender’s name listed
- contain illiterate and ungrammatical English
- cite the name of a nonexistent lottery (Google it!)
- ask you to respond to an individual
- as a next step, ask for your bank account information so they can “deposit your winnings.”
5. You receive a suspicious-looking survey request. Relying on your inclination to weigh in on political and social issues, these scams ask you to “please click here” to download purported e-mail images. What you’ll actually be downloading is spyware or other malicious software to your computer.
The FBI’s seven top tips to avoid e-mail and other cyber fraud:
- Never respond to unsolicited e-mails.
- Do not, — repeat, not — click on any links contained in an unsolicited e-mail.
- Beware of any e-mail that claims to contain pictures in attached files. Those files may contain viruses.
- Do not fill out any form contained in an e-mail message that requests personal information.
- Independently verify that links in an e-mail connect to a legitimate site. Don’t click; enter the e-mail address manually, or contact the business to verify that the e-mail is genuine.
- If an e-mail appears to be from your bank, credit card company, or other company you deal with, they will have authentic contact and account information. To repeat: those companies never, ever ask for your personal information and account passwords.
- Cyber criminals love to create a sense of urgency or panic. A scam e-mail might say something to the effect that your account will be canceled if you don’t act immediately. If you feel stressed, call the company.
Add to the FBI wisdom this truism: If it appears too good to be true, it most likely is just that.
Last, but not least, keep the kids safe online
According to a United States Computer Emergency Readiness Team security tip, when your child is using your computer, “normal safeguards and security practices may not be sufficient.” While online, children can:
- unintentionally visit a malicious web page and infect your computer with a virus
- expose themselves to online, anonymous predators.
- subject themselves to social engineering and phishing attacks.
- become a victim of cyberbullying.
What parents can do
- Stay involved with your child’s online activity. Help with online research and supervise online activity while teaching the child good computer habits.
- Keep the computer in an open, exposed area. Parents need to monitor what the child is doing and intervene when they notice dangerous online activity.
- Warn about dangers and set the rules. Warn the child never to disclose personal information and never interact with strangers online.
- Monitor your child’s computer activity. You can control your child’s time online, the computer applications and websites the child is allowed to use, and monitor all computer activity through Windows or Mac OSX parental controls.
What everyone can do
In this age of technology, every person and most businesses are becoming totally dependent on the Internet. We bank, buy goods and services and rely on Google for instant research results. The vast stream of data, transactions, and exchange of private information provides a fertile platform for fraud and theft. Here are five precautions that OpenLearn.edu suggests to stay safe online:
- Before you pay for products online look for the “https:” at the beginning of the e-mail address. Another good sign is the small padlock icon in the address bar, or at the bottom of the screen.
- Safeguard your personal information. In addition to being wary of phishing scams, for obvious reasons, don’t tell the world via Facebook that you’re leaving town.
- Inoculate your computer against viruses, malware, and hackers. Even the most careful user can be fooled into downloading a virus or allowing a hacker into the home network. Load up on anti-virus and firewall software to keep you safe when your guard is down.
- Keep your software up to date. The old software may have been hacked for vulnerability. Software vendors are constantly on the lookout to shore up holes. When you receive a notice to update your software, stop and do the fix.
- Plan for catastrophe: back up your computer data. Current Windows and Mac operating systems make the process simple. Take time to activate the backup applications.
Then there was the Police Sergeant Phil Estherhaus’s oft-repeated advice on the 1981-1987 series, Hill Street Blues, “Hey, let’s be careful out there.” You go “out there” each time you boot up your computer and dial up your web browser.