The Last Word
A Victim's Plight
was the last time you checked your bank statement online? Have you ever received e-mail from an assumed credible source asking for personal information? Many people have.
It's not uncommon in today's tech-savvy world to regularly receive spam in your inbox. And it's through spam that many people fall victim to phishing scams. The Internet is increasingly becoming a totally other world and though it brings many benefits to people, it also can bring a significant amount of threats -- threats that are becoming more widely distributed and smarter.
Just as the new year expects advances in the physical security industry, there also is a strong focus on cyber security and its rapid evolution. Symantec and its group product manager Bill Rosenkrantz take steps to study trends and analyze stats to create products to combat the latest cyber attacks.
What are companies like Symantec doing to help prevent people from becoming victims of online fraud, and what initiatives is the government taking in the same effort?
"What we're seeing from the beginning of 2003 until now is that the types of malicious codes have moved from what I call 'traditional vandals,' who are more like graffiti artists, to pickpockets and thieves," he said. "They're finding out that they can make money from this."
There has been a huge increase in phishing e-mails and spoofing Web sites, Rosenkrantz said. And it was a phishing e-mail that Megan Rosati, a 22-year-old college student, fell victim to, leaving her penniless and temporarily in debt. Brad Elbein, a Dallas-based regional director for the Federal Trade Commision, spends his days monitoring criminal activity around online fraud. He works to uncover the latest scams, like Rosati's, in an effort to prosecute the masterminds behind them.
We sat down with Rosenkrantz, Rosati and Elbein to get a first-hand account from an identity theft victim and to get a perspective from the other side. What are companies like Symantec doing to help prevent people from becoming victims of online fraud, and what initiatives is the government taking in the same effort?
Anti-Virus Software -- What?
In January 2004, Rosati was in her junior year of college. Just like she had done several times before, she opened her inbox only to find an e-mail from Citibank, or so she thought.
"I'm not computer savvy at all and [the e-mail] looked really good, so I thought it was legitimate," she said.
Because she had just switched banks, she was even more complacent to give the information that the e-mail was asking for -- her first and last name, her account number and information, and even her mother's maiden name.
The next day, while trying to withdraw $20 from her account, she had noticed that more than $1,600 was missing. The money was all taken from spots in England -- a far stretch from Evanston, Ill., where Rosati banked. After a long conversation with her bank, she was able to eventually get her money back. Because the case is still under investigation, she is unable to close that account, but has become more mindful of her personal information and ways to protect it.
"My roommate had asked, 'Do you have anti-virus software on your computer?' and I said, 'What?'" she said. "Now, my computer is fortified with anti-virus software."
Rosati, now being a more educated consumer, makes an effort to ensure legitimate transactions.
What's Being Done to Help?
The better you get at trying to provide security, the more creative the attacks get, Rosenkrantz said. The industry is constantly working to keep pace with Internet crime. Symantec has worked to help people from becoming victims by creating studies, engaging in business acquisitions and by creating new products.
The company recently conducted the first of several local surveys. Its first survey was in the Dallas area and consisted of 500 users.
"The survey shows that people have embraced the Internet, but they're concerned about their online activity," Rosenkrantz said.
To help ease this concern, the company has taken the initiative to acquire WholeSecurity Inc., a company that specializes in behavioral technology. This technology is expected to be integrated into Symantec products in the near future.
Furthermore, Rosenkrantz offers these three banking rules:
- Be aware of what you're doing online. Don't respond to unsolicited e-mails.
- Make sure you use up-to-date anti-virus and firewall solutions.
- Regularly check you credit card statements and bank accounts.
An FTC Perspective
Identity theft on the Internet is growing at a fast pace. Working with identity fraud on a daily basis, Elbein has noticed that most of the crimes do come from physical everyday transactions, such as giving the waiter a credit card for a meal, but online fraud is definitely catching up.
"The number of complaints that we're getting is just sky rocketing," Elbein said.
On Sept. 27, 2005, the federal government, along with Internet safety organizations and tech industries, initiated www.onguardonline.gov. The Web site offers tips for consumers in helping prevent online fraud.
"People are concerned because they're aware and because they're aware, they're looking for information online and in professional publications," Elbein said.
The Web site is used as an educational tool, informing people on what and what not to do. Elbein offers what he thinks to be the top three important tips from the Web site.
- Protect your personal information. Recognize that this information is valuable.
- Know who you're doing business with. Research sellers and sites.
- Back up your files. Put back-up copies on removable disks.
So what's the bottom line?
"The bottom line is this -- if I don't give [thieves] my personal information, the chances of them getting into my computer are minimal," Elbein said. "Remember, the easiest way of them getting my information is by me giving it."
This article originally appeared in the January 2006 issue of Security Products, pg. 80.