The Last Word

A Victim's Plight

WHEN was the last time you checked your bank statement online? Have you ever received e-mail from an assumed credible source asking for personal information? Many people have.

It's not uncommon in today's tech-savvy world to regularly receive spam in your inbox. And it's through spam that many people fall victim to phishing scams. The Internet is increasingly becoming a totally other world and though it brings many benefits to people, it also can bring a significant amount of threats -- threats that are becoming more widely distributed and smarter.

Just as the new year expects advances in the physical security industry, there also is a strong focus on cyber security and its rapid evolution. Symantec and its group product manager Bill Rosenkrantz take steps to study trends and analyze stats to create products to combat the latest cyber attacks.


What are companies like Symantec doing to help prevent people from becoming victims of online fraud, and what initiatives is the government taking in the same effort?

"What we're seeing from the beginning of 2003 until now is that the types of malicious codes have moved from what I call 'traditional vandals,' who are more like graffiti artists, to pickpockets and thieves," he said. "They're finding out that they can make money from this."

There has been a huge increase in phishing e-mails and spoofing Web sites, Rosenkrantz said. And it was a phishing e-mail that Megan Rosati, a 22-year-old college student, fell victim to, leaving her penniless and temporarily in debt. Brad Elbein, a Dallas-based regional director for the Federal Trade Commision, spends his days monitoring criminal activity around online fraud. He works to uncover the latest scams, like Rosati's, in an effort to prosecute the masterminds behind them.

We sat down with Rosenkrantz, Rosati and Elbein to get a first-hand account from an identity theft victim and to get a perspective from the other side. What are companies like Symantec doing to help prevent people from becoming victims of online fraud, and what initiatives is the government taking in the same effort?

Anti-Virus Software -- What?
In January 2004, Rosati was in her junior year of college. Just like she had done several times before, she opened her inbox only to find an e-mail from Citibank, or so she thought.

"I'm not computer savvy at all and [the e-mail] looked really good, so I thought it was legitimate," she said.

Because she had just switched banks, she was even more complacent to give the information that the e-mail was asking for -- her first and last name, her account number and information, and even her mother's maiden name.

The next day, while trying to withdraw $20 from her account, she had noticed that more than $1,600 was missing. The money was all taken from spots in England -- a far stretch from Evanston, Ill., where Rosati banked. After a long conversation with her bank, she was able to eventually get her money back. Because the case is still under investigation, she is unable to close that account, but has become more mindful of her personal information and ways to protect it.

"My roommate had asked, 'Do you have anti-virus software on your computer?' and I said, 'What?'" she said. "Now, my computer is fortified with anti-virus software."

Rosati, now being a more educated consumer, makes an effort to ensure legitimate transactions.

What's Being Done to Help?
The better you get at trying to provide security, the more creative the attacks get, Rosenkrantz said. The industry is constantly working to keep pace with Internet crime. Symantec has worked to help people from becoming victims by creating studies, engaging in business acquisitions and by creating new products.

The company recently conducted the first of several local surveys. Its first survey was in the Dallas area and consisted of 500 users.

"The survey shows that people have embraced the Internet, but they're concerned about their online activity," Rosenkrantz said.

To help ease this concern, the company has taken the initiative to acquire WholeSecurity Inc., a company that specializes in behavioral technology. This technology is expected to be integrated into Symantec products in the near future.

Furthermore, Rosenkrantz offers these three banking rules:

  • Be aware of what you're doing online. Don't respond to unsolicited e-mails.
  • Make sure you use up-to-date anti-virus and firewall solutions.
  • Regularly check you credit card statements and bank accounts.

An FTC Perspective
Identity theft on the Internet is growing at a fast pace. Working with identity fraud on a daily basis, Elbein has noticed that most of the crimes do come from physical everyday transactions, such as giving the waiter a credit card for a meal, but online fraud is definitely catching up.

"The number of complaints that we're getting is just sky rocketing," Elbein said.

On Sept. 27, 2005, the federal government, along with Internet safety organizations and tech industries, initiated www.onguardonline.gov. The Web site offers tips for consumers in helping prevent online fraud.

"People are concerned because they're aware and because they're aware, they're looking for information online and in professional publications," Elbein said.

The Web site is used as an educational tool, informing people on what and what not to do. Elbein offers what he thinks to be the top three important tips from the Web site.

  • Protect your personal information. Recognize that this information is valuable.
  • Know who you're doing business with. Research sellers and sites.
  • Back up your files. Put back-up copies on removable disks.

So what's the bottom line?

"The bottom line is this -- if I don't give [thieves] my personal information, the chances of them getting into my computer are minimal," Elbein said. "Remember, the easiest way of them getting my information is by me giving it."

This article originally appeared in the January 2006 issue of Security Products, pg. 80.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.