Every 2 seconds, someone is a victim of identity theft and some types of email scams are on the increase according to industry experts. Anyone who uses the internet or emails is at risk.
Phishing (which is pronounced like the aquatic activity) can be defined as “… masquerading as a trustworthy entity in an electronic communication”. In a nutshell, phishers, the individuals conducting this type of scam, aim to “hook” unsuspecting individuals by getting them to reveal personal and financial information. Many phishing attacks start with an email. In fact, the email received usually looks like a legitimate communication from a bank or popular online service. For example, the email will most likely mention that unless you logon immediately, your account will be suspended or cancelled. Of course, many people will be concerned and will comply with the request; after all, it’s from a legitimate source, right? This is when problems start. When the individual clicks on the link, they are directed to a web site which is a replica of the legitimate web site. Once on the web site, the individual is requested to enter information such as their full name, credit/debit card number, PIN, password, date of birth or other personal data. Once this information is given to the phishers, they compromise your real account or steal your identity. If you think an email you received is a phishing attack, simply delete it. If you think it may be valid, consider this: financial institutions and reputable online services will not send such requests by email. In case of doubt, contact them to confirm the validity of the email before going any further.
Nigerian type scams have been around for many years and were even perpetrated via fax machines before the ascent of the Internet. The concept is relatively simple, yet criminal groups have used it successfully and with devastating effects. Once again, an individual receives an email (notice the pattern of email used by cyber thieves) which has an official look. The email seems personalized and is heartfelt. The story line usually follows these lines: In a war torn country, the sender of the email has been unfairly persecuted and must leave the country with a large sum of money. They require assistance to move funds and in exchange will provide a percentage of those funds. This percentage usually amounts to a hefty sum. Seems like a winning proposition right? What’s there to lose? Well, if the unsuspecting victim responds to this email, they are then sent documents which supposedly prove the funds are available and even fake newspaper clippings are provided to demonstrate that the whole story is legitimate. In sum, a very convincing picture is painted. Once the scammers have gained the confidence of the victim, “problems” transferring the funds will occur and various fees need to be paid. Guess who needs to pay them: the victim! Having been convinced that the whole story is legitimate, people will send money via payment services, only to never see the money again. Some reported Nigerian scams show that victims sent over multiple payments of thousands of dollars to cover various bogus fees … money that is lost forever. The morale of this story: it’s a mirage! Delete the email and do not be tempted to reply, even if you think there is no risk.
When using various online services and forums, you are generally required to create an account. The key to accessing that account is your password. Unfortunately, many users choose weak passwords which can be compromised by cyber bandits. To protect your account, your password must be robust and not easily guessed. An easy way to choose a secure password is to use a passphrase. For example, the phase “I like cheese”. With that easy to remember phase, you could make the password “1Lik3ch33z3”. The “I” is replaced by a “1”, the “l” is capitalized and the letter “e” is replaced by number “3”. For you this will be easy to remember, but someone attempting to compromise your account will be hard pressed to find this by using traditional password guessing techniques. If passphrases are not for you, do make sure that your password cannot be easily guessed, has a minimum of at least six characters and at least one number.
A common mistake that individuals make is to use the same username and password combination for multiple online accounts. Although it may be practical, this practice can lead to serious problems. If a hacker gains access to one of your online accounts, then all of them could be compromised. Once compromised, the hacker changes the password, thus locking you out and allowing himself to conduct activities such as attempting to scam your acquaintances via your email or access your personal data. Email accounts should have a particularly strong password. Once in an email account, a hacker can learn much about a person. Also, for most online services, there is a “forgot password” option. Even if they don’t know the password to, for example, your account with to a popular online vendor, all they need to do is choose that option and the password is conveniently emailed to your (now compromised) email account. They are now free to make purchases on your behalf.
In order to protect yourself efficiently, it is important to protect your computer. Programs such as spyware and viruses are capable of quietly infiltrating your computer. They can monitor what you’re typing and then send the information to an identity thief or credit card fraudster. As such, it is important to always have up-to-date anti-virus, anti-spyware and firewall software installed on your computer. Also, keep your computers operating system up to date with vendor updates. Keeping your computer updated is a simple yet highly efficient way of protecting yourself while using the Internet.
The bottom line is that if you use the Internet, you are exposed to scammers, identity thieves and other undesirables! To protect yourself, always keep a tight grip on your personal information, be suspicious of emails you receive, choose a strong password and make sure your computer is adequately protected.
Micho Schumann is a Senior Manager with KPMG’s IT Advisory group in the Cayman Islands and can be contacted at [email protected] or on 949-4800 for information on security questions and Information Security consulting services.
The views and opinions are those of the author and do not necessarily represent the views and opinions of KPMG.