(Reuters) – While the big news is about hacks into the CIA’s and Senate’s public websites, Citigroup and Lockheed Martin, tens of thousands of people are victimized by cyber criminals each year, sometimes with devastating effect.
The FBI, which has a special Internet fraud center, received more than 25,000 complaints a month last year from people who were defrauded over the Internet by fake companies which offered to sell goods that never arrived, by people whose identities were stolen and by victims scammed by someone who claimed to be an FBI agent.
Victims lost hundreds of millions of dollars, according to the FBI’s Internet fraud report for 2010.
The conventional view of hackers as pimply faced, isolated young men out to harmlessly joyride some big company’s servers is out of date, despite the presence of groups such as Anonymous and Lulz Security, which strike for fun and political reasons.
The more worrisome hackers are crime rings in Asia and Eastern Europe or elsewhere beyond the easy reach of the law, where hackers may use a wireless connection in a Russian library to avoid detection.
These are the individuals who steal personal information, like names, addresses, dates of birth and email addresses. They then sell that information to thieves in Internet chat rooms. Those thieves often round out what they know about victims from Facebook pages — maybe a birthplace from a Facebook quiz — or other social media.
Maybe they’ll send a phishing email, pretending to know the victims. Or maybe they’ll send them something they might like because they have found out, for example, that they have a Sony PlayStation and were born in 1943.
But that game download for a grandchild could include key-logging software that secretly tells thieves what victims type. Perhaps they’ll use that to find out which banks they use, and their user names and passwords.
Some advice:
_ Limit information on Facebook and other social media. “Citizens need to start recognizing the value of their own personal data and not put out any data that isn’t necessary,” said U.S. Representative Jim Langevin, a co-founder of the Congressional Cyber Security Caucus.
_ Have solid Internet computer security software and update it monthly. Word to the wise: porn sites are notoriously loaded with viruses.
“Don’t click on links in spam messages and be extra suspicious of messages that piggyback on recent hot news items or events such as holidays,” says Joris Evers, a spokesman for McAfee Inc.
_ Some security experts advise against clicking in links in any email, no matter what the source.
_ Use strong passwords, which means a password that is long and has a mix of letters, numbers and symbols. A strong password is especially important for financial transactions.
Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said he does frequent sweeps of his computer using different security software.
“I do not use computers that my children use for my financial transactions,” said Lewis. “I change passwords and user names very frequently, not that that’s perfect.”
There are efforts to combat spam and phishing attacks.
Many Internet service providers identify and stop spam — estimated to be 90 percent of Internet traffic — before it reaches an inbox. But they only get a percentage.
Comcast, a major Internet service provider, reaches out to customers who have been contacted by potential criminals to warn them, said Jay Opperman, Comcast’s senior director of security and privacy.
“Our customers are very happy with the fact that we’re proactive,” he said. “Overwhelmingly, they’re like ‘Wow, I didn’t know. Thanks for letting me know.’”
Global distribution of TDL-4 infections. According to the country codes to the right, the U.S., India, Indonesia, and Great Britain are tops in infections, according to Kaspersky.
