Along with rampant computer viruses and spam, Internet users need to watch out for Internet scams, which cause more losses and cannot be blocked by security software, an Internet security company said yesterday.
"Users should be more careful when conducting online transactions or other activities that involve inputting personal information," Patrick Wang (
Online scams, or "phishing," use false e-mails and fraudulent Web sites designed to fool recipients into divulging personal financial data such as credit card numbers, account user names and passwords, and other personal information.
US banks and credit card issuers lost almost US$1.2 billion from phishing attacks last year, Wang said, citing an Internet security threat report that Symantec published yesterday tracing Internet attack trends for the year's first half. The report also showed that 1.78 million people in the US were victimized by the schemes over the past year.
One recent major phishing case happened on Citibank. Phishers sent out a massive number of e-mails and asked receivers to change their online banking user names and passwords. Many Citibank clients fell for the fraud, as the Web page that opened looks exactly like the Citibank site.
Although such scams were mostly carried out via phones or ATMs in Taiwan, Wang warned that the newer model may soon be applied by local phishers, due to the high Internet prevalence rate.
Wang said as a result of sur-ging sabotage activities on the Internet, local and corporate users now have a higher awareness of online security. But the bottom line should be lifted to efficient management, with users not just depending on anti-virus software for security.
For example, users need to be careful when using popular file-sharing software and instant messenger tools, as viruses may be attached to files sent via the platforms and are not easily to be detected by anti-virus software or firewalls, Wang said.
The biannual report also suggested that individual and corporate users apply patches to vulnerabilities in their computers as soon as possible, because hackers now take an average of only 5.8 days to attack defects from the day they are revealed.
In addition to variants of the Slammer, Gaobot and MyDoom worms, a greater threat comes from bots -- programs that are covertly installed on a targeted system -- which allow hackers to control computers remotely, the report said. Symantec recorded 30,000 detections per day, from 2,000 in the last report.
E-commerce sites become the attacks' major target, suffering 16 percent of all attacks launched in the January-June period, followed by small and medium sized enterprises' 10 percent, and then by nonprofit institutions, the report said. Financial service providers, which used to be hackers' favorite target, received 4 percent of the attacks, the report said.
The US still ranks No. 1 as the origin of hackers, followed by China, which had moved up from third place in the last report. Taiwan ranks 14th, down from 8th in the last half of next year.
RSS