Advances in Spamming
With spam legislation enacted at the federal level, many spammers are now moving their operations offshore. Fishel identifies four main types of computer crimes: phishing (spam e-mail that poses as a legitimate company to request personal information from consumers); pharming (a collection of e-mail addresses that are used to commit identity theft); malicious viruses; and spyware that tracks users movements on the Internet to glean personal information, such as credit card numbers."Whats occurred in the last couple months is a variation on phishing," said Fishel. "People are logging on to the real American Express site and a pop-up screen pops up that appears to be from American Express, asking for personal information." The scheme, dubbed Banking Trojans, is one that Fishels office hadnt seen beforeand one that is particularly disturbing given that it occurs when a person is on a genuine Web site. "[Phishing] used to be only in e-mail," said Fishel. "Now its moved into the pop-up realm when youre on a legitimate site." Computer crimes are also moving onto another new threat: identity theft, one of the fastest growing crimes in the United States, according to Fishel. "People use the Internet to purchase things," he said. "That makes it easier for criminals to sit in Romania or China, access peoples information, and you will not ever know about it." Fishel said that every state has an identity theft law, and there are federal laws IT shops need to be aware of (if you or your business ever becomes a victim of identity theft, it needs to be reported to state and federal agencies). At the same time, Congress has been active in responding to identity theft threats, as have businesses, but the best thing computer users (and administrators) can do is simply monitor their accounts. Read more insight here about efforts to beat cyber-crime. "Be vigilant," said Fishel. "Watch for unusual things, monitor your accounts, report something as soon as it happens." He also warned that with database breaches a lot of businesses are subject to civil liabilitythe consequences of storing personal information. Fishel said the Virginia Attorney Generals office, headquartered in Richmond, has put its highest priority on stamping out child exploitation on the Internet. His plea to IT professionals: If you discover employees surfing child pornography sites, or get it in spam, report it to the National Center for Mission and Exploited Children, to your states Attorney Generals office, to local law enforcement. "Child pornography is the scourge of the Internet," said Fishel. "Its our highest priority to stamp it out." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
And there are always new threats looming.