The landscape of malware and fraud is constantly changing, threats a year or even months ago may have already evolved or disappeared. The criminals behind these threats are constantly looking for the next opportunity and trying to make the most of it as soon as possible so that they are not caught.
Creating malware is by far the most difficult part of the hacking schedule, mainly due to the ease with which malware spreads. It is reported (Symantec Corporation) that 75% of websites on the Internet have vulnerabilities that “put us all at risk”. In the same report, they noted that 1 million online attacks against Internet users occur every day by 2015. Here are a few examples of online threats that you must monitor today to increase your chances of not being included in next year’s statistics.
The theft of personal data using key logging software is one of the most common attacks that is happening online today. By installing a malicious program called “spyware” on your computer, the author of the program can record every keystroke on your computer, highlighting the login pages to steal your combinations of usernames and passwords. Online banking sites partially counter this threat by offering different types of passwords, for example, you may have started using a memorable word to log in to your bank. The site will ask you to enter characters in certain places in the keyword, so you may be asked to enter 2nd, 4th and 5th letters or the number of the word you have learned. This way, the keyword registration software will return mixed letters. Unfortunately, this is not an ideal solution because over time, the keylogger will recognize the memorized word, especially if it captures both screen and keystrokes. You can protect yourself from this threat by installing modern anti-virus software on your computer.
Another threat worth mentioning is ‘phishing spears’, a more advanced and targeted form of classic Internet email problem, ‘phishing’, which you are probably familiar with. Spear phishing is similar to phishing, but it targets one person or, less often, a small group of people. A standard procedure for this type of threat is to gather information about the format of the company’s email address and then search for the names of specific people within the company. With this information, a phisher can actually appear in the mailbox of an employee of that company as a colleague looking for personal information. To increase the chances of success of a phishing attempt, the phisher often acts as an authoritative figure in the company, which significantly complicates the task of the respective employee(s) to keep confidential information secret.