It is surprising to think that in less than two years, the internet has gone from being an essential corporate asset to being a pain in the neck. According to IT research and analysis provider Gartner, 57 million adults in the US received a fraudulent e-mail as of May 2004.
Most of this activity is for financial gain, with the latest trends getting more and more sophisticated. The new kids on the block include script injection and phishing, and these should concern you as they primarily target bank websites and they work.
Script injection inserts text frames into the official web sites of banks. The result is that you think you are reading official details and links for Global Bank Inc when, in reality, you are reading complete rubbish inserted into the bank’s web pages by Gangs ‘R’ Us. Firms such as MasterCard, Reuters and WorldPay were at risk of this fraudulent activity until as recently as July 2004.
Phishing is more widely known and does the same sort of thing through e-mail. You receive an e-mail from Global Bank Inc saying: “Your account will be suspended unless you click here now.” The shock of having an e-mail saying your account is suspended gets the unsuspecting consumer to immediately click into what looks like the bank’s website. He then enters his login, password and security settings without realising that all the details are being sent somewhere else to be used to pilfer funds.
According to the Anti-Phishing Working Group (APWG), phishing attacks increased 50% a month in the first six months of 2004, with primary targets being banks, eBay and Paypal. These attacks are already costing the industry an estimated $1.2bn a year in fraud.
And the more we fight these things, the more we see attacks increasing. The latest example is the 100 megabyte update from Microsoft to their core Windows platform, known as Windows Service Pack 2. This massive update was meant to solve all the security issues in Windows but, within a few days of its release, there were already weaknesses being reported that allow spoofers to get into our networks via Internet Explorer.
Whether it is spam, viruses, worms or phish, as soon as you find a way to avoid being caught, the global online underworld will find another way to get you. We need to ensure our online branches are as secure as our physical branches. That means not only placing a decent safe in there and around-the-clock security, but also trying to crack into your online branch at least once a month using someone with real expertise who knows how to hack, spoof, phish and spam.
