Cyber Thieves Continue to Best Technology

The growing sophistication of phishing scams is making it increasingly hard for even perceptive computer users to avoid potential problems online. Some phishing emails now scan the browser history, identify which websites were recently visited and automatically configure themselves to look like the user’s own financial institution. When an email comes from a familiar institution, it significantly boosts the odds that the recipient will respond, experts concur.

Lorrie Faith Cranor, associate professor of computer science and engineering & public policy at Carnegie Mellon University in Pittsburgh, describes the problem as misplaced trust. “When Internet users are asked to make ‘trust’ decisions they often make the wrong decision,” she explains.

Trust, it turns out, has a lot to do with the online experience for most computer users. “Implicit trust decisions include decisions about whether or not to open an email attachment or provide information in response to an email that claims to have been sent by a trusted entity. Explicit trust decisions are decisions made in response to specific trust or security-related prompts such as pop-up boxes that ask the user whether to trust an expired certificate, execute downloaded software, or allow macros to execute,” Cranor says.

In spite of spyware, phishing and other Internet threats, most Americans say they feel safe online, according to a poll sponsored by StopBadware.org, a consumer protection initiative. In a poll conducted by Zogby International, 88% of Internet users said they feel safe online. In addition, 84% describe themselves as armed with the information and tools needed to protect their privacy and security.

But only 24% of computer users nationwide have installed a firewall on their personal computers or regularly update anti-virus and anti-spyware, according to McAfee, a security software manufacturer, and the National Cyber Security Alliance. And corporate America got a wake-up call last spring when thousands of top executives nationwide fell for a new and highly sophisticated phishing attack requesting them to appear before a grand jury. The email installed information-stealing malware–keystroke loggers that record passwords and other personal data–that was sent to the remote attackers.

“What we have here is an Internet security paradox,” said Maxim Weinstein, who manages the StopBadware.org team at Harvard Law School’s Berkman Center for Internet Society. “Americans see themselves as safe online, even as we see an ongoing trend of organized criminal elements using the Internet to target unsuspecting users.”

Security experts are now encouraging corporations to replace traditional signature-based antivirus and spam filtering software with more comprehensive, multilayered solutions that include content filtering, intrusion prevention and gateway antispyware.