original article from the
York Region Business Times

Computer neophytes fall for phishing lures

Mar 24, 2005
Hannelore Volpe, Stouffville Sun/Tribune

The Internet and e-mail are making life lucrative for computer-savvy criminals.

And too many ordinary people are falling for their scams, according to Stouffville information security expert Claudiu Popa.

Phishing is the name for this increasingly popular crime. E-mails purporting to be from reputable companies and banks ask unsuspecting recipients to update information such as their passwords, credit card numbers, social security or bank account numbers by clicking on a link in the e-mail.

Mr. Popa noted about 5 per cent of computer users provide information. In 2003, many of the e-mails claimed to be from eBay.

E-mails supposedly from banks tell people their account has expired. The e-mails go on to ask for financial information and account numbers and warn customers not to access their account for two days.

Criminals take financial information and assume that person's identity to access their bank accounts.

Fraud attempts against individuals increased by 40 per cent in January, according to one study.

Phishing is a major problem, said Chris Russel, York University's information security officer. He estimates phishing attacks are increasing at the rate of five to 10 per cent each month.

They purport to be from the most popular websites and are often hard to differentiate from legitimate e-mails.

Home computer users can protect themselves by using a "healthy dose of skepticism and suspicion when looking through e-mails", Mr. Russel said.

No one should give out financial information to unsolicited requests, Mr. Popa said. Although Internet service providers are beginning to filter out many bogus e-mails, messages change so frequently it's almost impossible to stop them entirely.

The problem has been getting worse and "it's targeted to people who don't know any better", said Mitch McGuire, systems administrator for Strategic Information Technology Ltd. in Stouffville.

Bogus e-mails supposedly from banks so closely resemble the actual bank website, he added, they are difficult to tell from the real thing, especially for those who aren't familiar with computers.

Viruses that can access personal information stored in computers are spread by people opening phony e-mails.

As a precaution, Mr. Popa advises computers users to ensure the preview window on Outlook or Outlook Express programs is turned off when they open e-mails. That way viruses can't enter the computer.

It's good advice, Mr. Russel said, noting Outlook has a fairly significant history of security problems.

Another way for the viruses to spread is by people responding to e-mails telling them there is a security update available and must be installed immediately.

What's worse is most viruses now in computers are almost undetectable.

The end result is that you are giving control of your computer to someone else, Mr. Popa explained. All suspicious e-mails should be deleted unopened, he advised.

Peer-to peer file sharing is another major avenue for viruses to get into computer systems, Mr. Russel said.

Anyone who has bought a PC that's ready to plug in will most likely introduce viruses into the system within four minutes of connecting to the Internet.

Mr. Popa suggests computer buyers make sure a Service Pack II (a program included with the Windows XP system) is already installed.

If the program must be downloaded, viruses will already have invaded before downloading is completed.

A brand-new virus that's been around for only about a week or two strictly targets the MSN messenger system, Mr. McGuire noted.

While chatting online, people receive a message from someone they think is one of their contacts. When they click on it, their computer becomes infected.

The most important way people can protect computers is to install anti-virus software such as McAfee or Norton Anti-Virus and update it when the software indicates it's necessary.

The biggest problem is most people ignore the anti-virus system's warnings about updates and fail to renew subscriptions for the software, Mr. McGuire said.

Anti-spyware software is also necessary to keep viruses from invading, Mr. Popa said.

A York University website, http://infosec.yorku.ca, has tips for computer users and a computer security checklist. It includes advice on keeping anti-virus software updated.

Apple computers are mostly immune to viruses, since the Win-dows program is the main target.

Mr. Russel advises using web browsers such as Firefox or Netscape Communicator rather than Internet Explorer because they usually aren't hacker targets.

Several free programs are available on Mr. Popa's website, www.informaticasolutions.com

He can be reached by e-mailing claudiu@informaticasecurity.com or calling 416-431-9012.