1. Growing Cybercrime Threat
A report by Symantec’s Norton unit reports indicates U.S.
consumers lost $20.7 billion to cybercrime over the past 12
months, with 71 million Americans falling victim to online
perps, according to new research. If my calculations are
correct based upon current projected U.S. population at
www.census.gov, that's more than 20 percent of the total
U.S. population. Using the figure for the number of U.S. population using the internet (293.9 million) at
http://www.internetworldstats.com/am/us.htm, it indicates that close to 30 percent of total U.S. internet
users have been victims of cybercrime. Meanwhile, worldwide losses resulting from cybercrime
including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a
report by security company Symantec has found. On average, each victim experienced $197 in direct
financial loss. In the United States, the average loss was $290. According to the report, an estimated 556
million adults across the world had firsthand experience of cybercrime over the period -- more than the
entire population of the European Union. The figure equates to nearly half of all adults online (46
percent), and is up from 45 percent a year ago. There has been an increase in cybercrime that takes
advantage of social networks and mobile technology, according to the report, with 21 percent of online
adults reporting having fallen prey to social or mobile crime. The study also found that 15 percent of
Web users have had their social-networking account infiltrated, and 1 in 10 have been victims of fake
links or scams through a social network. Seventy-five percent of those who participated in the study
believed that cybercriminals are gearing more towards social networks. Over 13,000 participants across
24 countries were interviewed for the report.
Source: http://news.cnet.com/8301-1009_3-57506216-83/cybercrime-costs-u.s-consumers-$20.7-billion/
Note: Being that the data in Norton’s cybercrime report referenced above was developed from
interviews/surveys, there is some question concerning its accuracy. Regardless, the report does address
a growing financial threat to internet users.
Cybercrime protective measures on the back side of this page.
Updated 13 September 2012 375 AMW/XPO
2. Cybercrime Protective Measures:
Use unique passwords for each of your online accounts. You might
want to consider password management software to help you manage
the dozens of passwords you’ll likely accumulate. You can check
out PC World’s article, Best Password Managers: Top 4 Reviewed,
at
http://www.pcworld.com/article/208113/best_password_managers_to
p_4_reviewed.html. There are numerous free and commercial
password managers available, but the commercial products typically
provide more features.
Use long, complex passwords which use a combination of upper and
lowercase letters, numbers, and special characters. Microsoft’s
Safety and Security Center’s password page at http://www.microsoft.com/security/online-privacy/passwords-
create.aspx recommends passwords of eight or more characters, but passwords of 12 or more characters
provide considerably better protection. A 6-character alphanumeric password can be broken offline in less
than a second; However, A 10-character password with a special character using the same computer to crack
it offline can take 54.46 years. If they use a massive parallel processing grid to attack that same 10-character
password, it can take just 2.83 weeks to crack. That’s why long and complex passwords are best.
Use antivirus and firewall software and keep them current. Make sure you don’t let your antivirus
subscription expire, if applicable. Ensure realtime protection is enabled so documents are scanned as they’re
opened, copied, downloaded, etc. Also, enable auto-updating of virus signatures to occur every week or less
(preferably less), and run a full system scan regularly.
Keep your operating system and application software current and patched. Some commercial software
installs a separate program that runs upon start-up to check for software updates. Others require you to select
an option from the program’s menu to check for program updates. When financially feasible you should
consider purchasing upgrades to the latest major version of application software; in many cases, the latest
version provides additional security features.
Validate/verify identities and claims received via e-mail or social networking site posts. Call the individual,
visit the company’s/organization’s legitimate website by typing the address in your browser, etc.
Inspect uniform resource locators (URLs, or internet addresses) in e-mail messages and posts on social
networking sites (SNSs) by hovering your mouse over the link. The actual destination URL will appear in a
pop-up window or the application’s status bar. Visit only those sites you trust.
Be suspicious of all shortened URLs as these can point to any legitimate or malicious website. Validate the
legitimacy of the link with the individual who sent/posted the URL.
Restrict not only your personal information and posts on SNSs, but also restrict your friends list to your SNS
friends. This will help you avoid getting social engineered due to known associations with your friends.
Scammers have created fake SNS pages using friends’ photos from legitimate pages (based upon unrestricted
friends lists) and sent friend requests to gain access to personal information.
Validate with the actual person before blindly accepting friend requests due to the social engineering threat.
A number of military personnel accepted friend requests from a fraudulent account purporting to belong to
NATO Senior Commander James Stavridis, which compromised the military members’ personal
information. This social engineering scam was reportedly traced to China (if interested, see
http://defensesystems.com/articles/2012/03/12/nato-fake-facebook-scam-china-suspected.aspx).
Create a list of bogus answers to challenge questions and use the bogus answers on websites. For example,
you can use “Steelers” for favorite football team, even though you live in Chicago and your favorite team is
the Bears. If a scammer knows you live in Chicago, they’ll likely suspect you’re a Bears fan. And, if by
chance, a scammer actually gets access to your SNS posts and finds that your pet’s name is Fluffy, it will do
them absolutely no good if your bogus answer for the associated website challenge question is “Thor.”