Symantec's Internet security threat report recently indicated that website phishing is the fastest growing internet threat today.  Phishing or brand spoofing is when someone sends you an email and falsely claiming to be an established legitimate enterprise in an attempt to scam you into surrendering private information such as such as passwords, credit card info, phone numbers, business/home address, affiliations and bank account numbers that will be used for identity theft.  The Symantec report also said that phishing incidents has gone up by 366% in the second half of last year as compared to the first half, and will become a very serious concern in the years to come.

Other important statistics provided by the Symantec report are : 17,500 new kinds of worms and viruses were found, up 64 per cent as compared to the first half statistics.  Email continues to be the biggest source of propagation of viruses. Attacks hidden in embedded content in audio and video images are also on the rise which is a cause for alarm because image files are ubiquitous, almost universally trusted, and an integral part of modern-day computing.  25.2 per cent of networks of bots (computers used for malicious Internet activities) are situated in Britain. Other countries topping the list are United States with 24.6%, China with 7.8%, Canada with 4.9% and Spain with 3.8%.  Broadband connection was identified as the main reason for the threat increase.

Online market research company Infosurv has this report to share : 44% of online banking customers use the same password for multiple online banking services ; 37% of online banking customers use the same password at less secure sites ; 79% of account holders check for the lock icon at the bottom of a secure Web page, but only 40% click the lock to view the security certificate although the lock icon can be spoofed easily as well.

On the other hand, Cyota an online security and anti-fraud solution provider agrees with the Symantec report saying that phising cases continues to grow rapidly and is becoming more innovative.  Phishing tactics can now record all keystrokes including passwords on an infected computer which it then emails back to the fraudster; the other variant waits until a user logs in to an online banking Web site to access the victim's financial account and they will monitor the victims online behavior.  Cyota predicts that phishing will become even more mainstream as fraudsters shift their focus from banks to small and medium institutions.  Cyota also said that a do-it-yourself online phishing kits can be purchased for only $270. 

But the most alarming report came from Kaspersky Lab where it said that malicious code writes are now exchanging information and techniques with one another and are working closely together in order to increase the impact of attacks.  With the recent alliance, attacks will be more automated, will take place in several stages, and will be carefully timed and planned.

The threats facing the online world is real, and should be everyone's concerned.  Some recent attacks are as follows : a worm which disguise itself as a WWE screensaver ; a new email scam that promises money from the late Sir Denis Thatcher's will ; three new worms that targets instant messaging users and a lot more.  The trend of attacks is directed mostly on personal applications like IM (communication), screensavers (personalization) and gaming (entertainment).  These hackers may have the greatest minds in the world of technology and I must add, they must be psychologist one way or the other.

Before I go any further, let me just state this fact : The Internet is NOT secure.  In the absence of stronger laws and government expertise in catching online criminals, self-protection requires self-education and constant vigilance.  We cannot totally rely on technology firms to protect us.  Once their back is against the wall, they will just pass the blame to us users - believe me.  Here are some tips that you may want to consider everytime you go online : 1). Don't be too trusting when you go online.  2). Be careful with what information you are distributing about yourself.  3). Always make sure you know what you are doing online. 4). Always keep your security tools updated  5). Separate business task from pleasure/entertainment activities. 5). Use encrypted connections.  6). Never reply to a spam message.  7). Use self-censorship.  8). Put security and privacy as your top priority than looks.  9). Use free email service for personal communications.  10). Use filtering pr
 oxies and anonymisers.  11). Use personal firewalls.  12).  and the most important of all - Always keep yourself updated both on the threats and the available security solutions.

So far we've only discussed problems concerning PCs.  Mobile threats should also be given much attention.  I attended two mobile press conferences recently and they're starting to pass the buck to the users already.  It seems no one wants to take the responsibility. And like what I always say, mobile attacks is non-comparable to PC attacks.  The damage will be bigger, the losses will be huge, and the effects will be larger.  So my appeal to all the mobile players out there - Do something now before it's too late.

Remember that the Internet is amoral, it is not good nor is it bad.  It really depends on how it's being used.  The Internet is now a part of our daily lives whether we like it or not, that's why trust and confidence in the Internet should resemble the trust and confidence we give to individuals and organizations in the real world - How it's earned and when it should be given.

Am logging off for now.  God Bless us all!!!

**********

For your questions, comments and suggestions please e-mail infochat@mozcom.com or visit www.infochat.com.ph for more articles.