- In this report
- Overview
- Phishing
- Viruses
- Spam
- Spyware
- Social networking
- A safer net
- How criminals deceive
- Where criminals plot
- State of the Net
- Properly erasing hard drives
- Ways to stay safe online
- Canadian online security
| FORUMS |
ELECTRONICS FORUMS  Get real-world advice from others about choosing a new computer, printer, peripherals, etc. |
September 2007
Net threats
Why going online remains risky
The lone-wolf geek you imagine hunched over a computer in his basement isn't the only one out to steal your identity on the
Internet.
Cybercriminals increasingly operate in an elaborate networked underworld of Web sites and chat rooms, where they sell one another stolen account numbers, tools for making credit cards, scanners to pick up card numbers and PINs from ATMs, and viruses and other malicious software.
Such thieves pay $14 to $18 per stolen identity, according to security firm Symantec. They surely get their money's worth: In 2006 alone, identity theft cost consumers and businesses $49.3 billion, according to Javelin Strategy & Research, based in Pleasanton, Calif.
Our reporter viewed images from a Web site that until recently had been frequented by "carders," thieves who traffic in stolen credit- and debit-card numbers. She was aided by staff from RSA Security, a security firm in Bedford, Mass., that works with law-enforcement agencies to monitor such activity.
In a chat room, an identity theft defrauder bragged to another, "I have bank accounts ... discount if you buy in bulk." In a feat of credential burnishing, one criminal assured another that he'd been "uploading scams on hacked hosts for long time." The site also featured discussion forums, a news and how-to publication about fraud, and a Hall of Shame, where defrauders trying to cheat other defrauders were exposed.
Not all ID theft is carried out online, of course. The most notorious recent identity theft schemes involve hackers who broke
into businesses' customer files. And for a look at how easily someone can obtain personal information from your used PC, see
What your hard drive can tell ID thieves.
But given the prevalence of tools for cybercriminals on sites like the one our reporter viewed, it's clear that the kind of online threats we've investigated for this report--spam, fraudulent Web sites, and malicious software (malware)--have become important tools in the arsenals of identity thieves.
Despite stepped-up law enforcement and better security software, those threats remain potent, according to the 2007 Consumer Reports State of the Net survey. Findings from our fourth annual national survey of online threats, conducted this spring by the Consumer Reports National Research Center based on 2,030 online households, include the following:
In short, in a world where online criminals have become quite sophisticated, consumers must become more wary of online threats. Consumers Union, the nonprofit publisher of Consumer Reports, believes that government and industry must step up their efforts to protect the public from online threats, including identity theft, though there's a lot consumers can do to avoid becoming cybervictims. For advice on how to protect yourself and Ratings of security software, see Best security software.
Cybercriminals increasingly operate in an elaborate networked underworld of Web sites and chat rooms, where they sell one another stolen account numbers, tools for making credit cards, scanners to pick up card numbers and PINs from ATMs, and viruses and other malicious software.
Such thieves pay $14 to $18 per stolen identity, according to security firm Symantec. They surely get their money's worth: In 2006 alone, identity theft cost consumers and businesses $49.3 billion, according to Javelin Strategy & Research, based in Pleasanton, Calif.
Our reporter viewed images from a Web site that until recently had been frequented by "carders," thieves who traffic in stolen credit- and debit-card numbers. She was aided by staff from RSA Security, a security firm in Bedford, Mass., that works with law-enforcement agencies to monitor such activity.
In a chat room, an identity theft defrauder bragged to another, "I have bank accounts ... discount if you buy in bulk." In a feat of credential burnishing, one criminal assured another that he'd been "uploading scams on hacked hosts for long time." The site also featured discussion forums, a news and how-to publication about fraud, and a Hall of Shame, where defrauders trying to cheat other defrauders were exposed.
But given the prevalence of tools for cybercriminals on sites like the one our reporter viewed, it's clear that the kind of online threats we've investigated for this report--spam, fraudulent Web sites, and malicious software (malware)--have become important tools in the arsenals of identity thieves.
Despite stepped-up law enforcement and better security software, those threats remain potent, according to the 2007 Consumer Reports State of the Net survey. Findings from our fourth annual national survey of online threats, conducted this spring by the Consumer Reports National Research Center based on 2,030 online households, include the following:
- Your chances of becoming a cybervictim are about 1 in 4--slightly less than last year because a few problems appear to be
easing, though significant threats remain.
- Consumers are still falling prey to phishing scams, in which bogus e-mails and Web sites ask them to disclose information
about their financial accounts. The number who submitted personal information in such identity theft scams remained constant
since last year, at about 8 percent of respondents. In the past two years, we estimate, a million consumers have lost billions
of dollars to such scams.
- Thirty-eight percent of respondents reported a computer-virus infection in the past two years, and 34 percent reported a spyware
infection in the past six months. Based on projections from our survey, virus infections prompted 1.8 million households to
replace their PCs in the past two years and spyware infections 850,000 in the past six months. Very few Mac users reported
either infection type.
- Defenses are still down. Seventeen percent of respondents didn't have antivirus software installed. Thirty-three percent didn't
use software to block or remove spyware, which would help to stop identity theft. Most households had installed a firewall,
which keeps out hackers. But based on our survey, we project that 3.7 million U.S. households with broadband still lack a
firewall.
- Wireless users face additional risks, our survey showed. Half of those who used their home computer with a wireless router
didn't take basic precautions such as enabling encryption. Among those who used connections at public hotspots, which are
at greater risk than home connections, 63 percent possibly exposed themselves to hackers or identity theft by logging on to
password-protected accounts.
- Many youngsters are at risk. Among respondents with minors online, 13 percent of their children who were registered at the
giant networking site MySpace.com were younger than 14, the minimum age the site officially allows. We also found that many
parents haven't prepared their children for online risks.
In short, in a world where online criminals have become quite sophisticated, consumers must become more wary of online threats. Consumers Union, the nonprofit publisher of Consumer Reports, believes that government and industry must step up their efforts to protect the public from online threats, including identity theft, though there's a lot consumers can do to avoid becoming cybervictims. For advice on how to protect yourself and Ratings of security software, see Best security software.
