Thursday, June 16, 2011

Scammers go back to their roots

Kevin Mitnick, once the most-wanted computer criminal, often turned to a tactic called social engineering. Rather than spend tedious hours trying to crack a password he would often find ways of making people give up information willingly.

Now scammers using the same strategy to talk people into letting them scan their PC for potential threats. However when the victim agrees they are opening the door for the criminal to take what they please which includes passwords, credit card numbers and social security numbers.

According to a recent CNET article Microsoft polled 7,000 PC users in the US, Canada, and in the UK. The result was 15% have received a call like this and 22% actually fell for the scam. 79% reported that money had been stolen from them in amounts ranging from $82 - $1560 and the cost of fixing their computer ranged anywhere from $1730 - $4800.

The ploy of offering security scans is unfortunately giving these guys results but social engineering can dupe even the most careful. Pacific Bell gave Kevin Mitnick very sensitive information because he took the time to study how an employee of PB talked and who in what department would request the type of data he wanted.

Malicious software is still a threat to protect yourself against but greed will always drive innovation in the computer criminal camp.

From CNET
To protect yourself from such scams, Microsoft recommends the usual pieces of advice that we've all heard before but are worth repeating.
  • Be suspicious of unsolicited calls related to a security problem.
  • Never provide credit card details or other information to an unsolicited caller.
  • Don't go to a Web site, install software, or follow other instructions from someone who calls unsolicited.
  • Take down the caller's information and pass it along to the authorities.
  • Keep Windows and your other software up to date, especially antivirus software.
  • Use strong passwords and change them regularly.

No comments:

Post a Comment

TechCrunch