Sandra's Story
Sandra E. is a human resources professional who lives in a small town in Miami, Florida. She has used a computer in her job for more than ten years. At work, her computer is maintained by her organization'
Sandra considers herself to be computer savvy and believes that she is at low risk of online fraud for the following reasons:
Sandra's situation seems safe enough, right?
Unfortunately, looks can be deceiving. At work one day last summer, she heard about a new Internet Explorer browser vulnerability; it was so critical that emergency patches for all work computers in her organization had been distributed by her IT department that same day. She wanted to be sure her home computer was protected too, so when she got home she went online to get more information about the vulnerability, and determine if she was protected.
Using a popular search engine, she found a Web site that offered not only information about the vulnerability, but the option to have a patch for the vulnerability downloaded automatically to her computer. Sandra read the information, but opted not to accept the download since she was taught to download information only from authorized sources. Then she went to the official Microsoft site to obtain the patch.
So, what went wrong?
Unfortunately, as Sandra was reading information about the vulnerability on the first site, the criminal who had created the Web site was taking advantage of the fact her computer actually had the vulnerability. In fact, as she was clicking "No" (to refuse the download that was being offered), unbeknownst to her the automatic installation of a small, but powerful, crimeware program was already taking place on her computer.
The program was a keystroke logger. Simultaneously, the Web site's owner was already receiving a notification that the keystroke logger had been secretly and successfully installed on Sandra's computer. The program was designed to covertly log everything she typed in from that moment on, and to send all of the information to the Web site owner as well. It functioned flawlessly, too - recording everything Sandra typed- every Web site she visited, and every email she sent, passing the stolen text on to the cybercriminal.
Later that evening, Sandra finished up her monthly online banking. As she logged into her personal bank account, the keystroke logger recorded those keystrokes too, including confidential information: the name of her bank, her user ID, her password, the last four digits of her Social Security number and her mother's maiden name. The bank's system was secure, and all the data she typed in was encrypted so no one along the route could casually discern the information. However, the key logging program was recording the information in real time - as she typed it in - before it was encrypted; thus, it was able to bypass the security that was in place.
It was just a matter of time before her bank's name, her user ID, her password and her mother's maiden name were in the hands of the cybercriminal. He added her name, and all of the associated information, to a long list of names of other unsuspecting users, and sold the list to someone he had met on the Internet - someone who specialized in using stolen bank information to make illegal withdrawals. When Sandra went to make a deposit the several weeks later and asked for her balance statement, she was shocked to find that her bank account was almost empty. Sandra had been the victim of a cybercrime.
This is the sort of story most people think of when they think of cybercrime, and it is a story that is becoming all too familiar. Read these other stories to learn more about what cybercrime involves.
Saji Kuriakose
Express yourself instantly with MSN Messenger! MSN Messenger
To subscribe send a mail to Keralites-subscribe@yahoogroups.com.
Send your posts to Keralites@yahoogroups.com.
Send your suggestions to Keralites-owner@yahoogroups.com.
To unsubscribe send a mail to Keralites-unsubscribe@yahoogroups.com.
Homepage: www.keralites.net
Earn your degree in as few as 2 years - Advance your career with an AS, BS, MS degree - College-Finder.net.
Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch format to Traditional
Visit Your Group | Yahoo! Groups Terms of Use | Unsubscribe
__,_._,___
0 comments:
Post a Comment