Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
The Human Security Hole
Danger level: High | Likelihood: High | Target: All
You can update Windows and each of your applications, and you can use security software to protect your PC, but one constantly exploited weakness can never be patched: human fallibility.
Online villains use an ever-changing array of tricks and traps to lure you in, and they're getting sneakier.
A recent eBay auction trap highlights the effectiveness of good social engineering. According to reports from US-CERT and Internet security companies, clever phishers were using a vulnerability in the eBay site to add auction links to eBay's pages. Those links brought unsuspecting users to a new site that would ask them for their eBay logins. You're no doubt suspicious of random e-mail messages that prompt you to click a link and enter your account information. But if you are prompted after clicking a link on a verifiable eBay page, you just might get caught with your guard down.
Your e-mail gets equal attention. Clever crooks steal or buy e-mail addresses, not to pelt you with spam, but to send out virus-laden messages that appear to originate from a genuine address--without ever infecting the supposed sender. Combined with a list of known e-mail addresses at a particular company, these spoofed e-mail messages allow for carefully crafted and targeted attacks that are far more successful than the net-cast-wide approach used to distribute most malware today. You're likelier to click on a Word document or an e-mail link that appears in a well-worded note from somebody@yourcompany.com.
Spoofed e-mail addresses are also useful in conjunction with such attacks as the recent one that took advantage of a new, zero-day exploit in Microsoft Word. To get hit, all you'd have to do is open a .doc attachment--and why wouldn't you open an e-mail from Bob down the hall?
Criminals know that if they can fool you with an e-mail or top-notch phishing site, they're well on their way to owning your computer. But there's a positive flip side: A well-informed user constitutes the best defense against any Internet attack. Stay educated, and stay safe.
- Subscribe to security-focused RSS feeds to keep abreast of the latest Internet threats. We recommend the feeds at F-Secure, Kaspersky, and Sophos.
- Obtain a wealth of security advice, product reviews, and tips at PCWorld.com's Spyware & Security Info Center.
"The 10 Biggest Security Risks You Don't Know About" Comments