Online fraud is a type of cybercrime that uses email, web sites, chat rooms or message boards. There are many different types of online fraud, including phishing and pharming scams, which use forged e-mails and Web sites to trick recipients into giving out personal information such as credit card data, social security numbers, and passwords.
When armed with a little technical advice and common sense, you can prevent online fraud. Symantec recommends following these basic steps to avoid becoming a victim of online fraud:
Phishing is an online con game, and phishers are nothing more than tech-savvy con artists. In a typical phishing scam, phishers send out emails, which appear to come from a legitimate company, in an attempt to scam users into providing private information that will be used for identity theft.
Phishers use a variety of sophisticated devices to steal information—including pop-up windows, URL masks which simulate real Web addresses, and keystroke loggers that capture account names and passwords.
To protect yourself against phishing, follow these basic guidelines:
Pharming is an attempt to defraud Internet surfers by hijacking a Web site’s domain name, or URL, and redirecting users to an imposter Web site where fraudulent requests for information are made.
To protect yourself against pharming, follow these basic guidelines:
What does "phishing" mean?
Phishing is a term used for fraudulent Internet "scams" that set out to deceive users into providing personal information that ends up in many cases, being used for identity theft.
How does phishing work?
Most commonly, an email that appears to be from a well-known and trusted company is sent to a large list of email addresses. The email may direct the recipient to a spoofed Web page, where he or she is asked for personal information.
Where can I learn more about phishing?
You can learn more about Phishing here. It explains in more detail what phishing is, and also provides tips on how not to fall prey to Internet scams.
Does Symantec have a product to protect me against phishing?
Yes. Norton Internet Security can help protect users from receiving phishing emails.
Symantec uses the term security risks to refer to a number of programs, such as adware, spyware, misleading applications, and other programs, that users may not want on their systems. These programs often use social engineering to trick users into downloading and installing them and employ a variety of advanced evasion techniques to resist detection and removal.
Phishing sites use “zombie” networks of hijacked computers to constantly shift their host address, evading blacklists of known phishing sites.
Bots are programs that are covertly installed on a targeted system, allowing an unauthorized user to remotely control the computer for a wide variety of purposes.
The software tools used in cybercrime are sometimes referred to as crimeware. Crimeware is software that is used to commit a criminal act. Like cybercrime, crimeware covers a wide range of malicious or potentially malicious software.
Any crime that is committed using a computer, network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime.
A problem-solving technique that looks for malicious processes (e.g. worms, mass mailer viruses, Trojans, keyloggers, etc.) in real time.
The act of stealing and assuming another person’s identity in order to commit fraud or other crimes.
A security method requiring both parties in a transaction to prove their identities. On the Web, this would require both the Web browser and Web server to prove their identities to one another, thus ensuring both the Web page and the page’s user are legitimate. Used on financial and commerce sites, mutual authentication can help prevent phishing and other kinds of fraud.
Refers to any type of fraud that uses email, Web sites, chat rooms or message boards. These vehicles are used to present fraudulent solicitations to potential victims, to conduct fraudulent transactions or to transmit stolen money to financial institutions or to others connected with the crime.
Refers to the security measures available to protect consumers at the time they are most vulnerable to criminals and hackers — when browsing, shopping, or banking online, and about to submit passwords, account numbers, or other confidential information.
An attempt to defraud Internet surfers by hijacking a Web site’s domain name, or URL, and redirecting users to an imposter Web site where fraudulent requests for information are made.
An attempt to mislead people into divulging confidential information, such as social security numbers and passwords. Typically uses legitimate looking email or instant messages in combination with imposter Web sites to make fraudulent requests for information (i.e., to go “fishing” for data).
A polymorphic virus can change its byte pattern when it replicates and is able to avoid detection from simple string-scanning antivirus techniques.
Rootkits are a system tool meant to hide legitimately running processes and applications from users. Attackers can exploit these tools to conceal their presence and actions on a system. Actions performed by a rootkit, such as installation and code execution, are done without end-user consent or knowledge. “User mode rootkits” intercept system calls. “Kernel mode rootkits” plant themselves at the deepest level of system memory and are the most robust method of system hooking—and the hardest to detect.
Software that collects information about your computer and how you use it and relays that information to someone else over the Internet. Spyware ordinarily runs in the background and, in some cases, installs itself on your computer without your knowledge or permission.
A virus is a program or code that replicates itself onto other files with which it comes in contact; that is, a virus can infect another program, boot sector, partition sector, or a document that supports macros by inserting itself or attaching itself to that medium. Most viruses only replicate, though many can do damage to a computer system or a user's data as well.
A (universal) vulnerability is a state in a computing system (or set of systems) that allows an attacker to execute commands as another user, access data that is contrary to the specified access restrictions for that data, pose as another entity, or conduct a denial of service attack.
A worm is a program that makes and facilitates the distribution of copies of itself, for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected email.