Cybercrime is on the rise, and even though security measures have become more sophisticated than ever, so has the resourcefulness of hackers in finding their way around them. While credit card fraud due to lost or stolen credit cards has been going down over the past five years, losses from stolen credit card information is on the rise, as are losses from identify theft.
A watershed event was a so-called “zero day attack” launched by cybercriminals in December 2008. “Zero day” means that the attack exploits a security vulnerability on the exact day on which the vulnerability is exposed. The software company then has “zero days” to issue a patch to fix it. In December, cybercriminals managed to exploit a vulnerability in Internet Explorer 7 to enter into unsuspecting consumers’ computers through the back door. The security flaw enabled hackers to use hidden computer code, which they injected into more than 10,000 perfectly legitimate websites, to take over victim’s machines and infect them with malware and spyware. Hackers could then remotely activate malware to, e.g., steal the computer user’s passwords, credit card numbers and other vital personal information.
Although Microsoft took quick action to patch the breach, zero day attacks are some of the most worrisome security breaches to come along in decades. Not only was the assault huge, but more disturbingly, this was an entirely new avenue through which malware was introduced onto the computers of unsuspecting internet browsers.
Most people by now know not to click on links in suspicious emails or open an attachment from a source they don’t know. However, in this case, no user interaction was required for a computer to get infected. The malware came from perfectly legitimate websites. The hackers had injected the malware code onto the websites by taking advantage of poor SQL coding practices. Simply visiting a compromised website was enough to have your computer infected by the malware via the Internet Explorer (IE) security flaw. And while this IE security flaw was quickly patched up, industry professionals are concerned that similar security weaknesses will be exploited by cybercriminals causing more serious mayhem down the road.
What can you do to protect yourself? If you’re using Internet Explorer, make sure your computer is set to automatically download security and critical updates from Microsoft. You can also visit Microsoft’s Update Center to check that your computer protection is up to date. Another option recommended by some security experts is to switch to an alternative browser, like Firefox or Google Chrome, which are less commonly used, and therefore less of a focus for hacker attacks.
In addition, make sure your anti-virus protection is always up-to-date. Anti-virus providers receive notification of IE vulnerabilities and other security issues as they become known, ensuring that you always have cutting-edge protection on your computer.
Lastly, if you frequently use your credit cards to shop online, consider enrolling in some of the enhanced credit card security services offered by most credit card providers. For more details on these services, see the article below.
