Microsoft predicts that in 2008 criminals will continue to use social engineering tactics in fresh and devious ways. Social engineering refers to the tactics criminals use to manipulate people into taking action online that enables criminals to steal their money or personal information. Adrienne Hall, senior director of the Trustworthy Computing Group at Microsoft, joins us to discuss these and other security-related issues.
DDJ: What online threats are people most likely to encounter in the coming year?
AH: Through analyzing data from sources that include Microsoft’s Security Intelligence Report (SIR) series, and having a pulse on the overall threat landscape, we are able to make predictions concerning the threats most likely to affect consumers in the upcoming calendar year. The current data shows that there is an increase in social engineering attacks online.
From our viewpoint, there are three specific threats to be mindful of for 2008:
- Phishing e-mails, which increased significantly between the second half of 2006 and the first half of 2007 (27 to 37 percent) likely from cybercriminals seeking your contribution to a presidential candidate or donation for the Olympic Games.
- eGreeting card scams, which were at 7 percent during the first half of 2007.
- Scams asking you to verify information via a phone number directly connected to a cyberscamming computer. These scams are not only impactful; they are also entirely motivated by profit and can appear very genuine.
Cybercriminals are pulling out all the stops for 2008; the scams will be sharp and well-targeted. We are also seeing e-mail scams trending away from the more traditional virus-filled attachments to embedding deceitful hyperlinks into seemingly harmless e-mail content. Fortunately, consumers can safeguard against these targeted attacks; they should feel empowered to take action against cybercriminals.
I want to emphasize the fact that consumers can protect themselves from these threats. Microsoft continues to encourage customers to protect themselves online by following our Protect Your PC guidance of enabling a firewall, turning on automatic updates in their Operating Systems (Vista or XP SP2), and installing anti-virus and anti-spyware software. Products like Microsoft’s Windows Live One Care PC Safety service can manage all of this for you.
- Keep personal information to yourself. Guard account numbers, your Social Security number and passwords with special care.
- Be careful about sharing files. File-sharing can increase the risk of installing worms, viruses and spyware on a PC.
- Download files only from sites you know and trust.
- Be careful about using public computer networks, and don’t use them for banking or sales transactions.
- Delete spam e-mail, and do not open attachments from people you don’t know.
- Use strong passwords, with a mixture of numbers, letters and symbols, at least eight characters in length.
- Most important: Think first; click later. Treat links and attachments in e-mail and instant messages carefully. Don’t click in banner ads or pop-up windows.
DDJ: Have social networks made the challenge of security more daunting? Or putting it another way, can we have social networks *and* security?
AH: Certainly anywhere that consumers are regularly congregating online, cybercriminals are searching for ways to infiltrate and turn a profit. Because social networks draw a large crowd, they are like any popular Web site -- they offer cybercriminals a fresh flock of victims. In the instance of social networking sites, our guidance on this is to remind consumers to think first, click later. As with all online interactions, being cautious about where we click and what we download is key in helping to safeguard your information.
DDJ: What's the most promising security technology you've run across recently?
AH: The all-in-one PC protection offerings like Windows Live OneCare have really simplified the PC security task for consumers. These products offer an automatic and self-updating PC care service that continually manages vital computer tasks so people don’t have to worry about protecting and maintaining their computers.
DDJ: Have online threats moved into emerging areas, such as digital devices and cell phones?
AH: As I noted, threats to consumers are constantly evolving. Cybercriminals will continue to use any means necessary to accomplish their goals, which almost exclusively center on motivation by financial gain. While I wouldn’t consider this emerging area as the most significant threat to consumers, the threat landscape could easily evolve with a simple shift in profitability attached to a threat like this. Consumers need to constantly be mindful of how they are safeguarding their personal information to get ahead of any emerging threat.
DDJ: Is there a Web site readers can go to for more information on these topics?
AH: A great Web site for keeping up on protective technology, and learning about how to safeguard against online threats is www.microsoft.com/protect.