Hackers And Phishers And Frauds, Oh My!

Animated Graphic >>

Kathy Prati, a 49-year-old graphic designer in Sonoma Valley, knows what it's like to be the victim of cybercrime. It happened to her twice. The first time, her credit-card number was stolen when she bought some truffle shampoo on a Web site she wasn't familiar with. Within 24 hours, someone had used the card to order $900 in merchandise from Eddie Bauer and ship it to Russia. The second time, two months ago, she was trying to buy songs on the iTunes music site when she was alerted that something was amiss with her credit card. When she checked with her bank, sure enough, somebody had purchased $800 in software under her name. In both cases, the credit-card company didn't charge her. "I love the Internet. But I'm a lot more cautious now," says Prati.

A little paranoia goes a long way these days. Cybercrime is soaring. So how can consumers protect themselves? Security software is a good start. For $99, Symantec Corp. (SYMC ) offers its Norton Internet Security program, which includes a personal firewall, as well as antivirus, antispyware, and antispam software. Rivals such as McAfee Inc. (MFE ) offer similar products.

These programs can stop many hacker attacks. For example, one of the most popular new approaches is to drop a keystroke-logger onto the computer of an unsuspecting Web surfer. Like the name implies, this piece of software keeps track of every keystroke you make, including those for your credit card or bank passwords. Keystroke-loggers can come hidden when you download "free" software or even when you mistype a common Web site name. Earlier this year, for instance, mistyping one letter in google.com would have gotten visitors a wallop of viruses. Security software will typically block these downloads. It's important, however, to update the software regularly and scan for viruses at least once a week.

But software can't stop all digital scams. Hackers have become particularly good at conning their prey into handing over sensitive information. For example, hackers send out e-mails that appear to be from legitimate companies, such as Citibank (C ) or eBay Inc. (EBAY ), a scam known as "phishing." These phony messages include familiar logos and urge customers to respond with account information, passwords, or a date of birth -- often to avoid having the account closed. Phishing scams cost banks and credit-card issuers more than $1.2 billion last year, according to researcher Gartner.

The easiest way to avoid getting phished is to know a simple fact: Banks will never ask for sensitive personal information via e-mail. They may send out statements or promotions. But any e-mails that request account information, Social Security numbers, passwords, or anything similar are phony. "Anytime you get an e-mail from a financial institution that asks you to go to a Web site and enter financial information, a whole bunch of red flags should jump up," says Dmitri Alperovitch, research engineer at CipherTrust Inc., an e-mail security firm.

A new variation of this scam is called "wi-phishing." This is when cybercrooks set up Wi-Fi networks in public places so people can get wireless broadband connections, ostensibly for free. When a mark logs on, the criminals track keystrokes or passwords. They can even present a log-in page that purports to be for Hilton Hotels, and requires credit-card info. How to avoid wi-phishing? Don't tap into a Wi-Fi network unless you know to whom it belongs.

Sound simple? Perhaps. But hackers are dreaming up new scams every day. Complaints of Net fraud have been doubling every year. And as more Americans bank online, experts believe the financial losses will climb as well. So remember Prati's advice. Caution is essential when roaming the expanses of the Web.

By Mara Der Hovanesian in New York

    Before it's here, it's on the Bloomberg Terminal.