Trend Micro expert releases internet security best practice schedule

Released in time for National Identity Fraud Prevention Week, the figures are said to highlight the dangers of ID theft, an area of fraud that Rik Ferguson, Trend Micro's senior security adviser, said confirm the tremendous growth in the creation of malware that is specifically designed for ID fraud / theft.

"UK (malware) infection rates were already 30% higher at the beginning of this year compared to the same time last year", he said.

"Towards the summer, we saw infection rates peak 75% higher than the previous year and we expect to see this (malware infection) growth continue towards the end of the year, as has been the case in previous years", he added.

Ferguson went on to say that ID fraud is expanding to target voice and SMS services - aka vishing and SMiShing respectively - with the latter hacker attack methodology still relatively in its infancy and the former very well established.

"Criminals are also exploiting peer-to-peer file sharing networks to gain access to confidential information. This is often inadvertently shared by improperly configured P2P applications on corporate computers, as a quick search will reveal", he explained.

Ferguson told Infosecurity that he has compiled a best practices IT security check list for users to follow:

  • Online passwords - never share passwords, even with family members. Change passwords every six months. Use complex passwords, easy to remember, difficult to guess. Do not use the same password for several different internet services.
  • Phishing - try to avoid clicking on links to sites that require a log-in, instead type the address yourself or use a bookmark you have previously saved. Always read the address bar in your browser before entering any credentials.
  • Sensitive data - it sounds elementary, but be wary of how and where you share sensitive data. Sensitive data takes many forms, but includes personal information, all of which is valuable to fraudsters who will be looking to build a profile for use in ID theft and also for use in answering your security questions to break into your online accounts.

"If it is information you wouldn't give a stranger over the telephone, then don't post it online, not even in a `survey' for your friends", said Ferguson.

Not just the web

Criminals are not only using the internet for fraudulent purposes and ID fraud / theft, so be wary of unsolicited SMS text messages asking you to respond by SMS, call a designated telephone number or visit a web address.

If the message appears to be from a company you do usually deal with, then contact them directly by using the telephone numbers listed on your own literature or on their website.

Beware also of telephone calls where the caller is asking for personal information, even if they already know who you are and where you live this is not proof of good intentions, and could in fact be an attempt at ID fraud / theft.

What’s hot on Infosecurity Magazine?