Data scams have kicked into high gear as markets tumble
— -- Cybercriminals have launched a massive new wave of Internet-based schemes to steal personal data and carry out financial scams in an effort to take advantage of the fear and confusion created by tumbling financial markets, security specialists say.
The schemes — often involving online promotions touting fake computer virus protection, get-rich scams and funny or lurid videos — already were rising last fall when financial markets took a dive. With consumers around the world panicking, the number of scams on the Web soared.
The number of malicious programs circulating on the Internet tripled to more than 31,000 a day in mid-September, coinciding with the sudden collapse of the U.S. financial sector, according to Panda Security, an Internet security firm.
It wasn't a coincidence, says Ryan Sherstobitoff, chief corporate evangelist at Panda.
"The criminal economy is closely interrelated with our own economy," he says. "Criminal organizations closely watch market performance and adapt as needed to ensure maximum profit."
Among those caught in the most recent barrage of scams was Justin Terrazas, 27, a beverage merchandiser from Seattle. He clicked on a Web link that infected his MacBook Pro laptop with a data-stealing program. Not realizing the laptop was compromised, Terrazas later typed his Bank of America debit card number and PIN to pay his Verizon cellphone bill online. The data-stealer swiftly siphoned his information.
A few days later, someone used Terrazas' debit card account to make a $501.41 online purchase from Modabrand.com, a designer clothing store. The merchandise was shipped to London, leaving Terrazas to unravel a big mess.
"This is definitely something you don't need in your life," he says.
The boom in cyberthreats that occurred during the last three months of 2008 could accelerate, especially if the economy continues to falter, security specialists say. Organized cybercrime groups have become increasingly efficient at assembling massive networks of infected computers, called botnets, and deploying them to amass large caches of stolen data, according to several surveys and dozens of interviews with security and privacy analysts. Meanwhile, scammers have honed the trickery used to turn stolen data into cash.
"There is a well-funded, well-educated horde continually probing for cracks and finding their way in" to consumers' financial information, says Roger Thornton, chief technology officer of security firm Fortify Software.
"They are breaching … the highest levels of the global finance infrastructure and a majority of our home computers."
Last fall, virulent programs called Trojans began to circulate more widely in e-mail and instant-message spam, got embedded in tens of thousands popular Web pages and spread in a widening barrage of online ads. Click on the wrong thing, and you would download an invisible Trojan crafted to steal sensitive data and allow the attacker to control your computer.
