bCentral Home
Your Online Business Center

Identity thieves

Stop them targeting your business

By Matthew Stibbe

Don't think we're winning the war just because there hasn't been a huge virus outbreak recently. No. Instead of trying to get the biggest headlines, virus writers have been busy making money.

Quote�Virus writers have been busy making money.�End Quote

Sarah Gordon - Symantec's expert on virus writers - has painted a picture of hackers that defies some stereotypes but confirms others. Gordon argues that they simply do not feel responsible for the damage they do. Their motivation has been kudos and challenge.

However, some virus writers with, shall we say, negotiable ethics are going over to the dark side. They have found that there is money to be made working anonymously for gangs to make a supply chain of crime. If there's one thing hackers know, it's how to cover their tracks online.

Extortion, theft and scams

A recent report from McAfee, another security software company, found that 70% of malware is now written purely for profit. Criminals make money using these tools in different ways, such as:

Extortion: using the threat of shutting down a website by overloading it with requests to get protection money

Pump and dump share scams: sending out spam emails to hype up shares

Sending out phishing emails to get confidential bank and credit card information

Hosting the bogus websites that phishing emails use to collect private information

Sending out unwanted emails. Spam pays. If someone signs up to an online gambling or porn site by clicking on a link in an email, the sender can earn up to 50 percent of their online expenditure.

Quote�Selling herbal Viagra has nothing on harvesting 20,000 names, addresses and credit card numbers.�End Quote

But most of all, the killer app of the internet underground is identity theft. Selling herbal Viagra has nothing on harvesting 20,000 names, addresses and credit card numbers. This is where things get more serious for business users. For example, a million phishing emails might get a few hundred usable credit card numbers. But if a criminal can get a hacker to break into a company's customer database or e-commerce data files, they can collect tens of thousands of identities in one go.

They use stolen identities to run up credit card bills, apply for loans and new credit cards and trade online. Besides the financial loss, victims of identity theft often find that it takes a long time to sort out the damage done when someone drives a bulldozer through their credit record.

Sinister

A particularly sinister aspect of this hacking is that smaller firms and charities are increasingly being targeted. For businesses, the defences are straightforward:

Have a security plan. Don't just react.

Make sure every computer has a firewall, anti-virus software, anti-spyware defences and is fully patched and updated.

Train staff to use computers safely. (For example, teach them to not open email attachments from strangers.)

Get professional help if you need it.

Burglars tend to avoid houses that are well-lit, have dogs and alarms. They move on to the next place. These basic defences have a similar effect. However, criminal interest in personal data means that, apart from the basics, you need to pay extra attention to your customer or employee records:

Carefully manage who has access to private information.

For e-commerce, try to keep credit card and personal information on a computer that is less public than your web server.

Pay particular attention to the security of any computer that stores personal information. For example, you may not need a third party security check on every PC in the office, but consider getting an expert to vet your server.

Matthew Stibbe writes a new column every fortnight. Sign up to our security bulletin to read them.


Sign into Microsoft Small Business+ for free web-based training and software support.

sign in
Security information

Find a local Microsoft Small Business Specialist to help with your IT needs

Microsoft Small Business SpecialistMore info >

What do you want your PC to help you with?

What do you want your PC to help you with?







Free business newsletters - subscribe now

Our free newsletters are packed full of business advice and ideas - plus all the latest news

Security information

Get the latest bulletins and updates direct from Microsoft