This article is from the archives of the UB Reporter.
Archives

Electronic Highways

Published: February 21, 2008

Fighting cybercrime

The Web, it’s said, is full of stranger-danger. Experts advise wariness of unknown emails, faux-links and file attachments. But while we may be rightfully wary of strangers, danger frequently masquerades as friends.

Email spoofing—the forgery of message headers—allows e-miscreants to trick recipients into opening errant emails. The payoff may be simple spam or outright cybercrime: phishing attacks to gain personal information, identify theft, the spread of malicious code to gain control of a computer, denial of service attacks. Such email may appear to come from one’s own account (common with spam), a friend (as from email address book harvesting viruses) or an institution of authority like a bank, an online retailer or a government agency (all common in phishing attacks). The IRS, Social Security, the FBI and the Department of Justice all have reported that fraudulent emails have been circulated as if sent by them. Spoofed Web sites pose a similar threat.

In the fight against cybercrime, knowledge is your most reliable ally. Check your current awareness with tests like the SonicWALL Phishing IQ Test and maintain awareness through knowledge banks and alerts.

The U.S. government maintains many resources for the reporting, investigation and prosecution of cybercrime (computer intrusions, the spread of malicious code, online sexual predators, intellectual property abuses, Internet fraud). Resources include the United States Computer Emergency Readiness Team (US-CERT) and the National Cyber Alert System, with subscriptions available both in email and rss feeds. The Internet Crime Complaint Center (IC3) maintains a Press Room with rss feeds of recent phishing, fraud and related activity, as well as updated information about Internet crime prevention and Internet crime schemes. The FBI , the Department of Justice Computer Crime & Intellectual Property Section and the Federal Trade Commission are other agencies of interest.

Sites designed to help consumers protect themselves online include the government’s OnGuardOnline and the nongovernmental CyberAngels Internet Safety Program. These sites explore all aspects of online scams, cybercrime and security, while providing information about safe practices and securing one’s computer.

Many independent nonprofit groups also are devoted to fighting cybercrime, while also protecting online rights. Sources of news and alerts include the civil liberties group Cyber-Rights & Cyber-Liberties, UK, Cybertelecom: the Federal Internet Law & Policy project and the Computer Crime Research Center.

Security software companies also provide consumer news and alerts about ongoing activities, independent of their commercial products, such as Symantec’s Security Response Weblog, the McAfee Avert Labs Blog and the F-Secure Weblog. Searchable knowledge bases—where you can search, for example, by email subject header or odd file name—also are available on these sites.

Media sites for security alerts and cybercrime news include Brian Kreb’s Washington Post Security Fix blog, About.com’s Internet/Network Security blog and multiple articles and blogs at Wired magazine.

—Nancy Babb, University Libraries