MCAFEE, INC.: CYBERCRIME GETS PERSONAL

McAfee, Inc.: Cybercrime Gets Personal

New McAfee Report Predicts Growth of Untraceable Attacks as Cybercriminals Exploit Basic Human Nature

SANTA CLARA, Calif., Oct. 13, 2008 -- Cybercrime is becoming increasingly personal as criminals collect data from social networking Web sites, data breaches, and other sources, according to a McAfee, Inc. report released today.  In the bi-annual McAfee Security Journal threat report, international security experts from McAfee’s Avert^® Labs found an increase in the use of social engineering techniques used to exploit human nature and maximize profits.

“Cybercriminals are crafting attacks that are virtually impossible for computer users to identify,” said Jeff Green, senior vice president, McAfee Avert Labs.  “Phishing scams, e-mail attacks, Trojan horses, and other attacks are so personalized that even someone with the most watchful eye could fall for a carefully socially-engineered trap.”

In the past six months, cyberscammers have exploited human emotions and curiosity in attempts to lure victims and steal personal information. Recent scams have revolved around news and events such as the Olympics, natural disasters, and the presidential election in the United States.

“No matter where you live or what language you speak, cybercrooks will exploit basic human nature, zeroing in on emotions of fear, curiosity, greed, and sympathy,” said Green. “Criminals understand human weaknesses and will increasingly use the power of the Internet to exploit those weaknesses. It’s an easy way for cybercrooks to make money and for spies to steal sensitive data.”

McAfee Security Journal Outlines Four Major Global Trends:

1)  The Depth of Personalized Attacks Will Increase. As users become more comfortable posting information about themselves online, coupled with the increase in user-generated applications, cybercriminals are using information and vulnerabilities in social networking sites to create attacks.

McAfee predicts that users will be taken off guard by the level of detail and personalization in attack messages from cybercriminals.

2) Socially Engineered Spam Will Explode. Cybercriminals lure countless victims by faking believable spam messages based on real information. For example, cybercrooks will use information collected from data breaches to fake customer loyalty programs or offer discounts to recent shoppers. 

McAfee predicts the trend will continue, as scammers glean personal information about users from social networking sites or data breaches to understand users’ credit card information, interests, and behaviors.

3) Stock Scams Will Rise. The growth of social engineering will be used increasingly to affect stocks and shares, going beyond the common “pump and dump” scam used by spammers to claim that a low-priced stock is about make tremendous gains.

Taking a page from historical “penny stock” scams, Avert Labs researchers expect even bolder attempts by cyberscammers to create profitable fluctuations in the equities and derivatives markets, such as falsely advertising security vulnerabilities in software or management changes at a public company.

4) Criminals Will Capitalize on Users Desire to Protect Their PCs, as More Scammers Fake Security Updates. McAfee has tracked an increase in malicious software posing as applications from “security” vendors. Criminals use pop-up ads to tell users that their computers are infected and that only the vendor’s software can clean the machine. Not only does the software fail to deliver increased protection, but it can often lead to downloading new malware onto a user’s machine. 

McAfee believes cybercriminals will step up their efforts to lure victims with fake security updates.

Cyber Attacks by the Numbers

• 1.1 million—Total U.S. dollars stolen from customers of the Swedish Nordea Bank in the world’s biggest online theft on record
• 84%—The percentage of security breaches attributed to human error by the U.S. Department of the Interior
• 1980—The first appearances of “Trojan horses” on electronic bulletin boards
• 419—The section of the Nigerian Criminal Code that outlaws the infamous and ubiquitous Nigerian spam emails
• 150%—Percent growth of Trojans using social engineering since 2006
• 742—Number of typosquatting domains for freecreditreport.com, each one waiting to cash in on the victim’s misspelling of a legitimate site
• 320—Number of typosquatting domains for YouTube, the third most typosquatted site.  Other popular sites for squatters include the CartoonNetwork.com, Craigslist.org, and ClubPenguin.com

How Businesses and Consumers Can Protect Themselves from Social Engineering Attacks

Cybercrimes involving socially engineered attacks are being fought on three separate planes:

1. Businesses and consumers must update their security software to include the latest versions of anti-virus software, spam filters, anti-phishing browser plug-ins, and Web safety detections.
2. Practice safe computing and safe surfing. Users should be wary of offers that come through emails, IMs, or social networking messages that sound “too good to be true.”  Likewise, users should never click on an email from someone they don’t know. 
3. Know your legal rights.  The security industry and law enforcement is fighting against cybercriminals through tracking and prosecuting offenders.

For a full copy of the McAfee Security Journal, please visit http://www.mcafee.com/

About McAfee, Inc.

McAfee, Inc., headquartered in Santa Clara, California, is the world's largest dedicated security technology company. It delivers proactive and proven solutions and services that secure systems and networks around the world, allowing users to browse and shop the Web securely. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector and service providers by enabling them to comply with regulations, protect data, prevent disruptions, identify vulnerabilities and continuously monitor and improve their security. http://www.mcafee.com.

###

McAfee Avert and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee-brand products.  Any other non-McAfee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners. © 2008 McAfee, Inc. All rights reserved.