- CyberCrime Center
April 29, 2013
According to energyfiend.com, the most expensive Starbucks drink is the 3000mg caffeine-loaded Quadriginoctuple Frap at $47.30. If you think that’s an expensive cup of joe, try sharing your private personal financial information with cyberthieves.
Starbucks, Peets, et al. have become a kind of home away from home – well at least the living room part. People tend to feel comfortable and secure much as they would at home. Checking Facebook, emailing, downloading photos, online shopping, mobile banking and accessing all sorts of sensitive documents over public Wi-Fi networks has become standard operating procedure for a lot of people.
“Consumers can easily access public Wi-Fi networks from just about anywhere – and so can cybercriminals,” said Dean Weinert, product manager, ThreatMetrix. “Cyber threats are certainly a reality at local coffee shops and other wireless hotspots. If consumers don’t take extra precaution to protect their personal devices, they can unwittingly share sensitive information with cybercriminals interfering on the network.”
To help consumers avoid online fraud and malware traps, ThreatMetrix offers a number of scenarios that demonstrate how cybercriminals access sensitive transactions on public networks.
• Network Scanners – A network scanner detects open ports on a device that’s connected to a network. A cybercriminal can integrate a network scanner with hacking tools to automatically exploit system vulnerabilities, giving the criminal complete control of a customer’s device.
• Man-in-the-Middle – Hackers use off-the-shelf or other devices configured as “hotspot honeypots” to intercept a user’s Internet connection, granting the hacker full access to the user’s network connection. This allows hackers to launch man-in-the-middle attacks such as Website redirection, session hijacking and other network-based attacks.
• Social Hacking – Cybercriminals leave a malicious USB drive on a café table for an unsuspecting, curious customer to insert it into his or her device. The attacker then captures sensitive information, such as social network logins.
• Hi-Res Video Cameras on Mobile Phones – Cybercriminals use hi-resolution video cameras on a mobile device to capture a nearby user’s activity. For example, a consumer may enter credit card information or Gmail login into a device while waiting in line, without knowing the cybercriminal has videoed his/her credentials.
How should consumers avoid these traps? Conduct banking and other personal business in genuinely safe environments – not in a public place akin to counting out hundred dollar bills in a dark alley. Also consumers should take care to frequently update their operating systems and anti-virus software.
“The bottom line is – consumers are better off conducting mobile banking and other transactions at home on a secure, password-protected network,” said Weinert. “Even so, approximately one in five consumers don’t update fraud and malware protection software beyond the initial three-month trial period after purchasing a new device. Consumers must continuously update such software or risk losing their caffeine buzz once they realize their account has been compromised by a cybercriminal.”
For more information and a list of tips, visit http://threatmetrix.com/resource-center/infographics/.
ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions.The TrustDefender™ Cybercrime Protection Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.