Defend yourself from phishing

A recent study reported that 63 percent of phishing attacks are targeted from three major Web sites: PayPal, eBay, and Bank of America. These top Web sites signal dollar signs for cyber-criminals as many people unknowingly open and use the links contained inside phony emails.

This week, I had the opportunity to interview Adam Schran, an Internet and PC security expert on what constitutes "phishing" and how you can defend yourself. His answers are short and to the point, and they provide an interesting insight on how you might be able to protect yourself.

Adam, tell us about yourself, Scanyourpc.com and Ascentive.

I have a computer science background and am the founder of Ascentive. We're an 8-year-old software publisher. We recently launched the ScanYourPC.com web site to help people discover what's keeping their computers from running at top performance.

Do you see a migration from virus writers to spyware writers?

The same guys who used to author virus programs now author spyware.

How do these guys make a profit out of this stuff?

They can steal your credit card numbers or take over your PC and force it to send spam without your knowledge. Both of these result in financial gain for the hacker.

Is it the case that most people don't notice any identity theft?

Most people notice it too late, and then it takes hours to repair your credit report and dispute all of the incorrect items.

So there's an economic structure that drives the identity theft economy?

According to studies, it affects U.S. households to the tune of $800 per year, on average.

Why is the concept of social engineering important?

With spyware and other forms of fraud, you're taking advantage of people's trust. "Social engineering" refers to the trickery involved on the part of the spyware authors to get their software unwittingly installed to your machine.

So phishing has moved on to cell phones and SMS?

I've seen telephone and SMS phishing attacks. They're pretty clever because you normally wouldn't expect hackers to get into your personal business that way.

What are the credit card companies doing to protect themselves? I've heard it said that credit card companies make a fortune off of this? How can phishing be of benefit of credit card companies?

Credit card companies pass the cost of fraud onto the merchants. They charge the merchants a fee for each chargeback (transaction dispute) resulting from fraud. So I don't see how they're "losing" money to fraud.