Recently, GovInfo Security interviewed Mary Monahan, Managing Partner and Research Director at Javelin Strategy & Research. I found Monahan's assessments very informative. Monahan's view of current data breaches and hacks:
"Fraudsters are definitely taking advantage of website vulnerabilities. This is a common trend that they have been taking advantage of these website vulnerabilities and then identifying them over and over and over again to download package sniffers, open back doors..."
Monahan's assessment of the types of data breaches to expect in 2010 and beyond:
"... criminals are moving up the food chain. They are going after -- last year we saw them at the restaurants; this year they are at the processor, the restaurant processor. So they are definitely moving up the food chain. The Heartland breach with 130 million credit and debit cards is a lot bigger breach. So they are taking what they are learning at the smaller breaches and moving up that food chain. Using the same types of messages, but refining them as they go along, so last year where we might have been able to find that package sniffer, now they are learning to erase traces of the sniffer on their computer program... We see [criminals] changing their target. So because there are so much credit and debit card numbers out there that this data is becoming less valuable. So they are going to start targeting other types of information."
The information targeted by criminals that Monahan referred to includes "PIN thefts" at banks and financial institutions, and redirects of consumers to phishing sites. Think of it this way: rather than steal a consumer's credit card number, it is worth more to steal the consumers' sign-in credentials so the criminal can directly access the money in the consumer's online financial accounts.
So, my advice for consumers:
- Activate the anti-phishing software on your computer,
- Learn how to recognize a phishing web site,
- Learn about the anti-phishing features at your bank's or financial institution's web site,
- If your bank or financial institution doesn't provide anti-phishing features with its online banking service, look for another bank
- Create and use strong passwords,
- Use different passwords for your online banking vs. e-mail accounts and social media sites
- Protect the PIN number you use with your debit card at all ATM machines