Spyware and phishing present problems

Middle East users may be at risk from malicious software or spyware that records their keystrokes or e-mails that are not what they seem. Joining spyware is phishing or e-mail scamming, which adds to an increasing list enterprise security issues after viruses and spam.

  • E-Mail
By  Maddy Reddy Published  June 3, 2004

|~|Patrickinside.jpg|~|"Middle East countries have some of the highest per capita income in the world, making them attractive for fraudsters," says Patrick Hayati, regional director of Network Associates in the Middle East.|~|Direct losses from the identity theft fraud or phishing cost banks and 57 million-plus internet users US$1.2 billion in losses last year, according to Gartner Group. Following close on the heels of an emerging phishing threat is spyware — parasitic programmes that run on networks and PCs. Earth Link, a US-based ISP, recently uncovered 29.5 million such programmes running on its subscriber’s hardware. While both threats may appear unlikely to occur in the Middle East’s less internet savvy society, they are in fact scaling the security agenda. “The issues of [spyware and phishing] are not relevant for the US or Europe alone. It is worldwide, as the internet has no boundaries… If someone gets hit abroad, it takes as little as five minutes to be propagated here. It’s fair to say that the region is no more immune than anywhere else,” says Samir Kirouani, pre-sales engineer, Trend Micro. Phishing, sometimes categorised as activated spam, comes from the analogy that internet scammers use e-mail lures to ‘fish’ for passwords and financial data. Although the practice started back in 1996, it has only gained impetus in the past few months as the volume of spam has increased dramatically. Both spyware and phishing represent a new breed of blended threats that blur the line between trojans, viruses and spam. “A lot of the new security threats are actually blended threats, which have a virus and a spyware included and similar combinations,” says Kirouani. While security vendors believe only a few regional banks and consumers have been hit by phishing scams so far, they add that the region will be even more vulnerable than the US or Europe unless awareness is ramped up. “Users in the Middle East are especially vulnerable to phishing. Firstly, the countries in the region have some of the highest per capital income figures in the world, making them attractive for fraudsters. Secondly, IT awareness is not very developed as a majority of the population has only recently converted to internet usage, and thus may not be familiar with the antivirus, content filtering and anti-spam solutions that are available, which can help protect them from phishing,” says Patrick Hayati, regional director of Network Associates in the Middle East. “Phishing is basically brand spoofing, a form of fraud replicating e-mails or web pages and fooling users into submitting confidential information. Financial organisations are an obvious target for this,” adds Lee Reynolds, Middle East consultant for Surf Control. While spam and phishing is still reliant on end user interaction, spyware could be the larger threat as it has the potential to be installed on 90% of the world’s computers, without a user’s knowledge. Also referred to as malware, the software is capable of recording keyboard strokes, collecting confidential information such as passwords, and e-mailing it back to the creator. The data can then be used to create marketing profiles, targeted ads, spam or even withdraw funds. “Spyware is really the nasty side [of security threats]. It actually incorporates tools that can take advantage of people’s information. Various banks are having issues, including some banks here in the Middle East,” says Kevin Issac, regional manager of Symantec Middle East. Although there have been no reported incidents of companies using spyware tools for industrial espionage, the potential for such usage remains. To ensure local users are immune to such tactics, Trend Micro advises the ramping up of technology initiatives. “Antivirus applications may protect the e-mail gateway or the desktop, but employees still [unsuspectingly] download spyware software from home; put it on a floppy or a USB memory stick and bring it to work. So, you need to cover all the layers for security — from the application to the network,” says Kirouani. However, Network Associates’ Hayati believes preventive technology is only part of the remedy. “Awareness is not at the right levels yet, so security vendors must raise the knowledge levels of end users,” he says.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code