Tips on How to Beat Online Fraudsters by Security Expert; ``Tis The Season To Be Wary'' Warns CyberGuard

This year's holiday period is predicted to generate moreonline sales than ever before. A recent survey of traffic for 200online retailers showed an increase of 30% in post Thanksgivingholiday shopping year over year and that online shopping volume forthe November through December shopping season is expected to increaseto $19.4 billion -- a 22% increase from last year.(a) However, onlineconsumers will be a very juicy target for cyber criminals usingphishing and pharming to steal their identities and cash, so they needto be more careful than ever when they shop online, according to PaulHenry, a security expert from CyberGuard Corporation (NASDAQ:CGFW) aglobal provider of security solutions that protect the criticalcomponents of the largest and most complex information networks forGlobal 2000 enterprises and government organizations worldwide.

Organized criminal gangs are targeting online consumers with evermore sophisticated blended phishing attacks, some of which even findout details of their interests and use them to generate phishingemails tailored to tempt them into giving away their identities.According to the Anti-Phishing Working Group, phishing is on increaseagain, the number of newly reported phishing campaigns reached 15,820in October, an increase of 127% over last October.

In our day-to-day lives, both at home and at work, we are spendinga great deal more of our time on our computers and on the internet.This familiarity with technology can regrettably make people moresusceptible, or worse yet - more gullible. Today consumers seem totrust technology more then they do individuals. This level of blindtrust in technology, combined perhaps with our less cautious naturearound the holidays, can provide a target-rich environment for cybercriminals:

Last holiday season, Phishers were relying on fairly basicsocially engineered emails (albeit with very poor grammar andspelling) enticing consumers to "click here" on an embedded linkwithin the email directing the recipient to an illegitimate "copy cat"website that looked identical to the real thing. Many Internet userswere unknowingly divulging their most personal financial information:PINs, Credit Card Numbers, Social Security Numbers, Usernames andPasswords to cyber criminals.

As awareness has grown about Phishing within the Internetcommunity, the tactics used by Phishers have evolved since the lastholiday season to make it more difficult for the consumer to realizethey are being duped:

Automated URL obfuscation tools are more commonly being used nowby Phishers in their efforts to deceive would-be victims:

With a freely downloadable tool from the Internet, the Phishersimply enters the URL of the legitimate website and then enters theaddress of the fake malicious website, with the tool automaticallycrafting a new "socially engineered" URL that includes the text fromthe legitimate URL as well as special characters that actually causethe URL to direct the browser to the fake malicious website. To theuntrained eye this specially-crafted URL looks like the real thing.

The use of Embedded Java script and Active X applets is becomingmore common in Phishing emails. These scripts and applets canautomatically place a graphic image of the expected legitimate URL ontop of the address bar within the browser to hide the actual addressthat the browser is really being directed to. Simply put, it hasbecome a necessity to validate the authenticity of any website you arevisiting before the submission of any personal information.

Right clicking on a web page within the browser will reveal aproperties dialog box that provides the actual URL of the underlyingwebpage. You can quickly verify that the information being shown inthe address bar within the browser matches the information shown onthe properties dialog.

If Phishing isn't bad enough, this year, Pharming will become aneven bigger threat. Pharming is the technological evolution ofPhishing, and while it requires a more sophisticated and technicallysavvy cyber criminal, it is growing rapidly.

Rather then a reliance on social engineering and simple browsertricks to steal your personal financial information, Pharmers relymore upon their technical skills.

A skillful Pharmer will take advantage of unpatched and vulnerablesoftware using worms and viruses to compromise Internet DNS servers orhost files on personal computers to transparently redirect consumersto illegitimate websites to harvest their personal financialinformation.

Pharming eliminates any of the telltale signs that you have beendirected to an illegitimate fake website.

Be on your guard this holiday season - Ho Ho Oh No - Don't letPhishers and Pharmers become your "Nightmare before Christmas." Hereare some tips:

1. Be certain your PC's operating system is up-to-date with the latest security patches as well as your Anti Virus and Firewall software.

2. No matter how official it looks never click on an embedded URL contained in any email. Manually enter the URL in your browser address bar for your banking and credit card websites.

3. Do not fill in forms contained within email, your personal financial information should never be sent by email. Only send your personal financial information via a secure website - verify that the URL contains https:// and that the closed lock appears on the lower right hand side of the browser for a secure website connection.

4. Never click on an email attachment unless you know the sender and you were in fact expecting to receive the attachment.

5. Monitor your banking and credit card accounts on line and check for illegitimate transactions regularly.

6. Use an on line credit monitoring service that offers alerts when there are any changes to your credit report, i.e. new accounts and purchases.

7. Register with a credit card security system that requires a password to authorize transactions, such as Verified by Visa or MasterCard SecureCode.

8. Do not use the auto fill facility on websites for credit card and other personal details.

9. Use alternative secure online payment systems such as PayPal.

10. Finally, common sense is your best defense; if it looks too good to be true then it probably is.

Paul Henry, CISSP, is an authority on information security trends.A frequent speaker and presenter at information security conferencesaround the world, Henry has published numerous articles and whitepapers and is the author of the chapter on firewalls in theInformation Security Management Handbook.

(a) Source USA Today

About CyberGuard Corporation

CyberGuard Corporation (NASDAQ:CGFW) is a global provider ofsecurity solutions that protect business-critical information assetsat Global 2,000 organizations and government entities. The company'sfirewall/VPN, TSP(TM), Global Command Center(TM) and Webwasher(R)product suites comprise a comprehensive, integrated security system,which offers highly adaptive, scalable solutions that intelligentlyguard against network intrusion and content-based vulnerabilities,detecting and eliminating security threats in real-time forperformance optimization. CyberGuard has deployed more than 250,000products in organizations around the world to maintain the health andintegrity of their enterprises. Headquartered near Boca Raton,Florida, the company has branch offices and training centers aroundthe globe and can be located on the World Wide Web athttp://www.CyberGuard.com.