More sophisticated hackers mean we must be more alert

Friday, May 20, 2011

If your cell phone company seemed especially nosy recently, maybe it wasn't actually your cell phone company at all.

The recent incident involved Verizon Wireless and one other company, but it could have been any business with an online presence, and illustrates how sophisticated hackers can stay one step ahead of security.

What was different about this instance is that the cell phone company's website was not compromised, individual users who let their machines become infected with a piece of malicious software thought they were communicating with the business when they were actually giving their financial information to crooks.

How it worked was like this: A customer whose computer was infected with the SpyEye Trojan horse program logged into the legitimate website, only to be presented with a form that appeared to be from Verizon, asking a detailed series of personal information including Social Security and credit card numbers.

You can guess what would happen then.

Verizon told msnbc.com that no Verizon systems or networks were breached, and at least one other "major communications company" that it would not identify was targeted by the SpyEye attack.

The software was specialized, so that consumers who were infected with the Trojan horse, but didn't log in to the two companies' websites were not affected.

Experts noted that hackers are shifting away from stealing usernames and passwords, to lying in wait stealing payment and credit card data after a customer thinks he is on a safe site.

The answer, of course, is to make sure your virus protection software is up to date, and monitor your credit card and bank accounts regularly.

Respond to this story

Posting a comment requires free registration: