Cyberthieves go " phishing " to rob banks

It seems 21st-century criminals are following his footsteps.
But while Sutton disguised himself as a cop, a window washer and a Western Union messenger, cyberthieves use a different type of subterfuge -- phishing -- to cover their identities and wipe out bank accounts.
Phishing occurs when fraudulent e-mails that appear to be from a legitimate source are sent in an effort to obtain sensitive information from a user.
Those computer exploits and others are detailed in a survey of security threats and vulnerabilities for 2007 by the IBM Internet Security Systems X-Force.
Of the top 20 companies targeted by phishing in 2007, the report says, 19 are in the banking industry.
Computer users are often tricked into visiting fraudulent sites because of "danger, danger" e-mail subject lines like "account security measures," "important notice" or "(your bank name) security notice."
One sneaky thing some malware (malicious threats) does is to modify a user's server information.
For example, a user types www.bankofamerica.com into his or her browser. But instead of the computer using the service provider's server, which would take the user to the real Bank of America server, the computer uses a bogus server run by phishers -- and that takes the user to a fake Bank of America server.
The phishers take the user's login information and empty the account.
Most users, even the savvy ones, wouldn't know that their server settings have been hijacked.
Just a few years ago, computer viruses and worms seemed designed for bragging rights and a hacker's 15 minutes of fame, but the game has changed. Now, instead of creating chaos by shutting down or paralyzing computer systems, the bad guys are getting more bang for their buck by taking over systems and using them to commit crimes.
The IBM Internet security report shows that nearly 90 percent of all vulnerabilities allow this type of remote exploitation.
"The authors [of this malware] realize they are better off as parasites than they are killing their hosts," said Chris Rouland, engineer and chief technology officer for IBM Internet security.
Rouland said that some other malicious trends include growth in Web browser exploitation, especially for Windows Internet Explorer and Mozilla Firefox.
He said that although fewer vulnerabilities were disclosed publicly last year, the number of "high-severity vulnerabilities" increased by 28 percent compared with 2006.
The X-Force collected and analyzed 410,000 new malware in 2007. That's a third more than they analyzed in 2006.
And wildly popular social networks like MySpace and Facebook are now prime targets for exploits.
What's an average computer user to do?
Though tech-savvy, proudly paperless home computer users may shun those so-20th-century snail mail bank statements, it might be worth it to go retro and compare your online banking information with the paper record.
Rouland says criminals in Brazil have figured out ways to wipe out bank accounts and leave no trail in an individual's online account. And bank customers may be out of luck if the theft goes unnoticed for a while.
Usually, banks give only 90 days to remediate an account problem.
In the old days of worms and viruses and denial of service attacks, many of us learned, often the hard way, that computer security was often an afterthought compared to "user friendliness."
But these days, with organized criminals around the globe stealing with such great stealth, the bank with the best security might turn out to be the big business winner.