I brought you here a short story to understand the situation better.
sara' story
Sara is a human resources professional who lives in a small town in malaysia. She has used a computer in her job for more than ten years. At work, her computer is maintained by her organization’s IT department, and she has never experienced any security problems with the computer in her workplace.
sara believes that she is at low risk of online fraud for the following reasons:
1-She never shops online because she doesn't want to risk exposing her credit card information
2-She uses her home computer only for personal email with friends and family
3-Occasionally she looks other things up on the Web, but not often.
sara's situation seems totally safe but Unfortunately it is not.
At work one day last summer, she heard about a new Internet Explorer browser vulnerability;She wanted to be sure her home computer was protected too, so when she got home she went online to get more information about the vulnerability, and determine if she was protected. Using a popular search engine, she found a Web site that offered not only information about the vulnerability, but the option to have a patch for the vulnerability downloaded automatically to her computer. Sandra read the information, but opted not to accept the download since she was taught to download information only from authorized sources. Then she went to the official Microsoft site to obtain the patch.
what went wrong?
Unfortunately, as sara was reading information about the vulnerability on the first site, the criminal who had created the Web site was taking advantage of the fact her computer actually had the vulnerability. In fact, as she was clicking "No" (to refuse the download that was being offered), unbeknownst to her the automatic installation of a small, but powerful, crimeware program was already taking place on her computer.
Simultaneously, the Web site’s owner was already receiving a notification that the keystroke logger had been secretly and successfully installed on Sara’s computer. The program was designed to covertly log everything she typed in from that moment on, and to send all of the information to the Web site owner as well. It functioned flawlessly, too - recording everything Sara typed- every Web site she visited, and every email she sent, passing the stolen text on to the cybercriminal.
Later that evening, Sandra finished up her monthly online banking. As she logged into her personal bank account, the keystroke logger recorded those keystrokes too, including confidential information: the name of her bank, her user ID, her password.
When Sara went to make a deposit the several weeks later and asked for her balance statement, she was shocked to find that her bank account was almost empty. Sara had been the victim of a cybercrime.
No comments:
Post a Comment