Tips to Combat Cybercrime
James F. Leon
MAY 2008 - Despite
the increased efforts to strengthen Internet security in recent
years, cybercrime has jumped enormously, as shown in the annual
2007 cybercrime survey conducted by the Computer Security Institute
According to the survey, the average loss per cybercrime in 2007
for U.S. companies escalated to $350,000 from $168,000 the previous
breaches, credit card fraud, fraudulent websites, eavesdropping,
and identity theft all fall under the umbrella term cybercrime.
To execute these crimes, hackers and con artists use tools such
as fraudulent e-mails, network sniffers, Internet cookies, scripting
languages, software vulnerabilities, and wireless networks. Below
are 10 practical tips that accountants can implement to minimize
security threats, plus detailed explanations of several tools
that computer criminals commonly use.
Identify Suspicious E-mails
often come from a different source than the company or entity
they appear to be sent from. Although the sender of an e-mail
may appear trustworthy, recipients should be aware that the sender’s
name in the header can be construed (spoofed) by a con artist.
Individuals should also note to whom the e-mail is addressed in
the first line of text. Con artists often send fraudulent e-mails
stating, “Dear Customer,” “Dear Patron,”
or “Dear Member,” because they do not know the recipient’s
name. An e-mail with an individual’s correct name in the
first line of text can still be a hoax. Names can easily be acquired
through many sources, including compromised company databases
that contain personal information.
e-mails tend to have catchy openings intended to play on the recipient’s
propensity for fear or greed. An e-mail eliciting fear may claim
that an individual’s personal information has already been
compromised, such as an account number, credit rating, or stolen
password. An e-mail enticing greed may claim, “You have
won the contest” or “You are entitled to a large tax
refund.” In all cases, fraudulent e-mails will require the
recipient to click on a link.
1 shows an example of a fraudulent e-mail allegedly from the
IRS. The hacker wants the individual to follow the “click
here” link, but hovering the mouse over the link exposes
a spoofed website:,
Navigating to this site gives the hackers access to the recipient’s
computer, making it vulnerable to attacks. Hackers are also increasingly
sending pictures, banners, and other graphic forms in fraudulent
e-mails, asking potential victims to click on these graphics (see
section 2.2.2 in www.ngssoftware.com/papers/NISR-WP-Phishing.pdf).
Create a Link Homepage
addition to avoiding links in potentially fraudulent e-mails,
individuals should not follow links in foreign webpages (third-party
URLs that can possibly be deemed untrustworthy). A tip is to create
a “link homepage”, which is an HTML page
that lists the links of one’s favorite sites.
link homepage is an actual page on the Internet created through
one’s Internet service provider (ISP) that can be accessed
from any computer in the world. For example, if Jane Doe’s
ISP is Comcast, she could set up a hypothetical page with Comcast
2 shows an example of Jane Doe’s sample link homepage
at Comcast. The link homepage has a list of the correct URLs of
Jane’s most commonly visited sites and is deemed trustworthy
because Jane herself typed in the trusted links when she created
her page. All she has to do is remember the URL of her link homepage
at any computer in the world with Internet access. Using
a link homepage will significantly reduce the possibility of clicking
a harmful link, and Jane will be able to visit her favorite websites
from any computer in the world within seconds.
link homepage should not be confused with a person’s “favorites”
list that is bookmarked in a web browser. Bookmarks can be accessed
only from the computer on which they were saved, whereas a link
homepage can be accessed from any computer with an Internet connection.
A user’s bookmarks are the ideal links to be copied over
to a link homepage, assuming the links are trustworthy.
Encrypt and Digitally Sign E-mail with Clients
e-mail sent to clients can be easily viewed (sniffed) by a hacker
along the path of communication between the sender and recipient.
The most obvious party sniffing one’s e-mails could be the
ISP, which can handle upwards of thousands of e-mails per day
Most ISPs will eventually archive all e-mails they handle, and
even deleted e-mail can still be accessed by the ISP later in
address these concerns, all confidential e-mail should be encrypted
with an e-mail encryption program. In a typical encryption system
between a CPA and a client, each party will have a public and
a private key, used to encrypt messages. To send an encrypted
e-mail to a client, the CPA will encrypt the message with the
client’s public key. The client will decrypt the e-mail
with her private key to read the message. To
reply back to the CPA with an encrypted e-mail, the client will
encrypt the message with the CPA’s public key; the CPA will
subsequently decrypt the client’s e-mail with his private
key. As long as private keys are not lost or stolen, it is virtually
impossible for a network sniffer to decrypt the message.
e-mail encryption programs also allow the use of digital signatures,
the electronic equivalent of a CPA’s written signature.
It is legal proof that an e-mail sent from a CPA to a client is
indeed authentic and not fraudulent.
vendors specialize in the use of encrypted e-mails and digital
signatures, either free or for a fee. Companies specializing in
e-mail security include Pretty Good Privacy (www.pgp.com),
and CryptoMail (www.cryptomail.org).
Disallow Permanent Cookies in Web Browsers
cookie is a small text file from a website that is saved on a
user’s computer during interaction with that website. A
cookie can contain nonsensitive information, such as a user’s
favorite actor, at a movie database, or favorite author, at a
bookseller’s website. A cookie can contain sensitive information
as well, such as a user’s password to a site, credit card
number, or account number.
are two types of cookies: session or permanent. Session cookies
are temporarily stored on a computer and present limited risks.
Permanent cookies are text files that are stored long-term on
a computer and can persist for up to several years. Hackers try
to steal permanent cookies through a variety of methods, hoping
the permanent cookies contain users’ confidential information.
Users should enable the option on their web browsers to block
permanent cookies, eliminating the risks they pose.
Disable Scripts in Web Browsers
clicking links on the Internet, users receive pages of hypertext
markup language (HTML). The HTML may contain a small program called
a script. The script is written in a scripting language, which
then executes on one’s computer. Like cookies, some scripts
pose no threat to a user’s computer. Many scripts, however,
come from hackers and are malicious. These malicious scripts can
steal data (cookies) and even change the operating system’s
settings. Users should disable scripts on their browsers, rendering
them unable to execute. To disable scripts, go to the security
preferences in a browser and “check” the disabling
of scripts. An article (with screenshots) explaining the steps
involved in blocking cookies and scripts can be found at
Understand Software Vulnerabilities
software programs can unknowingly lead to security vulnerabilities.
An example is the Google desktop search bar often installed for
convenience. Users may not realize that when certain options are
enabled in the Google desktop, documents opened on their computer
are automatically sent to Google servers. A highly confidential
file may unknowingly be sent to a Google server.
must be aware of the vulnerabilities that installed software may
contain. A suggested site to learn more about common software
vulnerabilities is Carnegie Mellon’s Center for Internet
Security (CERT, www.us-cert.gov/cas/techalerts).
This site is updated daily with software vulnerabilities that
have been found.
valuable site for software vulnerabilities is the System Administration,
Audit, Network, Security Institute (SANS). This institute is highly
respected for its vast resources on security topics, shared through
training, conferences, and research. SANS maintains a yearly list
of software vulnerabilities called the “SANS Top 20 Security
Risks” (see www.sans.org/top20),
as well as a reading room of papers written on software vulnerabilities
As a security precaution, users should be vigilant in updating
their software. Older versions of Microsoft products, such as
Internet Explorer, Outlook E-mail, MS Office, SQL Server, and
IIS Web Server, have many known vulnerabilities that can be easily
Install a Firewall
communications performed over the Internet involve exchanging
packets with other computers. These packets may contain e-mail
messages, instant messenger chats, or HTML pages. Unfortunately,
packets can contain harmful software or malware sent from a hacker.
A firewall is a mechanism that screens and filters packets sent
to a computer and exists as either a software or hardware firewall.
3 shows the difference between a software firewall and a hardware
software firewall (sometimes referred to as a personal firewall)
is a packet screening program that is installed on a computer.
Some operating systems (such as Windows) have built-in software
firewalls but could benefit from the installation of additional
software firewalls, such as the Norton firewall (www.symantec.com).
In a software firewall, the packet sent to a computer is filtered
upon entry into the computer. The drawback is that the software
firewall must be individually installed on each computer, which
could pose a problem for an office with multiple computers.
hardware firewall (sometimes referred to as an enterprise firewall)
is a separate physical device, that performs packet screening
before the packet reaches a personal computer. The Juniper Netscreen-204
from Juniper Networks (www.juniper.net/products_and_services
is an example of a hardware firewall. The hardware firewall device
is connected to the computer and filters malicious packets, based
on specific screening criteria. Sample criteria that can be screened
by a firewall include the sender of a packet or the contents inside
packet that is deemed unauthorized or dangerous to a computer
is discarded (dropped) and never physically received inside the
computer. Although hardware firewalls tend to be more expensive
than software firewalls, one of them can protect a whole network
Conduct Financial Transactions at Secure Websites Only
secure website is one that has received a certificate of authentication
from a certificate authority (CA). Businesses set up secure websites
to assure their customers that the site is not fraudulent. CA
companies such as Verisign, Ensure, and Thawte are designed to
set up such certificates for businesses. A company can acquire
different levels of certification and assurance with its certificate
from a CA, as can be seen on Thawte’s website (www.thawte.com/comparison/comparison.html).
CA is the trusted third party that will vouch for the identity
of a secure website. The business entity must prove its legitimacy
to the CA during its registration process. Once the business proves
its identity, the CA establishes the domain name (URL) that will
be used for the secure website.
should look for two indicators when browsing a secure site. The
first is a “lock” image displayed on the webpage.
4 shows the lock in the URL area. The second item, also shown
in the exhibit, is that “https” will begin the URL
instead of the typical “http.” To inspect the site’s
certificate, users can click on the lock and the certificate will
appear (see Exhibit
benefit of a secure website is that all Internet transactions
will be encrypted using secure socket layer protocol (SSL), which
is created by Netscape. An unsecured website poses the risk of
being spoofed, or of a hacker sniffing the financial transaction
(because communication will not be encrypted).
Secure Wireless Networks
addition to having secure login passwords, wireless networks should
also be encrypted. Wired encryption privacy (WEP), used for security
in wireless networks, is not a secure protocol because it can
be easily hacked. In choosing a wireless encryption protocol on
a wireless router, users should opt for Wi-fi protected access
(WPA), either WPA1 or WPA2.
wireless access points have an option to hide the service set
identifier (SSID) broadcast stream from the wireless router or
access point. When this option is turned on, hackers attempting
to access wireless networks will be unable to see the hidden SSID
access point in the list of wireless networks that are broadcasting.
The broadcast is still occurring, but hackers will need more sophisticated
equipment and knowledge to gain entry on the wireless network.
Install Password Management Software
management software programs securely manage all website and network
passwords by making them randomized and encrypted. These programs
also securely maintain all passwords internally so users no longer
have to write down or recall their passwords to the websites they
frequent. Using password management products drastically minimizes
password theft. Vendors specializing in password management products
include Password Safe
(passwordsafe.sourceforge.net/), AES Software (www.aespasswordmanager.com),
and RoboForm (www.roboform.com).
on the Defensive
accountant should be aware of cybercrime and the tools of cybercriminals.
When using the Internet to conduct business, it is best to be
defensive. By taking some or all of the appropriate actions presented
above, accountants can minimize potential disasters and stay one
step ahead of cybercriminals.
F. Leon, EdD, CPA, CISSP, is director of IT training in
the department of computer science at Northern Illinois University,