Of course, the badly phrased and illiterate phishing emails with Nigerian Princes asking for temporary financial assistance are all too common now and most of us simply delete them.   But over the last couple of years even these email scams are looking much more realistic and plausible.

The problem criminals have with these methods that to be effective they have to send out such a huge volume of emails to get a return, and that this volume itself is detectable and traceable.

The smarter cyber criminals are targeting their victims much more carefully, this minimizes their risks of being caught sending large volume mail shots (despite most using compromised servers), but also significantly increases their return.   The email form of these attacks is now known as ‘spear phishing’, purely because they target very specific groups of people with custom attacks.  The more personalised these emails are, the higher their chances of success, which is why personal information is so highly prized in the world of cybercrime.

Let me introduce you to a very common form of gathering the information needed for these attacks.   Have you ever visited a hotel which had a computer business center available for residents to use?   You know a few computers for people to check their various online accounts, perhaps web mail or just their stocks and shares accounts?   Maybe they’re just used to watch the BBC News or check out the football results from home.  They’re often described as a business center or something similar.

These computers are commonly used by business travellers as a quick and simple way of staying in touch with their online worlds without messing around with laptops, smart phones and pdas.

They certainly are, these people conduct half their lives online, they bank, communicate, purchase and do all sorts of stuff through an internet browser.  They generally will have more financial resources than average and are a prime target for identity thieves.

 

 

These computers in hotel business centers and lobbies are a gold mine of information for any online crook.   If you run a security scan on many of these computers, you’ll find many riddled with spyware, keyloggers, viruses and all sorts of programs designed to monitor and steal account names and passwords.

It is usually a trivial task to log on to one of these computers and install such software and then wait for the accounts to roll in.   Most companies struggle to secure and protect their in-house computer systems, to secure a publicly accessible computer is much, much harder and most hotels will simply not have the skills and resources to do so.

DON’T USE HOTEL PUBLIC COMPUTERS

Please don’t, believe me when I say they are prime targets and although I don’t know of any large surveys done of these computers.   The ones I do know of and my personal experience, would suggest that a very large proportion of these public computers have some sort of spyware installed.

It really depends on the type of information, for instance a lot of email accounts are accessed this way, and these have many possibilities for crime.  The very simplest method is simply to monitor the email accounts, soon more passwords and accounts will be available.   Think about it, where do all your personal login details and account activation details get sent to – usually your email.   You can lose them without any knowledge.

They can even be used for much more sophisticated attacks, emails can be sent to people in your address lists, even internal company accounts.   An email sent from a company employee asking others to reset their passwords via a specific link is likely to have a much higher success rate, checked your own sent mail recently?  This can even be spoofed easily so the actual account doesn’t need to be used as well.

There are literally thousands of possibilities for making money from online crime which can be created from one simple keylogger installed on a well-used and trusted hotel companies’ business center computers.   Don’t be one of the statistics, never ever use public computers for anything but general web browsing, never login to an account, check your email or PayPal account on one under any circumstances.