Computer maker Dell and the non-profit Internet Education Foundation are firing up what they're calling the Computer Spyware Initiative to help consumers fend off unwanted spyware. The pair plans online and print resources and partnerships with security vendors as part of the educational program.
Dell and the foundation want to reach at least 63 million people, virtually the entire U.S. population of broadband users. The foundation aims to educate the public and policymakers about the Internet.
"This is something we feel the whole industry needs to take a leadership position on," says Mike George, general manager of Dell's domestic consumer business. He says about 15% of support calls to Dell are related to spyware, up from 2% about a year ago. "This is a real problem."
A survey conducted as part of the initiative found that more than 90% of computers in the United States carry some form of spyware and the majority of computer users don't know how to identify or remove it.
The Federal Trade Commission concedes that defining spyware is a challenge. In April, the commission gave written testimony to Congress stating "Some definitions of spyware could be so broad that they cover software that is beneficial or benign; software that is beneficial but misused; or software that is just poorly written or has inefficient code. Indeed, there continues to be considerable debate regarding whether 'adware' should be considered spyware."
Nonetheless, "spyware appears to be a new and rapidly growing practice that poses a risk of serious harm to consumers," the FTC wrote. In fact, the FTC last week announced its first legal action against an alleged spyware distributor. Federal legislation is also in the works.
Lydia Parnes, acting director of the FTC's Bureau of Consumer Protection, praised the Consumer Spyware Initiative, saying that such efforts are essential to protecting consumers.
But it remains to be seen whether educators can inform faster than criminals can come up with tricks. Online identity theft and related fraud--which can arise from attacks conducted via spyware or via user deception, in the case of phishing messages--continue to rise despite efforts to combat such thefts.
That's a trend that hasn't gone unnoticed by consumers. Eight out of 10 Internet users are concerned about identity theft, and while 85% of them conduct some E-commerce, only 59% participate in online banking, according to a new survey commissioned by identity-management company Entrust and conducted by marketing-research firm Greenfield Online.
Testifying last month before Congress, Howard Schmidt, chief security officer of eBay, said that heightened awareness alone wouldn't stop phishing, noting that as consumers become aware of current scams, cybercriminals create new, more sophisticated techniques. (A related trend can be seen in the fact that spam continues to proliferate despite the concurrent growth in anti-spam companies.)
Markus Jakobsson, associate director of Indiana University's Center for Applied Cybersecurity Research, has examined some possible future schemes, and warns that phishing attacks could become even more effective as data thieves learn to employ what he calls "context aware" phishing attacks.
Such attacks haven't happened yet. "But," he says, "I think it's going to happen. The economy of phishing is changing. It's getting harder and harder to catch victims."
In one scenario he envisions, a cybercriminal might take advantage of the information available on social networking sites such as okrut.com to craft a phishing attempt that appeared to come from a trusted associate. In another, he describes how a phisher might target an eBay user with a message indicating he or she had won an auction to elicit a response revealing personal information.
Such clever personalization, Jakobsson says, could result in a success rate approaching 50%. Gartner puts the current success rate of phishing scams at 3%, which amounts to a lot of people if the research firm is correct in estimating that 57 million Internet users had received a phishing E-mail last year.
Statistics about spyware are harder to come by. "Because of the relatively recent emergence of spyware, there has been little empirical data regarding the prevalence and magnitude of these problems for consumers and businesses," the FTC told Congress.
But if it's accurate that 90% of computers in the U.S. have been compromised by spyware, there should be no shortage of people to educate. Dell's George cautions that the 90% figure came from a National Cyber Security Alliance study released a year ago. Today, he says, "It could be even worse than that."