The Internet these people joined throughout 2004 is not the Wild West. Instead, think Times Square before Rudy Giuliani Disneyfied it. And the moms? They're the easy marks fresh off the Great Plains, gawking at the flashy, trashy urban sights as the con artists and pickpockets circle, waiting for the right moment to move in.
Tech geeks can groan about this shocking ignorance all they want, but it's not going away. For better or worse, just plain folks are an equally important corner of the cyber-security triangle. They must protect themselves when they go online, but they won't do it properly until the high-tech companies make it as easy as pushing the computer's "on" button. The final point on that triangle is government, which needs to focus its energy on writing and enforcing laws that punish cyber-criminals and protect consumers from losing their shirts just because they click on the wrong attachment.
By the end of 2004, there will be an estimated 185 million U.S. Internet users, according to New York-based Jupiter Research. That's 63 percent of the population, a vast storehouse of people who are largely unaware of the meteoric growth in occurrences of "phishing" -- cyber-crime's Public Enemy No. 1 of late. According to the Anti-Phishing Working Group, there were 1,422 kinds of phishing attacks in June 2004, an eight-fold increase from 176 attacks in January.
"Last year it was a couple of attacks a day. Now it's four or five attacks per hour," says Ken Schneider, a network security expert at Symantec Corp. The sophistication of the e-mail messages, which look like they are official missives from Citibank, eBay and other companies, along with bogus threats to cancel or suspend customers' accounts, specifically prey on the cluelessness of their victims.
"Phishing is where the money is at," says Andrew Lochart, director of product marketing at Redwood City, Calif.-based e-mail security firm Postini Inc. "If you sucker someone into sending $20 for herbal Viagra, you've made $20. But you might get thousands of dollars before the account is turned off."
People who think about this topic for a living usually spend their time blaming one another. Consumer advocates blame the technology makers. Computer experts blame the victims -- if they're stupid enough to surf the Web without protection, they deserve to have their computers disabled, their identities stolen, their money and credit stripped from their accounts. Nearly everyone blames Microsoft and the government -- the former for designing perpetually buggy software, the latter for not forcing everyone else to secure the networks from the get-go.
When the finger-pointing is over, responsibility remains a shared task. My mother ought to be aware that going on the Web is not surfing, but an altogether more hazardous contact sport like, say, rugby. But the companies need to make it easier.
Avivah Litan, research director at Gartner Inc., says most Internet users aren't looking for education. "We're just too busy," she says. "Who wants to pick up a manual?"
This is not an entirely fair prospect for Microsoft, America Online or the thousands of other companies that rely on the Internet for their businesses' survival. They cannot possibly hope to find a way of communicating with millions of users in a way that is tailored to each one's needs. But too often, their techniques range from the overly abstruse (try installing Service Pack 2 without calling
your friend's teenaged son for a walk-through -- if you even know what "Service Pack 2" is) to the insultingly patronizing (like Clippy the talking paper clip).
Microsoft's Gytis Barzdukas agrees. The company's director of security product management, he knows that a gap remains between Internet users and secure surfing. "We need to stop talking in our terms and start talking in customers' terms -- maybe not go into as much detail explaining the topic and say more 'what do you need to do?'"
