It’s Oscar season, and the winners have just been announced.
Malware writers have been active on the SEO front by making sure that, as well as the usual Oscar pictures and gossip, you might be getting more than you bargained for. It seems that, this Oscar season, fake “free scan” pages, offering to scan your computer for viruses, are the key “winner” in the malware fake av-solution war. These fakes are even worse that just straight malware, because they pretend to offer to fix non-existent problems, take your money, potentially putting your credit card details at risk AND download more malware, masquerading as antivirus software. This scareware tactic is becoming a common way for malware writers to both gain access to funds and your computer.
It used to be pretty straight forward at one point. The Phishing scammers would try, for the most part, to pretend to be your bank, or ebay, and try to get your account details, or better yet, your card and bank details.
It’s not so simple any more. According to the Anti-Phishing Working Group, in their latest report, Q4 2009 saw phishers go after a record 356 different brands, the highest number yet, and banks are no longer the only target.
The cyber-criminals are also getting clever, and starting to target specific individuals or high-net-worth people in general (so-called spear-phishing and whale-phishing), so now might be the time to reiterate some key points to help keep you safe:
- You MUST be running that latest anti-virus and anti-spyware products. Even more importantly, they must be up-to-date.
- DO NOT download software where you are not sure of the origin.
- CHECK URLs of websites linked via unexpected emails.
- CHECK the URL is actually that of your bank.
- NEVER give your login details to someone, and certainly not passwords – no legitimate organization would ask for these in person.
- Be careful WHAT information you are giving. If you are in a sign-up process, it is HIGHLT unlikely ANY organization would need your bank account details, credit card details, social security number etc.
- ONLY provide personal information on a site you trust. Make sure that site is using SSL (https) on their forms and sign-in processes.
- IF in doubt, STOP and check.
- IF something seems to good to be true. It is.
- Remember: your identity, your organizations good will and perhaps your job is at risk if you get this wrong.
It’s easy to stop phishing attacks, with judicious use of software and common sense. Especially common sense.
Did we miss something? Tell us in the comments.
A recent article on wkyc.com brought home to us the fact that, as we move from computers to greater use of smart-phones, that hackers and malware writers are never too far away.
The story highlights one of the key issues with malware in general, and that is education.
You see, it doesn’t matter if you have the latest and greatest anti-malware products, anti-spam products or other specialist software, if your behaviour is not kept in check to help you to protect yourself.
As an analogy, it’s like having the best front door lock in the world fitted, but leaving the door open, or a key under the mat. All the security in the world won’t help you if you circumvent it.
This has broader implications beyond the frightening story linked above. Industrial espionage being just one problem that springs to mind.
The key to staying safe, on any device is:
- Never download anything you are not sure about.
- Even if you are sure about it, a quick “Google” check might change your mind.
- Remember to be on your guard at ALL times.
- IT departments need to get a handle on this. For instance, if there is a known exploit on a device, you need to consider if you want to let that device on your network. Or your staff to use such a device for web surfing.
- The usual caveats apply to mobile devices as they do to laptops and desktop machines.
Let us know if you hear of any exploits so we can feature them on our blog and keep you up-to-date.
In many places in the world, and in the US and UK especially, it is tax filing time, and the spammers and scammers are active as ever, when they sniff an opportunity.
Rutherford County’s djn.com have a great article highlighting the dangers of how spammers and scammers are using the opportunities of the tax filing season to attempt identity theft and more.
Our take: ALWAYS be careful of emails that come from sources you don’t know, even if they look legitimate. Remember these golden rules, and you’ll be much safer online:
- Never give out your password to anyone. Ever.
- Check the URL of all sites asking for credentials (passwords, social security number, bank account details etc.) If the URL box is missing (because the browser window has been set not to show it) treat with exceptional caution.
- If it looks suspicious, in any way, better to phone your local tax or government office to make sure.
- If you’ve already set up an account somewhere, it is unlikely they will ask you, by email at any rate, to confirm those details are correct.
- No legitimate bank site would ask for your deeply personal details, because, if they were needed, they would already be held on file from your off-line application process.
- DO NOT download anything from ANY site unless you have confirmed from another source it is needed.
- If in doubt, don’t do it, but rather confirm authenticity.
- Running anti-spam on your servers and desktops will help to keep you safe.
If you hear of any specific scams, let us know in the comments.