Tag Archives: Cybercrime

Panda Security

The technical support scam and how to avoid it

Leave a comment

When talking about cybersecurity, we instantly think of viruses and malware. But advances in personal computer security have made it much harder for hackers to infect your PC through traditional channels like email.

As a result, they have developed new attack methods to get around your defences using a range of techniques, on and off-line. One of the most used and also successful is the “Technical Support Scam” that combines social engineering and technology to empty a victim’s bank account.

What is the Technical Support Scam?

Social engineering relies on building trust with a victim, before tricking them into doing something that gets around their security defences. In the case of the Support Scam, criminals telephone their victims pretending to be from a reputable business, like Microsoft or your security or telephone provider – a company name you recognize.

Posing as an engineer, the hacker informs their target that they have already fallen victim to criminals, and they must take urgent action to plug the security gap. The victim is asked to visit a webpage from their computer, and to download a remote control tool that will allow the engineer to access their system to perform “repair work”.

Once in control of the computer, the “engineer” may call up the computer’s event log and show a number of scary looking (but completely harmless) alerts. They will then suggest downloading further tools that allow them to fix these errors.

Unfortunately these tools are actually malware that will steal valuable information from the victim’s computer – particularly online banking details and passwords. The victim may feel that the engineer has done them a favor, but the reality is that they have invited the hacker to steal from them.

Avoiding the Technical Support Scam

There are several ways you can protect yourself from becoming a victim of this scam. These four tips will help keep you safe:

1. Use your common sense

Microsoft or Panda (for example) never ring customers to inform them of security problems. These companies may provide assistance by telephone, but they never call you first. In fact, unless you pay for a third party technical support service, no one should call you about problems with your computer or router.

No matter how urgent the issue sounds, anyone claiming to be calling about PC security problems is lying.

2.Protect your personal and sensitive information

Never give your account numbers or passwords to anyone over the phone or the Internet unless you are 100% sure who they are. If you are in any doubt at all, hang up. Keep in mind that fraudulent activities are profitable for the bad guys.
A good rule to follow for any incoming call: never hand over your credit card or bank details. Just don’t do it!

3. If you have a doubt: tell everyone about it

The Telephone Support Scam preys on people’s insecurity about their lack of tech knowledge. It is very easy to be a victim, and the best defence is sharing knowledge – telling other people about this scam, and what the criminals are doing. It is much easier to put the phone down if you know that the call is a scam.

You should also consider reporting the scam to the company being investigated. If you do, make sure you find the right details though.

4. Protect your PC in advance

Do not forget to use antivirus protection for all your devices. If your device is protected by an anti-malware toolkit, it will not be generating security errors online or anywhere else. So you know that someone claiming you have a problem is also lying.

If your computer does not have an up-to-date security toolkit installed, you must act now – download a free trial of Panda Security to get started.

Most social engineering attacks can be avoided by taking a second to think through the implications of what you are being told. You must not allow yourself to be bullied into making what could be a very costly mistake.

For more useful tips and advice about staying safe online, please check out the Panda Security knowledge base.

The post The technical support scam and how to avoid it appeared first on Panda Security Mediacenter.

Security

Turning Tables on Nigerian Business Email Scammers

Leave a comment

Researchers from Dell SecureWorks infiltrated a Nigerian business email spoofing and business email compromise operation, shutting down a number of money mule accounts in the process.

Panda Security

Top Cyber Risks of 2017

Leave a comment

Last year is proof that stories about Kim Kardashian and Pikotaro’s PPAP song were not the only things able to break the internet, 2016 was a year full of news about data breaches, stolen sensitive information, hackers extortion and DDoS attacks that in some cases had a significant impact on the lives of many Americans. Phew, it’s all gone, and we are already in 2017!

Hopefully, reputable tech giants such as LinkedIn, Verizon, Google and Microsoft will be a bit more vigilant about keeping our sensitive information safe. Luckily there are anti-virus companies who have our backs even when tech companies’ security fail.

Having anti-virus software is similar to having a second layer of clothes in the winter. You like being prepared, don’t you?

After such a turbulent 2016, we’ve developed a little list of cyber threats to watch out for in 2017.

Cyber threats to watch out for in 2017

Connected devices

Currently, there are billions of connected devices all over the world – the revolution of self-driving cars is just about to kick in too. Drones, doorbells, kitchen appliances, thermostats and health gadgets – all sorts of new technology is now able to be monitored and controlled over the internet. The power of IoT gives us an unparalleled convenience, things we’ve never experienced before, but also poses a grave danger.

The potential threat is no longer about getting your fridge or printer hacked, but cracks in the system of such technology which if penetrated by criminals could cause significant security risks. No one would want a self-driving car or a drone hacked and operated by hackers.

This poses a great concern for our safety. We are expecting a wild 2017 for the consumers out there, as more attacks throughout the year are likely to follow. Currently, it is easier for cyber trouble-makers to create and control an IoT army of devices, than to develop new spyware. We hope to see the security features of IoT devices advance in 2017.

Sophisticated phishing attacks

It’s just the beginning of the New Year, and multiple sources have reported innovative and more sophisticated phishing attacks targeting Gmail accounts in the US. Sources say these phishing attacks can fool even experienced internet users. What is so different about these phishing attaches from the regular ones?

Not much, except for the fact that the design of the landing pages is getting better and better. Another difference worth mentioning is the URL bar. Anti-virus software companies have been preaching for years to always look at the URL bar and never input your login details in websites of whose URLs are not https or/and marked in red color.

In the new case of phishing attacks, the URL bar is in plain text, its’ not green nor red. Apparently, this tends to confuse people so be aware if you don’t want to be in the news as the next victim of a well-executed scam.

State-sponsored espionage

The New Year will surely bring us news of state-sponsored cyber espionage. Mainstream media still finds it hard to accept the legitimacy of the new president of the United States, and the means he used to make it to the chief commander of the free world role. WikiLeaks founder Julian Assange argued that the emails which revealed information about Secretary Hillary Clinton were part of a leak, not a state-sponsored campaign designed to elect Donald Trump. We will most likely never know the full truth but what we are aware is that state sponsored cyber-attacks will become a norm in 2017.

Hacker extortion

Last year a California hospital paid $17,000 in Bitcoin to hackers, a well-known university in the US also became a victim of an attack where cyber criminals installed ransomware on the company’s systems and demanded payment to unlock it. In all known hacker extortion cases, the victim ended up paying up the criminals. The main problem is that not only companies are under threat, but individuals too. There have been reported cases of senior citizens who have been held up by cyber bullies, demanding payments so they can regain access to precious family imagery. Or celebrities ending up paying to stop sensitive photos from being released into the world. Having in mind that most of all known occurrences of cyber extortion have been successful, and the fact that governments tend to lose the battles against it, the occurrences of such incidents are very likely to continue into this year.

Digital fingerprinting, biometric security and health data protection

Digital fingerprinting is getting popular among consumer devices. We saw tens and probably hundreds of them at CES 2017. Currently, all major cell phone manufacturers have it as an option to unlock their phones. Now there are home locks, padlocks, deadbolts and USB sticks that could be unlocked/opened with a simple touch. Even some car manufacturers are integrating the technology into their new car models. Sadly, a Japanese researcher recently came out with a statement that your fingerprints could be stolen when posing for a photo doing the piece sign. Criminals are getting creative, what a surprise! Facial and iris recognition may soon become a norm too so protecting the databases that store this information will become a challenge.

What an amazing time to be alive, the predictions for 2017 are straight out of a sci-fi movie.

However, these issues are now real and protecting our data in all its forms is vital. The convenience the new technology is bringing us opens backdoors for criminals to take advantage. Luckily there are anti-virus specialists such as Panda Security, who make sure your data stays safe and provide you with that extra layer of security that we all need.

The post Top Cyber Risks of 2017 appeared first on Panda Security Mediacenter.

Panda Security

Now Hackers Can Spy On Us Using Our Headphones

Leave a comment

Hackers can access your data through your headphones

Mark Zuckerberg has a revealing routine he carries out on a regular basis which says as much about him as it does our current era of cyber-uncertainty. Every day when he’s finished talking to friends and business associates, he covers up his laptop’s webcam and microphone jack with a small piece of tape.

Is this simply the paranoia of a man who over the last two decades has had to deal with increasingly sensitive information as well as diminishing privacy in his personal life?

All we know is that many people are utilizing the simple hardware hack, in much the same way, as a cyber security precaution. Whilst those who promote the use of tape no doubt favor the method for its brilliant simplicity, we have worrying news for anyone that thinks this method has all bases covered.

Now even your headphones can spy on you

Your headphones, it has now emerged, can be repurposed from afar, turning them into a microphone capable of recording audio, all of this unbeknownst to the device’s user. A group of Israeli researchers has recently created a piece of malware in order to show how determined hackers could hijack your device and reconfigure it into sending them audio links.

The headphone technology

The researchers, based at Ben Gurion University, created a code aimed at testing their fears about headphone technology. The proof-of-concept code, titled “Speake(a)r,” proved that the very commonly used RealTek audio codec chips contain a vulnerability that allows them to be used to silently repurpose a computers output channel as an input channel.

As Wired magazine have noted, turning a pair of headphones into microphones is a fairly simple task. A quick search on Youtube reveals an abundance of simple hack videos demonstrating how to switch your music listening device into an audio recorder. So it’s the RealTek vulnerability that is the real worry. As the Israeli research team have found, the issue would allow a hacker to record audio if you’re using a mic-less pair of headphones, and even if your laptop or device’s microphone setting is disabled.

Privacy vulnerability

Mordechai Guri, part of Ben Gurion’s cyber security research team, spoke to Wired about the vulnerability they had discovered. “People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.” He added that, “almost every computer today [is] vulnerable to this type of attack.”

The researchers tested their malware hack using Sennheiser headphones. “It’s very effective,” Guri said. “Your headphones do make a good quality microphone.” The team also detailed the extent of the malware’s capability, saying that a hacked pair of headphones could record audio as far as 20 feet away. The recorded file can even be compressed so it can easily be sent over the Internet.

As Guri says, the problem is not one that can receive a simple patch and the vulnerable audio chip may need to be redesigned and replaced in future computers. The full extent of the problem is also not known, as the Ben Gurion research team has so far focused only on RealTek audio chips. They are set to expand their research to determine which other codec chips and smart phones may be vulnerable.

So, if like an increasing amount of people in this era of cyber security, you feel vulnerable to eavesdropping, don’t only reach for the tape. Make sure those headphones are unplugged so as not to be the victim of a stealthy new form of malware.

The post Now Hackers Can Spy On Us Using Our Headphones appeared first on Panda Security Mediacenter.