Tag Archives: Halloween

Insiders, their costumes are so good you won’t even recognize them.

halloween panda securityKnock knock! Trick or treat! Companies and cybercriminals play the same game. You could be opening back doors to cybercriminals this year, without even knowing it. You’ll lose this game if you don’t fight back. Ransomware attacks will capture your documents and the attackers will be expecting a big juicy reward (if you want your files back, that is). This Halloween, beware!

An insider could already be hiding within company walls, brewing up trouble. A recent study shows that 60% of attacks perpetrated in businesses were carried out from inside the workplace. From undercover spies to terrorism gangs to disgruntled employees that steal top-secret information. Double, double toil and trouble…

And what about you? What type of Insider are you?

gohst panda securityAttacks by staff with privileged access represents one of the greatest threats for the security of the corporate information and data of your customers. Research conducted by Ponemon Institute indicate that hackers and criminal insiders are the main culprits of the security holes and data breaches. Three quarters of these attacks are ill intended, and one quarter of them are accidently carried out by employees without bad intention.

This year, the global cost of the infractions carried out by insiders with bad intentions is 154 euros per capita, much higher than the cost of infractions caused by system errors and involuntary offenses (about 125 euros and 120 euros per capita).

A history of perfect crimes

wolfman panda securityAt the beginning of this month, an employee from the US government, Harold Thomas Martin, was accused of stealing classified information related to the NSA (National Security Agency). Let’s not forget the Edward Snowden leak from three years ago.

Shalom Bilik, who was subcontracted for computer system maintenance for Israel’s Ministry of Social Security and Welfare, accessed a database and stole information pertaining to 9 million Israeli citizens so he could sell it later on the black market.

Even Dropbox couldn’t escape from the insiders, when a cybercriminal stole data pertaining to more than 500 million users thanks to a negligence of an employee. It happened this time because of the carelessness of a Dropbox employee. The cybercriminals were able to obtain his LinkedIn password, which was the same one he used for saving files in the Dropbox Cloud. Stored in the cloud was a work document that contained a long list of email addresses. Access to more than 500 million users? What a treat for criminals who want to trick users with massive same campaigns.

Some tips to keep you protected from internal threats

  1. freddy panda securityStart using a cybersecurity solution that has advanced protection features, and that also has the capacity to detect and remedy possible threats.
  2. Lack of control over what happens in all devices and systems is a common point in all analyzed attacks. What will help us is a tool that’s capable of controlling all active processes on every device connected to the corporate network.
  3. Revise personnel policies and control systems in order to adjust to privacy requirements and adapt them to the technology that’s available.
  4. Keep your operating systems updated and programs on all of your company’s devices.

Make sure that Halloween only comes once a year. Manage, control and protect your information against advanced threats with Panda Solutions for Companies.

The post Insiders, their costumes are so good you won’t even recognize them. appeared first on Panda Security Mediacenter.

Don’t fall for these scams this Halloween!

Facebook Reset Scam

The Facebook reset requests arrived via email and text message: “Somebody asked to reset your Facebook password.” At first it was annoying; then it was worrisome – a possible scam/phishing target.

Facebook says that these alerts are sometimes triggered due to a person mistakenly entering the same name and then, when their password doesn’t work, the customer asks for a reset. That might be possible in certain cases, but just based on the constant messaging, this was clearly beyond a normal user mistake, and an imitator scam.

Facebook Reset Scam

Let’s set aside the fact that although I have unlimited mobile data, many people don’t, and would end up paying for these unwanted texts. What’s more problematic is thinking about the many users who unsuspectingly fall for the request, click away and sign away their passwords.

Facebook says it will never ask you for your password, so if this happens to you, resist the urge to click. Any time you receive an urgent call to action in an email, be wary.  Don’t click on links contained in emails as a general rule. Instead, go to Facebook manually and look at the notifications. Needless to say, keep your anti-virus software up-to-date and use a password manager to keep your passwords safe and secure.

 

Facebook itself advocates the following steps:

  • Use an up-to-date browser
  • Use unique logins and passwords for each of the websites you use.
  • Check to see that you’re logging in from a legitimate Facebook page with the facebook.com domain.
  • Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.

 

IRS and Other Scary Calls

You might imagine getting a voice message from the IRS wouldn’t be good news. And it’s not! This is a current scam making the rounds: Someone claiming to be an officer of the Internal Revenue Office leaves a message for you or your legal representative to call their hotline regarding an extremely time sensitive issue – before they take legal action. I was immediately suspicious: Would the IRS really leave me a phone message if there were an issue? The answer is “No.”

What’s really scary is that the IRS reported in August 2014 it had received 90,000 complaints and identified approximately 1,100 people who have fallen victim, given up credit card numbers, etc. and lost an estimated $5 million from these scams.  You can learn more about the same on IRS. gov.

Fast forward to another cell scam: persistent calls received from an unknown number in the local area code. No voicemails were left. But after the calling persisted several times a day for a few days, you become curious as to who was calling. When I rang the number I got a “This number has been disconnected” message…

Lots of research later and it’s unclear as to whether this is just some weird harassment or part of the “One-ring” cell phone scam that the FTC has issued warnings about. In the latter scenario, scammers are using auto-dialers to call cell phone numbers across the country. They let the phone ring once and hang up — hoping you’ll call back, either because you believe a legitimate call was cut off, or you will be curious about who called. If you do, chances are you’ll hear something like, “Hello. You’ve reached the operator, please hold.” While waiting, you rack up some hefty charges — a per-minute charge on top of an international rate. The FTC notes: There’s no danger in getting the call: the danger is in calling back and racking up a whopping bill. If you’re tempted to call back, try checking the number first through online. Go here to learn more.

As for persistent calls, you can block them. You can block calls on both Android and iOS phones. On an iPhone look on your list of recent calls, just click the “i” in the circle to the right of the number. It will open an info tab, just scroll to the bottom and click block number. You should also report the number to your service provide (AT&T, Verizon, etc.) to get them blocked there.Halloween comes and goes, but scary scams will continue, and it requires a higher level of awareness from all of us! Check out AVG’s Facebook page for ongoing alerts and simple tips to help your friends be more safe online!