Tag Archives: Phishing

Phishing is on the rise: Are you protected?

Phishing is on the rise as hackers are finding easier and less expensive ways to launch attacks.  Every solution in our AVG Business product portfolio detects and protects against phishing.

Phishing is a security hack to trick you into providing usernames and passwords to your accounts. Usually sent as a legitimate-looking email from a company you may use or buy services from, a phishing hack will ask you to login to your account to verify some information.

The email may communicate that your account has been, or will be, closed down unless you act promptly.  The email is actually not from a legitimate or trustworthy company. With one click, you’ll be directed to a fake website and any login or user information will be sent to the hacker.

The good news is every solution in our AVG Business product portfolio detects and protects against phishing. Educating your business clients is the next step in a good defense.

AVG Business portfolio detects and protects

Our LinkScanner® is a security feature in every AVG Business product, including AVG AntiVirus and Internet Security Business Editions, AVG CloudCare and AVG Managed Workplace.  To protect against phishing, the feature checks web pages in real-time before they open in browsers, displaying immediate alerts to help eliminate click throughs to compromised web pages.

The advanced technology powering this feature takes a multi-layer approach to identify and stop “phishy” emails:

  • First, we scan the web continuously to identify “phishy” emails and websites linking to these.
  • Next, we analyze those websites and also compare them with legitimate sites. In this process, we identify unique characteristics in the way web pages are coded to identify if it is a phishing site – similar to taking a “fingerprint” of the phishing website.
  • Then those “fingerprints” are automatically added to your AVG software’s virus database so it can identify this phishing site and other sites that may use the same or similar code.
  • AVG monitors any web links that you click and stops phishing pages from loading and displays a message alerting you to the danger.

 

Please share this education about phishing with your business clients and continue to put advanced detection and protection in place with AVG Business solutions.

 

Cyber-criminals really “Like” Facebook

facebook-one

With 1,590 million active users per month, Facebook is the Social Network. In fact, they just posted their quarterly earnings and they are up 50%. Cyber-criminals are aware of their success.

These platforms are the ideal place to “phish” for information. 18% of companies infected by malware were infected through social networks. Attackers pass as part of a company’s customer service team in order to steal sensitive data from consumers.

A recent study was released by the RSA organization proving that cyber-crime on social networks is a “global epidemic”. The RSA organization was founded by the creators of the encryption algorithm that is used every time we make a bank operation online or digitally sign something.

Cyber-crime in social networks

is a “global epidemic”

These platforms are not only hot-spots for attacks but they have also become the perfect forum for scammers to communicate. According to the study, there are more than 500 online fraud related groups with more than 220,000 members. The majority of these groups are public and visible.

Uncovering Credit Card Data

Fraudsters share information like credit card numbers accompanied by personal information and authorization codes, cyber-crime tutorials and other malware tools.

Proving this, the investigation invites us to write our CVV or CVV2 numbers in the Facebook search bar (those verification numbers on the back of a credit card). The result will surely surprise you: it is easier to find data from a stolen credit card than find an old friend you are trying to reconnect with.

facebook-2

In total, the RSA detected some 15,000 compromised credit cards publicized on social networks in the six months that the study lasted. He also discovered that many of these criminal groups focus their attacks on shops, banks and accounts of consumers in their area.

In China and Russia, platforms QQ and VKontakte are preferred by the scammers, while in the rest of the countries, Facebook remains the favorite. Unfortunately for us, cyber-criminals really “Like” Facebook.

The post Cyber-criminals really “Like” Facebook appeared first on Panda Security Mediacenter.

Facebook alerts you if someone tries to steal your identity

Facebook-identity-theft-photo-1

Connections are made and maintained online via social media

You can get insight into the life of a stranger through their Instagram photos, Snapchats, or profile pages, but when does it become too much? Our names alone can connect the dots for a perpetrator, making it easy to know our whereabouts. Information about where we work, where we went to University, or where our favorite coffee shop is…it’s all online.  Everything you “share” can have serious backlash: identity theft.

Celebrities are commonly impersonated online, on fake Instagram and Facebook accounts, but they are not the only ones who need to keep track of their digital reputations. A stranger can copy your photos and concoct their own version of your life.  It could be very possible that someone has already impersonated you.

Fight the fakes

The social network created by Mark Zuckerberg is fighting these fake accounts. A tool has been created that automatically notifies users who may be victims of phishing. This feature is already available in 75% of the world’s countries.

When Facebook detects that another person may be posing as you, they automatically notify you about the potentially “fake” profile. After that, the user can confirm or deny whether the profile is a fake. If it’s confirmed, Facebook gets to work; more specifically, the team manually carries out this part of the notification system.

Although they say impersonation is not a widespread problem, Zuckberberg has added this to the list of harassment he doesn’t want associated with his company. To fight it, they will continue their strict and controversial naming policy (requiring users to identify themselves with their real names), but will also actively pursue phishers.

Facebook-identity-theft-clones

Using our photos without our consent

Facebook has also launched two other security features that are next in line. One is a new system that reports the existence of intimate photos shared without the user’s consent and the other is a tool that lets them check the security status of images uploaded to their accounts. They have also introduced a feature that gives users the ability to manage the privacy settings of their photos (Who can see them? Do you really want them to be public?).

Though security is always advancing, the bad guys of the Internet are closely following behind. Next time you decide to upload personal photos, “check-in” to a geographical location, or update your work history on LinkedIn, remember that someone, somewhere might use your identity for their own personal gain.

The post Facebook alerts you if someone tries to steal your identity appeared first on Panda Security Mediacenter.

“Sad new!!!!!!!!!!!!!!!!!! Please Help”

The subject line is very irresistible. And the email came from a friend of mine, that only I hear from every 10 months or so whenever she is in town. So imagine my concern when I saw the following message:

Am so sorry that i didn’t inform you about my trip. I’m writing this with tears in my eyes. I came down here to Odessa Ukraine for a short vacation unfortunately i was mugged at the park of the hotel where i stayed. all cash, credit card and cell were stolen off me but luckily for me i still have my passports with me.

I ‘ve been to the embassy and the Police here but they’re not helping issues at all and my flight leaves in less than hours from now but having problems settling the hotel bills. the hotel manager won’t let us leave until i settle the bills, I’m freaked out at the moment.

I could hear my friend’s voice in the body of the email. She is also a world traveler with a deep interest in Central and Eastern Europe, and is definitely one to pop over to Odessa for a long weekend to see the famed Potemkin Steps or visit the city as part of a larger trek around The Black Sea. The poor punctuation and strange spacing confused me. Then again, she was panicked and under intense time pressure.

In other words, I was hooked. So I replied.

The email long tail finds the weak minds

Using various communications channels to finagle money or information from someone has a long and varied history. Many of the scams rely on the promise of easy returns. The Nigerian Prince is a case in point. The scam is similar to the 19th Century Spanish Prisoner scenario, but has usually relied mainly on mail, faxes, and email as part of a multistage setup that targets people with enough money to supposedly help smuggle millions of dollars out of an African country, often Nigeria (hence the name). Those that take the bait and pay the (fake) transfer fees are promised exponential returns on their investments that never emerge. There are scores of variations on the scam. For instance, a long-lost relative leaves a person a pile of money; to get the inheritance, the person needs to pay all the legal fees. But in general, most of these scams rely on greed to hook interest.

By contrast, “stranded friend” phishing attacks take advantage of a reader’s good will. We all want to help people we know and like. I certainly do. In my case, the conmen had used malware (probably a Trojan) to hack my friend’s email account and access her contacts. The message I received was addressed to around two dozen people. It’s unclear whether the hackers created their shortlist of targets using the communications history between my friend and her contacts or their geographic locations, but it seems likely given that other scams employ similar tactics. For example, hacked mailing lists from charitable organizations allow bad guys to set up fake charities and target the people most likely to donate based on past activity.

And email is cheap and easy. By stealing or buying stolen databases, scammers can obtain access to hundreds of thousands of addresses. With a bit of segmentation, they put the odds in their favor that someone will bite on their hooks.

Failed the friendship version of the Turing Test

In my case, my fake friend replied that I should wire several thousand dollars to a Western Union in Odessa. Before agreeing, I asked her to name a mutual acquaintance who had once joined us for dinner. Of course she could not. So I then called my friend’s fixed line (in another country) and left a voicemail alerting her that her email account may have been compromised.

Now I like to believe I’m smart enough to not fall for such scams. But criminals have access to the same analytics as governments and major corporations. They’ve also been practicing their trade for decades (sometimes centuries), so have tremendous insight into how best to influence even the strongest of minds. To stay sharp, there are several things you can do:

  1. Know what phishing is. Awareness is a huge step towards prevention. Knowing that the scammers are out there and masquerading as trusted contacts goes a long way to spotting them.
  2. Know what they’re after. Any email requests (or social media for that matter) asking for money should be immediately suspect. So too requests asking for personal data or account names and passwords.
  3. Watch for the signs. In addition to requests for money or hints that money may be needed, watch for poor spelling, bad grammar, and other oddities of speech. Check the email address itself – it may look like the supposed sender’s, but check for missing characters or additional characters added in. Pretty much all banks and most government and commercial organizations never ask for personal information, login information, or money via email; so if this information is part of the request, be very suspicious.
  4. Never click, copy, paste, or forward. For any email even remotely suspicious, do not click on anything, do not copy text and paste it into another email or document, and do not forward. To document the email (for alerting your friend or a company), the best approach is to take a screen shot.
  5. Don’t reply. Yes, I did, even though I saw the signs. But your reply tells the conmen that you pay attention to and open such emails. The bad guys will note this, and quite possibly save your email for another, more tempting scam later on.

The steps above may not be foolproof. But they can help ensure the adoption of a security mindset.

Your money or your data!

The scene unfolds like a cyber thriller. You fire up your PC and a message appears saying your files have been encrypted. Your screen looks like it’s from the FBI. Sometimes it identifies itself as malware. Sometimes it’s a plain-text message. When you click around in your PC (assuming you still can), you find that your photos and text files are indeed unavailable.

The screen also asks for money. To get the key to unencrypt your files, you must pay, usually in some form of untraceable currency, such as bitcoin. In most cases, there’s a firm deadline when payment must be made. If you miss it, the fees shoot up. At some point, your files are permanently encrypted.

Welcome to the world of ransomware.

While this form of malware can slip into devices in any number of ways, phishing is probably the most common vehicle. Basically, bad guys send innocent-looking emails that ask recipients to click on a link or download an attachment. (Phishing is also used to ask for money directly. A tiny piece of software infects the machine and goes about encrypting files before demanding cash. Sometimes the message pops up automatically. Sometimes there’s a time delay or a switch that lets hackers turn it on when it’s convenient to them.

And sometimes attacks are big and bold. Two assaults on major hospitals in the US, for instance, used multipronged ransomware infiltration to shutdown key networks and records. But experts largely agree that most attacks are on individuals. Mass emailing allows criminals to take advantage of long-tail effects and the fact that many people would rather just pay a few hundred (or thousand) dollars to have their data – which many consider their life – returned to them rather than fight back through various law enforcement channels.

Data hostage taking is on the rise

Given the efficacy of ransomware, the number of attacks is set to grow. In its annual Threat Landscape report, published in January 2016, the European Union Agency for Network and Information Security (ENISA) characterizes 2015 as “the year of ransomware”. According to the study, the number of reported incidences nearly doubled in 2015 compared to 2014, with aggressive phishing campaigns a hallmark of many attacks. Targets tended to be in North America and Western Europe, as residents are perceived to have the money to pay.

ENISA also notes that 2015 was a year of innovation in ransomware development and deployment. The number of new ransomware types quadrupled in the first half of the year alone. Criminals have set up service centers, allowing the non-technical to buy crimeware-as-a-service, further expanding the reach of ransomware. And stealthier delivery methods are still being developed.

Do I know you? Did I ask for this?

Phishing is still the most common delivery method. Which is convenient, in a way, as there are some practical steps you can take to avoid getting scammed. Probably the most important is to maintain an online “stranger danger” mindset. If an email looks even the slightest bit suspicious, don’t open it. If it’s from someone you don’t know, don’t open it. If it says you’ve won the lottery, are being watched by some security agency, asks about an order (you did not make), or promises rewards in some other way, don’t open it. (Similar phishing attacks also appear on Facebook.)

For emails you’ve opened, if they include links or attachments you weren’t expecting or didn’t ask for, don’t click or download. If you feel that you must do either, reply to the sender (if you know them), and ask if they did indeed send you something. If you do not know the sender – delete the email.

And of course, you should build a fortress around your device. This is where AVG can help. We provide antivirus, link scanners, attachment and download checkers, enhanced firewalls, spam blockers, and file encryption to help keep your photos, videos, files, contacts, and devices safer. If you haven’t done so already, give us a try on your PC or Android phone.

Will Locky ransomware and the Dridex botnet take an Easter vacation?

Locky ransomware may take an Easter Break, at least in terms of phishing email distribution. And it’s all about the bad guys finding the target audience, not their love of Easter Eggs.

The post Will Locky ransomware and the Dridex botnet take an Easter vacation? appeared first on Avira Blog.

Locky’s JavaScript downloader

Locky is a considerable security threat that is now widely spread.

It seems that Locky’s authors are now predominately using one campaign to spread the ransomware. Last week, we published a blog post about Locky Ransomware, the ransomware that is most likely being spread by the infamous Dridex botnet. In our last blog post, we described three campaigns the Locky authors are using to spread their malware. Now Locky’s authors are mainly using the campaign with javascript packed into a zip file sent to people through phishing emails.