Tag Archives: Scams

AVG

AVG‘s Winning Game Plan for “Secure” Bowl Sunday

Leave a comment

The biggest football game of the year is a big day for being online – whether you’re traveling to Santa Clara to watch it in-person or heading to a friend’s party (or two).  Either way, it’s important to protect yourself while you’re on your phone, and there is no doubt there will be a lot of social media activity from kickoff to half-time to when the clock reaches zero.

If you’re like the majority of us and don’t have a ticket to the game, you’ll most likely be watching the extravagantly funded commercials and your Twitter or Facebook feed from a friend’s house.  Here are some things to keep in mind while online.

  • Big events are popular among spammers:  Recognize spam as spam; meaning, don’t click on video links or open any attachments from unknown senders.  Only open emails from reputable vendors and people you know.
  • Watch out for fake offers: Don’t think you’re going to buy a last-minute cheap ticket.  They don’t exist!  If you are in the market for a ticket, only buy from a reputable ticket agent.
  • Be a REAL fan:  You only want official NFL gear, right?  Watch out for knock-off or unofficial team merchandise, as it will not look good after the first wash.  Only buy from a retailer you recognize.
  • Phishing for your money: AVG’s Web Threats Team found the top brands misused by scammers in phishing scams are payment systems like PayPal and American Express and logistics companies like UPS / FedEx  -all companies you might expect an email from if you bought tickets or merchandise online. Do NOT reply or send personal data to these fake emails.  They are trying to get your bank and other personal information.  If you have ordered and want to track the package, use the tracking option directly on the retailer’s site.

For the lucky ones who were able to get a ticket to the big game, you’re going to be in one of the most high-tech stadiums in the country!  It is Silicon Valley, right? Did you know that there are 1200 access points for WiFi at Levi Stadium?  That’s 1 WiFi point for every 100 seats!  Plenty of connection points for posting all those selfies!   Here are some tips for staying safe in the crowd: 

  • Turn off your phone and watch the game! You paid a lot of money for that ticket, so why do you want to watch it on a small screen?
  • Encrypt personal data: Access points at Levi Stadium are public but how do you know the access point you’re connecting to isn’t a criminal faking the WiFi name?  Download a free VPN like Hide My Ass! and encrypt your data.
  • Don’t advertise where you are to strangers: If you must post on social media, make sure you have your location settings turned off on your photos (geotagging) and don’t display your location.  You don’t want a burglar in your neighborhood knowing you’re at the game.  Your friends and family will know where you are when they see your photos. Just go to your phone “Settings”, find your camera app and turn off the location setting.
  • In case you lose your phone: Before you head to the big game, make sure you download anti-theft software, like AVG AntiVirus Pro for Android or make sure your anti-theft settings on your iPhone are active.  That way if you lose your phone or get pick-pocketed you’ll be able to disable, locate, or wipe it.

Stay safe at the game and have a great Sunday!!

AVG

Top 10 Phishing Emails to look out for this Holiday Shopping Season

Leave a comment

Black Friday and Cyber Monday are huge shopping occasions, not only in the US but across the world. Last year it was reported that the US spending over Thanksgiving reached an all time high with $89 billion being spent online.

Email campaigns offering deals and discounts are commonplace these days and every week retailers try to tempt me with discounts in an attempt to generate online sales. This dynamic method of communicating means that offers can be targeted based on my purchase history and the preferences I may have shared with the retailer.

On my shopping list this year are things I’ve been holding back purchasing in anticipation of discounts and offers that will surely land in my inbox, or that I might able to find online. One of them is a new laptop for my son.

But there’s also a dark side to some email that arrives in inboxes. Cybercriminals know that we get excited by deals and offers, or need to maintain our online payment methods, and they use this knowledge in an attempt to scam us. Most of us think of this as spam and just delete it, but sometimes it is difficult to identify the real emails from the fake ones.

Recently, I asked our research team which organizations in the US are being impersonated the most in emails. Specifically the ones used in “phishing” emails that attempt to gain access to your accounts, or trick you into providing your credentials so they can steal your hard earned cash.

The list below is compiled by AVG’s Web Threats Team from anonymous data from more than 200 million users and our own spam honeypot system.

  1. American Express
  2. Apple
  3. Bank of America
  4. Chase Bank
  5. Ebay
  6. FedEx, UPS, DHL
  7. Intuit (Taxes)
  8. Paypal
  9. Wells Fargo
  10. Westpac Bank

If you live outside the US then your list will look fairly similar with local banks from your country taking the place of the US banks in this list.

Checking my inbox from last week I count six emails that look like they are from Paypal, inspecting the emails closely I find that two of them are fraudulent phishing emails, both trying to get my login and password.

 

PayPal scam

 

The email looks and feels as though it came from Paypal, but there are some clues that point to its true nature.

 

  • If your email provider or security product, such AVG Internet Security, marked the email as Junk or Spam, then there is a very high probability that it is.
  • Look at the email address that sent the email, does it look correct? The address may include other parts for example [email protected] would be a legitimate address but if the address is [email protected], then this would be incorrect as it needs to be paypal.com on the last part of the address.
  • In the example you can see its asking for incomplete account details to be submitted, I know my account is up to date so why are they asking such questions.
  • Has the email got the mandatory elements that companies need to use, registered office details, unsubscribe options, etc.
  • If you have clicked on it, and you shouldn’t if any of the above are true, then check the URL in the address bar, is the address https://www.paypal.com, is the padlock there and does part of the address go green to show that the site has a valid digital certificate. If no to any of these then close the browser.

If at any point you think the email is spam and fraudulent then do not open or click on any links, just delete the email. Opening the email will download the content which the cybercriminals mark so that they know the email was opened and that your email account is active, they will send you more!

If you did click the link and you have up to date anti-virus software, such as AVG AntiVirus FREE, or AVG AntiVirus FREE for Android, then you should see a detection screen like the one below or your browser may also show a warning screen.

phishing warning

phishing detected

What do you do if you think the email was real and have not clicked or opened it, that’s an easy one. Open your browser and go to paypal.com and login. I am sure if there is important account information they need they will ask for it when you login.

It’s important to have updated Anti-Virus software, as these types of attacks use websites that change and disappear in minutes to try and hide from detection. Having up to date security software gives you the best possible chance of being protected.

All this should not put you off finding that great deal or bargain online, but I hope these tips help you check what you click on or open and visually check it looks real. I know I will be looking for that deal this week and will be delighted if I find it online so I don’t need to join the crowds in store.

 

ESET

Criminals, Linguistics, Literacy and Attribution

Leave a comment

In an article I wrote recently for Infosecurity Magazine – Spelling Bee (Input from the Hive Mind – I touched on the topic of textual analysis (in a rather loose sense). This was in response to some comments implying that it’s a good indicator of scamminess when a message uses US or UK spellings inappropriate to

The post Criminals, Linguistics, Literacy and Attribution appeared first on We Live Security.

Avast

No, Tiffany is not giving away diamond rings on Facebook

Leave a comment

Diamond rings and an Audi R8 can be mine just for the simple actions of liking and sharing on Facebook. NOT!

In the past week, three fake giveaways have come across my Facebook newsfeed – two of them today! These were shared by otherwise intelligent friends, so that makes me think all kinds of other people are falling for the scam. I’m sharing these with you, so you’ll know what to look out for.

Each scam promises that you could win a valuable prize just by liking and sharing the post. This one is for an Audi R8 V8, and every time I’ve seen it, it’s originates from a different page. The instructions are always the same – for a chance to win, you must like the page, request your desired color in the comments, and share the post with your friends.

Audi R8 Facebook like-farming scam

 

This type of social engineering scam is called like-farming. It is designed to gather many page likes and shares in a short amount of time, and since Facebook’s algorithms give a high weight to those posts that are popular, they have a high probability of showing up in people’s newsfeeds. Scammers go to all this trouble for two purposes: The pages can later be repurposed for survey scams and other types of trickery that can be served to a large audience. And pages with large numbers of fans can be sold on the black market to other scammers with creative ideas.

All that glitters…

Two posts for beautiful jewelry appeared in my newsfeed just today. One was from the famous jewelry company, Tiffany & Co. The post shows a video of a sparkling diamond band and asks for a like, share, and comment to win this ring.

Tiffany Facebook like-farming scam

Click on the link and it takes you to a fake Tiffany & Co Facebook page.

There are two things to notice about the page; one, the Co in the name of the company does not have a period at the end. And two, the page does not have the blue Verified Page check mark beside the name. That mark is Facebook’s way of guaranteeing the authenticity of the company.

fake Tiffany Facebook page

 

Here is the real Tiffany & Co. Facebook page with the verified page check mark.

real Tiffany & Co. Facebook page

 

The other jewelry scam came from a page called Sani Jewellery. The scam is the same as the one from the fake Tiffany page; users can win just for liking and sharing the post on their Facebook page.

Sani Jewellery Facebook scam

 

These scammers own another Facebook page called Fashioners Only, and run identical like-farming scams.

Fashioners Only Facebook scam

How to avoid like-farming scams on Facebook

  • If you suspect that someone has shared a fake page with you, do not click on it or participate in the giveaway.
  • Politely inform the person who posted it that the Facebook page they shared is a like-farming scam. You can even send them to this post.
  • Report the page to Facebook by hovering over the top right corner of the post. Click the arrow and choose Report post.

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.