Tag Archives: Social Engineering

Are Social Networks interested in your sex life?

If there is a big topic related to SPAM that has been used for years and years, most of us would agree it’s… Viagra sales. It is really interesting to see those mails on the junk folder of our mailing service, trying to sneak in the desired inbox and capture our attention at least for a second.

The post Are Social Networks interested in your sex life? appeared first on Avira Blog.

Mutating mobile malware and advanced threats are on the horizon as we approach 2016

Bad guys know that people are moving their computing to mobile, so they are adapting

Bad guys know that people are moving their computing to mobile, so they are adapting

Yesterday, we walked you through a set of our 2016 predictions in regards to home router security, wearables and the Internet of Things. In addition to these important topics, mobile threats are not something that should be ignored as we move into 2016.

“Most people don’t realize that mobile platforms are not really all that safer or immune from attack then desktop platforms,” said Ondřej Vlček, COO of Avast. “Most people use mobile devices in a more naive way then they use a PC because they just don’t understand that this is a full blown computer that requires caution.”

 Hackers have done their homework to prepare for the new year

Over the course of this year, we’ve seen a list of notable mobile threats that jeopardized the privacy and security of individuals. Our own mobile malware analyst, Nikolaos Chrysaidos, has a few ideas about several issues that could crop up in the new year:

  • Android malware that can mutate. This superintelligent family of malware is capable of altering its internal structure with new and improved functions, changing its appearance, and if left unmonitored, spreading on a viral scale. And yes, this concept is just about as scary as it sounds.
  • More security vulnerabilities that can be exploited as a result of fuzzing. This year, there was a good amount of research on fuzzing, making it more and more of a familiar concept to both good and bad guys within the digital world. Fuzzing is a technique that is used to discover security loopholes in software by inputting massive amounts of data, or fuzz, into a system with the intent of overloading and crashing it. Next year, these vulnerabilities could look similar to Stagefright, the unique and dangerous vulnerabillity that, when exploited, left mobile devices vulnerable to spyware.
  • Smarter social engineering techniques. Now that most people know about certain vulnernabilities and their potential consequences, hackers can take advantage of this knowledge and use it to their advantage. For example, a hacker could trick users into installing their malware by telling them that an MMS is waiting for them but can’t be sent via text message due to risks associated with the Stagefright bug. Users are then prompted to click on a malicious download link. Although we could see more of these advancements in 2016, the concept isn’t completely new – this year, an example of this type of technique could be seen within OmniRat spy software.
  • APTs on mobile. In 2016, Advanced Persistent Threats (APTs) could be used to target politicians. This could be accomplished by using spyware (similar to Droidjack or OmniRat) in combination with specific social engineering techniques that could aid hackers in gaining access to powerful and influential individuals.

With this list of potential threats and risks in mind, it becomes clear that our mobile devices hold more value than just our apps and contacts. As hackers‘ techniques grow smarter, it’s important that we do the same in regards to the way that we approach our security.

Protect your Android devices with Avast Mobile Security. That and other apps like our new Wi-Fi Finder and Avast Cleanup & Boost are free from the Google Play Store.


 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Recent scams in my spambox

Being a marketing-communications guy, I’m not as geeky about software technology as some at Avira are – my geekiness is more aligned to any communications I see, which includes the ‘voices’ of spammers. I like to dig through my spam folder and analyze the ways that spam/scam writers communicate. Common Viagra or penis-enlargement topics aside, I’m particularly interested in the rhetoric that scammers use to trick people into clicking, thinking the email is legit (even if the email is already in the reader’s spam folder!).

The post Recent scams in my spambox appeared first on Avira Blog.

No, Tiffany is not giving away diamond rings on Facebook

Diamond rings and an Audi R8 can be mine just for the simple actions of liking and sharing on Facebook. NOT!

In the past week, three fake giveaways have come across my Facebook newsfeed – two of them today! These were shared by otherwise intelligent friends, so that makes me think all kinds of other people are falling for the scam. I’m sharing these with you, so you’ll know what to look out for.

Each scam promises that you could win a valuable prize just by liking and sharing the post. This one is for an Audi R8 V8, and every time I’ve seen it, it’s originates from a different page. The instructions are always the same – for a chance to win, you must like the page, request your desired color in the comments, and share the post with your friends.

Audi R8 Facebook like-farming scam

 

This type of social engineering scam is called like-farming. It is designed to gather many page likes and shares in a short amount of time, and since Facebook’s algorithms give a high weight to those posts that are popular, they have a high probability of showing up in people’s newsfeeds. Scammers go to all this trouble for two purposes: The pages can later be repurposed for survey scams and other types of trickery that can be served to a large audience. And pages with large numbers of fans can be sold on the black market to other scammers with creative ideas.

All that glitters…

Two posts for beautiful jewelry appeared in my newsfeed just today. One was from the famous jewelry company, Tiffany & Co. The post shows a video of a sparkling diamond band and asks for a like, share, and comment to win this ring.

Tiffany Facebook like-farming scam

Click on the link and it takes you to a fake Tiffany & Co Facebook page.

There are two things to notice about the page; one, the Co in the name of the company does not have a period at the end. And two, the page does not have the blue Verified Page check mark beside the name. That mark is Facebook’s way of guaranteeing the authenticity of the company.

fake Tiffany Facebook page

 

Here is the real Tiffany & Co. Facebook page with the verified page check mark.

real Tiffany & Co. Facebook  page

 

The other jewelry scam came from a page called Sani Jewellery. The scam is the same as the one from the fake Tiffany page; users can win just for liking and sharing the post on their Facebook page.

Sani Jewellery Facebook scam

 

These scammers own another Facebook page called Fashioners Only, and run identical like-farming scams.

Fashioners Only Facebook scam

How to avoid like-farming scams on Facebook

  • If you suspect that someone has shared a fake page with you, do not click on it or participate in the giveaway.
  • Politely inform the person who posted it that the Facebook page they shared is a like-farming scam. You can even send them to this post.
  • Report the page to Facebook by hovering over the top right corner of the post. Click the arrow and choose Report post.

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.