Tag: cybercrime awareness

Suspicious E-mail Attachment? Be Cautious it can be Impair Your Small Business

As a small business owner, you may be receiving tens of emails (sometimes hundreds) in your in-box every day. You have to be careful while opening your emails – a small neglect on your part can significantly ruin your business – your important files may get deleted, someone might get access to your financial and customer information. I am not trying to scare you off but this is reality. There are many cyber criminals out there looking to make easy money. 95 percent of Americans receive emails with malicious programs while nearly 9 percent opened the attachment infecting their computer (Halon and TNS Global survey).

In this article, we will discuss the common threats that come as email attachments and what precautions you can take.

Common threats as email attachments
Opening a suspicious email attachment can infect your computer with a virus, Trojan horse, botnet and you can even become victim of phishing and hacking.

  • Virus: Virus is one of the common threats that small businesses come across. These malicious programs are mostly sent as email attachments with the intention of either damaging your computer programs or spreading the viruses to the computers in your network for creating problems.

    When such email attachments are opened some programs will get installed in your system. They can do many things – can gain access secretly your sensitive information, wipe out all the files on your hard drive, replicate and spread to USB keys and external hard drives. Sometimes they display unwanted ads.

  • Trojan horse: Trojan horse records all keystrokes you enter in your system. That is how it gains unauthorized access to your organization’s financial information, customer information; disrupts the performance of your computer; deletes or modifies your data, etc. Cyber criminals can even notice you through web cam.
  • Phishing: Phishing emails look legitimate and appear as if they came from known sources like businesses, banks, government agencies, friends, relatives, major online retailers, social networking sites, etc. They motivate you to download HTML form and sometimes motivate you to click the links in the email.

    These emails come with subject lines like “update your information” or confirm your user-name and password” and sometimes state the consequences if you don’t verify your details.

    Phishers generally attach html form to the mail. When you open such attachments, the form asks you to fill your credentials. These attachments are less likely to be blocked by anti-phishing mechanisms, because the form is stored locally.

    Sometimes you will be asked to click on the link provided that leads to the phisher site that site looks genuine and they motivate you to enter details of your accounts. The phishers gather your information based on your inputs and use this information to gain access to your account with a bank etc. to misuse it.

  • Legitimate PayPal URL looks like:
    legitimateurl
  • Disguised URL from the phishing email:
    Disguised url

These phishing links are constructed in such a way that looks like it goes to PayPal.com, but it leads to the phishing site. You can see the difference instead of forward slashes – there are dots in the URL and also you can see in the URL – instead of https it is http. (Note: HTTPS in the URL signifies your information is secure. Legitimate sites will only able to get this security certificate)

  • Botnet: Botnets are generally a group of computer networks that are remotely controlled by cyber criminals over the Internet in an effort to perform automated tasks without your knowledge. These email attachments contain viruses, spyware with botnet code. When they are installed in your computer. The creator of malware takes control over your system, your Internet browsers and monitors your keystrokes. They sometimes use your email account to send thousands of spam emails and involve in click fraud.
  • Hacking: Typically hacking targets a specific person. Hackers are very smart they send emails with convincing subject line, attached with a virus. Sometimes, they send emails from your friends’ or business partners’ account (the one which they already hacked). When such attachments are installed, they gain access to your system without your knowledge. Once the hacker gains access to your system, they look for information to steal your financial accounts, trade secrets, client details or your intellectual property.

Precautions to take

  • Update your operating system or enable ‘automatic update’
  • Install anti-virus and anti-spyware software in your system. Because this will inspect all files in your computer as well as your attachment files for viruses and spywares. Whenever they find any infection, they will remove it or immediately alert you
  • Back up all important files on your computer
  • Install and maintain a firewall on your computer – configure it. This will alert you whenever a program or process is attempting to access your system
  • Use attachment filters that will block certain file names or extensions
  • When you are not using your system, shut it down
  • Disable settings in your email program that automatically download the attachments


Precautions to take while opening email attachments

  • Don’t click, open, save or run any email attachments that you suspect
  • Be cautious about the executable files that end with the extensions such as .exe, .vbs, .lnk, .pif, .scr, .bat and so on
  • If you think the file is legitimate, check the contact details whether they are matching with the original source
  • Don’t give personal or sensitive information by email. Remember, no legitimate source will ask for information through emails

Small businesses are common target of cyber criminals as they often give least attention to this kind of matters. Use your emails sensibly and safeguard your business.
(more…)

Is Your Genuine Antivirus Protecting Your Computer from All Online Threats?

A person may be using a genuine operating system, applications and of course a world class antivirus software – all of them purchased for few thousands of rupees or hundreds of dollars and nothing for free. But still he is not 100% safe in the wild west of Internet today. Because it is not just virus, trojan or any such malware – it is social engineering.

With the robust and genuine software and hardware security applications the cost of computing is going too high. The vendors are no more struck in pleasing their consumers with just the usability features. They have tightened the technology and even releasing numerous updates though they seem overwhelming to their customers. In this kind of situation, finding out new vulnerabilities in software and them trying to exploit them with viruses and trojans are not viable for the hackers. It is here where they figured a new strategy – exploiting the weakest link of a sturdy technical security system. Guess who? The human of course… It can be the administrator of the PC or a corporate network. Even luring a small employee of a corporate network into downloading something infects the network.

Kevin Metnick, a security consultant, mentions in his CSEPS Course Workbook that it is much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.

Social engineering explained
The concept of Social Engineering is to directly trick the user of the computer to download malware or to reveal sensitive information under the auspice that they are doing something perfectly innocent. The task is too simple and many fall out for it for the lack of awareness on the scams being played on.

With a world class antivirus that gets 1st rank in all AV-tests and a best team releasing realtime AV definitions everyday or a robust firewall from the industry leader, is simply not helping the administrator of the computer. Because it is himself who is infecting the PC. The job of the attacker is to simply lure him to do it. However, it may not be downloading malware that the attacker wants every time. He may just lure the user into giving away some sensitive information. It ranges from SSN to credit card number.

The hacker hijacks a genuine domain or creates a genuine-looking one by himself. It is a part of website spoofing. Once the user enters the domain they are either lured into providing their personal details or download something. Selling scareware is also a part of social engineering. In fact Google reported that 90% of all domains involved in distributing fake antivirus software used social engineering techniques.

Why your antivirus can’t keep up?
Each hacker holds a number of domains under him. If one is identified and taken down, the other goes up. The malware mutation used here is also rapid. Though you have the latest version of antivirus called Internet security suite, it may be too late before the vendor identifies and releases a fresh virus definition. Microsoft has gathered information about few billions of downloads over the past two years, and roughly 1 out of every 14 program downloads are later identified as malware. In few cases, just clicking on the background of the malicious site will initiate a download.

Anti social engineering: Should it be from your computer and AV or You?
You computer security is only as robust as your security awareness. Any computer, be it running on Windows XP, Vista or Windows 7, the software will not allow any data to enter your system unless you permit it by initiating its download. And if somebody tries upload any corruptive data to your system, it wouldn’t work because you never initiated it in the first place.

The popular browsers today are designed not to download blindly anything, even if it is initiated by the user himself. The browser does its job perfectly by alerting the user with details of the initiated download. (You might remember the classic pop up of the browser with a OK and Cancel options on it.)

But the hacker is clever enough to give a set of instructions including a message saying “You will receive a warning about this control. Ignore the warning and click OK”. The user unaware of the situation clicks OK and downloads the malware. The PC is now infected under the full authorization of its administrator.

In other situation, the user might get an email saying its from his bank (email spoofing from the hacker) informing that he has withdrew a huge amount from his account and a link to site what looks like his banking website. The scared user is now tricked into typing his account details and the password. In the next few hours, the account gets emptied by the hacker.

Most of the social engineering techniques run in the same way. Agreed that genuine antivirus is required to protect your PC, but it is not designed to tackle situations like this.

Here are few tips that help you help from preventing social engineering to some extent:

  • The awareness of the user is the key here. Keep yourself updated on the online scams.
  • Avoid using administrator privileged account for PC, unless for updating the security patches.
  • Beware of unknown websites and emails that prompt you for personal information.

Most of the people fall victim for social engineering tactics either out of stupidity or greed. And unfortunately, we don’t have patches or hot-fixes for either of them. The person should also have a proper mindset to deal with social engineering tactics. A mature person is less likely to get enticed and fall for online scams.

(more…)

Trends in Identity Theft – 2010

More than 8.1 million adults in U.S. fell victim to the ID theft for the year 2010. Though the number of identity theft instances decreased, the amount lost by the victims rose significantly, as per the 2011 Identity Fraud Theft Report from Javelin Strategy & Research.

New types of consumer frauds have evolved into the market incurring more losses to the victims. The average amount lost due by consumers due to id theft in 2010 was $631 per incident. This also includes the amount payed by victim towards payoff of any fraudulent debt as well as fees to resolve the fraudulent claims.

Opening an account without the victim’s knowledge was seen to be the most damaging form of id fraud which caused $17 billion losses to victims in 2010 itself. This fraud, called as new account fraud, is not only harder to detect but also severely impacting to the victims.

Account takeover was another common form of the id fraud. Changing the physical address of the victim’s pre-existing account, without his knowledge, was the most popular tactic comprising of 44% of the total account takeover incidents in 2010. Registering an account with the victim’s name was another popular tactic.

In 2010, 14% of the id thefts were committed by the people who were well-known to the victims. This form of fraud is called Friendly fraud, where the fraudsters will be either friend, relative, neighbor or roommate of the victim. Consumers between 25-34 age were the most likely to fell victim for friendly fraud. The most common form of fraud committed by the friendly fraudsters was new account fraud. In 2010, around 30% of the new account fraud was perpetrated by someone well know to the victim. Theft of Social Security Number was also most prevalent in friendly fraudsters.

The above trends for Id fraud suggests the importance of safeguards on not only private information like bank account number and passwords, but also personal information like SSNs.

Why Internet is Wild West Today?

Today almost every user browsing Internet is at risk. The increase in threats related to social networking sites, banking security, botnets, and attacks targeting users, businesses, and even applications made Internet a risky landscape. Many industry consultants and analysts refer Internet as ‘Wild West’ because of its huge insecurity, where nobody or no website can be trusted. Every year, cyber crime costs billions of dollars to repair systems hit by attacks and loss in productivity because of disruptions. According to the Federal Bureau of Investigation (FBI), consumers and businesses lost $5.8 billion in 2009 due to cyber crime.

Risks increased exponentially
Today, any user can get affected by cyber threats through browsing, searching or merely visiting legitimate sites than ever before in the Internet history. Malicious web links are sprouting at a rapid pace. According to CA Internet Security Business Unit (ISBU), 78% of threats came from online interaction during the first six months of 2009. IBM’s ‘X-Force 2009 Mid-Year Trend and Risk Report’, states that there was more than 500% increase in new malicious web links in the first six months of 2009. The vulnerability towards the threats seems to have reached the peak point. In the first half of the year 2009 alone, nearly 3,240 new vulnerabilities were discovered.

New threats
With the evolution of web based communities and explosion of Internet services, users are spending more time online and engaging in social networking activities on the Internet than ever before. This is resulting in new threats that exploit these services and communities. When a reputed website hosts third-party content, users often let down their guard while following hyperlinks in the third-party content or installing applications offered by them. Malware authors follow social networking buzz and the most popular activities online to attack the users. They are always ready to exploit significant and popular news stories to trap the netizens. Thus many people become victims of cyber traps.

The attackers are constantly upgrading their tools to attack the unwary users. This criminal activity is scaling new peaks constantly. According to IBM, the SQL injection attacks almost doubled from first quarter to second quarter of 2009. Through SQL attacks, malicious code is injected into genuine web sites to infect the visitors.

For the past few years, Botnets are the primary tools for many cyber criminals. They are always a challenge to the cyber security professionals as it is very difficult to track them down. Botnets can launch almost every type of cyber attack including data exfiltration, sophisticated espionage, and spam.

Targeted attacks
Although targeted attacks were rare earlier, they are seen often these days. Apart from the common people, top management of companies, governments, industries and even journalists are being targeted for private information. Emails with Malware attachments is the popular and preferred method for targeted attacks. According to CA (ISBU), 17% of the infections are distributed through E-mail. There is also an increase in attacks targeting client software using Adobe products including Flash and Acrobat Reader.

Criminals are adapting more effective methods to target online banking system. Trojans are the result of new tactics that go beyond the simple key logging-with-screenshots efforts, which prevailed earlier. CA (ISBU) reported that Trojans were the most common threats representing 71% of the total infections in the first half of 2009. When it comes to Phishing, IBM says that 66% of the phishing attacks targeted financial industry and 31% targeted online payment in the first half of 2009.

Over the years, Internet security issues have been growing. Initially, virus was the only problem. Later with the explosion of Internet, many newer threats have evolved increasing the security vulnerability such as malicious domains or untrusted web sites, presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, mainstream news sites and online magazines. Today you are in a high-risk zone as soon as you are online. It is always advisable to be alert while you are browsing.

Malware Lurks Within Pirated Versions of Popular Movie Downloads

Now-a-days cyber criminals are using popular events, current developments and even movie premieres to attract people who seek free or pirated content and exploiting.

A recent online scam which promises viewers to download the recent “Twilight – New Moon” movie is found to install malware in PCs.

The entire process of this scam is as follows…

  • Viewers are lured with the text websites, chat rooms and blogs that read: “Watch New Moon Full Movie.” Comment posts with related keywords are also used simultaneously to attract more search engines.
  • Search results for the movie then link users to stolen images from the movie itself, convincing the fan that the movie is only one click away.
  • When they click on the “movie player” they are told to install a “streamviewer”.
  • The streamviewer, however, installs malware on the user’s computer.

Don’t get enticed by such scams to get downloads without verifying if the sources are genuine or not. It can turn up to be more hectic not only in terms of cost but also in terms of toil and time. And the entire accountability will fall upon none other than you.

Courtesy: PCTools.com

All You Need to Know About Scareware

As Scareware threats are on rise, millions of Internet users are falling prey to the Scareware scams.

Scareware adopts bogus sales tactics that are designed to scare a user into believing that his or her computer contains critical errors or viruses that have to be fixed immediately. Scareware ads offer an instant solution to the so-called problems on the computer and come for a price. In some cases, this software is harmless – while in others – it is actually a malware or another spyware. The ad might pop up anytime when surfing the web. The ad may open a pop-up window leading people to believe that the message is triggered by their own Operating System. The message claims that the consumer’s computer is infected with a virus and may require a “fix” and that clicking on “OK” would take the user to the download site from where the user could purchase the “fix”. By luring the victims to buy the software, the perpetrators may even steal sensitive information such as credit card details of the victim and these details may be sold to black market forums.

As of June 2009, over 250 rogue programs had been detected by Symantec in a study, which spanned over June 2008-09. Bogus security software could be freely available, may cost up to US$100 or come in a trial version. They may be installed manually by the user or when he opens an attachment or while surfing through a malicious website. Scareware can also be unknowingly advertised on legitimate websites such as social-network sites, forums, blogs, and appear in search engine results that are sponsored by cyber criminals. These crooks also hire sales representatives to sell their products who earn an average of US$23,000 a week. They are paid for every installation they make and even get bonuses like electronic gadgets and luxury cars.

Another tactic of Scareware is scaring users with unanticipated images, sounds or video. This is known as Prank software. An example of this kind of software is “NightMare”, which when executed lies dormant for some amount of time, finally changing the entire screen of the computer to an image of a skull while a horrifying shriek is played on the audio channels.

Many cases have been filed against the perpetrators of such sites and they have been asked to pay for the damages caused by them. In 2005, Microsoft and Washington State successfully sued Secure Computers for US$1million over charges of using scareware pop-ups. Various regulatory bodies like the US Federal Trade Commission are taking an active part in trying to put an end to this menace.

However, it is your responsibility to be aware of these things and avoid being trapped.

Yet Another Email Scam – Beware

As we are aware of the recent issue with a few thousands of emails, lets see how some of these scammers have used the emails they hacked into.

The following email was sent to a small business support’s email id for financial gain from a@gmail.com – an email id belonging to their client.

“I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, i’m stuck in New York City with family right now, we came down here on vacation , we were robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such and crazy here in london , i need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but dont have enough money to get on flight ticket back home, please i need you to loan me some money till im back home to pay back , i will refund you as soon as i’m back home, i promise , all we need is $800”

The issue looked genuine. The only odd thing was that it was sent as ‘BCC’ (undisclosed recipients). However, the email was from the client’s id.

The following reply was sent to the email id of the client.

“Not a problem. Please let us know what we need to do.”

Then this person got suspicious and sent this message immediately.

Is there a number we can reach you?

Within 10 minutes there was a reply from the email id as follows…

“Well I’ll can’t access any cell right here , all i need is $800 more to complete my ticket fee right now , I can get it back to you as soon as im back home , You can wire me the money via western union , You only need my name and the country name here , I still have my passport ID to pick up the money here

Name : First Lastname
Country Name : New York, United State of America

Thats all you need , You got it right ?”

This is a tricky situation as you don’t want to be seen as unsupportive when a client is in genuine trouble. Thus, the business was willing to send the money. However, they called the client’s mobile in the U.S and he answered – making it clear that the email was not sent by him. If it wasn’t answered they were all set to send the money, since, they were not aware of anyone being fooled in this way before. The business wanted to widely circulate this to prevent people from being fooled this way.