Tag: phishing awareness

Suspicious E-mail Attachment? Be Cautious it can be Impair Your Small Business

As a small business owner, you may be receiving tens of emails (sometimes hundreds) in your in-box every day. You have to be careful while opening your emails – a small neglect on your part can significantly ruin your business – your important files may get deleted, someone might get access to your financial and customer information. I am not trying to scare you off but this is reality. There are many cyber criminals out there looking to make easy money. 95 percent of Americans receive emails with malicious programs while nearly 9 percent opened the attachment infecting their computer (Halon and TNS Global survey).

In this article, we will discuss the common threats that come as email attachments and what precautions you can take.

Common threats as email attachments
Opening a suspicious email attachment can infect your computer with a virus, Trojan horse, botnet and you can even become victim of phishing and hacking.

  • Virus: Virus is one of the common threats that small businesses come across. These malicious programs are mostly sent as email attachments with the intention of either damaging your computer programs or spreading the viruses to the computers in your network for creating problems.

    When such email attachments are opened some programs will get installed in your system. They can do many things – can gain access secretly your sensitive information, wipe out all the files on your hard drive, replicate and spread to USB keys and external hard drives. Sometimes they display unwanted ads.

  • Trojan horse: Trojan horse records all keystrokes you enter in your system. That is how it gains unauthorized access to your organization’s financial information, customer information; disrupts the performance of your computer; deletes or modifies your data, etc. Cyber criminals can even notice you through web cam.
  • Phishing: Phishing emails look legitimate and appear as if they came from known sources like businesses, banks, government agencies, friends, relatives, major online retailers, social networking sites, etc. They motivate you to download HTML form and sometimes motivate you to click the links in the email.

    These emails come with subject lines like “update your information” or confirm your user-name and password” and sometimes state the consequences if you don’t verify your details.

    Phishers generally attach html form to the mail. When you open such attachments, the form asks you to fill your credentials. These attachments are less likely to be blocked by anti-phishing mechanisms, because the form is stored locally.

    Sometimes you will be asked to click on the link provided that leads to the phisher site that site looks genuine and they motivate you to enter details of your accounts. The phishers gather your information based on your inputs and use this information to gain access to your account with a bank etc. to misuse it.

  • Legitimate PayPal URL looks like:
    legitimateurl
  • Disguised URL from the phishing email:
    Disguised url

These phishing links are constructed in such a way that looks like it goes to PayPal.com, but it leads to the phishing site. You can see the difference instead of forward slashes – there are dots in the URL and also you can see in the URL – instead of https it is http. (Note: HTTPS in the URL signifies your information is secure. Legitimate sites will only able to get this security certificate)

  • Botnet: Botnets are generally a group of computer networks that are remotely controlled by cyber criminals over the Internet in an effort to perform automated tasks without your knowledge. These email attachments contain viruses, spyware with botnet code. When they are installed in your computer. The creator of malware takes control over your system, your Internet browsers and monitors your keystrokes. They sometimes use your email account to send thousands of spam emails and involve in click fraud.
  • Hacking: Typically hacking targets a specific person. Hackers are very smart they send emails with convincing subject line, attached with a virus. Sometimes, they send emails from your friends’ or business partners’ account (the one which they already hacked). When such attachments are installed, they gain access to your system without your knowledge. Once the hacker gains access to your system, they look for information to steal your financial accounts, trade secrets, client details or your intellectual property.

Precautions to take

  • Update your operating system or enable ‘automatic update’
  • Install anti-virus and anti-spyware software in your system. Because this will inspect all files in your computer as well as your attachment files for viruses and spywares. Whenever they find any infection, they will remove it or immediately alert you
  • Back up all important files on your computer
  • Install and maintain a firewall on your computer – configure it. This will alert you whenever a program or process is attempting to access your system
  • Use attachment filters that will block certain file names or extensions
  • When you are not using your system, shut it down
  • Disable settings in your email program that automatically download the attachments


Precautions to take while opening email attachments

  • Don’t click, open, save or run any email attachments that you suspect
  • Be cautious about the executable files that end with the extensions such as .exe, .vbs, .lnk, .pif, .scr, .bat and so on
  • If you think the file is legitimate, check the contact details whether they are matching with the original source
  • Don’t give personal or sensitive information by email. Remember, no legitimate source will ask for information through emails

Small businesses are common target of cyber criminals as they often give least attention to this kind of matters. Use your emails sensibly and safeguard your business.
(more…)

Email Spam Volumes Fall to Lowest Level in Two Years: Symantec

A recent report from Symantec declared that spam volumes in January 2011 fell to the lowest levels, since March 2009. The spam volumes seemed to drop dramatically since 25th December of 2010 and continued its phase in January. The only time that spam volumes dropped by such a remarkable extent was after the closure of McColo, a California-based ISP in 2008, for being implicated in criminal and botnet activities.

Dramatic decline in spam levels
Spam, in January 2011, accounted only for 78.6% of the total email traffic. This was a 3.1% drop since December 2010 and a significant 65.9% lower compared to same period, a year ago. However, the spam rate is still alarming with 1 in every 1.3 mails being a spam one. The fall of the spam was credited to the apparent fall in activity of 3 major botnets – Rustock, Xarvester and Lethic.

Spam levels – Country wise for January 2011

  1. Oman – 88.8%
  2. China – 84.6%
  3. Hungary – 83.3%
  4. Luxembourg – 82.8%
  5. Kuwait – 81.9%
  6. South Africa – 80.0%
  7. US – 78.8%
  8. UK – 78.7%
  9. Canada – 78.3%
  10. Australia – 77.3%

Minute increase in phishing activity
One in 409.7 emails was found to comprise of a phishing attack in January 2011, said Symantec. This was a small 0.004% increase since December 2010. Phishing levels in US were 1 in 892.8 emails. South Africa was the most targeted geography by email phishing attacks with one in 51.7 emails blocked as phishing email. Other top targeted geographies by phishing emails are as follows:

  • UK – 1 in 188.6 emails
  • Canada – 1 in 204.6 emails
  • UAE – 1 in 247.3 emails
  • Oman – 1 in 248.4 emails

Increase in new malicious domains
Symantec message labs has identified an average of 2,751 malicious websites each day, in January 2011. Around 44.1% of them were identified to be new domains, a 7.9% increase from December 2010. These websites contained malware and other potentially unwanted programs including spyware and adware. 21.8% of all malware blocked on these sites was new. Another recent report from OpenDns said that 53.8% of all the phishing websites were hosted out of US.

Though email spam has decreased in volumes, web-based malware seems to increase in both volumes and coming up with new forms. The report suggests that organizations can combat the lurking threats by a policy-based security model. It is also important for users to choose an antivirus that is proactive in detecting malware and offers real-time updates for malware database.

Technical Tips to Prevent Phishing

Many anti-phishing browsers have been implemented till date and some of them include embedding features in browsers, as extensions or toolbars in browsers, and as part of website login procedures. Most websites that are targeted for phishing are secure, meaning that SSL with strong cryptography is used for server authentication. In principle, it should be possible to confirm the site using the SSL authentication, but in practice, it is easy to deceive the user.

The superficial flaw in the browser’s security User Interface (UI) is that it is insufficient to deal with today’s strong threats. There are 3 parts for secure authentication: first,indication that the connection is in authenticated mode,second, the site which the user is connected to and third,which authority says it is the site that it claims to be.

Secure Connection: The user easily misses the padlock that was the standard display for secure browsing from the mid-1990s to mid 2000s. Mozilla featured a yellow URL bar in 2005 as a better indication that the connection is secure. However, unfortunately, this innovation was then reversed due to the EV Certificates, which replaced high value certificates with a green display and the rest with a white display.

Which Site: The user is expected to be sure that the domain name in the browser’s URL bar is in fact where they wanted to go. URLs can be too complex to be parsed and users often do not know or recognize the URL they intend to go making authentication meaningless. Many e-commerce sites will change the domain names within the overall set of websites making it harder for the user to trace himself. Also simply displaying the domain name of the visited website as some anti-phishing toolbars do is insufficient.

Firefox offers an alternative: A pet name extension which lets users type in their own labels for websites that they can recognize when they later return to the website. In addition, if the site is not recognized then the software warns the user or detects it outright. This symbolizes the user-centric identity management of the server. A graphical image selected by a user could be a better identification.

With the introduction of EV Certificates, browsers display the organization’s name in green making it more visible ad hopefully more consistent with the user’s expectations. But then the browser vendors have limited this display to only EV Certificates, leaving the user groping in the dark for other certificates.

Who is the Authority As far as the user is concerned, the browser is the authority at the simplest level since no authority is stated at this stage. The current practice is for the browser vendors to control a root list of acceptable Cas. The problem is that all Certification Authorities (CAs) employ neither good nor applicable checking. In addition, neither do all CA s subscribe to the same model and concept that certificates are only about authenticating web sites or e-commerce organizations. Certificate Manufacturing is the term given to low value certificates that are delivered on a credit card and an email confirmation, which can be easily perverted by fraudsters. Thus, a valid certificate issued by another CA may spoof a high value site. This could happen because the CA is in another part of the world and it is unfamiliar with high value e-commerce sites. Nevertheless, since the CA is charged with protecting its own customers and not the customers of another CA there is an inherent flaw in this model.

The solution to the above problem is that the browser should show and the user must be familiar with the name of the authority that issues the certificate. This projects that the CA as a brand and allows the user to come in contact with the handful of CAs in their country. The use of brand provides the CA with an incentive to improve their checking and the user would demand good checking for high value sites.

This solution was put into action in early versions of IE7 when displaying EV Certificates where the issuing CA was displayed. Nevertheless, this turns out to be an isolated case. There is resistance for branding CAs on the chrome resulting in a fallback to the simplest level above: the browser is the user’s authority. (more…)

Phishing – Types And Precautions

The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication is known as Phishing.

Types of Phishing
Phishing is usually carried out by email or instant messaging and it often directs users to enter details at a fake website, which is similar to the legitimate one. Since the fake website is similar to the original one, it requires tremendous skill to determine whether a website is fake or not.

  1. Misspelled URLs: Phishers use some sort of deceptive techniques, which design a link in an e-mail (and the spoofed website it leads to) apparently belong to the spoofed organization by using misspelled URLs or of sub-domains. Sometimes the phishers make the anchor text for a link appear to be valid, whereas the link actually goes to the phishers site.
  2. Whaling: Phishing attacks directed specifically at senior executives and other high profile targets within businesses is known as Whaling.
  3. Image Phishing: Phishers have also used images instead of text to make it difficult for anti phishing filters.
  4. Cross site scripting: An attacker can even exploit flaws in the original website’s script against the victim making it even more difficult to detect since everything from the web address to the security certificates seem to be original. This technique is known as cross site scripting.
  5. Phone Phishing is the case where in a customer gets a call asking him to call back to discuss his problems while accessing his bank accounts. The person then is trapped into giving his sensitive information such as credit card information and the like.

Measures to counter phishing
People need to change their browsing habits when it comes to phishing. For example, when asked to reveal their sensitive information they should directly contact the company to make sure the mail is genuine and shouldn’t fall prey to mails that address them as “Dear Customer”. Paypal, for instance makes it a point to address the users by their usernames.

One of the major flaws of the user is the Click-through syndrome where he treats any pop-ups as a case of misconfiguration and proceeds with his work without heeding to the warning of the computer.

(more…)