Holiday scams

                The holiday season can be a very busy time for many people, but it is also a busy time for cyber criminals. There are a lot of online scams going around this time of year, looking to take advantage of increased shopping activity and people’s generosity. We’ve listed some tips and warnings about some of the most common scams.

Fake Retailer Websites
                A counterfeit website which mimics the site of a real retailer using similar layouts, color schemes, graphics and logos. Sites like these have been known to send low quality merchandise that doesn’t work or falls apart, or simply send nothing at all and just simply steal the personal and financial information you provide them.

Deceptive Advertising
                We’ve all heard the old adage “If it’s too good to be true, then it probably is.” This certainly applies to online advertising. If I saw an ad offering a Rolex watch for $100, for example, I would be very suspicious. Even if you didn’t end up buying anything from the site, simply clicking the link could install malware onto your system.

Point-Of-Sale Malware
                Over this past year there have been several data breaches from some major retailers. Many of these breaches were due to malware inside the Point-Of-Sale devices. When a card is swiped through, the malware will send a copy of your card information to the malware creators. The best way to protect yourself is to be diligent in checking the transaction history of your accounts. If you notice any unintended purchases, contact your financial institution immediately.

New Devices
                Many people will buy or receive new phones, tablets, USB drives, or other devices this holiday season. Devices like these can get infected with malware. Connecting your device to your work computer (even just to charge the battery) could wreak havoc on your company’s servers and systems. Make sure to check with your IT department about BYOD (Bring Your Own Device) policies.

ATM Skimming
                Holiday shopping may mean hitting up the ATM. Before inserting your card, double-check to make sure that the ATM hasn’t been compromised. If the keypad, card slot, or cover look different or loose, a device (or malware) may have been installed to steal your banking information. Another ATM tip is to cover the keypad with one hand while entering your PIN with the other. Criminals have been known to install tiny cameras in ATMs in order to find out your PIN.

Public Wi-Fi
                While it may be convenient to sit down at your local coffee shop and use their internet connection, you should be very cautious of what information you send over their free Wi-Fi. Systems like this are usually not very secure, and someone could steal your information with little effort. Never do banking or online shopping on public Wi-Fi.

Shop only on secure websites
                A lot of holiday shopping is done online – make sure that the site you are shopping on is secure. Look at the website address at the top of your web browser. If the URL begins with ‘https://’ then you know that they are encrypting your sensitive information. If the URL begins with ‘http://’ then the website is not using encryption. Additionally, most major browsers will display a lock icon in the address bar. You can click this lock to get more detailed information about the website.

Fake charities
                Make sure to do your homework on any charitable organization before donating. Their name and website may seem legitimate, but it could be someone trying to take advantage of your generosity and scam you out of money.

Social Media
                Some things to be wary of on social media sites such as Facebook and Twitter:

·         Phony Profiles
                A random person sends you a friend request. Even if their profile looks legitimate, you shouldn’t click that ‘Accept’ button quite yet. That new ‘friend’ could be a criminal after your data, and accepting their friend request gives them access to your personal info, posts, and your list of friends. Make sure that you only accept friend requests from people you actually know; otherwise you’re opening yourself up for an attack.

·         Hacked Profiles
                You see that one of your friends posted a link claiming that they got a free XBox for filling out a survey. In reality, someone has hacked their account and posted this malicious link. Contact your friend immediately and have them change their password.

Email
                Email is a very popular way for criminals to try to infect your system. Here are some of the more common email scams:

·         Malicious e-cards
                Looks like a simple greeting card, but downloads malware when you open it.

·         Grandparent scams
                Scammers target the elderly with an email from a “stranded” grandchild claiming to need money wired to them.

·         Letters from Santa
                An offer to send your child a personal letter from Santa Claus may be a phishing scheme to collect personal information.

·         Bank Account scam
                An email seemingly coming from your financial institution which informs you that your bank account has been compromised. You are given a link to follow or a phone number to call in order to verify your account information.

·         Shipping notification/Order confirmation
                You receive an email claiming to be an order confirmation or package tracking number. Make sure that the email is actually from a retailer you have ordered from before clicking any links within.

·         Golden rules of Email
                Do not follow unsolicited links
                Do not open unsolicited attachments
                NEVER send any financial information through email

Share

Heartbleed FAQ

Heartbleed logo

Recently, the security vulnerability CVE-2014-0160 was discovered, nicknamed Heartbleed. Because of several inquiries we decided to answer some Frequently Asked Questions:

What is Heartbleed?

Heartbleed, or CVE-2014-0160, is a security vulnerability which allows an attacker access to private data stored on servers which run certain versions of OpenSSL. This means that your sensitive data – usernames, passwords, and even credit card information – could be at risk. The bug can allow a hacker to pull data directly from the server’s working memory. Although the attacker has no way of knowing if any of the data they grab is useable, since they can exploit Heartbleed over and over there is a high chance that they will eventually get the sensitive data they are looking for.

What is OpenSSL?

OpenSSL is an open-source encryption technology which is very widely used across the World Wide Web. Encryption is a process of encoding information in such a way that only the authorized parties can read it.

How long has Heartbleed been around?

This security vulnerability was first introduced into the OpenSSL software in March 2012, but was only recently discovered by security companies. It is unknown whether or not hackers had exploited CVE-2014-0160 before it was made public.

What can I do to protect myself? Can SUPERAntiSpyware protect me?

Your first instinct may be to change all your passwords. This is definitely a good idea, but first you should contact the Web site operator to ensure that the Heartbleed bug has been patched. If the site has not yet fixed the bug, changing your password would be futile since an attacker could just exploit the breach again and steal your new password.

If you are unable to contact the Web site operator, there are ways to tell if a particular site is vulnerable. LastPass and Qualys have created tools which will give you information about whether or not a site has been affected by Heartbleed. Also, CNET has compiled a list of the top 100 Web sites and whether or not the Heartbleed bug has been patched.

Because Heartbleed is a security flaw and not any type of malware (virus, worm, Trojan horse, etc…), anti-malware programs such as SUPERAntiSpyware cannot protect your information. That ability lies solely with the operator of the Web site.

How do I know if my information has been stolen?

Unfortunately, exploiting this vulnerability does not leave traces of any abnormal activities, and therefore there is no way to know if your information has been stolen.

I use online banking – is my bank account at risk?

Most major banks do not use OpenSSL and use their own proprietary encryption software. That being said, if you do any of your banking online it would be a good idea to change your password and contact the bank directly to confirm that their site is secure. It would also be prudent to keep an eye out for anomalous charges on your financial statements. Until you are completely sure that your banking Web site is secure, it would be advisable to avoid doing any online banking.

I did my taxes online – is my tax information safe?

A recent post by the IRS stated that their systems are not affected by the Heartbleed bug and they will continue to accept tax returns as normal.

 

If you have any questions related to Heartbleed, feel free to share them with us on our Facebook® Page or simply leave a comment below.

Share

Everything You Need To Know About Rogue Security Software

​​rogue vs real

When it comes to spreading malware and swindling money from the victims, cybercriminals have many ways to achieve their malicious goals. In recent years, cybercriminals have become increasingly inventive in terms of writing, designing, and distributing malware. In one of our previous blog posts, we discussed about ransomware and how it is being used by cybercriminals to extort money from its victims. In this blog post, we’ll discuss about a new type of malware called ‘Rogue security software’, which closely resembles ransomware, but follows a little different approach to attack its victims. 

Read more…

Share

Why Bother With Software Updates?

Software Updates

What do you do when you see those little icons and pop-up messages that appear in the system tray, indicating there is a new software update available for you to download and install?  Most people find such notifications and the process of installing new software updates insignificant and disrupting. The truth is, people ignore such notifications for various reasons, such as, ‘Do I really need to install this update?’, ‘My computer is working just fine, I don’t think this update is for me!’, ‘I don’t have time to reboot my computer’, etc. If you are accustomed to dismissing those update notifications, you need to reconsider that practice. Applying software updates is one of the most important things you can do with your computer. In fact, if you don’t do it, you’re very likely going to get some kind of malware in your system and even get hijacked.

Read more…

Share

All You Need To Know About Ransomware

Ransomware

The modern malware landscape is huge, and it’s growing more and more sophisticated every day. In one of our previous blog posts, we discussed the different types of malware, their infection mechanisms and how they act within a system. Currently, there is one category of malware that is becoming increasingly more popular called “ransomware.” In this blog post, we will discuss what ransomware is and what strategies and techniques are used in creating and propagating this latest trend in internet crime.

Read more…

Share