Tag Archive | social engineering

Security Threats to Monitor throughout the beginning of the New Year

There is a lot to look out for this holiday season, and into the New Year…and many Grinches want to steal your joy. But, as long as you keep an eye on them, there shall be nothing to worry about!

 

  1. Spam – as always. Have you gotten emails from “FedEx” lately or UPS? You know, those fake emails stating you have a package to be tracked, but they need another payment method to process it? Or how about some free or cheap Rolexes? All of these are scammy spam, fraudulent, or just wanting to distribute malware! Remember, if you didn’t order it, don’t believe it! What is spam can also lead to number 2…
  2. Phishing attacks… as millions of people shop online and shoot up the revenue of online shopping to the billions of dollars, there are also tons of scammers and fraudulent websites wanting your personal data, credit card, or to waste your time. Remember, if it doesn’t look legitimate, or does not have a secure transaction process, it probably is not a good idea to make the purchase (no matter how attractive it looks). Usually, trusted stores are the best to shop from, and that’s all that’s best.

    When you go to check out and enter your personal information, first look at the address bar and make sure it highlights green in some area and has the following at the beginning of the web address: https://. By looking for that, or even looking for a padlock icon in the lower right or left corner of the browser will help ensure you have a secure connection where your personal information will be transferred privately.

  3. Social engineering attempts – you can find these on social networks. They attempt to entice you with different ads or offers, or show a shocking story in attempts to get you to click on it. Once you do, you may be asked to login to Facebook, verify personal information, or make a payment to get access to information.

    When it comes to shocking stories, safely ignore them if it didn’t come from what looks like a trusted source. Instead, stay out of trouble and don’t click. “If in doubt, throw it out”, perspectively can be used to help let you think about what you click on. Also, be careful about charity apps. On Facebook, and application called “Causes” is the only legitimately popular app to use for charity donations. Most correct charity ideas are routed through Causes because of how trusted the app is.

  4. TMI on social networks – be careful about how you tell others about places you’re currently staying, eating, or being by yourself (at the office or at home). Using apps such as Foursquare or related, don’t bother using. They are highly insecure to your personal privacy and can result in burglary or worse.
  5. ATM skimmers – fake debit or credit card readers are popping up in random ATM machines around major retailers everywhere. Always look closely before swiping your card, or pressing any buttons. If anything seems out of place, loose, or just doesn’t feel right…Don’t swipe your card, don’t press any pin number, etc. If anything seems funky, ask the cashier to run your card under the counter, or just go to a bank.

    It’s best also to either tell the bank owning the ATM or call the number on the ATM. Let them know the machine can be modified for illegitimate purposes. Lastly, always spread the word to the cashier that the ATM could be modified and to tell customers not to use it.

  6. Unprotected computers and tablets… here’s the solutions for those matters:

PC:

MAC:

ANDROID:

Buy Kaspersky Mobile Security and protect your Android smartphone for 1 Year – only $19.95

October is National Cyber Security Awareness Month

NCSAM official image (Department of Homeland Security)

Cyber security awareness is so important, and we’re going to display a few things you should be aware of this month, for you to try to make capable changes to your personal or business security perspective. You will notice some of the information below is linked to different posts here on the blog. This should help you understand each topic better! Please don’t be afraid to use each of the links below to learn more about protecting your system(s).

  • Email is one of the biggest attack methods. Since users are still highly dependent on email, it is so critical that email systems get fixed. Spam can be so cunning that it may disguise itself as your friend, someone you trust, or a bank. The main target in these spam attacks is phishing, which will allow an attacker to trick you into doing something or giving away personally identifiable information.The goal is to also download malware on to your computer, which can be used to take control of your computer and steal much more personal information. Some emails may claim to be a legitimate organization sending you an attachment, but it’s purpose is to distributed malware on your computer. It is best to secure email systems against spam. This can be done using a variety of products whether hardware or software. Make sure to secure your system(s) with the latest spam fighting utilities. Also, securing Outlook or Windows Live Mail is beneficial.
  • Instant Messaging still seems to be a vector for malware attacks. Just when people drop their guard about IM security, a new band of threats affects users. Most IM attacks come in the form of spam, a message from an apparent trusted friend, or a phishing attempt/scam from a legitimate looking company. A lot of the time, when the message appears from a trusted friend, it usually means that person’s IM account or email account has been hacked and the attacker has mined the email addresses or IM addresses in order to send you these attacks. It is important to have a good Internet Security product that protects against IM attacks along with network defense.
  • Exploits are the most common cause of infections on computers these days. Many of the exploits have been caused by out-of-date Java plugins or Adobe Flash Player plugins (or even fake Flash Player), among other types of plugins for your browser. Other exploits come in the form of advertisements that are catered to your interests, by the use of tracking cookies, which when you click on the ads it can lead to a site that will immediately download malware and attempt to take control of your computer.Those are just a couple of examples of why you need Internet Security protection as declared just above in the explanation for IM security. Also, having a second-opinion malware scanner can make sure that things don’t get missed, giving you maximum protection. Working on a defense-in-depth strategy for your computer can be a great way to avoid exploits.
  • Downloading and installing untrusted software products is a good way to get infected with viruses, spyware, and other threats and malware. Using tools such as Web-of-Trust for your browsers is a key idea in managing whether a site is safe. Also, reading reviews for the product you are getting ready to download and purchase will help you make an informed decision. It is important to have Total Internet Security protection, as stated above in IM security. Please refer to the “Internet Security product” link for more information on securing your system(s) with protection mechanisms.

There are many more vectors of cyber security problems. It is important to use the methods described above as well to secure your system(s) from attacks from cybercriminals.

Summary of mitigating most attacks:

LifeLock

Miley Cyrus sex tape scam details

Unbelievable? Another social engineering attempt. Here is a source on the non-existent Miley Cyrus sex tape:

Facebook scammers are using the promise of a non-existent Miley Cyrus sex tape to lure users into giving up temporary access to their accounts. Once inside, scammers run a script to create automatic posts that tag friends and propagate the scam.

Here, again, we are dealing with the well-known, if not utterly obsolete, “copy/paste code” method whereby the scammer aims to steal the victim’s Facebook authentication token. This grants the scammer temporary access to the targeted Facebook account, including the victim’s list of friends.[HOTforSecurity]

 

Protect against these types of scams:

 
US - avast! New Version 7 Products Generic

%d bloggers like this: