Tag Archives: Social Engineering

Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.


*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

wps_clip_image-25719

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

image

10 Comments

Filed under cybercrime, Don't Get Hacked, Education, Internet Safety for Seniors, Online Safety, Safe Surfing, System Security, trojans, Viruses, worms

Search Engine Malware – The Same Old, Same Old

In the News within the past 3 days

Web security firm Armorize – over 6 million e-commerce web pages have been compromised in order to serve malware to users.

Ed Bott Report – criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.

Not in the News

The specifics may be news but, this particular malware attack vector is so old I’m surprised that more Internet users aren’t aware of it. No, I take that back – based on a conversation I had just last night.

Me: “So, what antimalware applications are you currently running?”

She: “Well, I can cut and paste and I can get on the Internet, but I don’t worry about all that other stuff. I don’t understand it anyway.”

I’m well past the point where I allow myself to show surprise when I hear this type of response – it’s just so typical. Given that level of knowledge, it’s hardly surprising then, that consumer confidence in the reliability of search engine results, including relevant ads, is taken for granted.

I’ve yet to meet a typical user who would consider questioning a search engine’s output as to its relevant safety.  It’s been my experience, that typical Internet users blindly assume all search engine results are malware free.

This, despite the reality that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

Here’s how the cyber crooks do it:

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The following comment (posted here March 15, 2011), illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Application Vulnerabilities, Browser add-ons, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, downloads, Interconnectivity, Internet Safety, Internet Security Alerts, Malware Protection, Online Safety, Search Engines, Software, trojans, Windows Tips and Tools

PandLabs 2011 Security Trends Predictions

imageEvery year, I hold on to the belief that we’ve seen the worst that cyber-criminals can throw at us – so I’m always hopeful, that the outlook for the coming year might offer some improvement. As the years go by, inevitably it seems, my hopes have been dashed.

The Internet, despite its promises (many of which have come to pass, admittedly), has become a cesspool of cyber criminals (who continue to belittle us), scam and fraud artists, and worse. A cesspool that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software. And now it seems, we’re approaching the point where anarchy might well begin to rule the Internet.

The recent WikiLeaks kafuffle, with its counter play DDoS attacks pitting supporters against non-supporters, is a singular indication of how quickly the Internet can devolve into anarchy. No matter the views one may hold politically, with respect to the WikiLeaks disclosures, the use of hacktivism as a political tool is a worrisome trend.

PandaLabs, in its just released predictions covering the top security trends for 2011, is predicting an increase in the type of hacktivism the WikiLeaks conflict has pushed into the spotlight. Moreover, PandaLabs report paints a dismal picture of how the Internet threat landscape is likely to shift and change, in the coming year

According to PandaLabs, in addition to a new focus on hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year.

Report highlights:

Continued growth of new strains of malware creation

2010 marked a turning point in the cyber war, and PandaLabs expects more of the same in 2011

Cyber-protests, or hacktivism (e.g. Anonymous), are all the rage and will continue to grow in frequency

Social engineering will increase as cyber criminals increasingly use social platforms to launch distributed attacks

Windows 7 users will become a significant target for malware in 2011

Mobile security will be a top concern for Android users

As tablets gain market share, so will their appeal to be targeted by cyber criminals

As the market share of Mac users continues to grow, so will the number of threats

HTML5 will be the perfect target since a security hole can be exploited regardless of the browser

Highly dynamic and encrypted threats are expected to increase, given the financial incentive for information on the black market

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 63,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

Get more information about PandaLabs and subscribe to its blog news feed here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, Internet Security Alerts, Malware Reports, Online Safety, Panda Security, PandaLabs, Reports, Windows Tips and Tools

Kate Middleton, Prince William Engagement Leads To Poisoned Search Results

imageIf an event is newsworthy, you can be sure cybercriminals are exploiting it and creating opportunities to drop malicious code on our computers – malicious code designed, in most cases, to separate unwitting victims from their money.

Taking advantage  of our curiosity surrounding current events has long been a favorite tool of the bad guys, and as expected, cybercriminals have jumped on the news of  Prince William’s engagement to Kate Middleton, and are actively exploiting this popular topic.

Cybercriminals don’t have to jump through hoops, write brilliant code, or take extreme measures, to be successful at the type of social engineering that goes hand in hand with capitalizing on newsworthy happenings. They simply poison selected search engine results – not as difficult to do as you might imagine.

For example, the Sunbelt Software Blog is currently reporting that “a Google search for “Kate Middleton” results in a poisoned link on the second photo under “Images for Kate Middleton.”

Google search string “Kate Middleton” = 14,300,000 results. (Click on a graphic to enlarge).

image

Google search string “Images for Kate Middleton” = 8,600,000 results.

image

Sunbelt warns that searching for photos of Middleton, can lead to images which redirect a  Firefox user to a compromised site where the user is encouraged to download a Trojan masquerading as a Firefox update.

Click on the graphic to expand and check the URL closely. You’ll notice that it reads Friefox – not Firefox.

image

(Graphic courtesy of Sunbelt Blog).

The Sunbelt warning goes on to say:

The destination pages are usually legitimate ones, but are rarely ones dedicated to bringing news to readers. Depending on which browser the users are using, they will be redirected either to a YouTube-like page offering a video codec or to a page sporting and infection warning and offering a fake AV for download (IE users).

To save you the trouble of having to search – here’s a pic of the bikini clad Middleton.  Winking smile

image

Old advice, but worth repeating nonetheless – Save yourself from being victimized by scareware, or other malware, and review the following actions you can take to protect your Internet connected devices including your computer system:

  • When surfing the web – Stop. Think. Click
  • Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on your computer.
  • Install a personal firewall on your computer.
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
  • Ensure the anti-virus software scans all e-mail attachments.

For additional information on fake search engine results, you can read an earlier article on this site – Malware by Proxy – Fake Search Engine Results.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

17 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Firefox, Internet Safety, Internet Security Alerts, Malware Advisories, Search Engines, trojans, Windows Tips and Tools, WOT (Web of Trust)

If it’s in the News – Watch for an Email Scam

image If an event is newsworthy, you can be sure cybercriminals are exploiting it to their own advantage. Cybercriminals have jumped (as expected), on the earthquake tragedy in Haiti, and are already exploiting this sad event.

Cybercriminals are experts at exploiting our curiosity surrounding current events, and by focusing on this aspect of social engineering, they are increasingly creating opportunities designed to drop malicious code on our computers. Most of this activity is designed to separate unwitting victims from their money.

Cybercriminals can be much more direct though (without attempting to compromise your computer), in their attempts to separate you from your money.

Even though the the majority of seasoned computer users (I suspect), are familiar with the infamous “419” or advance fee fraud scam, in which the victim is encouraged to sent money to the scammer, with the promise they will realize a significant gain, this type of scam is every bit as popular as ever.

Earlier today, Symantec Hosted Services alerted me to a new “419” scam they have just become aware of. An email claiming to be from Hassan Ali Abdul Mutallab, the brother of Umar Farouk Abdul Mutallab, who allegedly attempted to blow up Northwest Airlines flight 253 over Detroit on Christmas Day, is the scam vehicle .

image

The scammer, supposedly Umar Farouk Abdul Mutallab’s brother, claims he is looking for a “Muslim brother/sister” to help retrieve funds belonging to the alleged bomber. But, as Symantec  stated in their alert, “before the non-existent money can be released, various increasingly inventive fees and charges have to be paid. These fees continue until the victim of the scam eventually realizes that they have no chance of getting any money, and gives up. Victims are often too embarrassed to contact police, and the scammers continue”.

Every day, I receive 10/15 of this type of scam in my “Honey Pot” email account. Here’s just one example from today.

Honey pot

How gullible can people be? When Michael Jackson died, I wrote a piece entitled “Hey Sucker – Read This! Michael Jackson’s Not Dead!”, simply as a test of “curiosity exploitation”.

The results that followed were astonishing – within days, this article was getting 1,000’s of daily hits. Even today, this nonsensical article continues to get hits. Talk about gullible people!

Save yourself from being victimized by scareware, or other malware, and review the following actions you can take to protect your Internet connected computer system:

    • When surfing the web – Stop. Think. Click
    • Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
    • Don’t open unknown email attachments
    • Don’t run programs of unknown origin
    • Disable hidden filename extensions
    • Keep all applications (including your operating system) patched
    • Turn off your computer or disconnect from the network when not in use
    • Disable Java, JavaScript, and ActiveX if possible
    • Disable scripting features in email programs
    • Make regular backups of critical data
    • Make a boot disk in case your computer is damaged or compromised
    • Turn off file and printer sharing on your computer.
    • Install a personal firewall on your computer.
    • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
    • Ensure the anti-virus software scans all e-mail attachments.

    If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

    4 Comments

    Filed under Don't Get Scammed, Don't Get Hacked, email scams, internet scams, Internet Security Alerts, Symantec, Windows Tips and Tools

    Straight From PandaLabs – Malware to Watch for in 2010

    image Button up your overcoat and get your rain gear ready; it’s going to get stormy! PandaLabs has released its 2010 forecast of computer threat trends for 2010.

    Cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

    Being aware of Internet threats is critical to your security on the Internet, so that you can protect yourself and stay ahead of the curve. Knowledge truly is a critical necessity to ensure your personal safety on the Internet.

    The following PandaLabs forecast can help you get ready for the malware threats expected in 2010.

    Courtesy of Panda – PandaLabs Forecast: 2010 Computer Threat Trends

    • Fake antivirus, bots and banker Trojans will continue to increase
    • Cyber-criminals will keep fine-tuning their social engineering skills to trick victims
    • More malware will be created for Windows 7 and Mac operating systems
    • The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

    PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009.

    As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination.

    Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus (rogueware), bots and banker Trojans.

    Social Engineering Continues to Rise
    Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

    As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc.  It is always a good idea to be suspicious any messages related with current affairs and large events such as this.

    In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

    Watch Out Windows 7
    Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

    Mobile Phone Attacks – Not Yet!
    Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

    The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

    Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone – the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android, and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

    Mac Becoming Increasingly Attractive to Cyber-Criminals
    Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive.

    Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware.

    These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009 we have already seen some attacks, and predict there are more to come in 2010.

    Cyber war
    Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion –as yet unapproved- pointing at North Korea. In 2010 we can expect to see similar politically-motivated attacks.

    Securing the Cloud
    Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

    Cloud Antivirus Technology on the Rise
    2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware.

    In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

    If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

    6 Comments

    Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Panda Security, PandaLabs, Safe Surfing, Windows 7, Windows Tips and Tools

    Give Me Your PayPal ID – Then We’ll Make a Deal!

    image Like many Bloggers I expect, I get a huge volume of emails requesting link exchanges. In almost every case I reject the proposed exchange – I’m only interested in free sites that serve the public good. As well, I’m only interested in sites that publish articles that are well researched, well written and that have endured the ups and downs of blogging.

    Don’t get me wrong – I’m not trying to be an elitist. I am however, entitled to set my own standards. So when I get an site link request like the following, my spam/scam radar automatically switches on.

    “Hello Webmaster,

    I’m a webmaster for http://www.xxxxxxxxx.com website,  I’ve found your website information and advice to be a very good fit for our visitors so could you please give us the best price for a site wide link on your esteemed website for a period of half and 1 Year? We will make payments Via PayPal so if interested, please mention your PayPal id.

    If we are happy with your price, then we will send you the Link details that you can place on your website and we will make the payments to the PayPal id provided by you”.

    So is this a scam? You decide based on the following:

    They don’t know my name.

    They know nothing about my site – no specifics mentioned.

    For a period of half and 1 Year? – Awkward phrasing is a hallmark of spammers.

    Esteemed website? Sure, flattery works – right?

    Incomplete contact information – no phone number or address.

    Most importantly; why would they need my PayPal ID? I think you can figure that part out.

    Spammers, scammers and cyber-crooks, come in all flavors and sizes, and use every conceivable social engineering trick to swindle the gullible. I suspect that at least some  inexperienced Bloggers – flattered by the attention (wow, someone thinks my site is good enough to pay me for a link!!), will, or have fallen, for this fairly transparent scam.

    One last note: This scam appears to be linked to a legitimate business site, which is why I have blanked the site address.

    I’m not unreasonable in considering link exchanges – just careful. In fact, in the last few days I have added 2 new sites to my Blogroll, PC Magazine – Windows 7 Tips, (at their request), and Scoroncocolo Tech Pages. Both sites are well worth checking out.

    If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

    1 Comment

    Filed under Don't Get Scammed, Don't Get Hacked, Email, email scams, internet scams, Social Blogging, Windows Tips and Tools