Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘phishing’
August 29th, 2012

Phishers target consumers and financial services

A single phishing campaign can send millions of emails to consumers in an attempt to part them from their money.  Hundreds of phishing websites are established online every day, designed to lure consumers to give up personal information. And it appears that there is no slow-down among the hardworking cybercrooks because the number of phishing attacks targeted at consumers remain high, reports The Anti-Phishing Working Group, an organization that tracks and reports phishing occurrences.

Social engineering and technical trickery are the cornerstones of phishing whose goal is to steal consumers’ personal identity data and financial account credentials.  Spoofed emails  that appear to be from  legitimate businesses,  lead  consumers  to fake websites, which can look the same as the real thing, tricking them into divulging data such as usernames  and  passwords.  Cybercrooks can also use technical tricks to install specially designed malware onto PCs in order to capture online account user names and passwords and misdirect consumers to counterfeit websites.

Among industries, financial services are targeted by phishers more than any other. Cybercrooks have a new variation that cons financial advisers into wiring cash out of their clients’ online investment accounts. USA Today reports that, “Cybercriminals have discovered that investors now routinely rely on email to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.”

How can you protect yourself against phishing?

The avast! Mail Shield scans all incoming and outgoing email and attachments for malware. For the highest level of home protection, avast! Internet Security has a comprehensive spam and phishing filter, which analyses all incoming email based on various criteria to determine whether it is legitimate.

Steps you can take:

  • Have good habits – do not respond to the links in an unsolicited email or on Facebook
  • Protect your passwords and don’t reveal them to anyone
  • Do not give sensitive information to anyone—on the phone, in person or through email
  • Look at the website’s URL (web address.) In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
  • Keep your browser up-to-date and apply security patches
  • Do not open attachments from unsolicited email

If you believe you have compromised sensitive information about your accounts, contact your financial institution, credit card company, or appropriate authorities.

Comments off
March 9th, 2012

This time, the bad guys want your tax accountant

While taxpayers are the regular target of springtime malware schemes, this year the bad guys are aiming for the accountants.

A series of imposter emails are threatening recipients with the removal of their professional accreditation if they fail to respond promptly. The tax-phish appear to be from organizations such as the American Institute of Certified Public Accountants(AICPA), Better Business Bureau(BBB), and Intuit tax services.

After clicking on the email, users are redirected through a hacked legitimate site to the final malware distribution center where their computer can download fake antivirus or another malware package selected by the bad guys.

This spam campaign started in the last week of February. A tax-themed attack is a traditional feature of March and April as Americans prepare their income tax returns.

The tax-time malware is the latest example of the BlackHole Exploits Kit at work – and shows that the bad guys’ graphic and language skills are improving. Read more…

Comments off
December 27th, 2011

Top 5 CyberThreats for 2012 (and how to avoid them)

In a few days, the world will ring in the New Year with renewed hope for a bright future. Predictions are being made about what 2012 will bring, and unfortunately instead of focusing on the positive, many of them are bleak. One that stands out is the prediction that the world will cease to exist on December 21, 2012 (according to the Mayan Long Calendar.) Thankfully, that one has been debunked – but we’ll see… ;-)

Here at AVAST, we are confident that we’ll have another great year protecting millions of happy internet surfers from all the nasties out there, but here are some educated predictions about what CyberThreats 2012 has in store for us, and how you can stay protected. Read more…

December 9th, 2011

A Winter Flurry of Email Scams

The holiday season brings a flurry of email scams to inboxes everywhere. Be aware of these popular ones, so the CyberGrinches don’t steal your Christmas.

Email Charity Scam

The six weeks between Thanksgiving and New Year’s is the traditional “giving season” in the United States. According to a recent holiday giving survey, the average holiday donation this year will be $281. People who give online said they would contribute even more, an average of $378, and scammers are out to get a portion of that. Read more…

August 8th, 2011

Four browser nets and one phish

Not all browser nets can catch the same phish. One Friday evening, just before I wanted to go home, I received an interesting email.

It contained sentences like “ We recently reviewed your account, and suspect that your PayPal account
may have been accessed by an unauthorized third party” and words like “protected“, “security” and “unauthorized“.  Of course, at the end of the email, there were directions to click on a “Paypal” link to update information like login name and password.

Read more…

June 2nd, 2011

Phishing email: The YouTube impostor

In 2010, AVAST noticed that the majority of malware infections were occurring via infected websites, rather than from malicious email, which had previously been the main culprit.

But good criminals go where they are least expected.

A couple weeks ago I posted an example of a type of phishing email that I’ve since learned is called ‘vishing‘, as it uses voice (VoIP, telephone) as an agent in the scam process. (It reminds me of a public payphone I had to use in Mexico about 10 years ago, which billed me something around $80 for a five-minute call.) :) Read more…

Categories: General Tags: , , , , ,
May 18th, 2011

Phishing email: The friend needing help

An example of a phishing email I received today, which at first glance appeared to be a legitimate email from a friend, except for a Gmail warning at the top:

Read more…

Categories: General Tags: ,