Famous people – movie stars, athletes, politicians - are the favorite subject matter of scammers. Using modern technologies and communications channels, scammers and social engineers come up with sophisticated methods to trick people and grab their attention. Social channels offer a perfect environment to create buzz, grab users’ interest with shocking content, and eventually make people share the scams themselves! Behind different types of scams stands different motivations; collecting likes (likes farms), spreading malware, or installing malicious applications that will steal your credentials. Whatever those motivations, the intentions of scammers ain’t for your benefit!
We monitor social media to pick up those dangerous scams, warn our community, and report it to our virus lab. There are plenty of users who still become victims of scammers. We are convinced that it is more efficient to avoid problems, than to fix them.
An ounce of prevention is worth a pound of cure ~ Benjamin Franklin
Let’s take a look at a few types of scams and patterns that will help us to recognize them ahead. STOP – THINK – AND DON’T CLICK (YET)
Celebrities are in the constant spotlight, followed not only by the paparazzi and tabloid magazines, but fans as well, observing every step they take. The more unusual and shocking the story is, the better it sells online. Is there any better way to attract humans’ attention than with sex? If you know of some, please let us know! Meanwhile, let’s learn how those scams work and mainly - how to recognize them!
- Rouge visuals, shocking copy, and very strong call to actions. If the status contains any of following: OMG, You must watch it, Look what she/he has done! NEVER click on this link!
- Message leads to a shortened URL, so you can not recognize the link that doesn’t lead to any well- known source (celebrity fan pages or blogs, entertainment websites)
- The hosting server is unknown source
Would you click on the video saying “OMG I can’t believe Rihanna did it with a…” Read more…
The Foundation arm of AVAST Software announced today that it will make a donation of 500,000 CZK (approximately $25,000) to support relief and recovery efforts in the Philippines following Typhoon Haiyan.
“The greatest needs are for water, food and hygiene kits, and this will be coordinated through our main partner, People in Need, the biggest humanitarian organization in Central/Eastern Europe,” said Martina Břeňová, spokesperson for the AVAST Foundation.
“I speak for the founders, management, and employees of AVAST, when I say that our hearts go out to the victims of Typhoon Haiyan in the Philippines,” said Vojtěch Nekvapil, AVAST’s Partner Sales and Support Manager. “Our highest priority is to make sure that our associates and their families are safe and have what they need.”
How to avoid scammers taking advantage of Typhoon Haiyan
Whenever a catastrophe hits, people seek ways they can help. Cybercrooks quickly throw up fake websites or use similar sounding names to trick donors, and scam victims or even the real charity. Typhoon Haiyan already wrecked havoc on residents of the Philippines; don’t let making a donation wreck havoc on your bank account or identity
- Donate to charities you trust, those with a “proven track record” of delivering aid to those in need.
- Be alert for charities that seem to have sprung up overnight in connection with current events. Check out the charity with the BBB’s Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
- Don’t give out personal or financial information — including your credit card or bank account number — unless you know the charity is reputable.
- Never send cash: You can’t be sure the organization will receive your donation, and you won’t have a record for tax purposes.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Back in the good ol’ days of Halloween, you only had to worry about your house getting egged or your big brother stealing the good candy. Halloween tricks have moved online, and along with any significant event or holiday, this spooky celebration marks an increase in malware. Cyber ghouls pull out their bag of tricks – rogue apps, scams, and email attachments, to name a few classics – all to get unsuspecting people to click on a link in order to steal credentials.
Here are a few tricks to be aware of:
Bad video links and rogue apps
In the weeks before Halloween, searches for holiday-related items like costumes and pumpkin carving increase. This example of a search for “Halloween costume make your own” came from Glen Newton of Wired’s Innovation Insights. He wrote,
The website that came up at the top of the list has a link to a video that promises to show you how to make one for under $15 in materials, requiring only basic sewing skills – just what you were looking for. You click, and there it is, but the video doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click.
You can guess what happens next. No, someone in a Ghostface is not looking in your window. Rather, when you click to download, a warning pops up that your PC is infected with multiple instances of malware. But don’t you already have virus protection? You immediately assume that it’s not working, plus you remember that you haven’t backed up your files in months (cue the Psycho music). Panic ensues.
The scan window…show(s) you third-party software that can remove the malware… Fortunately, it’s not a budget breaker: $39.95 for a year’s license. The web page includes graphics that show several certifications with which you’re unfamiliar, so you figure it must be safe.
Instead of finding out how to make a costume, you end up selling your soul to the devil. Well, not quite that bad – but you give personal information and your credit card number to buy a malware removal program. After the purchase is made, you still can’t access the video. Meanwhile, the personal information and credit card data you gave away is being sold to the highest bidder on underground crime webs, and your real antivirus has been disabled and replaced by malware that the crooks can use to control your computer. Talk about a Nightmare on Elm Street…
Read the whole article from Wired.
AVAST Tip: Only visit websites that are established and reputable, and keep your antivirus software updated. (And remember, vampires can only enter your house if you invite them!)
Some old-fashioned tricks that have made the jump from darkened parlors to cyberspace are virtual voodoo dolls, fortune-telling, psychic readings, and spell casting. There are good and respectable “intuitive consultants” (as some psychics prefer to be called) that are able to help others. For every good one, there are a plenty who con people to only get their money.
A typical M.O. of scammers is to use multiple sites with similar content. So if you see a site for Voodoo Queen Mumbo Gumbo who is offering a buy one spell, get one free, and you see 12 others with similar content, then forget about it.
“It’s a new twist on an old idea,” said Nicholas Little, legal director of the Center for Inquiry to the Toronto Sun yesterday. “It’s easy to hide your identity on the Internet, so people are willing to try scams online that they would never be willing to try in person.”
AVAST Tip: Never pay for a service or product that you are not sure of or you do not want. (A money-back guarantee for spell casting is not a good sign!)
How’s this for a good phishing scam? Everything seems legit:
1. From email is “firstname.lastname@example.org”
2. No misspelled words and has decent grammar (however, some punctuation inconsistency)
3. Copyright (c) symbol next to the university name
4. Gmail did not filter it as spam, but left it in my normal inbox
Yes, if I had ever attended that particular university, I might have fallen for it.
PLEASE NOTE: University of Texas has nothing to do with this email.
A single phishing campaign can send millions of emails to consumers in an attempt to part them from their money. Hundreds of phishing websites are established online every day, designed to lure consumers to give up personal information. And it appears that there is no slow-down among the hardworking cybercrooks because the number of phishing attacks targeted at consumers remain high, reports The Anti-Phishing Working Group, an organization that tracks and reports phishing occurrences.
Social engineering and technical trickery are the cornerstones of phishing whose goal is to steal consumers’ personal identity data and financial account credentials. Spoofed emails that appear to be from legitimate businesses, lead consumers to fake websites, which can look the same as the real thing, tricking them into divulging data such as usernames and passwords. Cybercrooks can also use technical tricks to install specially designed malware onto PCs in order to capture online account user names and passwords and misdirect consumers to counterfeit websites.
Among industries, financial services are targeted by phishers more than any other. Cybercrooks have a new variation that cons financial advisers into wiring cash out of their clients’ online investment accounts. USA Today reports that, “Cybercriminals have discovered that investors now routinely rely on email to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.”
How can you protect yourself against phishing?
The avast! Mail Shield scans all incoming and outgoing email and attachments for malware. For the highest level of home protection, avast! Internet Security has a comprehensive spam and phishing filter, which analyses all incoming email based on various criteria to determine whether it is legitimate.
Steps you can take:
- Have good habits – do not respond to the links in an unsolicited email or on Facebook
- Protect your passwords and don’t reveal them to anyone
- Do not give sensitive information to anyone—on the phone, in person or through email
- Look at the website’s URL (web address.) In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
- Keep your browser up-to-date and apply security patches
- Do not open attachments from unsolicited email
If you believe you have compromised sensitive information about your accounts, contact your financial institution, credit card company, or appropriate authorities.
There seems to be a playbook of standard hacker tactics after a celebrity death or an event of worldwide interest like earthquakes or tsunamis. Hours after the announcement of pop diva Whitney Houston’s death, scammers had already devised schemes to prey on fans seeking information – appearing to recycle those used after the deaths of Michael Jackson and Steve Jobs.
A Facebook message, claiming to link to a video of Whitney Houston’s autopsy, takes the user to a page with an embedded YouTube video. When you try to play it, a pop-up message appears instructing the user to update their copy of Adobe’s Flash from a bogus site. The video scam has become viral. Read more…
Dear Miss Deborah,
Three months ago, I started chatting with a guy I met online, and we really hit it off – we have so much in common! He looks quite handsome in the photos he sent. He sent me flowers and a sweet teddy bear. Isn’t that romantic? We haven’t met yet, because he is actually supervising a construction project in an African country, but we will when he gets back. I can’t wait.
Yesterday, I got a message from him explaining how he is unable to cash his checks and asking if I could wire him money so he could come home. I’m starting to like him more each day, and I want to meet him. What should I do? Risk rejection or send him the money?
Single and looking again
The Super Bowl, the much-hyped championship American pro football game, will be broadcast this Sunday night to an estimated 200 million people. Any major sporting event from the Australian Open to the World Cup brings out scammers hoping to cash in on the excitement. The most popular ways to separate you from your money are by peddling knock-off team jerseys, counterfeit memorabilia, and fake game tickets.
This past year, Homeland Security officials and officers from U.S. Customs and Border Protection conducted a national sweep of stores, flea markets and street vendors looking for counterfeit goods. Operation Fake Sweep collected $4.8 million worth of counterfeit jerseys, ball caps, and T-shirts. Ahead of this weekend’s Super Bowl, authorities said they seized nearly 42,000 phony Super Bowl sportswear items and merchandise worth $5 million. Fake jerseys can be bought for about $80 each. But according to nflshop.com, authentic jerseys cost between $150 and $300. Read more…
In a few days, the world will ring in the New Year with renewed hope for a bright future. Predictions are being made about what 2012 will bring, and unfortunately instead of focusing on the positive, many of them are bleak. One that stands out is the prediction that the world will cease to exist on December 21, 2012 (according to the Mayan Long Calendar.) Thankfully, that one has been debunked – but we’ll see…
Here at AVAST, we are confident that we’ll have another great year protecting millions of happy internet surfers from all the nasties out there, but here are some educated predictions about what CyberThreats 2012 has in store for us, and how you can stay protected. Read more…
An estimated $465 billion will be spent this holiday season. A big chunk of a family’s expenses come from holiday travel. The American Automobile Association (AAA) projects that U.S. travel during the Christmas and New Year’s holiday weekends will increase 1.4 percent from 2010 to the highest level in five years. Cybercrooks create new travel scams and recycle tried-and-true ones to help relieve you of some holiday cash. Here’s a run-down on some popular travel scams, and what you can do to avoid them, while you prepare to visit Grandma or go skiing this Christmas.
Gasoline Rebate Card
Eighty-three million travelers will take to the open road rather than fly the friendly skies this holiday season, and they’re all looking for the cheapest gas station. The average nationwide price of regular gasoline has increased 6.2 percent to $3.264 a gallon this week, according to AAA data. Attractive offers for free gasoline vouchers and rebates are sent to mailboxes, email accounts and offered by telemarketers. The idea is that you activate your account on the phone or through online registration, sometimes pay a registration fee (red flag!), buy a certain amount of gas from a certain brand, then send in the receipts within a certain time, and supposedly get rewarded for following directions well with a gift card for free gasoline. Only it doesn’t work that way. Consumers never receive the gift cards and have willingly given away personal information. Read more…