Today’s biggest threat to the normal consumer is the consumer themselves.
This bold statement was made by Avast CEO Vincent Steckler in an interview with German technology website Valuetech in Munich last week. That’s a daring position to take after this year’s revelations about NSA spying, the theft of tens of millions of customer passwords from major retailers like Target and Home Depot, the recent Sony Pictures hack, and the normal parade of Trojan horses, worms and viruses, but it’s one that Steckler stands behind.
Watch the interview here (04:00),
Mr. Steckler has good reason for his conclusion. Here’s a few of the main points he made during the interview.
Social engineering preys on human weakness
“A lot of attacks are still using social engineering techniques; phishing emails – ways of convincing the user to give up valuable information,” said Steckler.
An example of phishing emails just occurred after Black Friday, when cybercrooks sent millions of fake purchase confirmation emails to customers of major retailers. You can read about that, as well as what to do if you are a victim, in our blog, Fake confirmation emails from Walmart, Home Depot, others in circulation.
The Mac misconception
Mac users are well-known for proudly touting that they don’t use antivirus protection because they never have a problem with viruses. But, it’s really a numbers game.
“There is no fundamental difference,” Steckler says of the security of PCs and Macs. “Mac is not inherently any safer, as a technology, than Windows is. What makes a difference there is what is more opportune for a bad guy to attack.”
He explains that malware written for Windows can attack up to 93% of the world’s PCs. Mac malware only reaches 7-8% of the world’s PCs. The safety then lies in the lower numbers of Mac devices rather than a technical safety advantage.
Households networks are as complicated as small business networks
With the interconnectivity of household devices from household computers, mobile phones, TVs and even refrigerators, Steckler compares the typical household network to that of a small business.
“The central weakness in this ‘Internet of Things’ will be that home router – the thing that connects everything together,” says Steckler, “and basically doesn’t have any security on it.”
Avast 2015 seeks to address this lack in security by including the new Home Network Security scanner.
Poor Sony. They are getting it from all directions these days. On Sunday, the PlayStation Network, the online store for games, movies, and TV shows, suffered a hacker attack and was knocked offline. Visitors to the store got a message that said, ‘Page Not Found! It’s not you. It’s the Internet’s fault.’ I just visited the page, and got this same message, so reports that it was up again, were at best, temporary – at least for some of us.
Sony tweeted yesterday that they were investigating.
We are aware that users are having issues connecting to PSN. Thanks for your patience as we investigate.
— Ask PlayStation (@AskPlayStation) December 8, 2014
A group called Lizard Squad, which was also involved in a hack of Xbox Live last week as well as previous attacks on EA Games and Destiny, claimed responsibility for the attack.
During the Xbox hack, Lizard Squad promised that attacks would continue until Christmas.
This attack comes on the heels of news recently that Sony Pictures’ corporate network was infiltrated by cybercrooks which resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was speculated that North Korean hackers were behind the attack due to the upcoming release of the movie “The Interview,” which is about an attempted assassination of Kim Jong-Un. The North Korean government denied responsibility for the attack on Sunday. The attack has since been traced to a luxury hotel in Bangkok, and is being investigated.
The two attacks appear to be unrelated.
Cybercrooks target busy holiday shoppers with phishing scheme.
After all that shopping on Black Friday and Cyber Monday, consumers are reporting a bunch of phishing emails that look like authentic communications from poular stores. Malware-infected emails are reportedly coming from Walmart, Home Depot, Target, and Costco. The catch is these are not from the authentic merchants, but rather cybercrooks are using a phishing scheme to send fake emails with the intent to gather personal information from harried shoppers.
Millions of these emails are being sent each day, originating from more than 600 hacked websites that act as intermediaries, according to security analysts from Malcovery monitoring the attacks. This method prevented detection by causing the spammed links to point to websites that had been safe until the morning of the attack.
The messages have subject lines like this:
- Thank you for your order
- Order Confirmation
- Thank you for buying from Best Buy
- Acknowledgment of Order
- Order Status
If you receive one of these emails, don’t click on any links. Instead, visit the merchant’s website or call their customer service. Don’t give any personal information out unless you know for sure with whom you are speaking.
Signs of a fake email
Unfortunately, cybercrooks are becoming more professional with their scams, but here are a few things you can look for to tell a fake email from an authentic one.
- Poor grammar usage
- The Sender (the “from” line) may not match the merchant name
- Links in the email do not go to the real website
- There is no order confirmation number or details about the order. A real order confirmation email contains the details of your order without clicking on any links, as well as where it is being shipped and the payment method.
How to protect yourself
Walmart acknowledged that the fraudulent emails were in circulation and suggested these steps if you receive a suspicious email.
- If you actually placed an order and are suspicious about the email you received, log onto your Walmart.com order to check your order status.
- Keep your virus software updated on all your computers.
If you were a victim of fraud via the Internet, you should file a report with your local law enforcement agency along with the Internet Crime Complaint Center (ICCC). The ICCC is a partnership between the FBI and the National White Collar Crime Center. You can make a report with the ICCC.
#GivingTuesday is a day dedicated to give from the bounty we have received.
After the shopping free-for-all of Black Friday, the local discoveries of Small Business Saturday, and the online click frenzy of Cyber Monday, people the world over have a day for giving thanks.
On Tuesday, December 2, 2014, charities, families, businesses, community centers, and students around the world will come together for one common purpose: to celebrate generosity and to give. ~www.givingtuesday.org
From supporting women’s microfranchises selling solar products in Nicaragua to supplying feed and services to a ranch in Arizona that helps save horses from abuse and neglect to constructing toilets in a school in West Bengal, there are a myriad of opportunities to spread your goodwill and your cash. It’s also an opportunity for cybercrooks to scam those with a generous heart.
What you need to know about charity scams
Charities and fundraising groups use all methods to solicit funds, so you could receive a phone call, a knock at your door, an email, a message via social networking sites, and even a text message on your mobile phone. Before giving your donation, carefully review a charity and ensure it is a trustworthy organization.
- Watch out for copycats. There may be hundreds of charities seeking support in the same category, and some may use a name that is similar to a better-known, reputable organization. Don’t fall for a case of mistaken identity.
- Avoid being pressured. Don’t succumb to high-pressure tactics that try to get you to donate immediately. Responsible organizations will welcome your gift tomorrow just as much as today.
- Give through a reputable, secure service. If a charity asks for donations in cash, by money wire, or offers to send a courier or overnight delivery service to collect the donation immediately, then beware. A genuine charity will give you time and a secure method to make your donation.
- When in doubt, check them out. The results of a Google or Yahoo search have been known to include bogus phishing sites designed to look like a legitimate charity’s website. Just look up scams around Hurricane Katrina, and you’ll see what I mean. Charity Navigator says,
- Carefully examine the web address. Most non-profit web addresses end with .org and not .com. Avoid web addresses that end in a series of numbers.
- Bogus sites often ask for detailed personal information such as your social security number, date of birth, or your bank account and pin information. Be extremely skeptical of these sites as providing this information makes it easy for them to steal your identity.
Many Avast users have protected their family member’s computers and mobile devices with Avast Antivirus products. In order to help you manage everyone’s security, our development team created a portal called the MyAvast Account. Our blog, Keep track of your family’s devices using your Avast Account, explains the basics.
Hopefully, you have already looked at your account. If not, click here to do so, https://my.avast.com. Now I’ll point out some important features that you will find useful.
The top 5 features in your Avast Account
- 1. The whole point of the MyAvast Account is to manage multiple devices from a single portal. If you have registered Avast products on multiple devices using multiple email addresses, you can pair these devices and email addresses to your account which lets you see all licenses in one place. You’ll see the license validity and expiration date for each device.
If you get a new device this CyberMonday and want to remove an old one, then you can easily remove the old device from the account. Go to the Device overview page, choose Settings, and delete from the account.
- 2. For all you Android smartphone users out there, the most important feature is our Avast Anti-Theft mobile security application. We improved the design, and also completely revised and simplified the commands.
- To see what I am describing, log into your account > Go to Devices > Click on your smart phone. In this screen you can see the most important commands that allow you to control your device. With one click you can locate your device, mark your device as lost, inform us and send notifications to your “safe” friend, transfer all calls and SMS to a new number, turn the siren on a lost device, or lock the device remotely. If you have Avast Mobile Premium, then you will have additional commands at your disposal. If you suspect your phone has been stolen, you can take a picture of the thief or record audio in addition to other cool options.
- 3. Avast Awards is a redesigned and interactive system where you earn free Avast products by recommending Avast to your friends. For sharing Avast using your own personalized link, carrying out certain tasks, and using our products you will be rewarded Karma points and Badges. For now, you can obtain a license for Avast Internet Security and badges for participating in our community or being a long-term Avast user. In the future, we may offer other premium products, so check back every once in a while.
- 4. Stay informed with our News widget (on the main account page on the bottom right), where you will see news from our blog and Facebook feed. This provides a great overview of security and privacy news. We invite you to follow and Friend us.
- 5. For those of you who like nice design, you will appreciate the updated Metro style of the portal, and your choice of themes. Visit Settings (the gear icon in the top right corner) and apply the one you like best.
Social Media Security is an additional feature that is in beta now. We wrote about it this past summer in the blog, New avast! Account with Facebook Security is here. Join Beta testing.
This feature helps you identify Facebook posts and photos that pose a threat to your privacy, security, and reputation. In addition to your own Facebook profile, we also monitor your friends network to keep you safe and secure.
Our developers and product managers will continue to work on improvements to the MyAvast Account. If you have any questions, comments, or suggestions, do not hesitate to participate in the dedicated Avast forum board. We look forward to your feedback!
Black Friday and Cyber Monday abound with deals on laptops. When you purchase a new laptop one of the first things you should do is make sure that it is secure with your choice of antivirus protection.
You will probably find that antivirus is already pre-installed, for example, Windows Defender is built into devices that use Windows 8 and Windows 8.1. Among Windows 7 users, Microsoft Security Essentials is on most devices. When users change antivirus protection, the top product enabled is, you guessed it, Avast Free Antivirus.
You should replace Microsoft Security Essentials
Initial praise for the software (MSE) has turned to disappointment and it’s now clear that a third-party antivirus remains the best pick even for users who don’t want to pay,
wrote Matt Smith in a makeuseof.com article called Why You Should Replace Microsoft Security Essentials With A Proper Antivirus. Mr. Smith recommends Avast Free Antivirus.
Same goes for Windows Defender.
If you’re relying solely on Windows Defender for your antivirus protection, you’re anything but defended,
wrote Jill Scharr for Tom’s Guide.
Out with the old, in with the new
We strongly recommend to uninstall previously installed antivirus applications before installing Avast Antivirus on your computer. You can find a list of vendors, from A to Z, that provide a special removal tool to uninstall their antivirus software on our FAQ page. We recommend you follow their instructions before proceeding with the uninstallation.
Avast is most trusted worldwide
For the second year, Avast Free Antivirus has taken first place in the Worldwide Antivirus Product Market Share as measured by OPSWAT. With 220 million people, mobile devices, and computers protected by our security applications, Avast is the most trusted mobile and PC security in the world.
Cybercrooks believe that their attacks are more likely to succeed during the holiday shopping season.
Retailers have been “leaking” special Black Friday deals since before Buffalo got covered in a snow wall, and that flurry of sales results in the annual spike that carries them through the rest of the year. But analysts who study these things warn that cybercrooks are riding the sales wave with a surge in attacks due to relaxed security measures.
The Wall Street Journal quotes Gartner Inc’s vice president Avivah Litan,
Retail transaction volume increases by 50% during the holidays and retailers don’t want to stop to slow the pace of business, so they relax fraud controls to some degree. Criminals know they’re likely to get away with more.
Yikes! That’s not good news for consumers, especially since we are swiping our credit and debit cards at places like Target, The Home Depot, and Neiman Marcus – all victims of point-of-sale terminal hacks this year. Experts have advised retailers to take action, like upgrading terminals with new technology and enabling chip embedded cards, but all that takes time to implement.
It’s not much better online. Attacks during last holiday shopping season, November 14, 2013 through January 9, 2014 increased by 264% over the weeks prior to that time, says security company Imperva.The reason?
Cybercrooks believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed. Isn’t that what the Gartner analyst said about brick-and-mortar retailers?
The reasoning is similar – in order not to annoy shoppers who can go elsewhere, online retailers relax strict security measures such as step-up authentication and Captcha. Add that easy check-out to all those new Black Friday and CyberMonday quick campaign webpages, (“bad design, unsafe coding, and usage of insecure third-party libraries”) and cybercrooks get an early Christmas present in the form of your credit card number and possible stolen identity.
How to protect yourself during Black Friday
- Stay home on Thursday Celebrate Thanksgiving with your family. That way you can safely eat too much and watch football and movies while avoiding the crazed crowds trying to jump the gun on Black FRIDAY sales.
- In God We Trust, All Others Use Cash Use cash or a credit card when paying for your purchases. With a credit card, you can dispute charges, if your financial data falls into the hands of cybercrooks.
- Change your passwords. Please don’t use the same password for online shopping sites that you use for your bank. When you do it’s like wrapping it in fancy paper and a bow – it’s that easy for a cybercrook to get to.
- Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate. Monitor your credit report for any changes.
This is your chance to be an Avast beta tester!
Avast customers who have Android smartphones and tablets have played a significant role in the development of our mobile products. Now you can be part of the team by participating in our new beta version of Avast Mobile Security!
Why you should be an Avast beta tester
- YOU GET EXCLUSIVE ACCESS – Participants in the Avast Mobile Security Beta program have access to early versions of our Avast Mobile Security application. You get to be the first one to see all the new functions, before the official release.
- YOU HELP CREATE THE PRODUCT – When you are a beta tester, we want your feedback, so that means that your suggestions and your critical evaluation of the application actively influence how Avast Mobile Security will work and what it will look like in the future.
- YOU ARE AN ELITE MEMBER OF THE TEAM – We are looking for people with vision and enthusiasm from all over the world. You are not an ordinary Avast user – we identify you as a powerful influencer and we listen to what you have to say.
How to become an Avast beta tester
- Join our beta community on Google+
- Click on the Avast Mobile Security (beta) link
- Click on BECOME A TESTER
- Download the beta version through Google Play on your device
Join our Google+ Beta Testers community to test the latest version and give your feedback and suggestions.
The average US family owns four mobile devices, plus Internet-connected computers and other devices. Your Avast Account helps you manage their security.
Keeping your security software up-to-date on all of these devices can quickly get confusing, and with today’s risks you want to make sure everything has adequate protection. Your Avast Account can simplify that task greatly.
Here’s what you get with an Avast account
Management made easy
- Register any Avast free product which you have installed and which requires registration.
- Manage multiple Avast-protected devices (PC, smartphone, tablet) from one place.
- Remotely control Android mobile devices with Avast Mobile Security and Avast Anti-Theft installed. This is especially useful in case of loss or theft of the device .
Information at your fingertips
You can find information about your connected devices.
- License status
- Expiration date
- Basic statistics
- Version of virus signature database
- Logs of activities, and more
Earn Avast Reward points for free stuff
You can generate your own special Avast Free Antivirus link to give to your family members and friends. When they download their own protection using your link, you collect “Karma” points to earn a free copy of Avast Internet Security. In your Avast Account, you can see how many points you have, earn badges and even see how you’re doing compared to other users.
Give Avast feedback
We provide links to the Avast Community Forum where you can ask questions of our experienced “evangelists,” and the Feedback page, where you can give suggestions, report a problem, or just say thanks.
Secure your Facebook profile
You can secure your Facebook profile using Avast Social Media Security. We help you navigate thorough the frequently changing security and privacy settings in Facebook. In the future we plan to add security profiles on other social networks.
How do I get an Avast Account?
New registrations of Avast Free Antivirus will automatically create an Avast Account and connect your device automatically. Visit https://my.avast.com or click Account in the Avast user interface. Use of the Avast Account for accessing other Avast services is completely optional.
NOTE: It’s especially useful to connect any mobile devices that have Avast Mobile Security installed because it gives you remote control over your device if the device is stolen. These remote control features have not yet been implemented for PC or Mac devices, therefore if you are not interested in the activity log or other information, you don’t have to connect your device to your Avast Account at all.
When you do connect your device, please be patient because of the large amount of data we have to process; the device status isn’t updated in real-time. It could take up to a half hour before the actual security status and other device information appears on the devices page, so check again later.
The Home Depot security breach last spring has gotten worse. In addition to the 56 million credit-card accounts that were compromised, around 53 million customer email addresses were also taken, according to a statement from Home Depot about the breach investigation. Home Depot assures its customers that no passwords, payment card information like debit card PIN numbers, or other “sensitive” information was stolen.
The breach occurred when cybercrooks stole a third-party vendor’s user name and password to enter their network in April 2014. The hackers then deployed unique, custom-built malware on Home Depot’s self-checkout registers in the United States and Canada.
The company said that as of September 18, the malware had been eliminated from the network.
Request your free identity protection
The Home Depot is notifying affected customers and still offering free identity protection services, including credit monitoring, to any customer who used a credit or debit card at one of its 2,266 retail stores beginning in April. Customers who wish to take advantage of these services should visit homedepot.allclearid.com or call 1-800-HOMEDEPOT (466-3337).
Home Depot said that customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony emails.
- Review your credit card statements carefully and call your bank if you see any suspicious transactions.
- Be aware of phone calls or emails that appear to offer you identity theft protection but are truly phishing schemes designed to steal your information. Always go directly to The Home Depot’s website or to the AllClear ID website, or call Equifax for information rather than clicking on links in emails.
Get more information from Home Depot’s Facebook page.