Be aware that cybercrooks send “special” offers via fake email campaigns during the holiday season.
The holiday season is a time for decorations, cheerful music, shopping, spending time with loved ones, and unfortunately, for cybercriminals hoping you will fall for phishing scams.
“Cybercriminals use the same tactics they always do, but target people more during the holiday season with “special” offers via fake email campaigns. These fake email campaigns can trick people into downloading malware and/or can trick people into giving attackers their personal information”– Jan Sirmer, senior malware analyst at Avast.
We decided to take a look at a few recent examples of malicious emails, more specifically their email subject lines and the email addresses they were sent from. Our goal was to see how cybercriminals are taking advantage of the holiday season.
Here’s what you should look out for:
The Fake Holiday Offer
Whether it be membership offers or special shopping deals, be cautious of the offers you receive around the holidays by email. Some of them might be too good to be true and are fake or some may come from trustworthy businesses whose email accounts have been hacked. Here is an example:
‘CHRISTMAS OFFERS.docx’ From: “Nicole*” <Nicole@fitfunfitness.co.uk*
This could be a tempting offer, especially if your upcoming New Year’s resolution is to lose weight. The original email address belongs to an actual business owner, lending credence to the scam. Unfortunately, cybercriminals understand this and misuse business email addresses, such as this, to send out phishing emails to customers, because they know customers trust the business and there is a better chance they will fall for the scam.
Traveling can be stressful, but even more so during the holiday season. AAA projects that the number of year-end holiday travelers in the U.S. will top 100 million for the first time on record. Nearly one in three Americans will travel this holiday season and more than 100.5 million are expected to travel than 50 miles or more from home.
The one thing you really want to make sure you protect while you travel is your smartphone. Not only may you have your boarding pass on your smartphone, but more importantly, the hardware is expensive and it most likely contains a plethora of personal data.
There are two main ways your phone could be compromised while traveling, especially during the holidays: physical device loss and network threats.
Have an anti-theft app installed
Airports and train stations will be bustling with people, you may have to dash to catch a flight or make a pit stop during a long car ride. In all of these situations, your phone is at risk –physical risk. Pickpockets prefer to work in high density areas, and it’s easy to lose things like your phone when you’re in a rush.
The holiday season is coming up and we expect that many will opt to shop online to avoid the big crowds in city centers, malls and stores.
In America, Cyber Monday, the cyber version of shopping day Black Friday, was born in the mid 2000s. Cyber Monday sales have steadily increased since its inception and according to IBM Digital Analytics, sales grew 8.5% in 2014. According to ComScore, purchases are now also being made from smartphones with overall spending from mobile devices in the millions.
Americans aren’t the only ones who have embraced Cyber Monday, many other retailers around the world have come together to offer deals on the Monday after U.S. Thanksgiving and in China, Singles’ Day (November 11th) has become a major ecommerce day with 27,000 online merchants participating in 2014.
This is not only an exciting time for online retailers and online shoppers but also for cyber criminals. I spoke with our senior malware analyst, Jaromír Hořejší about how cybercriminals are preparing for Cyber Monday:
The season finale of Mr. Robot left me asking myself many questions. The big question that most of the characters in the show asked themselves as well was: Where is Tyrell?
What exactly happened while Elliot was in Tyrell’s car? Did Tyrell execute the plan to bring down E Corp or did Elliot? Why is Angela now working for E Corp? Who really put that video of Elliot falling from the boardwalk on the James Bond-like sunglasses USB stick? Did Angela really have to go shopping for designer shoes after James Plouffe’s suicide? Does she not own more than one pair of high heels? Who is knocking on Elliot’s door at the end of the episode?
I admit, I initially stopped watching as the credits came, but then I read online that that was a big mistake. There is a scene that comes after the credits, which, of course, left me asking myself two more questions: Why is White Rose meeting with the CEO of E Corp? Does E Corp really know that Elliot is behind the take down?
However, one very important question that I have been asking myself for the last 15 years was finally answered in this episode. FSociety let the dogs out.
In addition to the numerous plot questions, I had two technical questions after watching the episode. I sat down with senior malware analyst, Jaromir Horejsi, who kindly answered my questions for me.
This week’s episode of Mr. Robot continued from where it left off last week, focusing on the show’s characters rather than hacking methods. We see Elliot struggle with himself as he figures out that Mr. Robot is his dad (who died years ago), who he has been imagining in his mind. Meanwhile, Tyrell’s world is crumbling. His wife gave birth to a baby boy, but tells him she does not want to be with him unless he “fixes things”. He then gets fired from E Corp and remains as the prime suspect in Sharon’s murder investigation. It doesn’t look like Tyrell did a very good job of fixing things, if you ask me…
Despite the lack of hacking, I did have a few questions about the final scene of the episode. I spoke with my colleague, senior malware analyst Jaromir Horejsi, who helped me better understand FSociety’s plan.
In the last scene of the episode, Tyrell pays Elliot a visit. Tyrell tells Elliot about how he murdered Sharon and how surprisingly good that felt. Elliot then decides to tell Tyrell about his plan to take down E Corp. Elliot explains to him that by encrypting all of E Corp’s files, all of their financial records will be impossible to access as the encryption key will self-delete after the process completes.
This week’s episode answered A LOT of questions — we met the infamous White Rose and found out why the Dark Army backed out of the planned takedown of Steel Mountain a few episodes ago, we found out why Cisco blackmailed Ollie into infecting AllSafe with malware and we (kind of) found out who Mr. Robot and Darlene really are! Although many of my questions were answered in this episode, I also found myself asking “what?” and “why?” throughout it. What is a honeypot? What is reverse engineering and why is Tyrell talking to Mr. Robot? Why is Tyrell happy about Fsociety hacking E Corp? I turned to my colleague Ivan Jedek, malware analyst at Avast, to get some answers to my questions. Read more…
In February, Avast launched the world’s first free, easy to use, cloud-managed security offering, Avast for Business, protecting SMBs from viruses and cyberattacks. We conducted a survey amongst our Avast for Business users in the UK to gain further insight into how local SMBs handle their security.
Nearly three-quarters (73%) of respondents said that 100% of their company’s employees use the Internet. Businesses, whether small or large, retail or non-profit, often have a database of valuable customer data, making them an attractive target for cybercriminals.
Cybercrooks use social engineering to attack businesses, tricking employees via phishing scam to, for example, gain access to a company’s network. Despite the high number of data breaches, 57% of SMBs in the UK invest only 0-2% – little to nothing – of their IT budget on security.
Who handles IT support services for SMBs in the UK?
- 1 out of 10 said an employee (not a designated IT admin) handles the company’s IT support services
- Nearly 50% have an in-house technician
- 1 out of 10 have an external supplier/technician handles the company’s IT support services
- 28% of SMB business owners handle their company’s IT
More than half of SMBs in the UK allow their employees to access company data from their personal devices. Bring your own device (BYOD) is a convenient practice SMBs have embraced, as it saves costs and encourages productivity.
However, BYOD can be risky, if not handled properly. Not only can hackers target the device to gain access to sensitive corporate information, but if the device is lost or stolen, the company data stored on it goes with the device. More than half (52%) of SMBs authorize employees to access corporate data on personal devices, yet the majority (54%) doesn’t run a BYOD scheme.
Losing valuable and confidential data (31%) is the greatest security risk to UK SMBs along with productivity (23%) and losing customers (16%). We asked our business users if a virus or threat had infected them before switching to Avast for Business. When it came down to it, threats and hacks cost six out of 10 businesses productivity, followed by data loss (19%).
Types of security solutions SMBs used prior to switching to Avast for Business:
- More than half (55%) used free consumer security solutions
- 23% used premium business security solutions
- Nearly one out of ten used premium consumer security solutions
- Nearly one out of ten either do not know what kind of security solution they used before switching to Avast for Business or did not use any security solution (3%)
If your SMB has a low IT budget or if your business is currently using a consumer security solution, make sure you check out Avast for Business. Avast for Business is FREE and can be downloaded here.
This week’s episode was pretty intense — although not so many hacks took place, this week focused on meaningful development of the show’s characters. The episode opened with a flashback to when Elliot and Shayla met; we now know where he got his fish and that he is the reason Shayla got involved with Vera. Then we move onto Angela, who has gone forward with her plan to get justice for her mom’s death, but she isn’t the only one on a mission. Tyrell continued in his fight to become CTO of E Corp – going a little too far (even for his own comfort) during his private time with Sharon, the wife of the newly-appointed E Corp CTO.
Despite the fact that there were no major hacks, there were a few interesting scenes I sat down to talk about with my colleague, Filip Chytry, security researcher at Avast.
This week’s episode of Mr. Robot was an exciting one for us here at Avast – our product made an appearance on the show! In addition to the exploit Avast blocked, there were many other interesting hacks in this week’s episode, which I discussed with Avast security experts, Filip Chytry and Jiri Sejtko.
Minute 7:00: Elliot is in his apartment with Isaac and DJ. Something about Vera’s brother, Isaac, bugs Elliot and what does Elliot do when he is bugged by someone? He hacks them!
Stefanie: We see Elliot once again turn to the Linux distribution, Kali, to hack Isaac’s cell phone. He seems to do this within a matter of seconds, how easy is this to do? Later on, when Elliot visits Vera in prison, we learn what Elliot plans to auto-send information from Isaac’s phone to himself. This seems really intrusive and couldn’t Isaac just get a new phone?
Filip Chytry: This is a more advanced hack and unless Elliot had everything prepped before they entered his apartment, this would taken a lot more time to execute (but this is a TV show, so things sometimes happen faster on TV then they do IRL). The Linux distribution Kali, a popular tool for penetration testing, can be used to plant code on a device. But, Isaac’s phone would have had to be connected to either Elliot’s Wi-Fi network or Elliot could have set up a fake Wi-Fi hotspot using a popular network name like “Starbucks Wi-Fi” or “ATT Wi-Fi”, a Wi-Fi network Isaac’s phone had connected to before and would connect to automatically. Elliot would then use Kali to exploit a vulnerability in Isaac’s phone and plant code to send information from the phone to Elliot’s chosen destination. Since Elliot told Vera about this, Vera could have told Isaac and Isaac could have gotten a new phone, but Isaac was not given a happy end in this episode…
Get your small business up and running with free software.
Getting a new business off the ground is not an easy task and can be quite costly, but there are a lot of free software and services available online that your new or small business can use as an alternative to paid-for products.
Here is a list (in alphabetical order, so no favorites ) of some you will find useful:
Avast for Business – cloud-managed security
Avast not only provides consumers with free security, but we also provide small and medium sized businesses with free cloud-managed protection. Avast for Business is easy to install and can be managed from anywhere and at anytime.
Facebook Page – alternative to building your own website
If you’re a restaurant owner or a small boutique you could also, either in addition to or instead of hosting your own website, create a Facebook page for your business. You won’t be able to sell items online, but you can add your business’ address and directions, opening hours, a description of your business and post images and status updates to inform your customers of new items on your menu or of new items available for sale in your store.
Fundera – loans for your business
Fundera is a free service that offers you loan options and lets you choose the one best suited for your small business. All you need to do is fill out a short questionnaire and then you are presented with loan products, lenders and rates and can apply to the lenders that fit you best with only one application.