Every day, millions of people get scam phone calls. In the U.S. alone there are more than 86 million scam calls each month.
Consumer phone scammers often use cheap robocalling services; automatic dialers that make thousands of phone calls every minute for a low cost. They hope to catch someone who is not aware of the system or hasn’t heard of phone scams. A recorded message will say you qualify for a special program to lower your credit card interest rate or that something is wrong with your computer. When you press a number to learn more, the scam kicks in. The unfortunate victims are often elderly people, recent immigrants, and young college students.
‘We have detected a virus’
The most popular type of phone scam is the bogus tech support claim. The one that has been around for a few years (also read Don’t be fooled by support scams) involves a caller claiming they are a computer technician employed by Microsoft, McAfee, or even, Avast. They say they have detected a problem, commonly a virus or malware, on your computer and can fix it for a fee – sometimes as high as $450.
Once the frightened consumer agrees, the phone scammer has them download software for remote access. You can imagine what changes a crook can make to computer settings which allows them access later.
Other tactics tech support scammers take include:
- Enroll their victim in a bogus computer maintenance program
- Collect credit card information to bill for services
- Install malware that can steal personally identifiable information like passwords and account numbers
A popular dating site and a huge telecommunications company were hit with malvertising.
Popular dating site Plenty of Fish (POF) and Australian telco giant Telstra were infected with malicious advertising from late last week over the weekend. The infection came from an ad network serving the advertisements that the websites displayed to their visitors.
Malvertising happens when cybercrooks hack into ad networks and inject malicious code into online advertising. These types of attacks are very dangerous because web users are unaware that anything is wrong and do not have to interact in any way to become infected. Just last week, other trusted sites like weather.com and AOL were attacked in the same way. In the Telstra and POF attacks, researchers say that a malicious advertisement redirected site visitors via a Google URL shortener to a website hosting the Nuclear Exploit kit which infected users with the Tinba Banking Trojan.
This week’s episode of Mr. Robot continued from where it left off last week, focusing on the show’s characters rather than hacking methods. We see Elliot struggle with himself as he figures out that Mr. Robot is his dad (who died years ago), who he has been imagining in his mind. Meanwhile, Tyrell’s world is crumbling. His wife gave birth to a baby boy, but tells him she does not want to be with him unless he “fixes things”. He then gets fired from E Corp and remains as the prime suspect in Sharon’s murder investigation. It doesn’t look like Tyrell did a very good job of fixing things, if you ask me…
Despite the lack of hacking, I did have a few questions about the final scene of the episode. I spoke with my colleague, senior malware analyst Jaromir Horejsi, who helped me better understand FSociety’s plan.
In the last scene of the episode, Tyrell pays Elliot a visit. Tyrell tells Elliot about how he murdered Sharon and how surprisingly good that felt. Elliot then decides to tell Tyrell about his plan to take down E Corp. Elliot explains to him that by encrypting all of E Corp’s files, all of their financial records will be impossible to access as the encryption key will self-delete after the process completes.
It is frustrating when your antivirus protection stops you from visiting a website that you know and trust, but these days even the most popular websites can fall prey to attacks.
This week security researchers discovered booby-trapped advertisements on popular websites including eBay, The Drudge Report, weather.com, and AOL. The ads, some of which can be initiated by a drive-by attack without the user’s knowledge or even any action, infected computers with adware or locked them down with ransomware.
Computer users running older browsers or unpatched software are more likely to get infected with malware just by visiting a website. Avast blocks these infected ads, but to be safe, please use the most updated version. To update your Avast, right-click the Avast Antivirus icon in the systems tray at the bottom-right corner of your desktop. From the menu, select Update.
“This kind of malvertising is a fairly easy way for cybercriminals to deliver adware or another malicious payload. Many websites sell advertising space to ad networks then deliver the targeted ads to your screen,” said Avast Virus Lab researcher Honza Zika. “All Avast users with current virus databases are fully protected against this attack, but those without protection or up-to-date security patches run the risk of being infected with ransomware.”
When it comes to security, it seems that Android has seen better days. A slew of vulnerabilities and threats have been cropping up recently, putting multitudes of Android users at risk. Certifi-gate and Stagefright are two threats that, when left unprotected against, could spark major data breaches.
Certifi-gate leaches permissions from other apps to gain remote control access
Certifi-gate is a Trojan that affects Android’s operating system in a scary way. Android devices with Jelly Bean 4.3 or higher are affected by this vulnerability, making about 50% of all Android users vulnerable to attacks or to their personal information being compromised.
What’s frightening about this nasty bug is how easily it can execute an attack – Certifi-gate only requires Internet access in order to gain remote control access of your devices. The attack takes place in three steps:
- A user installs a vulnerable app that contains a remote access backdoor onto their Android device
- A remotely-controlled server takes control of this app by exploiting its insecure backdoor
- Using remote access, Certifi-gate obtains permissions from others apps that have previously been granted higher privileges (i.e. more permissions) by the user and uses them to exploit user data. A good example of an app targeted by Certifi-gate is TeamViewer, an app that allows you to control your Android device remotely.
We’re happy to announce that Avast SecureLine VPN will now be preloaded onto ASUS notebooks. Avast SecureLine VPN is now being made available on the company’s popular notebooks worldwide (with the exception of China), making it possible to provide users across the globe with a secure online experience by protecting them from hackers and other vulnerabilities.
A few weeks ago in Toronto, Chelsea Clark and her boyfriend were snuggling in their own home watching Netflix together on his laptop. This sounds very similar to what lots of people do to relax at home in the evening. What makes this story stand out is that someone was in the room with them.
Turns out that the next day when Clark looked at her Facebook page, she saw intimate images of herself and her boyfriend from the night before sent from an unknown person. The person, identified as Mahmoud Abdul in Cairo, Egypt, uploaded the pictures with a message that said “Really, cute couple [sic]”. The pictures were apparently taken from the laptop’s webcam.
This type of story is not new. This past March, a young man turned himself into the FBI and was sentenced to 18 months in federal prison for the computer hacking of Miss Teen USA, Cassidy Wolf. He watched her through her computer’s webcam for months, and took intimate photos of her in her own bedroom. He then attempted to blackmail her, asking for money for not posting the videos and photos.
That online shopping increases day by day is not news. If you are an average user, you are probably already aware of the normal precautions and have taken them yourself. Ease of use and convenience when browsing for different products or searching for the best prices has improved greatly. However, at the same time, online threats and frauds have also increased exponentially. Therefore, from time to time, all of us must review our behavior and think again if our habits are secure.
Best practices while online shopping
1. Use your own computer or mobile device when shopping. It seems obvious, but you cannot trust a computer that does not belong to you, even your best friend’s computer. It might not have appropriate protection and it could already be compromised by malware. So, always use your own device, install an anti-malware solution and before you start doing anything that involves your money, scan your network to discover if it is safe.
This week’s episode answered A LOT of questions — we met the infamous White Rose and found out why the Dark Army backed out of the planned takedown of Steel Mountain a few episodes ago, we found out why Cisco blackmailed Ollie into infecting AllSafe with malware and we (kind of) found out who Mr. Robot and Darlene really are! Although many of my questions were answered in this episode, I also found myself asking “what?” and “why?” throughout it. What is a honeypot? What is reverse engineering and why is Tyrell talking to Mr. Robot? Why is Tyrell happy about Fsociety hacking E Corp? I turned to my colleague Ivan Jedek, malware analyst at Avast, to get some answers to my questions. Read more…
We all know how bothersome finding and connecting to Wi-Fi networks in public places can be — often, we encounter frustrating roaming fees or slow connection speeds in crowded spaces. At Avast, we want Wi-Fi connection to be a safe and simple process for our users. As a result, we’re currently working on new product that will help people to detect and connect to public Wi-Fi networks without any security risk.
Introducing Avast’s new product pioneering program
We’ve recently rolled out a new feature within Avast Mobile Security called the product pioneering program. This program helps harvest nearby Wi-Fi hotspots available for users when they need to connect to public Wi-Fi networks. The feature also supports the creation and growth of our own trustworthy and up-to-date hotspot database, which we need in order to deliver information about nearby Wi-Fi hotspots to our users. As we know that Avast users place great importance on their security and privacy, we are asking our users to lend us a helping hand in collecting and identifying hotspots in their local surroundings. This requires us to request the GPS position permission of our users during the installation or upgrading process of Avast Mobile Security.
Upon installing or upgrading Avast Mobile Security, users will receive an in-app notification that informs them of our product pioneering program. If a user chooses to opt in to the product pioneering program, it is only then that his or her GPS location information will actively be gathered.