Cybercrooks target busy holiday shoppers with phishing scheme.
After all that shopping on Black Friday and Cyber Monday, consumers are reporting a bunch of phishing emails that look like authentic communications from poular stores. Malware-infected emails are reportedly coming from Walmart, Home Depot, Target, and Costco. The catch is these are not from the authentic merchants, but rather cybercrooks are using a phishing scheme to send fake emails with the intent to gather personal information from harried shoppers.
Millions of these emails are being sent each day, originating from more than 600 hacked websites that act as intermediaries, according to security analysts from Malcovery monitoring the attacks. This method prevented detection by causing the spammed links to point to websites that had been safe until the morning of the attack.
The messages have subject lines like this:
- Thank you for your order
- Order Confirmation
- Thank you for buying from Best Buy
- Acknowledgment of Order
- Order Status
If you receive one of these emails, don’t click on any links. Instead, visit the merchant’s website or call their customer service. Don’t give any personal information out unless you know for sure with whom you are speaking.
Signs of a fake email
Unfortunately, cybercrooks are becoming more professional with their scams, but here are a few things you can look for to tell a fake email from an authentic one.
- Poor grammar usage
- The Sender (the “from” line) may not match the merchant name
- Links in the email do not go to the real website
- There is no order confirmation number or details about the order. A real order confirmation email contains the details of your order without clicking on any links, as well as where it is being shipped and the payment method.
How to protect yourself
Walmart acknowledged that the fraudulent emails were in circulation and suggested these steps if you receive a suspicious email.
- If you actually placed an order and are suspicious about the email you received, log onto your Walmart.com order to check your order status.
- Keep your virus software updated on all your computers.
If you were a victim of fraud via the Internet, you should file a report with your local law enforcement agency along with the Internet Crime Complaint Center (ICCC). The ICCC is a partnership between the FBI and the National White Collar Crime Center. You can make a report with the ICCC.
Some webpages are giving away free codes for Playstation Network and Steam but, are they reliable?
At Avast we discovered a lot of webpages offering free codes, with a value from $20 to $50, for Playstation Network and Steam, two of the most important internet-based digital distribution platforms. Those webpages look very suspicious so we decided to analyze them.
We chose one of those webpages and followed all the steps required in order to get our “free code” for Playstation Network or Steam.
After a first look at the main page, we found some suspicious items. To prove how trustworthy the transaction is, the webpage placed two security “certifications” in a visible location, but as we discovered, no security companies are associated with those certifications. They are completely fake!
Also, there’s a label with user ratings (4 ½ stars!), but we cannot rate the webpage; it’s just an image. Both fake images make the users think that they are in a safe and reliable website.
What happens when we click on a gift card? Are we going to receive the code?
The answer is no.
Let’s see what’s next:
When we click on a gift card¸ instead of receiving the promised free code, we are asked to share a link with our friends in order to unlock the code.
Why do they do that?
When we share the link we are contributing to an increase in the number of visitors and, of course, the number of people that will try to redeem the “free code.” Keep this in mind, it will be important at the end of this post.
Ok, we already invited 5 of our friends and, in theory, we unlocked the code. Is this the last step? Are we going to receive the code now?
Again, the answer is no.
Looks like they don’t want to give us the code. Suspicious, right? So, what do they want now?
As we can see in the image, in order to receive our PSN code, we need to complete a short survey (like inviting 5 friends wasn’t already enough?!).
When we click on one of the surveys, a little pop-up with a message appears on the top of the screen. The message says: “You must use your VALID information while filling this offer out”.
Why do they need our VALID information?
Here’s the reason:
In order to receive the code, we need to introduce our phone number – our VALID phone number. But wait, before doing that, let’s read the text at the bottom of the page.
Surprise! It’s a premium SMS service with a total amount of 36,25€/month (>$40/month)! If we enter our phone number, we will be automatically subscribed to this premium service.
Remember the 5 friends you sent the link to? Well, now imagine how many people can fall into this scam just by sharing a link to 5 friends: 5+(5*5)+(5*5*5)+… creepy, right?
And of course, there’s no free code for your PSN or Steam accounts.
Unfortunately, there’s a lot of webpages using the same method to get user’s money. Also, there are other webpages offering software to generate codes. Cybercrooks create those
fake apps and get money from “download servers” because they bring
Tonda Hýža, from the AVAST Virus Lab, described those webpages as Adware due to the big amount of lies, advertisements and weird privacy policies.
Make sure you share this alert with your gamer friends J
We simply need to follow some rules to control and prevent system penetration and also bandwidth theft (and losing money!). Safeguard your valuable information available through your home wireless connection and do not be easy target for hackers!
Here are 12 ways to boost your router’s security:
1. Install your router in a safe place where the wireless signal is available only inside your own house. Avoid placing it near to a window.
2. Turn off WPS, the automated network configuration method that makes your wireless password more vulnerable to hacker attacks.Turn on WPA2 encryption and, if you can, protect it with a strong password.
3. Change the default admin username and password to a strong password. Do not use default passwords because they’re generated from well-known algorithms that makes hacker attacks even easier. Do not use your name, date of birth, home address or any personal information as the password.
4. Upgrade your router firmware to fix known vulnerabilities of the router.
5. Don’t forget to log out after managing the router, avoiding abuse of the authenticated browser sessions.
6. Disable remote management of the router over the internet. In a business environment, if you need this management, it will be safer to use NAT rules allowing SSH or VPN access only.
7. To prevent CSRF attacks, don’t use the default IP ranges. Change the defaults 192.168.1.1 to something different like 10.8.9.7.
8. To prevent ROM-0 abuse of your router (i.e., access to the secret data stored in your router: your ADSL login/password combination and WiFi password), forward port 80 on the router to and non-used IP address on your network. Check how-to here.
9. Set your router DNS servers to automatic mode (or DHCP) or for a static value that you manually set exactly according to your ISP.
10. Disable IPv6 on the router or, if you really need IPv6 services, replace the router with a IPv6 certified one.
11. You can save bandwidth and allow only specific computers or devices to access your WiFi even if they have the security key to enter. Find the computer MAC address (the “physical address” listed with the command line ipconfig/all at a cmd window). Into your router settings, you should look for the Mac filtering settings to add this identifier there.
12. Use a secure VPN in open/public WiFi hotspots. You can read more on how Avast SecureLine can protect PC, Mac and Android devices in these situations. If you cannot avoid using public WiFi, then try not to log in or enter your credentials (specially banking or credit card ones), but also your email and phone number. If you really need it, always prefer the secure protocol HTTPS (check the browser address bar).
Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution - You can find them online! The catch? Your contacts are in a publicly accessible place.
If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.
Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.
A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.
Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.
We found log in data inside those entries from countries like Greece, Brazil, and others
The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.“
Avast detects it as Android:DataExposed-B [PUP].
#GivingTuesday is a day dedicated to give from the bounty we have received.
After the shopping free-for-all of Black Friday, the local discoveries of Small Business Saturday, and the online click frenzy of Cyber Monday, people the world over have a day for giving thanks.
On Tuesday, December 2, 2014, charities, families, businesses, community centers, and students around the world will come together for one common purpose: to celebrate generosity and to give. ~www.givingtuesday.org
From supporting women’s microfranchises selling solar products in Nicaragua to supplying feed and services to a ranch in Arizona that helps save horses from abuse and neglect to constructing toilets in a school in West Bengal, there are a myriad of opportunities to spread your goodwill and your cash. It’s also an opportunity for cybercrooks to scam those with a generous heart.
What you need to know about charity scams
Charities and fundraising groups use all methods to solicit funds, so you could receive a phone call, a knock at your door, an email, a message via social networking sites, and even a text message on your mobile phone. Before giving your donation, carefully review a charity and ensure it is a trustworthy organization.
- Watch out for copycats. There may be hundreds of charities seeking support in the same category, and some may use a name that is similar to a better-known, reputable organization. Don’t fall for a case of mistaken identity.
- Avoid being pressured. Don’t succumb to high-pressure tactics that try to get you to donate immediately. Responsible organizations will welcome your gift tomorrow just as much as today.
- Give through a reputable, secure service. If a charity asks for donations in cash, by money wire, or offers to send a courier or overnight delivery service to collect the donation immediately, then beware. A genuine charity will give you time and a secure method to make your donation.
- When in doubt, check them out. The results of a Google or Yahoo search have been known to include bogus phishing sites designed to look like a legitimate charity’s website. Just look up scams around Hurricane Katrina, and you’ll see what I mean. Charity Navigator says,
- Carefully examine the web address. Most non-profit web addresses end with .org and not .com. Avoid web addresses that end in a series of numbers.
- Bogus sites often ask for detailed personal information such as your social security number, date of birth, or your bank account and pin information. Be extremely skeptical of these sites as providing this information makes it easy for them to steal your identity.
Many Avast users have protected their family member’s computers and mobile devices with Avast Antivirus products. In order to help you manage everyone’s security, our development team created a portal called the MyAvast Account. Our blog, Keep track of your family’s devices using your Avast Account, explains the basics.
Hopefully, you have already looked at your account. If not, click here to do so, https://my.avast.com. Now I’ll point out some important features that you will find useful.
The top 5 features in your Avast Account
- 1. The whole point of the MyAvast Account is to manage multiple devices from a single portal. If you have registered Avast products on multiple devices using multiple email addresses, you can pair these devices and email addresses to your account which lets you see all licenses in one place. You’ll see the license validity and expiration date for each device.
If you get a new device this CyberMonday and want to remove an old one, then you can easily remove the old device from the account. Go to the Device overview page, choose Settings, and delete from the account.
- 2. For all you Android smartphone users out there, the most important feature is our Avast Anti-Theft mobile security application. We improved the design, and also completely revised and simplified the commands.
- To see what I am describing, log into your account > Go to Devices > Click on your smart phone. In this screen you can see the most important commands that allow you to control your device. With one click you can locate your device, mark your device as lost, inform us and send notifications to your “safe” friend, transfer all calls and SMS to a new number, turn the siren on a lost device, or lock the device remotely. If you have Avast Mobile Premium, then you will have additional commands at your disposal. If you suspect your phone has been stolen, you can take a picture of the thief or record audio in addition to other cool options.
- 3. Avast Awards is a redesigned and interactive system where you earn free Avast products by recommending Avast to your friends. For sharing Avast using your own personalized link, carrying out certain tasks, and using our products you will be rewarded Karma points and Badges. For now, you can obtain a license for Avast Internet Security and badges for participating in our community or being a long-term Avast user. In the future, we may offer other premium products, so check back every once in a while.
- 4. Stay informed with our News widget (on the main account page on the bottom right), where you will see news from our blog and Facebook feed. This provides a great overview of security and privacy news. We invite you to follow and Friend us.
- 5. For those of you who like nice design, you will appreciate the updated Metro style of the portal, and your choice of themes. Visit Settings (the gear icon in the top right corner) and apply the one you like best.
Social Media Security is an additional feature that is in beta now. We wrote about it this past summer in the blog, New avast! Account with Facebook Security is here. Join Beta testing.
This feature helps you identify Facebook posts and photos that pose a threat to your privacy, security, and reputation. In addition to your own Facebook profile, we also monitor your friends network to keep you safe and secure.
Our developers and product managers will continue to work on improvements to the MyAvast Account. If you have any questions, comments, or suggestions, do not hesitate to participate in the dedicated Avast forum board. We look forward to your feedback!
After the previous articles you should be convinced that router vulnerabilities are one of the major concerns in network security. As you already know, the new Avast 2015 version includes a security feature called Home Network Security (HNS) which scans your network and router for vulnerabilities and prevent threats.
One serious problem occurs when when IPv6 (Internet Protocol version 6) is enabled (both by the ISP and on the router), but there is no IPv6 firewall being used. Which means that anyone on the Internet can access devices on the network (like printers, network disks, etc.). This is often the case because the routers are small, embedded devices that cannot handle IPv6 firewalling.
The main advantage of IPv6 over IPv4 is its larger address space: it allows 2128 or approximately 3.4×1038 addresses (or sites) which is an enormous number! In addition to offering more addresses, IPv6 also implements features not present in IPv4: it simplifies address assignment, network renumbering and packets processing.
In fact, a proper IPv6 firewall requires quite some processing power and RAM, so it’s no wonder that many of the cheap routers don’t have that functionality at all (or it’s not working properly).
The remediation is relatively simple: Just disable IPv6 on the router. In most cases, this shouldn’t have any impact on other services, unless they require IPv6 (in which case, it would be good to replace the router with something better which is IPv6 certified).
Avast Internet Security and Premium products offer full support to IPv6 for your computer on our silent firewall. Take into account that other devices, like network drives connected to the router won’t be protected.
Black Friday and Cyber Monday abound with deals on laptops. When you purchase a new laptop one of the first things you should do is make sure that it is secure with your choice of antivirus protection.
You will probably find that antivirus is already pre-installed, for example, Windows Defender is built into devices that use Windows 8 and Windows 8.1. Among Windows 7 users, Microsoft Security Essentials is on most devices. When users change antivirus protection, the top product enabled is, you guessed it, Avast Free Antivirus.
You should replace Microsoft Security Essentials
Initial praise for the software (MSE) has turned to disappointment and it’s now clear that a third-party antivirus remains the best pick even for users who don’t want to pay,
wrote Matt Smith in a makeuseof.com article called Why You Should Replace Microsoft Security Essentials With A Proper Antivirus. Mr. Smith recommends Avast Free Antivirus.
Same goes for Windows Defender.
If you’re relying solely on Windows Defender for your antivirus protection, you’re anything but defended,
wrote Jill Scharr for Tom’s Guide.
Out with the old, in with the new
We strongly recommend to uninstall previously installed antivirus applications before installing Avast Antivirus on your computer. You can find a list of vendors, from A to Z, that provide a special removal tool to uninstall their antivirus software on our FAQ page. We recommend you follow their instructions before proceeding with the uninstallation.
Avast is most trusted worldwide
For the second year, Avast Free Antivirus has taken first place in the Worldwide Antivirus Product Market Share as measured by OPSWAT. With 220 million people, mobile devices, and computers protected by our security applications, Avast is the most trusted mobile and PC security in the world.
Cybercrooks believe that their attacks are more likely to succeed during the holiday shopping season.
Retailers have been “leaking” special Black Friday deals since before Buffalo got covered in a snow wall, and that flurry of sales results in the annual spike that carries them through the rest of the year. But analysts who study these things warn that cybercrooks are riding the sales wave with a surge in attacks due to relaxed security measures.
The Wall Street Journal quotes Gartner Inc’s vice president Avivah Litan,
Retail transaction volume increases by 50% during the holidays and retailers don’t want to stop to slow the pace of business, so they relax fraud controls to some degree. Criminals know they’re likely to get away with more.
Yikes! That’s not good news for consumers, especially since we are swiping our credit and debit cards at places like Target, The Home Depot, and Neiman Marcus – all victims of point-of-sale terminal hacks this year. Experts have advised retailers to take action, like upgrading terminals with new technology and enabling chip embedded cards, but all that takes time to implement.
It’s not much better online. Attacks during last holiday shopping season, November 14, 2013 through January 9, 2014 increased by 264% over the weeks prior to that time, says security company Imperva.The reason?
Cybercrooks believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed. Isn’t that what the Gartner analyst said about brick-and-mortar retailers?
The reasoning is similar – in order not to annoy shoppers who can go elsewhere, online retailers relax strict security measures such as step-up authentication and Captcha. Add that easy check-out to all those new Black Friday and CyberMonday quick campaign webpages, (“bad design, unsafe coding, and usage of insecure third-party libraries”) and cybercrooks get an early Christmas present in the form of your credit card number and possible stolen identity.
How to protect yourself during Black Friday
- Stay home on Thursday Celebrate Thanksgiving with your family. That way you can safely eat too much and watch football and movies while avoiding the crazed crowds trying to jump the gun on Black FRIDAY sales.
- In God We Trust, All Others Use Cash Use cash or a credit card when paying for your purchases. With a credit card, you can dispute charges, if your financial data falls into the hands of cybercrooks.
- Change your passwords. Please don’t use the same password for online shopping sites that you use for your bank. When you do it’s like wrapping it in fancy paper and a bow – it’s that easy for a cybercrook to get to.
- Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate. Monitor your credit report for any changes.
It was great to see so many people who recognize the Avast brand and use our products at CARTES. We would like to say once more: Thank you so much! Every couple of minutes, we had a friendly visit from some of our fans and we always tried to talk to them for a while. Sometimes we got some interesting questions. We would like to share those that occurred the most.
1. Are you guys from the Netherlands?
No. Despite the orange color all over the place, Avast is a Prague- (that beautiful city in the Czech Republic that you read about in the travel magazines) based company with offices all over the world including Silicon Valley, Austin, Munich, and Hong Kong.
2. How do you make money if your products are free?
In general, we monetize our products both directly (via premium subscriptions or paid product versions) and indirectly (via ads in our applications, or partnerships / referrals, i.e.). On mobile, we are not making much money these days, compared to our desktop products. However, mobile apps are a great part of our product ecosystem. They help us build the brand and engage with people who use them. Our mobile products solve real problems and make the world a better, more secure place. In the future, we see a good potential to monetize mobile applications indirectly, due to our multi-million user base.
3. Why are you a better desktop Antivirus than XYZ?
“Better” is never a good word when talking about competition with modesty and respect. We have some compelling features in our Antivirus products. Check out the Home Network Security, SafeZone or process virtualization in our Avast 2015 version. Or you can try the Free version for yourself and compare our product with the Antivirus you have at the moment.
Did you like the article? Follow the author at @joshis_tweets.