How’s this for a good phishing scam? Everything seems legit:
1. From email is “firstname.lastname@example.org”
2. No misspelled words and has decent grammar (however, some punctuation inconsistency)
3. Copyright (c) symbol next to the university name
4. Gmail did not filter it as spam, but left it in my normal inbox
Yes, if I had ever attended that particular university, I might have fallen for it.
PLEASE NOTE: University of Texas has nothing to do with this email.
It’s that time of year again for Americans. You have received your W-2 and are eager to file your tax return, especially if you anticipate a refund. Every year, the Internal Revenue Service (IRS) warns taxpayers to beware of phishing scams used by con artists to steal your identity, cash, and sense of security. This year is no different.
Phishing takes many forms, but usually involves unsolicited email or messages via social media and a fake website that poses as a legitimate site. The danger is that if you follow the link the scammers provide, you could end up with a malware infection, such as a Trojan that logs your keystrokes and allows a hacker to gain access to your bank accounts, or you could provide valuable personal and financial information that exposes you to identity theft. Here are some recent examples:
Classic phish: Last tax season, a bogus email warned recipients they would be penalized up to $10,000 for not filing their taxes by a false deadline of January 31st. They were instructed to follow a link which went to a phony site that appeared to be the official IRS website. They were asked to provide personal or financial information that could be used by scammers and identity thieves.
Don’t be misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov. Read more…
Question of the Week: I’m a gamer who also banks and shops online. Am I at risk for identity theft?
Your activities online can potentially make you more vulnerable to identity theft. How many times a month do you access your bank account online? How many email addresses do you have? Do you like to try previews of new games? These questions can help you determine your exposure to identity theft.
According to the Federal Trade Commission, it takes people an average of six months and 200 hours to recover from identity theft.
StaySafeOnline, the organization behind National Cyber Security Awareness Month, of which Avast is a proud champion, has an Online Identity Risk Calculator that can help you know if you’re at risk. Players answer some questions to find their personal identity risk score and get practical tips on keeping their online identity protected. Play now!
Cybersecurity begins with STOP. THINK. CONNECT. These three simple steps are the starting point for staying safer and more secure online.
- STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems. An obvious step is to install antivirus protection. For the risk averse, we suggest avast! Internet Security with SafeZone, an isolated environment that keeps your sensitive transactions private.
- THINK: Take a moment to be certain the digital path ahead is clear. Watch for warning signs and consider how your online actions could impact your safety or your family’s.
- CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.
Avast Software is proud to be a champion that supports National Cyber Security Awareness Month with news and tips on how, together, we can make a safer digital society.
Recently, we’ve noticed that there are too many legitimate domains popping up in our url filters with malware. At first we thought we had a huge false-positive (FP) problem, but after analysis we found a pattern.
All of the referring links came from the Russian Odnoklassniki server, which is a quite-popular Russian social network. Users of that network are getting fake messages with links to photos.
As we have recently mentioned on our blog, October is National Cyber Security Awareness Month. And I’m sure we will post more to raise awareness of the risks you personally face, the risks to the institutions you do business with, and to the government itself.
Today, though, I want you to start to broaden your outlook on this issue. While you are getting acquainted with new threats like nation-state funded attacks, cyber-terrorism, and hactivism, I’d also ask you to look at some of the things our legislatures have been proposing in the name of cybersecurity. This includes early efforts to protect critical industry sectors our energy grid or banking systems against cyberattack, and requirements that we move beyond passwords when we access Web sites where we perform transactions or access personal data. As all these initiatives come with costs, none have universal support. But some cybersecurity proposals have generated more controversy than others, including: like the SOPA and PIPA bills that coddled the media industry by conflating digital piracy with cybersecurity and whose proposed remedies would have create a regime of censorship, or the federal development and control of a so-called “Internet Kill Switch“.
There will continue to be a lot going on here legislatively, and anything that changes the government’s role in the Internet will affect you as well. So let’s make also do our job as responsible, informed citizens. Let’s make October National Cybersecurity Policy Awareness Month. Let’s get educated, and involved.
I’ve kept a NETWORKWORLD.com article open in my web browser for the last 9 days, hoping to have time to read it. Today I finally did read it, and it’s worth sharing. And, it was actually short enough that I could’ve read it 9 days ago.
Among the largest data breaches you’ll find: credit card companies, government agencies, utility companies, universities, and hospitals.
Read more here, initial data courtesy of Identity Theft Resource Center: http://www.networkworld.com/slideshow/52525
If your organization needs great network security, take a look at our new line of avast! Endpoint Protection.
An estimated $465 billion will be spent this holiday season. A big chunk of a family’s expenses come from holiday travel. The American Automobile Association (AAA) projects that U.S. travel during the Christmas and New Year’s holiday weekends will increase 1.4 percent from 2010 to the highest level in five years. Cybercrooks create new travel scams and recycle tried-and-true ones to help relieve you of some holiday cash. Here’s a run-down on some popular travel scams, and what you can do to avoid them, while you prepare to visit Grandma or go skiing this Christmas.
Gasoline Rebate Card
Eighty-three million travelers will take to the open road rather than fly the friendly skies this holiday season, and they’re all looking for the cheapest gas station. The average nationwide price of regular gasoline has increased 6.2 percent to $3.264 a gallon this week, according to AAA data. Attractive offers for free gasoline vouchers and rebates are sent to mailboxes, email accounts and offered by telemarketers. The idea is that you activate your account on the phone or through online registration, sometimes pay a registration fee (red flag!), buy a certain amount of gas from a certain brand, then send in the receipts within a certain time, and supposedly get rewarded for following directions well with a gift card for free gasoline. Only it doesn’t work that way. Consumers never receive the gift cards and have willingly given away personal information. Read more…
The holiday season brings a flurry of email scams to inboxes everywhere. Be aware of these popular ones, so the CyberGrinches don’t steal your Christmas.
The six weeks between Thanksgiving and New Year’s is the traditional “giving season” in the United States. According to a recent holiday giving survey, the average holiday donation this year will be $281. People who give online said they would contribute even more, an average of $378, and scammers are out to get a portion of that. Read more…
Black Friday, the day after Thanksgiving and the busiest shopping day of the year, starts at midnight November 25th with mega-sales running throughout the weekend. Cyber Monday, the online retail equivalent to Black Friday, is the time when many consumers, who didn’t want to fight the crowds over Thanksgiving weekend or failed to find what they were looking for, shop online that Monday from home or work.
“For our US friends especially, this weekend is when retailers, offline and online, offer the best deals of the year,” said Jindrich Kubec, senior virus analyst at the AVAST Virus Lab. “It’s also when cybercriminals become hyperactive with scams and fraudulent offers.”
Our original blog entry about an malicious version of an IncorporateApps Android application called “Walk and Text” generated some very contentious comments from the author/distributor/publisher of the legitimate application. So, we decided to rewrite the posting to make things a bit clearer:
One of our analysts received (from one of their friends) the SMS that you see down below. We thought it was intriguing and we decided to investigate. We found the infected “Walk and Text” application on the internet (it is not of course on the official Google marketplace) and tore it apart.
We initially thought it was just a classic Android Trojan. Since the bad guys do like to hide viruses/Trojans inside pirated applications, this seemed a very reasonable explanation. The application was also signed but with a profane signature and thus there was no way it would ever be published on a legitimate marketplace. It did two things. First, it sent the above-mentioned SMS to the contacts in the user’s Android phone contact book.