Yesterday on our blog, avast! Virus Lab researcher Jaromir Horejsi, explained a banking Trojan called Tinba. Also this week, we told you about an email that Avast evangelist, Bob G. received claiming that he won money in a World Cup lottery. The cybercrooks behind that scam cast a wide net, hoping to catch a few people then ask them to provide banking information so they could deliver the prize.
The cybercrooks behind Tinba and Bob’s lottery email use a social engineering technique called spearfishing to target its victims. Spearphishing is similar to the classic technique called phishing which uses authentic-looking emails to lure the victims to fake websites, then trick them into revealing personal information.
Cybercrooks use emotional hooks to lure you in
Other high profile phishing attempts, like the DHL email scam that ran last Christmas, preyed on the anxiety of the holidays. An email that looks like the real thing from DHL was sent, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data. It’s not hard to understand why busy people can be fooled.
Spearphishing is similar in every way to phishing except that the net is drawn in much tighter. The FBI says that cybercrooks target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The emails are seemingly sent from organizations or individuals the potential victims would normally get emails from, making them even more deceptive. This is what is happening with the Tinba Trojan right now in Czech Republic.
In both social engineering schemes, once the victim clicks, they are led to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
How to avoid becoming a spear phishing victim
- Most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well).
- Use a phishing filter. Both avast! Internet Security and avast! Premier include anti-spam filters to detect phishing and scam emails.
- Never follow a link to a secure site from an email; always enter the URL manually.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Christmas time is essentially connected with buying presents. There’s a lot of stuff to be done and a lot of opportunities to buy a present in an e-shop to save time. Who doesn’t know someone who buys a Christmas gift online?
The malware authors know and are very keen to take advantage of it. We see scam emails containing order or delivery details every day and they have a lot of common. In fact, it’s nothing new. Such methods are used constantly during the year, it’s nothing special connected to Christmas. However, Christmas is the reason why many people might be fooled. Let’s look at them in detail.
Imagine you are customer waiting for a present to be delivered. You get anxious and check your email waiting for order details. You are probably the most vulnerable at this time. Then you get an email from DHL, the well-known parcel delivery service, with a notice saying that the shipping details are in an attachment. In that moment of relief, you click on the email attachment. It turns out to be a zip file containing a file named DHL-parcel.exe. The strange thing is the file extension looks like regular PDF file because it has the same icon. In fact, it is malware.
Back in the good ol’ days of Halloween, you only had to worry about your house getting egged or your big brother stealing the good candy. Halloween tricks have moved online, and along with any significant event or holiday, this spooky celebration marks an increase in malware. Cyber ghouls pull out their bag of tricks – rogue apps, scams, and email attachments, to name a few classics – all to get unsuspecting people to click on a link in order to steal credentials.
Here are a few tricks to be aware of:
Bad video links and rogue apps
In the weeks before Halloween, searches for holiday-related items like costumes and pumpkin carving increase. This example of a search for “Halloween costume make your own” came from Glen Newton of Wired’s Innovation Insights. He wrote,
The website that came up at the top of the list has a link to a video that promises to show you how to make one for under $15 in materials, requiring only basic sewing skills – just what you were looking for. You click, and there it is, but the video doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click.
You can guess what happens next. No, someone in a Ghostface is not looking in your window. Rather, when you click to download, a warning pops up that your PC is infected with multiple instances of malware. But don’t you already have virus protection? You immediately assume that it’s not working, plus you remember that you haven’t backed up your files in months (cue the Psycho music). Panic ensues.
The scan window…show(s) you third-party software that can remove the malware… Fortunately, it’s not a budget breaker: $39.95 for a year’s license. The web page includes graphics that show several certifications with which you’re unfamiliar, so you figure it must be safe.
Instead of finding out how to make a costume, you end up selling your soul to the devil. Well, not quite that bad – but you give personal information and your credit card number to buy a malware removal program. After the purchase is made, you still can’t access the video. Meanwhile, the personal information and credit card data you gave away is being sold to the highest bidder on underground crime webs, and your real antivirus has been disabled and replaced by malware that the crooks can use to control your computer. Talk about a Nightmare on Elm Street…
Read the whole article from Wired.
AVAST Tip: Only visit websites that are established and reputable, and keep your antivirus software updated. (And remember, vampires can only enter your house if you invite them!)
Some old-fashioned tricks that have made the jump from darkened parlors to cyberspace are virtual voodoo dolls, fortune-telling, psychic readings, and spell casting. There are good and respectable “intuitive consultants” (as some psychics prefer to be called) that are able to help others. For every good one, there are a plenty who con people to only get their money.
A typical M.O. of scammers is to use multiple sites with similar content. So if you see a site for Voodoo Queen Mumbo Gumbo who is offering a buy one spell, get one free, and you see 12 others with similar content, then forget about it.
“It’s a new twist on an old idea,” said Nicholas Little, legal director of the Center for Inquiry to the Toronto Sun yesterday. “It’s easy to hide your identity on the Internet, so people are willing to try scams online that they would never be willing to try in person.”
AVAST Tip: Never pay for a service or product that you are not sure of or you do not want. (A money-back guarantee for spell casting is not a good sign!)
A dangerous Trojan named ZeuS is making its way among Facebook users. This old Trojan horse has infected millions of computers over the years, stealing banking credentials and other personally identifiable information. Zeus can lie dormant on infected computers until the unsuspecting victim logs into their bank’s website. Once you’re logged in, cybercrooks can steal your log in credentials and empty your account without your knowledge.
The virus is spread through phishing messages either from a funny or shocking video from a friend posted on their page or in a message to you, or through an ad for videos or products. If you click the link to watch the video, a notification will say that you need to update the player. When you click update, you are actually downloading the Trojan. Clicking the Play button automatically gives your “Like” to the virus page, and it’s through this action that the link will spread to all of your friends.
All avast! Antivirus products detect and block Zeus if a user tries to install or run the .exe file, but the best way to protect yourself is to avoid it! avast! SafeZone is recommended for safe banking, financial transactions, and shopping online. It gives you a private, secure, and isolated desktop which keeps you safe from keyloggers like the ZeuS Trojan. avast! SafeZone is available in avast! Pro, avast! Internet Security, and avast! Premier.
Please share this with your family and friends.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on Facebook, Twitter, Google+ and Instagram.
Another wave of Facebook phishing is spreading among Facebook users. Imagine you get a message from another Facebook user with a link to a new amazing Facebook app. Even if the sender is not your friend, you decide to go to the link. Instead of an application you see a fake Facebook login page. But here’s the catch – you don’t know it’s a fake!
Recently we have encountered a lot of Facebook apps which do nothing but redirect users to a fake Facebook login page. You cannot recognize from the link that the application has no real content. The URL of the application looks like http://apps.facebook.com/app_id where app_id is 15-digit identification number of the application. The application link usually contains its name (http://apps.facebook.com/app_name), but using the application ID in the link is also possible.
It’s that time of year again for Americans. You have received your W-2 and are eager to file your tax return, especially if you anticipate a refund. Every year, the Internal Revenue Service (IRS) warns taxpayers to beware of phishing scams used by con artists to steal your identity, cash, and sense of security. This year is no different.
Phishing takes many forms, but usually involves unsolicited email or messages via social media and a fake website that poses as a legitimate site. The danger is that if you follow the link the scammers provide, you could end up with a malware infection, such as a Trojan that logs your keystrokes and allows a hacker to gain access to your bank accounts, or you could provide valuable personal and financial information that exposes you to identity theft. Here are some recent examples:
Classic phish: Last tax season, a bogus email warned recipients they would be penalized up to $10,000 for not filing their taxes by a false deadline of January 31st. They were instructed to follow a link which went to a phony site that appeared to be the official IRS website. They were asked to provide personal or financial information that could be used by scammers and identity thieves.
Don’t be misled by sites claiming to be the IRS but ending in .com, .net, .org or other designations instead of .gov. Read more…
With Hurricane Sandy bearing down on the northeast United States, the potential is high for cybercrooks to release a wave of scams and malware related to the storm. If the past repeats itself, Facebook postings, tweets, emails, and websites claiming to have exclusive video or pleading for donations for disaster relief efforts will appear shortly after the storm hits. These messages often include malicious code that attempt to infect computers with viruses, spyware, or Trojan horses.
After hurricanes Katrina and Rita hit the Gulf Coast in 2005, the FBI, the Justice Department, and the Federal Trade Commission formed the Hurricane Katrina Fraud Task Force to battle the massive surge of scams that came with it. The American Red Cross reported at least 15 fake websites that were designed to look like legitimate Red Cross appeals for donations to relief efforts. These actually proved to be phishing attacks, which directed users to a malicious server that collected credit card numbers, PayPal passwords and other personal information.
When donating, make sure you donate directly to reputable charitable organizations. Ask for a physical address and a phone number of the charity – if the charity is authentic, they will willingly give you this information. As always, do not respond to an unsolicited email of any sort.
Have you received an email saying a friend tagged you in a photo on Facebook? Use extreme caution before clicking to see photos in the attachment. In a typical phish, cybercrooks are using a fake Facebook photo notification email designed to spread malware allowing them to gain control over Windows-based computers.
Avast Virus Lab detected the malware as Win32:Trojan-gen and added the definition to the database yesterday, so all avast! users are protected.
The email looks innocent enough with the familiar blue header and logo. Serious Facebookers may know that Facebook never sends you photos that you’ve been tagged in as attachments; rather they send links to the photos. Unfortunately, most of us are too busy to notice the difference.
Please share this warning with your Facebook friends, and recommend that they get avast! Free Antivirus, so they’ll always be protected. You can share avast! by clicking on our recommend avast! app here.
A single phishing campaign can send millions of emails to consumers in an attempt to part them from their money. Hundreds of phishing websites are established online every day, designed to lure consumers to give up personal information. And it appears that there is no slow-down among the hardworking cybercrooks because the number of phishing attacks targeted at consumers remain high, reports The Anti-Phishing Working Group, an organization that tracks and reports phishing occurrences.
Social engineering and technical trickery are the cornerstones of phishing whose goal is to steal consumers’ personal identity data and financial account credentials. Spoofed emails that appear to be from legitimate businesses, lead consumers to fake websites, which can look the same as the real thing, tricking them into divulging data such as usernames and passwords. Cybercrooks can also use technical tricks to install specially designed malware onto PCs in order to capture online account user names and passwords and misdirect consumers to counterfeit websites.
Among industries, financial services are targeted by phishers more than any other. Cybercrooks have a new variation that cons financial advisers into wiring cash out of their clients’ online investment accounts. USA Today reports that, “Cybercriminals have discovered that investors now routinely rely on email to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.”
How can you protect yourself against phishing?
The avast! Mail Shield scans all incoming and outgoing email and attachments for malware. For the highest level of home protection, avast! Internet Security has a comprehensive spam and phishing filter, which analyses all incoming email based on various criteria to determine whether it is legitimate.
Steps you can take:
- Have good habits – do not respond to the links in an unsolicited email or on Facebook
- Protect your passwords and don’t reveal them to anyone
- Do not give sensitive information to anyone—on the phone, in person or through email
- Look at the website’s URL (web address.) In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
- Keep your browser up-to-date and apply security patches
- Do not open attachments from unsolicited email
If you believe you have compromised sensitive information about your accounts, contact your financial institution, credit card company, or appropriate authorities.
While taxpayers are the regular target of springtime malware schemes, this year the bad guys are aiming for the accountants.
A series of imposter emails are threatening recipients with the removal of their professional accreditation if they fail to respond promptly. The tax-phish appear to be from organizations such as the American Institute of Certified Public Accountants(AICPA), Better Business Bureau(BBB), and Intuit tax services.
After clicking on the email, users are redirected through a hacked legitimate site to the final malware distribution center where their computer can download fake antivirus or another malware package selected by the bad guys.
This spam campaign started in the last week of February. A tax-themed attack is a traditional feature of March and April as Americans prepare their income tax returns.
The tax-time malware is the latest example of the BlackHole Exploits Kit at work – and shows that the bad guys’ graphic and language skills are improving. Read more…