Back in the good ol’ days of Halloween, you only had to worry about your house getting egged or your big brother stealing the good candy. Halloween tricks have moved online, and along with any significant event or holiday, this spooky celebration marks an increase in malware. Cyber ghouls pull out their bag of tricks – rogue apps, scams, and email attachments, to name a few classics – all to get unsuspecting people to click on a link in order to steal credentials.
Here are a few tricks to be aware of:
Bad video links and rogue apps
In the weeks before Halloween, searches for holiday-related items like costumes and pumpkin carving increase. This example of a search for “Halloween costume make your own” came from Glen Newton of Wired’s Innovation Insights. He wrote,
The website that came up at the top of the list has a link to a video that promises to show you how to make one for under $15 in materials, requiring only basic sewing skills – just what you were looking for. You click, and there it is, but the video doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click.
You can guess what happens next. No, someone in a Ghostface is not looking in your window. Rather, when you click to download, a warning pops up that your PC is infected with multiple instances of malware. But don’t you already have virus protection? You immediately assume that it’s not working, plus you remember that you haven’t backed up your files in months (cue the Psycho music). Panic ensues.
The scan window…show(s) you third-party software that can remove the malware… Fortunately, it’s not a budget breaker: $39.95 for a year’s license. The web page includes graphics that show several certifications with which you’re unfamiliar, so you figure it must be safe.
Instead of finding out how to make a costume, you end up selling your soul to the devil. Well, not quite that bad – but you give personal information and your credit card number to buy a malware removal program. After the purchase is made, you still can’t access the video. Meanwhile, the personal information and credit card data you gave away is being sold to the highest bidder on underground crime webs, and your real antivirus has been disabled and replaced by malware that the crooks can use to control your computer. Talk about a Nightmare on Elm Street…
Read the whole article from Wired.
AVAST Tip: Only visit websites that are established and reputable, and keep your antivirus software updated. (And remember, vampires can only enter your house if you invite them!)
Some old-fashioned tricks that have made the jump from darkened parlors to cyberspace are virtual voodoo dolls, fortune-telling, psychic readings, and spell casting. There are good and respectable “intuitive consultants” (as some psychics prefer to be called) that are able to help others. For every good one, there are a plenty who con people to only get their money.
A typical M.O. of scammers is to use multiple sites with similar content. So if you see a site for Voodoo Queen Mumbo Gumbo who is offering a buy one spell, get one free, and you see 12 others with similar content, then forget about it.
“It’s a new twist on an old idea,” said Nicholas Little, legal director of the Center for Inquiry to the Toronto Sun yesterday. “It’s easy to hide your identity on the Internet, so people are willing to try scams online that they would never be willing to try in person.”
AVAST Tip: Never pay for a service or product that you are not sure of or you do not want. (A money-back guarantee for spell casting is not a good sign!)
How’s this for a good phishing scam? Everything seems legit:
1. From email is “firstname.lastname@example.org”
2. No misspelled words and has decent grammar (however, some punctuation inconsistency)
3. Copyright (c) symbol next to the university name
4. Gmail did not filter it as spam, but left it in my normal inbox
Yes, if I had ever attended that particular university, I might have fallen for it.
PLEASE NOTE: University of Texas has nothing to do with this email.
A single phishing campaign can send millions of emails to consumers in an attempt to part them from their money. Hundreds of phishing websites are established online every day, designed to lure consumers to give up personal information. And it appears that there is no slow-down among the hardworking cybercrooks because the number of phishing attacks targeted at consumers remain high, reports The Anti-Phishing Working Group, an organization that tracks and reports phishing occurrences.
Social engineering and technical trickery are the cornerstones of phishing whose goal is to steal consumers’ personal identity data and financial account credentials. Spoofed emails that appear to be from legitimate businesses, lead consumers to fake websites, which can look the same as the real thing, tricking them into divulging data such as usernames and passwords. Cybercrooks can also use technical tricks to install specially designed malware onto PCs in order to capture online account user names and passwords and misdirect consumers to counterfeit websites.
Among industries, financial services are targeted by phishers more than any other. Cybercrooks have a new variation that cons financial advisers into wiring cash out of their clients’ online investment accounts. USA Today reports that, “Cybercriminals have discovered that investors now routinely rely on email to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.”
How can you protect yourself against phishing?
The avast! Mail Shield scans all incoming and outgoing email and attachments for malware. For the highest level of home protection, avast! Internet Security has a comprehensive spam and phishing filter, which analyses all incoming email based on various criteria to determine whether it is legitimate.
Steps you can take:
- Have good habits – do not respond to the links in an unsolicited email or on Facebook
- Protect your passwords and don’t reveal them to anyone
- Do not give sensitive information to anyone—on the phone, in person or through email
- Look at the website’s URL (web address.) In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
- Keep your browser up-to-date and apply security patches
- Do not open attachments from unsolicited email
If you believe you have compromised sensitive information about your accounts, contact your financial institution, credit card company, or appropriate authorities.
There seems to be a playbook of standard hacker tactics after a celebrity death or an event of worldwide interest like earthquakes or tsunamis. Hours after the announcement of pop diva Whitney Houston’s death, scammers had already devised schemes to prey on fans seeking information – appearing to recycle those used after the deaths of Michael Jackson and Steve Jobs.
A Facebook message, claiming to link to a video of Whitney Houston’s autopsy, takes the user to a page with an embedded YouTube video. When you try to play it, a pop-up message appears instructing the user to update their copy of Adobe’s Flash from a bogus site. The video scam has become viral. Read more…
Dear Miss Deborah,
Three months ago, I started chatting with a guy I met online, and we really hit it off – we have so much in common! He looks quite handsome in the photos he sent. He sent me flowers and a sweet teddy bear. Isn’t that romantic? We haven’t met yet, because he is actually supervising a construction project in an African country, but we will when he gets back. I can’t wait.
Yesterday, I got a message from him explaining how he is unable to cash his checks and asking if I could wire him money so he could come home. I’m starting to like him more each day, and I want to meet him. What should I do? Risk rejection or send him the money?
Single and looking again
The Super Bowl, the much-hyped championship American pro football game, will be broadcast this Sunday night to an estimated 200 million people. Any major sporting event from the Australian Open to the World Cup brings out scammers hoping to cash in on the excitement. The most popular ways to separate you from your money are by peddling knock-off team jerseys, counterfeit memorabilia, and fake game tickets.
This past year, Homeland Security officials and officers from U.S. Customs and Border Protection conducted a national sweep of stores, flea markets and street vendors looking for counterfeit goods. Operation Fake Sweep collected $4.8 million worth of counterfeit jerseys, ball caps, and T-shirts. Ahead of this weekend’s Super Bowl, authorities said they seized nearly 42,000 phony Super Bowl sportswear items and merchandise worth $5 million. Fake jerseys can be bought for about $80 each. But according to nflshop.com, authentic jerseys cost between $150 and $300. Read more…
In a few days, the world will ring in the New Year with renewed hope for a bright future. Predictions are being made about what 2012 will bring, and unfortunately instead of focusing on the positive, many of them are bleak. One that stands out is the prediction that the world will cease to exist on December 21, 2012 (according to the Mayan Long Calendar.) Thankfully, that one has been debunked – but we’ll see…
Here at AVAST, we are confident that we’ll have another great year protecting millions of happy internet surfers from all the nasties out there, but here are some educated predictions about what CyberThreats 2012 has in store for us, and how you can stay protected. Read more…
An estimated $465 billion will be spent this holiday season. A big chunk of a family’s expenses come from holiday travel. The American Automobile Association (AAA) projects that U.S. travel during the Christmas and New Year’s holiday weekends will increase 1.4 percent from 2010 to the highest level in five years. Cybercrooks create new travel scams and recycle tried-and-true ones to help relieve you of some holiday cash. Here’s a run-down on some popular travel scams, and what you can do to avoid them, while you prepare to visit Grandma or go skiing this Christmas.
Gasoline Rebate Card
Eighty-three million travelers will take to the open road rather than fly the friendly skies this holiday season, and they’re all looking for the cheapest gas station. The average nationwide price of regular gasoline has increased 6.2 percent to $3.264 a gallon this week, according to AAA data. Attractive offers for free gasoline vouchers and rebates are sent to mailboxes, email accounts and offered by telemarketers. The idea is that you activate your account on the phone or through online registration, sometimes pay a registration fee (red flag!), buy a certain amount of gas from a certain brand, then send in the receipts within a certain time, and supposedly get rewarded for following directions well with a gift card for free gasoline. Only it doesn’t work that way. Consumers never receive the gift cards and have willingly given away personal information. Read more…
The holiday season brings a flurry of email scams to inboxes everywhere. Be aware of these popular ones, so the CyberGrinches don’t steal your Christmas.
The six weeks between Thanksgiving and New Year’s is the traditional “giving season” in the United States. According to a recent holiday giving survey, the average holiday donation this year will be $281. People who give online said they would contribute even more, an average of $378, and scammers are out to get a portion of that. Read more…
Yes, most of us complain about all the seemingly unnecessary changes that Facebook initiates far more often than we’d like (just about the time we figure out how to navigate everything)… but it’s good to remember that Facebook is a free service. Of course some will argue that nothing is really ‘free’, but at least +140 million active avast! Community members know differently.
Some of you will remember the days of Rolodex. Mine was typically overfilled with business cards and scraps of paper – taped, glued, or even stapled in place. Sometimes a few ‘creative’ oversized business cards or paper scraps would clog up the ‘machine’, and maintaining changes to phone numbers, addresses, and job titles was always a major problem.
So Facebook, for me, was a welcome change. All my contacts keep their own info updated, and I can find them at any time via the search box. And my Facebook account serves 4 key purposes: