Protecting Yourself From Phishing Attacks

Phishing attacks — online trolling for personal information in order to raid your financial accounts — are soaring. According to cyber-security experts at RSA, phishing attacks jumped 37 percent last year and have proven to be exceptionally costly, with the average attack resulting in $4,500 in stolen funds.

There are still 5 simple ways to catch a phishing attempt before it catches you (Source Kathy Kristof) . Specifically:

Don’t click. If your bank or credit card company sends a warning message saying that your account has been compromised and you need to click through an emailed link to “verify your account information,” don’t. Banks and credit card companies don’t communicate that way. Neither does the IRS. If there’s a problem with a bank or credit card account, they’ll call you.

Go direct. If you get one of these emails and are worried that there may be a real problem with your account, open up a new browser window, go directly to your bank site and sign in there. Chances are, you’ll see something along the lines of: “(Your bank) DOES NOT send emails instructing you to click on a link to enter your personal information.” When you sign on without trouble and there’s no other message from your bank saying that your account is compromised, you know that it’s not. Delete the email that caused you to worry, but remember it — and the fact that it was a scam — for next time.

 Don’t try to “win” anything. Phishing is done with more than emails. Contests are big: “Win a free iPad!” or “Get a $500 Target Gift Card!” The come-ons are all over the web. All you have to do supposedly to get this awesome swag is click on a link that is likely to take you to a toxic site. Increasingly, these toxic sites embed a virus into your computer that allows the crook to capture your every keystroke. That means it gets all your passwords and user IDs for your bank and brokerage accounts. You know you’re really not going to get something for nothing, right? So don’t pretend you will. When you see the word “free,” think “danger.” Don’t go there.

Don’t panic. The other brilliant scam that can pull you into the vortex of a toxic site is the pop-up warning: “Your computer has been compromised! Click here to download a security fix!” When you click, you open the gates of your computer to all sorts of nasty viruses. If you don’t panic, you won’t click and you won’t regret it later.

Get security. If you don’t have security software on your computer, now is the time to invest in it. Good services like SentryBay will set you back about $30 a year for 3 licences. If you compare that to the $4,500 you could lose in a phishing attack, it’s a bargain.


Malware Mobile Threats

There have been over 1,000 instances of Android Malware found in 2011 and the rate of growth has almost doubled since July 2011. Smartphone s are increasingly becoming targets for malicious hackers because they are filled with rich data, tied to payments processing services and typically have less security than a personal computer. You thought that 2011 was the Year of Mobile Malware? Wait until you see 2012.

Mobile security firm Lookout breaks Mobile Malware into two driving factors:

  • Profit from infection: how much money can the Malware industry extract from infected devices.
  • Cost of infection: how easy is it to distribute Malware.

The second factor informs the first. Malware makers, Mobile or otherwise, want to find the easiest route to your wallet. The easier it is to do, the more they will produce. The path of least resistance to rich data that can be monetized or exploited

Lookout’s predictions fall within these two camps:

Profit From Infection

Mobile Pickpocketing (SMS/call fraud) – The recent trend has been to lure users into applications that will charge money through text messaging and calling of premium services.GGTracker was one of the first to surface in June 2011. The most recent attack was called RuFraud. As SMS Malware is the easiest tie-into payments infrastructure, Lookout expects to see this trend grow in 2012.

Botnets Come to Life – The first example we saw of Malware makers trying to create Mobile Botnets was with DroidDream attack that launched the year of Mobile Malware in January and February. Lookout says that 10 families of Botnet-like systems were discovered in 2011, with that number expected to grow in 2012.

Vunerable Smart Devices – Lookout says that nearly every Android Smartphone available in the wild has some kind of security hole in it. Knowing that security holes exist everywhere is a reminder to keep yourself safe.

Cost of Infection

Automated Repackaging – Piracy is a problem for Mobile application developers, especially on Android. The recent RuFraud applications were an example of repackaged games loaded with Malware.

Malvertising – Malvertising has been one of the banes of the web for years and it starting to go Mobile. Malvertising is when there are genuine looking advertisements that link back to fraudulent sites that can load Malware to a device. It has long proven a decent attack vector for Malware makers and Lookout expects it will increase on Mobile in 2012.

Browser Attacks – Web applications or Native applications? You know what? Malware makers are asking the same questions because they are looking for where the users are. HTML5 will increase the amount of browser-based applications and activity on Mobile devices and with that there will be a corresponding in Mobile browser Malware. While Android is often thought of as the most susceptible to Malware, a browser knows no limits.


Focussed Phishing Attacks

Dave Waterson, CEO at data security provider. SentryBay said in a statement “We have noticed an increase in the number and sophistication of phishing attacks over the last few months. The Xbox Live is a good example of a focussed phishing attack, by targeting an exact user type and using elements of social engineering, the attacks are more tailored and thus more believable. By pretending to offer an incentive (Microsoft gaming points), hackers were having a higher hit-rate. Subsequently further social engineering techniques are used to extend the amount of information gained (including getting credit card information) via communications from what appears to be a trusted source.

Conventional anti-phishing approaches are not geared to protect against this attack (especially when the web pages can easily disappear and resurface), what you need is an approach that specifically protects targeted attacks on brands.”

If you are an Xbox user and are part of the Xbox community, don’t be tempted by an email that tells you to go to a website and buy tokens for games, extra levels and all that gamey stuff.

Earlier this year Sony found its information had been attacked and hundreds of thousands had their accounts and security compromised. This is different.The Xbox network has not been breached, people are receiving emails and uploading their details voluntarily.

The Answer – Protect the Data!

To work alongside anti-virus, users now need a solution that fully protects a user’s personal information when browsing the web.

The Personal Data Protection Suite:

  •  protects every keystroke you type (passwords, credit cards, identity information)
  •  prevents malware taking pictures of your data and stealing it that way
  •  prevents you from being lured to a fake (phishing) site which steals your data

Scrambler shows every keystroke you type being protected and user gets monthly report  showing what data has been protected

Independently Verified by West Coast Labs

SentryBay’s technology has been independently appraised by the world’s leading lab to show it is the most effective at protecting against spyware and phishing attacks.

“SentryBay have demonstrated that they have innovative and effective solutions to combat the problems of online identity and data theft.” West Coast Labs, May 2009