Old (new) email phishing scam

 

Most of us these days buy items from the internet, eBay, Amazon, etc.

 

You decide which item(s) you want, go through checkout, make payment and await delivery.

 

How will your goods arrive? Royal Mail, UPS, FedEx … there are dozens of shipping agents and you can rarely be certain which one will be used. You trust in the good reputation of the seller or company to select a suitable and reliable method of delivery and simply wait for the goods to arrive in your post box.

 
 

The Scam

 

You recieve an email explaining that your shipment – hoping that you have recently ordered something for delivery to your address – has been returned to the agent since the address was either incorrect or could not be found by the delivery agent.

 

The email contains an attachment which, the email text explains, is a printable form to allow you to arrange collection of your parcel. On clicking the attachment you will notice that the attachment is not a .pdf or .txt (essentially, a document) but is in fact an executable file, .exe

 

This executable file is malware which can infect your system, strip information from your files or even allow the scammer to access your PC by remote and do whatever they like.

 

If you do double-click on the file you may not see anything happen or you may get program dialogue box appear. Close this immediately and run your anti-virus software.

 

If you are ever in any doubt regarding the nature of an attachment you can run the file inside a protected area known as a SANDBOX. There are several free utilities which can be used for this purpose, one of the most popular is call Sandboxie and is available for free here.

 

REMEMBER. Always download software and utilities from a reliable source and do read reviews before installing a new program.

 
 

Precautions

 

If you have not ordered something recently or think that a delivery could not possibly have been attempted yet, simply delete the email immediately.

 

Check the sender address, this will often be a well known shipping company. If you select view all headers you will see the sender address is actually different to the one displayed.

 

Right click the attachment and look at the file type (the three letters after the full stop “.”), if the file ends in .exe delete the email immediately – a shipping agent will never send an executable file to you when a simple document is required.

 

When ordering, ask the vendor to send you details of the shipment. If the package is to be tracked they will send you a tracking number and delivery agent (ie. Royal Mail RD1234 5678 90GB). If the package is to be sent without tracking or insurance since it is a low value item they may simply say it will be sent “first class” or “parcel post”.

 

Never agree to having more expensive items sent normal mail, always make sure you have tracking and insurance or the loss could be yours to bear.

 

Hacking (Part 3) – Facebook security measures …

 

How to prevent your Facebook account being hacked

 

Make a strong password and change it regularly. Good passwords should include upper and lowercase letters, numbers and symbols to prevent someone from easily guessing or cracking your password.

 

Keep your PC protected against virus and spyware by installing a safe antivirus package (e.g. like our Gold antivirus that we have on offer this month) you keep out spyware and other malicious software that can steal your confidential information like passwords, bank info, contact info, and private files by sending them to the hacker. For those on a tight budget (aren’t we all) test-drive our MYFreeAntivirus – probably the best free antivirus in the world!

 

When you use a friend’s computer or computer café, make sure to log out properly and never click the ‘remember me’ option.

 

Fine tune Privacy Settings. Make sure your privacy settings control what information is visible to the public. The more information you allow people to see, the greater the risk for this information being stolen. Keep in mind that if you have photos or information that can potentially ruin your life and dignity, do not put them on the internet. The pictures from that awesome party last weekend may be a big thing to share with your friends but what will your next boss think of them?

 

Be careful with applications. Every time you install any Facebook application you allow the creators of the application to access your personal information. It is advisable to use a different Facebook account to play games just to make sure your personal email or other information will not be abused.

 

Beware of the Timeline feature. As we have noted before, the feature Timeline can make it easier for hackers to collect information about you, so be careful if you chose to install it on your profile. Timeline, when used responsibly, can be a boon to all Facebook users.

 

Final note. Delete information that you think would help hackers answering your security questions or guessing your password. Try to look at the information about you with a hackers eyes and get rid of any data that could be used against you.

 

Make the most of Facebook but behave responsibly with your personal information!

 
 

Hacking (Part 1) – Guard your email account

 

How to PREVENT your email account from being hacked

 

How do you know that your email was hacked?
-You can’t log into your email account.
-Your sent folder contains messages that you never sent.
-Your email contacts inform you that they have been receiving spam messages from your
    account.

 

What can you do if your email has been hacked?
-Change your password
-Check all your other accounts: email, social networks, blogs, etc.
    Especially if you use the same password for all your accounts
-Delete all accounts that you don’t use
    If hackers get into email accounts that you don’t use anymore, it takes longer time     before you discover it – and the hacker will have more time to do damage.
-Send an apology to all your email contacts.

 

How can you prevent hackers from getting into your email account?
-Don’t choose a typical password
    Many people use easy-to-guess passwords such as their own names with their     birthdates at the end. It is better to combine upper case and lower case letters along     with numbers and symbols.
-Change your password at regular intervals.
-Change your password every one to three months.
-Give only your email address to websites that you trust

 

Look out for PART TWO tomorrow …..

 

The biggest mobile security threats in 2012

Malware on smartphones, especially on Android phones exploded in 2011. But is this a trend that continues this year? Yes, assess security experts Kevin Freij and Janus R. Nielsen, co-founders of the security company www.mymobilesecurity.com. They look back on trends and threats in 2011 and give their take on the challenges the security industry and private smartphone users will face in 2012.

Malware
2011 was the year when malware on Android phones rose with lightning speed. According to a report by the network producer Juniper the increase was on 472 percent alone between July and November. Especially fake apps, mainly pirated versions of well known apps developed by criminals, have been the main sinner. The fake apps are primarily being downloaded from Android Market or from the Asian and especially Chinese app stores. And many of them have been an expensive acquaintance, because they install viruses on the phone and can drain the user’s account by sending SMS messages to expensive toll numbers. “We have seen an explosive increase compared to 2010 in terms of new apps entering the market and with these come more malware. Hackers have figured out how to find very clever ways to smartphone users mobile accounts, both prepaid and postpaid accounts. This trend will continue because it is a very lucrative market for fraudsters” says Kevin Freij, CEO of MYMobileSecurity, that makes security applications for smartphones. As for malware on iPhones, viruses are not the biggest issue for Apple-users. “The problem is rather the unstable iPhone OS. “iPhone has some problems when updating their systems regularly. When the updates are done we have seen serious security holes appear. There have been various examples on that, I remember one from this summer when one of the biggest newspapers in Denmark hacked up the current Danish Deputy Prime Minister Margrethe Vestager´s iPhone getting access to both her voicemail and emails.”

Fake emails (phishing)
According to a study by the security company Trusteer in January last year, smartphone users are three times more likely to fall for the fake phishing emails than computer users. The fraudsters behind phishing emails try to “fish” passwords and financial data out of the users by pretending to be credible and well-known companies or individuals. People can be more easily fooled on their smartphone because they are constantly “on” and because they answer their emails as soon as they come in. Also the small screen size of the phone makes it difficult to spot a bad link or logo. “The increase in phishing emails and also in fake SMS (smishing) will continue in 2012”, co-founder of MYMobileSecurity Janus R. Nielsen believes. He points out the fact that mobile banking is becoming more and more common. “It is getting still more important, especially for Android users, to have security software installed that can warn against the approximately 500 million links classified as hazardous. “This way you can at least avoid visiting the already known infected sites. The challenge for the mobile security industry will be to develop a technology similar to what exists on computers and which can recognize patterns and thus warn against suspicious but not yet registered hazardous sites. This technology is not yet available for smartphones, but it will be all though this will probably rather happen in 2013 than 2012 “, he says.

Stolen or lost phones
An employee forgetting his phone in a restaurant or somehow letting it fall into the wrong hands, will actually be amongst the biggest security risks for companies next year. Corporate data leakage can potentially end up being a very costly affair. “The attack risk is much bigger on mobile devices than on laptops and there are fewer security controls”, Kevin Freij says. “Apart from the same things you can do on a laptop, you also have other features on a smartphone like location information, camera, voice dialing and SMS channels that are potential ways into the phone. It is still a challenge for the mobile industry to find ways to deal with these new risks and threats”.

Spyware such as CarrierIQ
After the recent discovery of the existence of the program Carrier IQ on most smartphones, the discussion about whether surveillance is acceptable or not has been intense. “There is no doubt that the mobile security industry is still not defined. None of the mobile anti-virus firms in the market discovered CarrierIQ. Security firms simply do not look after those type of activities – yet, “says Kevin Freij. “We know that a combined approach of different functions working together is the best way to achieve the highest level of security on a mobile today. If you add antivirus, theft protection, backup, network monitoring, safe surfing, app security management and more, you will reach a higher security level than just having an antivirus. However, that does not solve the CarrierIQ issue right now, but the security industry works continuously towards developing new technologies, and hopefully we will be able to track that kind of programs in the future”, he says.

QR bar codes and viruses
In 2011 we saw the first mobile QR barcode – the codes that is scanned by the camera on the phone – spreading viruses. It was a Trojan virus that sent text messages to an expensive toll number. Janus R. Nielsen believes that 2012 we bring more examples of fake QR codes, but the threat will not be overwhelming. “There are certainly more of these examples to come – the more users of QR codes, the more hackers. But as long as you have a security program installed that warns against unsafe links and URL´s, this should be a manageable problem.”

Mobile banking and transactions
Bank apps had a breakthrough among the private smartphone users in 2011. “We see a huge demand for mobile banking applications that provide full access to the user’s bank accounts. Most of the apps are very safe, but if you use mobile banking, it is wise also to have some kind of security software installed.” Kevin Freij says. He estimates that the biggest risk with mobile banking can be found in cases where banks send a code via SMS to the mobile phone so that the user can enter the code to confirm that it is the right person logged in. “The code can be easily intercepted if a spyware program is installed on the mobile. And if that is the case, the user is usually unaware of it unless the security software has spotted it. Another good tip is to check your account statements regularly so you are sure that no unpleasant surprises appear”, he says.

For more information contact:

Stine Mynster, PR Manager
stine@mymobilesecurity.com
Mobile: 0034 699403895

The 2011 scammer-trend: Phishing emails

Don´t be fooled by scammers. Hear what happened to one of our customers when she received a phishing email from a man requesting counseling and a health check-up.

You have probably heard about the so called phishing emails, were scammers try to “fish” money out of innocent people´s accounts approaching them via more or less trustworthy looking emails. In 2011 this trend increased significantly making it one of the most common security threats for PC users.

One of MYSecurityCenter´s customers, practitioner Rumana Zahn wrote us an email telling about her experience with scammers pretending to be interested in two weeks of yoga retreat, checkups and counseling for a group of ten people.

Rumana Zahn took the request seriously to begin with, she almost followed through, but luckily she got suspicious. The scammers asked her if they could pay her for full fee including their interpreter´s fee which meant that she should pay their interpreter directly. The trick consisted in the fact that the fraudsters would pay over the net with a stolen credit card. Out of the 7,000 euros they would transfer, she could keep her fee of 2,000 and the rest she would transfer by bank to their translator, which of course was part of the scammer team. That way she would participate in laundering stolen money, which is illegal. She was repeatedly asked whether she accepted credit card payment, but since she had no possibility of accepting this form of payment, she asked the fraudsters to make a bank transfer. She began to get suspicious when she received a second email in which he repeated his questions about credit card payment.

“I began to suspect the whole thing being a hoax, although I actually thought that the approach initially sounded serious. I guess it would have meant me having to be liable. Very clever indeed”, Rumana Zahn says. She asked them to pay by bank transfer or PayPal but she never received an answer.

“Since then I get an email like this twice a year – it’s very similar – a group coming, please arrange. Another friend of mine got the same email two years ago”.

Rumana Zahn is just one of many people who have been attacked by scammers sending out fake emails. Read this newsletter´s Tips and Tricks on what to keep in mind when a phishing email hits you in 2012.

Thanks to Rumana Zahn for telling us her story.
See one of the original phishing emails below.

From: johnsonwilliams400 [mailto:johnsonwilliams400@gmail.com]
Sent: Wed 02 November 2011 15:21
To: j.williams2000@rocketmail.com
Subject: Inquiry

Greetings,

I want to book for 2 weeks checkups and counseling, 1 or 2 hours each
day Monday to Friday (morning or evening hours) for a group of 10. We
will be coming for a one month vacation/holiday from 29th Nov 2011 and
in line with our plans we will require 2 weeks Natural Therapy to help
maintain healthy body due to the nature of our job and also to make
our stay fun. The checkups and counseling should basically be on
Naturopathic consultations or any other Natural Therapy you can offer.

Please let me know if your clinic can handle this for us and get back
to me with requirements to enable me contact you with more
clarifications. Also confirm if you can arrange a one on one checkups
and counseling for us or if its better in group.

Awaits your email.

John Williams