Category Archives: Financial protection

Security Alert: Mass Credit Card Stealing Campaign Detected in Online Shops

Security researchers unveiled a still-ongoing mass credit card stealing campaign, which started collecting data from unsuspecting online shoppers sometime in October 2018.

The target of this campaign was a pool of over 100 online shops, all of them otherwise deemed legitimate and trustworthy. Six of the targeted websites were even listed in the one million websites Alexa Top.

Moving forward with reporting on this, we’ll dub the mass credit card stealing campaign Magento Analytics, since that’s the name of the domain used for injecting malicious scripts into the code of the online shops.

How Does the Magento Analytics Mass Credit Card Stealing Campaign Operate?

The domain magento-analytics.com was first picked up by the radars of cybersecurity researchers back in October 2018, when they noticed something seemed off about it. Even though the traffic was pretty low, there seemed no purpose to the domain and its traffic was increasingly stealthily, via other portals.

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

The name seemed innocent enough at a first glance. Magento is a major e-commerce platform and its engine is used by countless online shops around the world. It would make sense for something called Magento Analytics to be spotted running through these websites from time to time. But the domain didn’t actually contain anything if you tried to access it directly.

Another dubious thing which tipped off the security researchers who looked into it was the fact that the registration address & IPs for the domain was ever changing. While initially the magento-analytics.com domain was registered in Panama, the IP from which it was operating changed a lot. Initially, it seemed to be located in Arizona, US, but then it moved to Moscow, Russia for a while, before heading to Hong Kong, China. This alone warranted a second look from the cybersecurity researchers on the case.

But shifting IPs were not the only thing wrong with this domain, by far. While the domain itself returns just a 430 error page if you try to access it directly (not recommended, though), the researchers were seeing various pages (sub-domains) of the domain with nothing meaningful on them, either. Instead, all of these contained JS scripts.

Through continuous traffic monitoring, the security researchers realized that the Magento Analytics was actually injecting these malicious scripts into the code of 3rd party websites. These websites (online shops) had no idea that the Magento Analytics mass credit card stealing campaign was actually collecting the credit card info of their users.

trysend function in magento analytics malware

As soon as the JS code is loaded, a timer is set and the TrySend function is called every 500ms. This function attempts to try to get input data from credit cards

What Were the Losses Incurred by the Magento Analytics Malware Campaign?

Data revealed by the security researchers showed that the TrySend function called by the JS scripts collected the following information from users: card number, name of the cardholder, expiry date, and the CVV code. Basically, it’s everything a hacker would need in order to steal your money afterward.

For now, no one came through to complain explicitly about losing money to the Magento Analytics campaign. But this doesn’t mean that there have been no losses yet. Most likely, the losses were small, or the legitimate card owners managed to annul the transactions, or they just haven’t been able to connect the loss with this particular campaign yet.

We will keep you updated on reports about the losses incurred through Magento Analytics as more is revealed.

The scary part about the Magento Analytics mass credit card stealing campaign is precisely the fact that the injected JS codes weren’t even that sophisticated. All in all, it amounts at a pretty rudimentary online scam. It just shows how disastrous it can be for online stores to allow security holes in their systems, since there will always be malicious 3rd parties interested in exploiting them.

Data provided in this analysis was obtained by Netlab 360.

The post Security Alert: Mass Credit Card Stealing Campaign Detected in Online Shops appeared first on Heimdal Security Blog.

Expert Roundup: Why Can’t Cybersecurity Be Simpler?

Time and time again, people ask:

Why can’t cybersecurity be simpler?

This question is not asked just by regular users confused by the “techno-babble” or enraged by information leaks.

It’s also increasingly asked by business owners, analysts, journalists and even the people involved in securing information, whether sysadmins for small companies or even high-level executives in multinational organizations.

This is why we thought to go straight to the source to find the best responses. Last time, we asked specialists to say whether they think that Internet security is a losing battle or not and their responses were memorable. Today, we asked highly accomplished cybersecurity experts from various infosec fields another tricky question and they were gracious enough to provide their insights.

If you’re a regular user angry at your data being exposed to various leaks and cyber attacks, you will get a behind-the-scenes look at the reasons why these incidents happen. If you’re someone involved in handling customers’ data, these perspectives will prove to be just as illuminating.

We wanted to provide you valuable, often hard to find perspectives. We managed to make a great start to answer a simple-looking, but an actually difficult and ramified question.

Why can’t cybersecurity be simpler?

Use the links below to quickly navigate the experts’ replies.

  • Brent White (BITKILL3R)– Senior Security Consultant at NTT Security and the founder of the Nashville DEF CON group
  • Ian Thornton-Trump – Cyber Vulnerability & Threat Hunting Lead at Ladbrokes Coral Group and CTO of Octopi Managed Services Inc
  • Isaac Kohen – Founder and CEO of Teramind, an employee monitoring and insider threat prevention platform
  • Joe Ward – Senior Security Analyst at Bishop Fox
  • John Mason – Cyber security and privacy enthusiast, analyst for TheBestVPN
  • Peter Buttler – Cyber security journalist, consultant at PrivacyEnd
  • Albert Ahdoot – Business Development Director at Colocation America
  • Harsh Agrawal – Founder and CEO of ShoutMeLoud.com

 

Brent White

Brent is a Senior Security Consultant at NTT Security and the founder of the Nashville DEF CON group. He can be found at We Hack People, a website dedicated to red team and social engineering assessments.

 

brent white we hack peopleSecurity isn’t a convenience because it requires being careful and demands that users be diligent to take extra steps to follow rules.

I focus on social engineering and physical security and see this come in to play on a regular basis when a company hires me to break into their buildings.

For example, tailgating (piggybacking) is one of the most common ways that I gain unauthorized access to a business.

This could be mitigated if employees followed their security awareness training and made sure that everyone who entered was scanning their badge, and that the badge being scanned was valid.

However, this takes time and requires people who are already focused on their own paths and agendas to slow down and be more aware of their surroundings.

Asking them to change their thought process and to “validate” each person coming in the door isn’t something that’s going to happen overnight.

You also have the human kindness factor that is innate in most of us, where we naturally want to help out someone in need.

This is easily exploited by a social engineer in many ways, whether it’s pretending to need help opening the door because their arms are full, or the social engineer can simply tailgate in, be in an “argument” on the phone (making the situation uncomfortable on purpose).

People will want to avoid a potential confrontation with someone who already appears to be upset about something.

Once an attacker has physical access to data, it’s pretty much “game over”.


Full #redteam assessments are a good way to consistently check the level of awareness and response within an organization.
Click To Tweet


Companies need to go beyond the required annual “security awareness” training PowerPoints if they want to get serious about addressing these issues.

Regular drills such as internal phishing campaigns, testing unauthorized entry, and even full red team assessments are a good way to consistently check the level of awareness and response within an organization.

Employees should be incentivized to find and report something, and have a clear path of how and who to report incidents to in a way that is easy and convenient for them. 

It’s very difficult to incorporate a security mindset 100% into the culture of a company. But, when it’s done correctly, it can be a very effective countermeasure against potential threats.

Ian Thornton-Trump

Ian is the Cyber Vulnerability & Threat Hunting Lead at Ladbrokes Coral Group and CTO of Octopi Managed Services Inc.He can be reached on Twitter here.

 

dr ian thornton trumpSecurity can be simple, but it won’t ever be because business is not simple. And humans are not simple. And security today is in some malevolent Venn diagram right in the damn center of what can only be described for 80% (ish) of the GNP of a country as the small-medium business/enterprise (SMB/SME in the EU UK) security nightmare.

It’s not easy being profitable and everyone from the governments to the regulators (hackers in suits) to the cyber criminals (hackers in hoodies) is out to attack the hard work of organizations which strive to make an honest living.

I’m a cybersecurity Captain Willard.

“I was going to the worst cyber security situation in the world and I didn’t even know it yet. Weeks away and hundreds of dollars/pounds/euros spent on a security project that snaked through the compliance regulations like a main circuit cable plugged straight into the businesses cybersecurity posture. It was no accident that I got to be the caretaker of a business’s cybersecurity any more than being back in some SANS certification course was an accident. There is no way to tell the businesses’ cybersecurity story without telling my own. And if that business story is really a confession, then this may be my own as well.”

That’s where we are today. Most businesses are scared of an existential threat from criminal hackers (or regulatory authorities) and are turning to security vendors and consultants to solve their security problem.

The reality is: the problem is cultural and societal.


We sacrifice #security for convenience and we consistently place profit in front of pragmatism.
Click To Tweet


We reward efficiency over good decision making, we sacrifice security for convenience and we consistently place profit in front of pragmatism.

Cybersecurity is complicated because life is complicated and there is no perfection. We can’t be a hundred percent secure – so the rhetoric and fear monger of vendors and security professionals has given in to a feeling of helplessness and disparity among the 80%.

If this short essay strikes you as incoherent, it only matches the vast majority of SMB/SME firms approaches to cybersecurity: cybersecurity perfection is not attainable.

Attempting to apply the binary model of security and compliance to the “grayness” of business, life and society only ends in disappointment.

If this is dystopian view makes you angry or causes you discomfort – good, do something about it – change the security culture, change the business world.

It may never be simple, but you may be able to keep the doors open.

Isaac Kohen

Isaac is the founder and CEO of Teramind, an employee monitoring, and insider threat prevention platform that detects, records, and prevents malicious user behavior. He can be reached at ikohen@teramind.co.

 

isaac kohen teramind founderAs much as we wish life to be straightforward and simple, reality seems to tell us a different story.

The reality around security is it feels complicated, dynamic and perpetually a ‘catch up’ game in keeping company data secure.

With new technologies advances like the internet of things (IoT), the security landscape becomes more intertangled, and companies find themselves with new vulnerabilities and ‘patching’ new security holes in their IT infrastructure.

With many moving parts, it’s not a surprise that the traditional approach to a security plan doesn’t seem possible.

In my opinion, the best way to prepare for the future is to move from a protection to a prevention security mindset.

This progressive strategy looks at data security in ‘real time’ meaning security isn’t viewed as an afterthought, rather it’s using data, monitoring, and analytics to anticipate security breaches and adapt quickly to changing security landscapes.


#Teramind: The best way to prepare for the future is to move from a protection to a prevention security mindset.
Click To Tweet


Joe Ward

Joe is a Senior Security Analyst at Bishop Fox. His thoughts on infosec can be found here.

bishop foxFirst, there is an accelerating rate of change and complexity in systems.

Driven by market forces to deliver more features and derive more value, new technologies are invented every day, and old technologies are being leveraged in new and interesting ways.

Second, there has been historically strong pressure to maintain backward compatibility to the point that the foundation of newer technologies is built on legacy systems riddled with security defects that can never be fixed.

Ultimately I think the increasing pace of “what CAN we do” has overshadowed the fundamental question of “what SHOULD we do”, leaving the question of “what can we do SAFELY” unasked.


The foundation of newer technologies is built on legacy systems riddled with security defects that can never be fixed. #securitychallenges
Click To Tweet


John Mason

John is a cybersecurity and privacy enthusiast, working as an analyst for TheBestVPN. He can be reached on Twitter.

 

john mason thebestvpn$3.8 million.

That’s the average cost of one cyber hacker who penetrates your security and wrecks havoc on your business.

Online security isn’t just a matter of protecting your website’s IP address. You are protecting your customers from identity theft and your business from a lawsuit.

Of course, those are just two examples of potential damage. Hackers intent on disrupting your business for their own gain won’t stop at mere annoyance. They’ll do everything they can to harm your website and take what they want.


That’s the average cost of one cyber hacker who penetrates your security and wrecks havoc on your business? $3.8 million. #cybersecurity
Click To Tweet


Sadly, they’re pretty good at their work. Extremely good.

There’s no shortage of high-ranking companies who’ve fallen victim to a website breach, like Verizon Wireless or Virgin America. All of those hacks damage not only the business but even worse, they damage customer’s privacy even more.

Which further means that you, as a business, don’t just lose the public’s trust, you lose previously loyal customers.

From restore points and network monitoring to firewalls and malware scanning, each integration protects your business and, more importantly, your customers.

Prioritizing simplicity over thorough security is a mission-critical mistake. One that CEOs from bigger companies who’ve fallen victim will tell you not to make.

 

Peter Buttler

Peter Buttler is a cybersecurity journalist and a tech reporter. He is the security consultant at PrivacyEnd. You can follow him on Twitter.

 

peter buttlrSecurity isn’t an accommodation since it requires being cautious and demands clients to be persistent about finding a way to look after weaknesses.
Cyber-security is complex in light of the fact that our life is never 100% perfect.

We can’t be a hundred percent secure – so the talk of security experts has yielded to a sentiment weakness among the 70%.
With new innovations like IoT, the security scene turns out to be more complicated, and organizations end up with new vulnerabilities and ‘fixing’ new security flaws in their IT foundation.

Driven by advertising powers to convey more highlights and determine more esteem, new technologies are designed each day, and old technologies are being utilized in new and fascinating ways.

From re-establishing indicates and organizing monitor firewalls and malware filtering, every coordination in cybersecurity protects your business and most importantly your clients.

 

Albert Ahdoot

Albert is the Business Development Director at Colocation America. He can be reached on Twitter.

colocation-america-square
Security isn’t an accommodation since it requires being cautious and demands clients to be persistent about finding a way to look after weaknesses.
Let’s state the obvious: the Internet is always changing. Everyday new technology is created while our current technology systems continue to evolve. The cyberworld, in itself, is a complex system; technology companies are creating new systems and features faster than ever before.

However, this “need for speed” approach is not always benefiting the client and/or business at hand. With the ever-changing landscape of the Internet, cyber attacks are becoming more frequent. Hackers are exploiting the cyber-security shortcuts taken by businesses needing to be the “first to adapt.”

By the time the business implements cybersecurity measures, the cyber attack has already happened, and the hackers have moved on. Cybersecurity is like a massive game of Cat & Mouse meets Whac-A-Mole—once you fix one issue, another pops up. No matter how secure your system is one minute, the next, it can be under attack.

To top it all off, there is a shortage of cybersecurity professionals. As we look to the future of the Internet, we must consider the players involved. While we encourage innovation in the fields of software development, we need to do the same in the realm of cybersecurity. After all, we, as individuals, are relying on technology more than ever to keep us safe – but who is going to keep us safe from our technology?

Thankfully, some businesses understand cybersecurity and its complexity. Let’s all hope businesses, small and large, are utilizing them (for all our sakes).

Harsh Agrawal

Harsh is the founder and CEO of an award-winning blog known as “ShoutMeLoud”. He`s an engineer by education and a blogger by profession. You can reach him on Twitter.

 

Some guys think that cybersecurity is as simple as affiliate marketing or blogging. After all, it’s just about providing safe methods for internet users to complete their online activities, right?

Well, not quite.

With more and more hackers trying to get hold of sensitive information and finding new, advanced ways to do it, you can never be at ease. It is crucial that people understand no one is safe, especially if they handle their personal information carelessly.

But even if users and companies do take care of the data, unfortunately, a breach occasionally happens.

I mean, do you really think that Equifax, Target, and so many other companies wouldn’t do anything to prevent the scandals that have happened in the past years?

It has to be complicated because the world wide web is such a complicated realm, nothing like people have ever known before.

So, it all boils down to being constantly on guard and finding new and innovative ways to be one step ahead of hackers and frauds.

Conclusion

We would like to thank all the people who participated in this expert roundup for taking the time to answer this question and provide the community with some necessary insights into the fascinating world of cybersecurity.

Do you have another perspective on why security is too complicated? Are you from a different background or feel the need to add to the topic?
We plan to keep this column updated, so if you want to contribute, drop us a line and let’s talk!


#cybersecurity is too complicated? See what the specialists think or answer yourself!
Click To Tweet


The post Expert Roundup: Why Can’t Cybersecurity Be Simpler? appeared first on Heimdal Security Blog.

Here are the Top Online Scams You Need to Avoid Today [Updated 2019]

We truly want to believe that the Internet is a safe place where you can’t fall for all types of online scams, but it’s always a good reminder to do a “reality check”. We, humans, can become an easy target for malicious actors who want to steal our most valuable personal data.

Criminal minds can reach these days further than before, into our private lives, our homes and work offices. And there is little we can do about it. Attack tactics and tools vary from traditional attack vectors, which use malicious software and vulnerabilities present in almost all the programs and apps (even in the popular Windows operating systems), to ingenious phishing scams deployed from unexpected regions of the world, where justice can’t easily reach out to catch the eventual perpetrators.

According to a report from the Federal Trade Commission (FTC), millennials are particularly more vulnerable to online scams than seniors, as shocking as it may seem. The research finds that “40 percent of adults age 20-29 who have reported fraud ended up losing money in a fraud case”.

Here are the findings of a report about financial scams

Source: Federal Trade Commision

For this reason, we need to know what are the most popular techniques malicious actors are using to get unauthorized access to our private information and financial data.

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

We must not forget their final target is always our money and there is nothing they won’t do to accomplish their mission.

Use the links below to quickly navigate the list of online scams you need to stay away from right now.

Phishing email scams
The Nigerian scam
Greeting card scams
Bank loan or credit card scam
Lottery scam
Hitman scam
Romance scams
Fake antivirus software
Facebook impersonation scam (hijacked profile scam)
Make money fast scams (Economic scams)
Travel scams
Bitcoin scams
Fake news scam
Fake shopping websites
Loyalty points phishing scam
Job offer scams
SMS Scaming(Smshing)
Overpayment Online Scam
Tech Support Online Scams

1. Phishing email scams

More than one third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new report from F-Secure.

Phishing scams continue to evolve and be a significant online threat for both users and organizations that could see their valuable data in the hands of malicious actors.

The effects of phishing attacks can be daunting, so it is essential to stay safe and learn how to detect and prevent these attacks.

Phishing scams are based on communication made via email or on social networks. In many cases, cyber criminals will send users messages/emails by trying to trick them into providing them valuable and sensitive data ( login credentials – from bank account, social network, work account, cloud storage) that can prove to be valuable for them.

Moreover, these emails will seem to come from an official source (like bank institutions or any other financial authority, legitime companies or social networks representatives for users.)

This way, they’ll use social engineering techniques by convincing you to click on a specific (and) malicious link and access a website that looks legit, but it’s actually controlled by them. You will be redirect to a fake login access page that resembles the real website. If you’re not paying attention, you might end up giving your login credentials and other personal information.

We’ve seen many spam email campaigns in which phishing were the main attack vector for malicious criminals used to spread financial and data stealing malware.

In order for their success rate to grow, scammers create a sense of urgency. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access as soon as possible a site where you must insert your credentials in order to confirm your identity or your account.

After you fill in your online banking credentials, cyber criminals use them to breach your real bank account or to sell them on the dark web to other interested parties.

Here’s an example of a sophisticated email scam making the rounds that you should be very careful.

An example of phishing scam

Source: News.com.au

Use this complete guide on how to detect and prevent phishing attacks (filled with screenshots and actionable tips) to better fight these attacks.

2. The Nigerian scam

Probably one of the oldest and most popular Internet scam used mostly by a member of a Nigerian family with wealth to trick different people. It is also known as “Nigerian 419”, and named after the section of Nigeria’s Criminal Code which banned the practice.

A typical Nigerian scam involves an emotional email, letter, text message or social networking message coming from a scammer (which can be an official government member, a businessman or a member of a very wealthy family member – usually a woman) who asks you to give help in retrieving a large sum of money from a bank, paying initially small fees for papers and legal matters. In exchange for your help, they promise you a very large sum of money.

They will be persistent and ask you to pay more and more money for additional services, such as transactions or transfer costs. You’ll even receive papers that are supposed to make you believe that it’s all for real. In the end, you are left broke and without any of the promised money.

Here’s how a Nigerian scam could look like:

one of the most common online scamsSource: MotherJones.com

3. Greeting card scams

Whether it’s Christmas or Easter, we all get all kind of holiday greeting cards in our email inbox that seem to be coming from a friend or someone we care.

Greeting card scams are another old Internet scams used by malicious actors to inject malware and harvest users’ most valuable data.

If you open such an email and click on the card, you usually end up with malicious software that is being downloaded and installed on your operating system. The malware may be an annoying program that will launch pop-ups with ads, unexpected windows all over the screen.

If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. If this happens, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.


I never thought cyber criminals could be so creative! Check out these online scams to stay away from
Click To Tweet


To keep yourself safe from identity theft and data breach, we recommend using a specialized security program against this type of online threats.

To find out more information about financial malware, read this article. And here’s how you can tell if your computer was infected with malware.

Another common Internet scamSource: The Beacon Bulletin

4. Bank loan or credit card scam

People can be easily scammed by “too good to be true” bank offers that might guarantee large amounts of money and have already been pre-approved by the bank. If such an incredible pre-approved loan is offered to you, ask yourself:

“How is it possible for a bank to offer you such a large sum of money without even checking and analyzing your financial situation?”

Though it may seem unlikely for people to get trapped by this scam, there’s still a big number of people who lost money by paying the “mandatory” processing fees required by the scammers.

Here are 9 warning signs and sneaky tactics to watch out and avoid becoming a business loan scam.

As regards to credit card scams, a recent report from the Identity Theft Resources Center said that the number of credit and debit card breaches have been on the rise last year. To better safeguard your data and prevent thieves from getting access to your payment card details, consider:

  • Watching your accounts closely and monitor your online transactions;
  • Taking advantage of free consumer protection services;
  • Signing up for free credit monitoring.

Source: ChaffeurDriven.com

5. Lottery scam

This is another classic Internet scam which doesn’t seem to get old. A lottery scam comes as an email message informing you that you won a huge amount of money and, in order to claim your prize or winnings, you need to pay some small fees.

Lucky you, right?! It doesn’t even matter that you don’t recall ever purchasing lottery tickets.

Since it addresses some of our wildest fantasies, such as quitting our jobs and living off the fortune for the rest of our lives, without ever having to work again, our imagination falls prey easily to amazing scenarios someone can only dream of.

But the dream ends as soon as you realize you have been just another scam victim. DO NOT fall for this online scam and have a look at this checklist to see if you are getting scammed.

This is an example of a lottery scamSource: Ripandscam.com

6. Hitman scam

One of the most frequent Internet scams you can meet online is the “hitman” extortion attempt. Cyber criminals will send you an email threatening to extort money from you. This type of online scam may come in various forms, such as the one threatening that they will kidnap a family member unless a ransom is paid in a time frame provided by the scammers.

To create the appearance of a real danger, the message is filled with details from the victim’s life, collected from an online account, a personal blog or from a social network account.

That’s why it’s not safe to provide any sensitive or personal information about you on social media channels. It might seem like a safe and private place, where you’re only surrounded by friends, but in reality you can never know for sure who’s watching you.

Also,it’s better to be a little bit paranoid and protect all your digital assets like everyone is watching. Here’s how a Hitman scam looks like:

7. Online dating (romance) scams

As the Internet plays an important role in our social lives, with apps like Facebook or Instagram we access everyday, it’s inevitable to use apps to look for love as well.

Online dating apps are very popular these days and they are a great way to meet your future life partners. I have actually an example with a friend of mine who was lucky enough to find her future husband on a dating site.

But not all scenarios have a “happy end” like this one, and you need to be very careful, because you never know who can you meet.

A romance scam usually takes place on social dating networks, like Facebook, or by sending a simple email to the potential target, and affect thousands of victims from all over the world.

The male scammers are often located in West Africa, while the female scammers are mostly from the eastern parts of Europe.

Cyber criminals have abused this scamming method for years by using the online dating services. They improved their approach just by testing the potential victims’ reactions.

According to a research published in the British Journal of Criminology last month, the techniques (and psychological methods) used by scammers in online romance scams are similar with those used in the domestic violence cases.

To avoid becoming a victim of these Internet scams, you need to learn how to better protect yourself.

Knowing that hundreds of women and men from all over the globe are victims of this online scams, we recommend using these security tips for defensive online dating, including warning signs that could help you from becoming an easy target.

I would also recommend reading these real stories and learn from them, so you don’t fall for these online scams:

 

8. Fake antivirus software

We all saw at least once this message on our screens: “You have been infected! Download antivirus X right now to protect your computer!

Many of these pop-ups were very well created to look like legitimate messages that you might get from Windows or any other security product.

If you are lucky, there is nothing more than an innocent hoax that will bother you by displaying unwanted pop-ups on your screen while you browse online. In this case, to get rid of the annoying pop-ups, we recommend scanning your system using a good antivirus product.

If you are not so lucky, your system can end up getting infected with malware, such as a Trojan or a keylogger. This kind of message could also come from one of the most dangerous ransomware threats around, such as CryptoLocker, which is capable of blocking and encrypting your operating system and requesting you a sum of money in exchange for the decryption key.

To avoid this situation, we recommend enhancing your online protection with a  specialized security product against financial malware, and complement your traditional antivirus program.

Also, make sure you do not click on pop-up windows that annoyingly warn you’ve been infected with virus. Remember to always apply the existing updates for your software products, and install only legitimate software programs from verified websites.

If you’ve been infected, you can use an antimalware tool such as Malwarebytes to try removing the malware infection or pay attention to these warning signs and learn how to find a doable solution.

9. Facebook impersonation scam (hijacked profile scam)

Facebook. Everyone is talking about it these days, and the scandal about Cambridge Analytica firm harvesting personal data taken from millions of this social media channel without users’ consent.

It’s still the most popular social media network where everyone is active and use it on a daily basis to keep in touch with friends and colleagues. Unfortunately, it has become also the perfect place for online scammers to find their victims.

Just imagine your account being hacked by a cyber criminal and gaining access to your close friends and family. Nobody wants that!

Since it is so important for your privacy and online security, you should be very careful in protecting your personal online accounts just the way you protect your banking or email account.

Facebook security wise, these tips might help you stay away from these online scams:

  • Do not accept friend requests from people you don’t know
  • Do not share your password with others
  • When log in, use two-factor authentication
  • Avoid connecting to public and free Wi-Fi networks
  • Keep your browser and apps updated
  • Add an additional layer of security and use a proactive cyber security software.

To enhance your online privacy, I recommend reading our full guide on Facebook security and privacy.

facebook-scam

10. Make money fast scams (Economic scams)

Cyber criminals will lure you into believing you can make money easy and fast on the internet. They’ll promise you non-existent jobs, including plans and methods of getting rich quickly.

It is a quite simple and effective approach, because it addresses a basic need for money, especially when someone is in a difficult financial situation.

This scamming method is similar to the romance scam mentioned above, where the cyber attackers address the emotional side of victims. The fraudulent posting of non-existent jobs for a variety of positions is part of the online criminals’ arsenal.

Using various job types, such as work-at-home scams, the victim is lured into giving away personal information and financial data with the promise of a well paid job that will bring lots of money in a very short period of time.

Read and apply these ten tips that can help you avoid some of the most common financial scams.

this is how a financial scam looks likeSource: Makerealmoneyonlinefree.com

11. Travel scams

These scams are commonly used during hot summer months or before the short winter vacations, for Christmas or New Year’s Day.

Here’s how it happens: you receive an email containing an amazing offer for an exceptional and hard to refuse destination (usually an exotic place) that expires in a short period of time which you can’t miss. If it sounds too good to be true, it might look like a travel scam, so don’t fall for it!

The problem is that some of these offers actually hide some necessary costs until you pay for the initial offer. Others just take your money without sending you anywhere.

In such cases, we suggest that you study carefully the travel offer and look for hidden costs, such as: airport taxes, tickets that you need to pay to access a local attraction, check if the meals are included or not, other local transportation fees between your airport and the hotel or between the hotel and the main attractions mentioned in the initial offer, etc.

As a general rule, we suggest that you go with the trustworthy, well known travel agencies. You can also check if by paying individually for plane tickets and for accommodation you receive the same results as in the received offer.

If you love to travel, you can easily fall prey to airline scams by simply looking for free airline tickets. Airline scams are some of the most popular travel scams, and we recommend applying these valuable tips.

travel

12. Bitcoin scams

If you (want to) invest in Bitcoin technology, we advise you to be aware of online scams. Digital wallets can be open to hacking and scammers take advantage of this new technology to steal sensitive data.

Bitcoin transactions should be safe, but these five examples of Bitcoin scams show how they happen and how you can lose your money.

The most common online scams to watch out for:

  • Fake Bitcoin exchanges
  • Ponzi schemes
  • Everyday scam attempts
  • Malware

Here’s how you can spot a Bitcoin scam and how to stay safe online.

Source: Express.co.uk

13. Fake news scam

The spread of fake news on the Internet is a danger to all of us, because it has an impact on the way we filter all the information we found and read on social media. It’s a serious problem that should concern our society, mostly for the misleading resources and content found online, making it impossible for people to distinguish between what’s real and what is not.

We recommend accessing/reading only reliable sources of information coming from friends or people you know read regular feeds from trusted sources: bloggers, industry experts, in order to avoid fake news.


If it seems too good to be true, it’s most likely a scam. Take a look over these online scams
Click To Tweet


This type of scam could come in the form of a trustworthy website you know and often visit, but being a fake one created by scammers with the main purpose to rip you off. It could be a spoofing attack which is also involved in fake news, and refers to fake websites that might link you to a buy page for a specific product, where you can place an order using your credit card.

To avoid becoming a victim of online scams, you can use tech tools such as Fact Check from Google or Facebook’s tool aimed at detecting whether a site is legitimate or not, analyzing its reputation and data.

Cyber security experts believe that these Internet scams represent a threat for both organizations and employees, exposing and infecting their computers with potential malware.

Source: Opportunitychecker.com

14. Fake shopping websites

We all love shopping and it’s easier and more convenient to do it on the Internet with a few clicks. But for your online safety, be cautious about the sites you visit. There are thousands of websites out there that provide false information, and might redirect you to malicious links, giving hackers access to your most valuable data.

If you spot a great online offer which is “too good to be true”, you might be tempting to say “yes” instantly, but you need to learn how to spot a fake shopping site so you don’t get scammed.

We strongly recommend reading these online shopping security tips to keep yourself safe from data breaches, phishing attacks or other online threats.

Source: Originalo.de

15. Loyalty points phishing scam

Many websites have a loyalty program to reward their customers for making different purchases, by offering points or coupons. This is subject to another online scam, because cyber criminals can target them and steal your sensitive data. If you think anyone wouldn’t want to access them, think again.

The most common attack is a phishing scam that looks like a real email coming from your loyalty program, but it’s not. Malicious hackers are everywhere, and it takes only one click for malware to be installed on your PC and for hackers to have access to your data.

As it might be difficult to detect these phishing scams, you may find useful this example of a current phishing campaign targets holders of Payback couponing cards, as well as some useful tips and tricks to avoid being phished.

Source: G Data Security Blog

16. Job offer scams

Sadly, there are scammers everywhere – even when you are looking for a job – posing as recruiters or employers. They use fake and “attractive” job opportunities to trick people.

It starts with a phone call (or a direct message on LinkedIn) from someone claiming to be a recruiter from a well-known company who saw your CV and saying they are interested in hiring you. Whether you’ve applied or not, the offer might be very appealing, but don’t fall into this trap.

To protect yourself from job offer scams, it’s very important to:

  • Do a thorough research about the company and see what information you can find about it;
  • Check the person who’s been contacted you on social media channels;
  • Ask for many details and references and check them out;
  • Ask your friends or trustworthy people if they know or interacted with the potential employer.

To avoid these types of online job scams, check this article.

Source: Drexel.edu

17. SMS Scaming (Smshing)

Smartphones. You can’t live without them in the era of Internet. They’ve become essential for communication, online shopping, banking or any other online activity.

Needless to say the amount of data we store on our personal devices which make them vulnerable to cyber criminals, always prepared to steal our online identities or empty our bank accounts.

Smishing (using SMS text messages) is a similar technique to phishing, but, instead of sending emails, malicious hackers send text messages to their potential victims.

How this happens? You receive an urgent text message on your smartphone with a link attached saying that it’s from your bank and you need to access it in order to update your bank information, or other online banking information.

Be careful about these SMS you receive and don’t click on suspicious links that could redirect to malicious sites trying to steal your valuable data. These useful tips can help you easily spot these types of online scams.

Source: Malwarebytes Labs

18. Overpayment Online Scam

If you are considering selling different items on specialized online sites, we strongly recommend watching out for overpayment scam.

A typically overpayment online scam like this works by getting the potential victim “to refund” the scammer an extra amount of money because he/she send too much money. The offer will often be quite generous and bigger than the agreed price. The overpay (extra money) is to cover the costs of shipping or certain custom fees.

One such story can unfold right now and can happen to each of you. This happened to one of our Heimdal Security team members. After smiling a bit and seeing the method, we did realize that’s a common online scam and we had to share it with you. Also, we included a few security tips and actionable advice to prevent falling prey to overpayment online scam.

Our colleague posted a sofa for sale on a Danish site called dba.dk which is a sort of a flea market online. After a few days, he received a message from a person claiming to be interested in the item and willing to pay more than the price offered, via PayPal account.

Here’s how a scam email looks like in which the malicious person asks for personal information to transfer the money.

Also, here’s the confirmation email coming from the scammer which shows that he paid an extra amount for the sofa, including extra shipping fees and MoneyGram charges the extra fee for transportation.

After that, he also got another email saying that he needs to refund the extra amount of money, including the shipping and transportation charges to a certain shipping agent via MoneyGram transfer.

Here’s how the phishing email looks like that you should be very careful and don’t fall for it:

Follow these security tips to protect yourself from overpayment online scam:

  • If you notice a suspicious email coming from untrusted source or something out of ordinary, you should report it as soon as possible.
  • If you receive a similar email like the one our colleague got, do not transfer extra money to someone you don’t know, especially if he/she wants to overpay. A legitimate buyer won’t do that.
  • Also, do not transfer money to a fake shipping company or some private shipping agent, because it’s part of scam and you need to be very careful.
  • Do not provide personal information to people who don’t show a genuine interest in buying your item.
  • Do not send the product to the buyer until the payment was completed and received in your bank account.

19. Tech Support Online Scams

Here’s another online scam that is common and you need to be extra careful. The next time your smartphone rings and you don’t know the number, think twice before answering. Maybe it’s not your friend on the other end of the phone, maybe it’s the scammer!

According to a recent report “nearly half of all cellphone calls next year will come from scammers”, so we need to learn how to better detect and prevent such malicious actions coming from skilled persons.

Tech support scams are very common and widespread these days. Scammers use various social engineering techniques to trick potential victims into giving their sensitive information. Even worst, they try to convince potential victims to pay for unnecessary technical support services.

These tech “experts” pretend to know everything about your computer, how it got hacked and many other details that help them gain your trust and convince victims to fall prey for their scams.

A scenario like this can happen as we write this, and one of our Heimdal Security team members recently got a phone scam call. While we got amused by the conversation he had with the person pretending to work for an Indian tech support company, we realized it can happen to anyone which can become an easy target.

What happened?

The person, pretending to be the representative of a software company and experienced one, is informing our colleague that his computer got hacked by cybercriminals, and offers to guide him and solve this urgent problem.

With poor English skills, he gives details about the serial number of the computer, and provide guidance to access the unique computer ID, trying to misrepresent normal system as having serious issues. After a few minutes, the call is transferred to another tech representative who informs our colleague that they detected unusual activity going through his computer. He’s been told that multiple attempts have been seen on the PC in which hackers tried to get unauthorized access to his computer.

Our colleague detected this as being scam and didn’t go along with it, but for someone without technical knowledge, it may not be so easy to spot.

You can listen to this call here:

If someone else would have fallen prey for this online scam, things would have gone even further. The so-called tech scammers could persuade the potential victim to give them remote access to the system. To “help” the victim, scammers mention about additional software that are required to be installed and victims need to pay for these software victims, hence, provide credit card details. You can find out more info here

How to avoid getting scammed by tech support “specialists”

To avoid becoming an easy target of these sneaky tech support scammers, we strongly recommend following these basic rules:

  • Do not trust phone calls coming from people pretending to come from tech “experts”, especially if they are requesting for personal or financial information;
  • DO NOT PROVIDE sensitive data to them or purchase any software services scammers may suggest you as a solution to fix your tech problem.
  • DO NOT allow strangers to remotely access your computer and potentially install malicious software;
  • Make sure you download software apps and services only from official vendor sites;
  • Don’t take it for granted when a stranger calls you out of the blue, pretending to have a technical solution for your issues. Make sure you ask for proof of their identity and do a quick research about the company they are calling you from;
  • Always have an antivirus program installed on your computer, and for more protection, consider adding multiple layers of security with a proactive security solution like our Thor Premium Home, which will stop any type of online threats.
  • Have a security-first mindset and be suspicious about everything around you. Also, consider investing in education and learn as much as possible about cyber security. Here’s how you can reduce spam phone calls.

 Conclusion

Since some scams are so well organized and really convincing, and people behind them so difficult to catch, we need to always keep our guard up. Stay informed about the latest scamming strategies.

Have you met some of the above scams while browsing or in your email inbox? What were the most convincing ones?

*This article was initially published by Andra Zaharia in January 2016.”

Spend time with your family, not updating their apps!
Thor Foresight Home anti malware and ransomware protection heimdal security
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Thor FREE

The post Here are the Top Online Scams You Need to Avoid Today [Updated 2019] appeared first on Heimdal Security Blog.