Category Archives: How To

How To Unblock Torrent Sites

Pirated content and the Torrent websites that redistribute this content have always been on the radar of copyright holders. Many Government organizations and ISP’s have completely blocked users access to torrent websites. Consequently, it becomes very difficult for users to unblock torrent sites and access them.

There can be numerous reasons if a torrent website is not working in your region or country. One of the primary reason behind the unavailability of torrent sites is the blockage of these major websites by your ISP or government. So here’s how to unblock torrent websites and access them.

NOTE: Techworm does not condone using torrents to illegally obtain content. Using the following methods to access torrent websites for illegal purposes is done entirely at your own risk. Techworm takes no responsibility for any legal problems you encounter.

ALSO READ: Best Torrent Sites- 2018

4 Ways To Unblock Torrent Sites

1. Connect To A Different Internet Network To Unblock Torrents

A majority of offices and universities block access to torrent and other websites for downloading pirated content. Well, a simple method to unblock torrent sites on these WiFi networks is by connecting to a different WiFi network.

You can access a torrent by tethering the internet from your smartphone and later connecting back to the University website to continue downloads. Moreover, you can use this same process for accessing blocked websites. This method will work fine until and unless the organization’s WiFi network has some adept Firewall security.

2. Use A Free Or Paid VPN Service To Unblock Torrents

Next easy method to unblock torrent sites is using a VPN or virtual private network. A VPN helps you to access the internet from a different region where a particular torrent website is not blocked. You can check out our list of the 5 Best VPNs for torrenting in 2018.

 

A majority of free VPN services gets the job done. That said, you can still invest in a paid VPN service if you prefer a highly secure and encrypted VPN.

3. Modify The DNS Server To Unblock Torrents

The next method on the list is most effective and the most complicated. You can easily bypass the DNS level blockage by switching to a public DNS. A Domain Name System translates IP address into a webpage containing text and images.

You can easily switch from the DNS server operated by your ISP to a  public DNS. Three most popular public DNS servers are:

  • Google DNS: 8.8.8.8 | 8.8.4.4
  • OpenDNS: 208.67.222.222 | 208.67.220.220
  • Comodo DNS: 8.26.56.26 | 8.20.247.20

On your Windows PC, open Network Device and right-click to select Properties and then select IPv4 Properties. Now change the DNS servers and click OK.

While on a Mac go to System Preferences > Network > Advanced > DNS, and add the new DNS servers, and click OK. This will surely unblock torrent sites for you.

4. Use Proxy And Mirror Site To Unblock Torrents

The next easy way to unblock torrent websites is via proxy and mirror sites. These mirror websites can be considered as a replica of the original website that is created to reduce the traffic on the server. In addition to that, Mirror Site improve both the loading and downloading speeds due to less traffic on the server.

Unlike the parent website, the proxy and mirror site is generally unnoticed by ISP’s. So you can access them even when the main torrent website is blocked in your region. Infact, many popular websites like Facebook, Twitter, Reddit, and YouTube also have proxy websites designed to improve loading speeds.

So these were 4 basic tricks to unblock torrent sites like the pirate bay, kickass torrents, and others. Do share any other method that you use to unblock torrents in the comments section below.

The post How To Unblock Torrent Sites appeared first on TechWorm.

Ways to Insert Degree Symbol in MS Word – 2018

MS Word is indeed a very popular and important program launched by Microsoft Corporation. It’s basically a word processing software which lets you create all types of documents such as letters, newsletters, worksheets and much more. It also allows you to style the documents by putting images, colorful fonts, charts, and symbols etc. But what if the symbol you need in your word document is actually not present on your keyboard?. Will you be able to add it?. The answer is yes, especially by the use of MS Word. In this case, we will be providing you with the 3 Ways to Insert Degree Symbol in MS Word – 2018 version.

What does a degree symbol denote?

Well, a degree symbol is mainly used to denote the temperature in the form of Celsius and Fahrenheit. The symbol consists of a small raised circle, historically a zero glyph. In Unicode, it is encoded at U+00B0 ° degree sign.

Ways to Insert Degree Symbol in Word

1. Use of Symbol Menu in the MS Word

degree symbol

As you can judge by the title name itself, it’s one of the easiest methods you can use to insert a degree symbol in your word document.

All you need is to navigate towards the symbol menu option and follow the steps which are mentioned below:

  1. First of all, select the “Insert” tab and navigate towards the right section of the screen. There you will see the “Symbols” section. Click on it and you will be able to see a drop-down list of most common and recently used symbols.
  2. degree symbolIf you want to see more symbols then simply click on the “More symbols” option just below the recently use symbols. There you will find lots of symbols and you can easily locate the degree symbol you want to use in the word document (check the blue mark in the above image, it’s a degree symbol we already selected).
  3. Move the cursor towards the point where you want to insert the degree symbol, then click the “Insert” button in the characters menu option. Now, every time you open the Symbols menu, you should see the degree sign in the list of the recently used symbols. It’s as simple as that.

This method saves a hell lot of time and effort. So keep that in mind.

2. Use of Keyboard Shortcuts

The use of Shortcut key is the most reliable and fast method to do anything you like.

Similarly, you can insert the degree symbol in word by simply making the use of keyboard shortcut keys. It ultimately gets rid you of scrolling the symbols in the symbol menu and saves a hell lot of time and effort.

With this method, all you need is to hit a combination of keys to insert the degree sign anywhere in a Word document. Yes, it’s as simple as that.

But one major disadvantage of this method is if your keyboard doesn’t have a numeric pad, you won’t be able to do it. So keep that in mind.

degree symbol

In order to insert a degree sign by using keyboard shortcut keys just follow the steps below.

  1. Select where you want to place the degree sign.
  2. While holding down the Alt key, use the keypad to type “0176.” Release the Alt key, and the degree sign will appear.

Important Note: If you want to make this method work, make sure the Num Lock on your keyboard MUST be turned to OFF. If it’s ON, the keyboard will not accept numerical input.

3. Use of Character Map

This method may sound a bit logical to you as you will need to have an access to the character map program of windows.

In order to make this method work, follow the steps mentioned below.

  1. degree symbolJust navigate to the start menu of windows taskbar and search for Character map app.
  2. Double-click the Character Map desktop app.degree symbol
  3. Here you’ll find a list of countless symbols and characters just like the symbol menu in MS Word.
  4. At the bottom of the program, you should see the “Advanced view” box. Click to check it otherwise Skip this step if it’s already checked.
  5. degree symbol
  6. Now, all you need is to type the “degree sign” in the search box (see the image above). then click the search button, and all the other symbols will clear leaving behind only the degree sign.
  7. At last, double-click the degree sign, then copy and paste it where you want to insert it in the document. You can also use “Ctrl + v” as shortcut keys to paste it.

Conclusion

So this was all regarding the 3 Ways to Insert Degree Symbol in MS Word – 2018 version. If you have any better suggestions then let us know in the comment section below. Would love to hear that.

Stay tuned for more.

The post Ways to Insert Degree Symbol in MS Word – 2018 appeared first on TechWorm.

DNS_Probe_Finished_No_Internet fix for the chrome browser

Ignoring the fact that you love playing with this dinosaur, having it while browsing the internet can be a huge pain. This dns_probe_finished_no_internet or DNS probe finished no internet error irritates lots of people in many ways. So in this article, we are providing you with the ways to fix it. But before learning these methods, we must be familiar with the reasons for its occurrence.

How dns_probe_finished_no_internet error occur?

There can be many reasons behind this.

It may originate from multiple sources or It can be a result of several issues at once or just one at a time. So at first glance, you just can’t be sure on how to fix it, since different problems require different solutions.

So what to do? How to fix it?. Is there any way to fix it? The answer to all these questions is Yes.

But in order to fix this error, just make sure you don’t mess with the default router settings. As it might give you a problem later. So without further ado, let’s get right into it.

How to fix dns_probe_finished_no_internet

Method 1: Checking the Internet Connectivity

Yes, the first and foremost reason to have this error on your web browser screen is having poor internet connectivity or no-working internet.

So make sure to plug in all your wifi modem cables or check the router if it is working or not.

If all your cables are plugged in and modem/router is working properly then still don’t worry. There are some other ways as well.

One of them is a ping test and it can be done with the help of command prompt.

  • Step – 1

Navigate to the start menu and search for command prompt.

  • Step – 2

Then Click on Command prompt

  • Step – 3

When the command prompt opens, type the following command and hit enter.

  • ping -t 4.2.2.2

After hitting enter, the following lines will appear.

Reply from 4.2.2.2: bytes=32 time=106ms TTL=55

If these lines are repeating continuously then its a sign of working internet.

So this clearly means that the issue lies somewhere else. All you need is to find that issue and fix it.

Also Read – Top 10 hidden Windows secret command line tricks and hacks

Method 2: Using the Command Prompt

The use of command prompt in windows is becoming casual these days.

It is widely used to execute the system level commands that can immediately modify the behavior of your Windows operating system.

Many people are also not aware by the fact that if you are running windows then using the command prompt, you can fix the DNS probe finished no internet error. Which is very nice.

But one thing to keep in mind is if you are running the latest update of Windows 10, the command prompt is now known as Windows Powershell.

  • Step – 1

Navigate to the start menu and search for the term CMD(Command).

then click on Run as administrator.

  • Step – 2

After doing it the next step is to enter the following command.

  • netsh winsock reset

once you are done with it, simply restart your PC. It will automatically fix the dns_probe_finished_no_internet error.

or if it doesn’t work for you, then you also have some other options mentioned below.

Also Read – How to connect, manage and delete Wi-Fi networks using Command Prompt

Method 3: Changing Your own DNS to Google DNS

Switching over to Google DNS is a very nice option as compared with default DNS set by the router. The biggest reason for this switch is, it is more secure, allows websites to load faster, and is generally less prone to the errors.

  • Step – 1 

Right click on the windows logo and choose the network connections option.

  • Step – 2

Right click on the network you are connected with and select Properties.

  • Step – 3

In properties look for Internet Protocol Version 4 (TCP/IPv4). Double click on it.

  • Step – 4

Once you have an access to the main menu select option “Use The Following DNS Server Address”, and enter the following digits.

  • Preferred DNS Server: 8.8.8.8
  • Alternate DNS Server: 8.8.4.4

Press OK, and then exit.

Once you are done with it, you have to restart the internet in order to let things work properly.

On the time of booting up again, the DNS probe finished no internet should not bother you anymore.

Also Read – How to Change Your Default DNS to Google DNS for Fast Internet Speeds

Method 4: Updating the Driver

Most of the people ignore the fact that the drivers are the source of issues sometimes. So if you are not in habit of keeping the drivers up to date, then surely you are doing wrong.

  • Step – 1

Open the Run option by pressing Windows + R keys simultaneously.

  • Step – 2

On the search bar, type devmgmt.msc and hit enter. This will directly take you to the device management window and Once you are there, you should look for Network Adapter on the list.

  • Step – 3

Right click on it, and select Update Driver Software from the drop-down menu as you can see in the image above.

  • Step – 5

Then choose the option Browse my computer for driver software.

  • Step – 6

In the next step, choose Let me pick from a list of device drivers on my computer.

  • Step – 7

Now you will have to select the compatible hardware, and then click Next.

This will automatically update your network drivers. Once the driver is up to date, you will get a dialog box saying successful driver update. At that point, you should go ahead and restart your computer. Once the computer boots up, you will not be getting the DNS probe finished no internet.

Troubleshooting Process of DNS_Probe_Finished_No_Internet 

If you tried every single method above and still not getting the expected results. Then you need to perform the troubleshooting process.

This is in our opinion is the last option you can try on your own.

The process is completely simple, you only need to perform a series of steps for this. Now the first step is to check your internet connection on a different device.

If you are using your laptop or PC, you can connect your internet to your Mobile, or a different laptop. The reason behind this is very simple, we want to make sure that if your internet connection is okay or not.

If you are still facing the issues then you need to restart your device in which you are facing the problem, in this case, anything such as a laptop,pc or mobile.

One more thing a lot of people believe that restarting the router can have a negative impact, but it is not all true.

This is because by restarting the router, you are just cutting off all the communication between the router, the connected devices, and the internet.

So once you restarted, your router should be working as they are expected to be.

Final Thoughts

So if you are really facing this error then obviously you need to fix it otherwise you won’t be able to enjoy the internet as you should be.

The sad part about these errors like dns_probe_finished_no_internet is that they are hard to fix, and can have multiple reasons, and multiple solutions to them. All you need is to make sure that you must try every single available method before you can get in touch with a professional.

Conclusion

So this was all regarding the methods to fix of dns_probe_finished_no_internet or DNS probe finished no internet error. So if you are still facing this error then contacting a professional won’t be a shame. So must contact your ISP (internet service providers). At last, if you have any better suggestions then let us know in the comment section below. Would love to hear that.

Stay Tuned for more.

The post DNS_Probe_Finished_No_Internet fix for the chrome browser appeared first on TechWorm.

Blue Screen Windows 10 WDF_VIOLATION Error After Update- Fix October 2018

When it comes to updates, then we are sure that some of you will agree with us on a point that windows have a very bad reputation of ruining the user’s experience. It’s a reality. First, we faced the file deletion bug in October 2018 windows 10 update, and now fresh reports are saying that HP workstations and laptops are receiving the blue screen of death (BSOD). This crashes the display with a WDF_VIOLATION error message after installing all the latest Windows 10 updates.

While Blue screen windows 10 WDF_VIOLATION stop code error is mostly seen in HP PC’s. Some other brand PC users are also reporting the same error after the Cumulative Update for Windows 10 Version 1803 (KB4462919).

The actual reason for this error is still not confirmed by any official source and it looks like the windows 10 blue screen crash is caused by the file located at C:\Windows\System32\drivers\HpqKbFiltr.sys which most probably is HP keyboard driver.

Microsoft has temporarily paused the rollout of the Windows 10 October update. But the users who received it might have noticed a blue screen on windows 10 with an error message STOP CODE- WDF_VIOLATION.

So, how to fix it?. is there any way to fix it?. The answer is yes.

How to Fix Blue screen windows 10 WDF_VIOLATION error after October 2018 update

Firstly, we all should know when a user attempts to install KB4462919 update, then HP laptop or computer gets crashed by stating “Your PC ran into a problem and needs to restart ” error and with the stop code of WDF_VIOLATION which is shown in the figure below.

luckily for HP PC users, there is an easy fix that is working for most of the users.

In order to fix the Blue screen windows 10 WDF_VIOLATION stop code error, you need to rename the HpqKbFiltr.sys driver which of course you can’t do as your PC keeps crashing before you can enter the system and delete or rename any file.

Step 1-

So, In order to fix it, you need to wait for the recovery screen to appear on your Windows 10 PC. Which will surely appear after the crash.

How to Fix Blue screen windows 10 WDF_VIOLATION error after October 2018 update- step 1
Then Choose the troubleshoot option

Step 2-

In the following Troubleshoot screen choose the advanced options

How to Fix Blue screen windows 10 WDF_VIOLATION error after October 2018 update- step 2
Step 3-

How to Fix Blue screen windows 10 WDF_VIOLATION error after October 2018 update- step 3

In the following screen click on the command prompt option.

Step 4-

In the command prompt option, you need to be sure which drive is associated with your computer’s driver.

If it is the C drive Navigate to- C:\Windows\system32\drivers and rename the HpqKbFiltr.sys file to HpqKbFiltr.sys.bak.

after renaming it click exit and just reboot your PC.

Or, Instead of the above navigation procedure starting step 4. Type the following command-

bcdedit | find “osdevice”

cd c:\windows\system32\drivers

ren c:\Windows\System32\drivers\HpqKbFiltr.sys HpqKbFiltr.sys_old

It was C drive for us (Be sure which drive your driver is in.)

What if your PC does not have any file with name HpqKbFiltr.sys. How to fix WDF_VIOLATION blue screen windows 10 stop code error in that case?

While this error is not only limited to HP PC. Dell and some other PC brand users are also facing the same error after windows 10 October update. In that case, to fix it they should try restoring their windows 10 PC using System Restore.

In order to do it. You need to enter the boot manager settings.

For which, You need to directly follow step 1, 2 and in step 3 select system restore instead of command prompt and then select a saved previous restore point from your PC which will undo the latest changes in your PC and fix the problem.

Some of the Windows 10 users are also facing audio related error after the October 2018 update. here’s how to fix No Audio Output Device Is Installed error In Windows 10

So this was how you can fix the Blue screen windows 10 WDF_VIOLATION stop code error in windows 10. do let us know of any other solution you know about and if it is working for you or not.

Stay tuned for more.

The post Blue Screen Windows 10 WDF_VIOLATION Error After Update- Fix October 2018 appeared first on TechWorm.

How To Fix Err_cache_miss in Google Chrome

When it comes to surfing the internet, then we spent our most of day on it. It’s a fact. But there are situations when we face some errors while surfing, scrolling or maybe navigating through the websites. We sometimes think that those errors may occur due to some network problem or modem/router issue. But that’s not the case. Recently many users are facing an error named “err_cache_miss” and in this article, we are providing you with the ways to fix it.

How Err_cache_miss error occur?

Well, It has been observed that error often occurs when developers are testing their applications using some wrong code, or sometimes users face it while surfing through particular websites.

It is also been observed that this “err_cache_miss” error only occurs in a google chrome web browser. Which is indeed an issue.

Nevertheless, the error may look like this to you (see the image below).

err_cache_miss

It immediately appears on the screen with the message: Confirm Form Resubmission and sub error message: ERR_CACHE_MISS.

Now, talking about the reason for its occurrence.

It mainly occurs when the web browser is having issues with its cache system. The caching system issue basically belongs to a particular website or web-based application due to wrong codes within the website or an app.

But not only this sometimes it may also occur when something goes wrong with your web browsers such as bugs, bad browser settings, and corrupted extensions.

Methods of fixing the Err_cache_miss error

There are basically 3 methods to fix this error.

But before learning those methods you all must be familiar with the exact situation of its occurrence. Why? well, this will tell you exactly which method to apply. It’s as simple as that.

3 Different Situations for err_cache_miss Error occurrence.

  1. You got this error while accessing some websites.
  2. Error occurs when accessing your own personal, commercial or business website.
  3. Or you got this error while using Chrome Development tool.

Now after analyzing and matching one of the above situations, you can put the best method suitable for the situation which is mentioned below.

1. Got Err_Cache_Miss Error While Accessing Websites

It is one of the most common situations of error occurrence. If you are trying hard to access a bunch of websites and they didn’t load instead, they show this Err_Cache_Miss Error message then you can try the following 2 methods to fix this.

  1. Clearing Google Chrome Browsing Data – Yes, clearing all your chrome browsing data can fix this error. As cache represents some recently used and stored files in the memory. It means if some badly corrupted files such as (cookies, cached files) are stored in your browser. So maybe this is the reason that causes the error to occur. In order to clear the browsing data back to default just copy the link – chrome://settings/resetProfileSettings into the address bar of your browser and then click on the “Reset” button.
  2. Uninstalling the Toolbar And Spam/Adware Programs – Sometimes the error occurs when you installed unnecessary bad malware oriented toolbars in your web browser. So you need to remove them in order to fix this issue.

2. Got Err_Cache_Miss Error While Accessing Your Own Website

Well, it doesn’t mean that if this error occurs your website code is wrong. So don’t be sacred for this.

It can be the problem with your Chrome web browser.

So, you should try above-mentioned methods first, unless you are modifying your own website. In this situation, just undo what you recently did, and everything will be fine and good to go.

For the WordPress users, we recommend you to disable any kind of caching plugin in order to test whether those plugins cause the Err_Cache_Miss error or not.

3. Got Err_Cache_Miss Error While Using Development Tool

If you are using Google Chrome Development Tool then having this error message is a common issue.

Why? simply because of bugs. You only need to update your Chrome web browser to fix this issue. After doing this you will see this issue is completely gone.

Nevertheless, if you are already using the latest version, then you will need to wait until the next update available. Otherwise, you can try a few methods below-

  • Remove Unnecessary Plugins – As mentioned in the above methods, removing the unnecessary plugins will help you in getting rid of this error for sure.

Just go to the more tools option then extensions tab.

  • Disable Cache System – You can manually disable the cache system when using Development Tool. Yes, it’s true. In order to disable the caching system just press Ctrl + Shift + I then F1 and then choose “Disable cache (while DevTools is open)“. After that, just reload the web page by pressing Ctrl + F5 and you are good to go.

Also Read – Google chrome extension, “Add to Feedly” and “Tweet This Page” served unwanted Adware.

So this was all regarding Err_cache_miss error fix in Google Chrome 2018. If you have any better suggestions let us know in the comment section below. Would love to hear that.

Stay Tuned for more.

The post How To Fix Err_cache_miss in Google Chrome appeared first on TechWorm.

Kinemaster For PC Windows 10/8/7 Free Download

Kinemaster is one of the most feature-rich video editing software for Android smartphone users. Surprisingly, this smartphone application has all the necessary tools required to edit even a short film. Well, if you want to use this full-fledged video-editor on a Windows PC (Kinemaster For PC Windows), you are reading the right article.

So here’s how you easily download and install Kinemaster for Windows PC.

ALSO READ: 10 Best Free Video Editing Software In 2018

How To Install Kinemaster For Windows And MacOS?

There’s only one method for installing Android applications and games on Windows or MacOS, and i.e. using an Android emulator. Bluestacks 4 is possibly the best well-optimized Android emulator that literally performs as an Android phone. So here’s how you can download and install Kinemaster for Windows.

  • Download the Bluestacks 4 emulator and install the exe file on your computer.
  • Once installed sign-in with your Google account on Bluestacks 4
  • Next up open Playstore and search “Kinemaster.”
  • Install the application and use Kinemaster.

You can use this impressive video-editor on Windows PC. The primary advantage of using Kinemaster on PC is the larger screen of the computer. A larger screen enhances the overall workflow while editing videos. Furthermore using Blustacks, you can easily remap keys as per your preference.

Kinemaster: Best Android Video Editor

Kinemaster is a very capable video-editor for smartphones. This application offers timeline-based workflow consisting of separate video and audio layers. Well, Kinemaster for PC that you just downloaded is a free version of this application. That said, apart from the annoying watermark, there is no difference between the paid and free version of Kinemaster.

Lastly, if you face any issue while using Kinemaster on Bluestacks, you can try these alternate emulators.

  1. Nox App Player
  2. Ko Player
  3. Andy emulator
  4. Remix OS Player
  5. Droid4X.

Also Read– Best Android Emulators for Windows PC and Mac

Conclusion

So this was all about Kinemaster for windows PC. Do let us know whats your video-editor of choice for Android smartphones.

The post Kinemaster For PC Windows 10/8/7 Free Download appeared first on TechWorm.

Here are the Top Online Scams You Need to Avoid Today [Updated 2018]

We truly want to believe that the Internet is a safe place where you can’t fall for all types of online scams, but it’s always good reminder to do a “reality check”. We, humans, can become an easy target for malicious actors who want to steal our most valuable personal data.

Criminal minds can reach these days further than before, into our private lives, our homes and work offices. And there is little we can do about it. Attack tactics and tools vary from traditional attack vectors, which use malicious software and vulnerabilities present in almost all the programs and apps (even in the popular Windows operating systems), to ingenious phishing scams deployed from unexpected regions of the world, where justice can’t easily reach out to catch the eventual perpetrators.

According to a report from the Federal Trade Commission (FTC), Millenials are particularly more vulnerable to online scams than seniors, as shocking as it may seem. The research finds that “40 percent of adults age 20-29 who have reported fraud ended up losing money in a fraud case”.

Here are the findings of a report about financial scams

Source: Federal Trade Commision

For this reason, we need to know what are the most popular techniques malicious actors are using to get unauthorized access to our private information and financial data.

We must not forget their final target is always our money and there is nothing they won’t do to accomplish their mission.

Use the links below to quickly navigate the list of online scams you need to stay away from right now.

Phishing email scams
The Nigerian scam
Greeting card scams
Bank loan or credit card scam
Lottery scam
Hitman scam
Romance scams
Fake antivirus software
Facebook impersonation scam (hijacked profile scam)
Make money fast scams (Economic scams)
Travel scams
Bitcoin scams
Fake news scam
Fake shopping websites
Loyalty points phishing scam
Job offer scams
SMS Scaming(Smshing)
Overpayment Online Scam
Tech Support Online Scams

1. Phishing email scams

More than one third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new report from F-Secure.

Phishing scams continue to evolve and be a significant online threat for both users and organizations that could see their valuable data in the hands of malicious actors.

The effects of phishing attacks can be daunting, so it is essential to stay safe and learn how to detect and prevent these attacks.

Phishing scams are based on communication made via email or on social networks. In many cases, cyber criminals will send users messages/emails by trying to trick them into providing them valuable and sensitive data ( login credentials – from bank account, social network, work account, cloud storage) that can prove to be valuable for them.

Moreover, these emails will seem to come from an official source (like bank institutions or any other financial authority, legitime companies or social networks representatives for users.)

This way, they’ll use social engineering techniques by convincing you to click on a specific (and) malicious link and access a website that looks legit, but it’s actually controlled by them. You will be redirect to a fake login access page that resembles the real website. If you’re not paying attention, you might end up giving your login credentials and other personal information.

We’ve seen many spam email campaigns in which phishing were the main attack vector for malicious criminals used to spread financial and data stealing malware.

In order for their success rate to grow, scammers create a sense of urgency. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access as soon as possible a site where you must insert your credentials in order to confirm your identity or your account.

After you fill in your online banking credentials, cyber criminals use them to breach your real bank account or to sell them on the dark web to other interested parties.

Here’s an example of a sophisticated email scam making the rounds that you should be very careful.

An example of phishing scam

Source: News.com.au

Use this complete guide on how to detect and prevent phishing attacks (filled with screenshots and actionable tips) to better fight these attacks.

2. The Nigerian scam

Probably one of the oldest and most popular Internet scam used mostly by a member of a Nigerian family with wealth to trick different people. It is also known as “Nigerian 419”, and named after the section of Nigeria’s Criminal Code which banned the practice.

A typical Nigerian scam involves an emotional email, letter, text message or social networking message coming from a scammer (which can be an official government member, a businessman or a member of a very wealthy family member – usually a woman) who asks you to give help in retrieving a large sum of money from a bank, paying initially small fees for papers and legal matters. In exchange for your help, they promise you a very large sum of money.

They will be persistent and ask you to pay more and more money for additional services, such as transactions or transfer costs. You’ll even receive papers that are supposed to make you believe that it’s all for real. In the end, you are left broke and without any of the promised money.

Here’s how a Nigerian scam could look like:

one of the most common online scamsSource: MotherJones.com

3. Greeting card scams

Whether it’s Christmas or Easter, we all get all kind of holiday greeting cards in our email inbox that seem to be coming from a friend or someone we care.

Greeting card scams are another old Internet scams used by malicious actors to inject malware and harvest users’ most valuable data.

If you open such an email and click on the card, you usually end up with malicious software that is being downloaded and installed on your operating system. The malware may be an annoying program that will launch pop-ups with ads, unexpected windows all over the screen.

If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. If this happens, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.


I never thought cyber criminals could be so creative! Check out these online scams to stay away from
Click To Tweet


To keep yourself safe from identity theft and data breach, we recommend using a specialized security program against this type of online threats.

To find out more information about financial malware, read this article. And here’s how you can tell if your computer was infected with malware.

Another common Internet scamSource: The Beacon Bulletin

4. Bank loan or credit card scam

People can be easily scammed by “too good to be true” bank offers that might guarantee large amounts of money and have already been pre-approved by the bank. If such an incredible pre-approved loan is offered to you, ask yourself:

“How is it possible for a bank to offer you such a large sum of money without even checking and analyzing your financial situation?”

Though it may seem unlikely for people to get trapped by this scam, there’s still a big number of people who lost money by paying the “mandatory” processing fees required by the scammers.

Here are 9 warning signs and sneaky tactics to watch out and avoid becoming a business loan scam.

As regards to credit card scams, a recent report from the Identity Theft Resources Center said that the number of credit and debit card breaches have been on the rise last year. To better safeguard your data and prevent thieves from getting access to your payment card details, consider:

  • Watching your accounts closely and monitor your online transactions;
  • Taking advantage of free consumer protection services;
  • Signing up for free credit monitoring.

Source: ChaffeurDriven.com

5. Lottery scam

This is another classic Internet scam which doesn’t seem to get old. A lottery scam comes as an email message informing you that you won a huge amount of money and, in order to claim your prize or winnings, you need to pay some small fees.

Lucky you, right?! It doesn’t even matter that you don’t recall ever purchasing lottery tickets.

Since it addresses some of our wildest fantasies, such as quitting our jobs and living off the fortune for the rest of our lives, without ever having to work again, our imagination falls prey easily to amazing scenarios someone can only dream of.

But the dream ends as soon as you realize you have been just another scam victim. DO NOT fall for this online scam and have a look at this checklist to see if you are getting scammed.

This is an example of a lottery scamSource: Ripandscam.com

6. Hitman scam

One of the most frequent Internet scams you can meet online is the “hitman” extortion attempt. Cyber criminals will send you an email threatening to extort money from you. This type of online scam may come in various forms, such as the one threatening that they will kidnap a family member unless a ransom is paid in a time frame provided by the scammers.

To create the appearance of a real danger, the message is filled with details from the victim’s life, collected from an online account, a personal blog or from a social network account.

That’s why it’s not safe to provide any sensitive or personal information about you on social media channels. It might seem like a safe and private place, where you’re only surrounded by friends, but in reality you can never know for sure who’s watching you.

Also,it’s better to be a little bit paranoid and protect all your digital assets like everyone is watching. Here’s how a Hitman scam looks like:

7. Online dating (romance) scams

As the Internet plays an important role in our social lives, with apps like Facebook or Instagram we access everyday, it’s inevitable to use apps to look for love as well.

Online dating apps are very popular these days and they are a great way to meet your future life partners. I have actually an example with a friend of mine who was lucky enough to find her future husband on a dating site.

But not all scenarios have a “happy end” like this one, and you need to be very careful, because you never know who can you meet.

A romance scam usually takes place on social dating networks, like Facebook, or by sending a simple email to the potential target, and affect thousands of victims from all over the world.

The male scammers are often located in West Africa, while the female scammers are mostly from the eastern parts of Europe.

Cyber criminals have abused this scamming method for years by using the online dating services. They improved their approach just by testing the potential victims’ reactions.

According to a research published in the British Journal of Criminology last month, the techniques (and psychological methods) used by scammers in online romance scams are similar with those used in the domestic violence cases.

To avoid becoming a victim of these Internet scams, you need to learn how to better protect yourself.

Knowing that hundreds of women and men from all over the globe are victims of this online scams, we recommend using these security tips for defensive online dating, including warning signs that could help you from becoming an easy target.

I would also recommend reading these real stories and learn from them, so you don’t fall for these online scams:

 

8. Fake antivirus software

We all saw at least once this message on our screens: “You have been infected! Download antivirus X right now to protect your computer!

Many of these pop-ups were very well created to look like legitimate messages that you might get from Windows or any other security product.

If you are lucky, there is nothing more than an innocent hoax that will bother you by displaying unwanted pop-ups on your screen while you browse online. In this case, to get rid of the annoying pop-ups, we recommend scanning your system using a good antivirus product.

If you are not so lucky, your system can end up getting infected with malware, such as a Trojan or a keylogger. This kind of message could also come from one of the most dangerous ransomware threats around, such as CryptoLocker, which is capable of blocking and encrypting your operating system and requesting you a sum of money in exchange for the decryption key.

To avoid this situation, we recommend enhancing your online protection with a  specialized security product against financial malware, and complement your traditional antivirus program.

Also, make sure you do not click on pop-up windows that annoyingly warn you’ve been infected with virus. Remember to always apply the existing updates for your software products, and install only legitimate software programs from verified websites.

If you’ve been infected, you can use an antimalware tool such as Malwarebytes to try removing the malware infection or pay attention to these warning signs and learn how to find a doable solution.

Source: Oreganstate.edu

9. Facebook impersonation scam (hijacked profile scam)

Facebook. Everyone is talking about it these days, and the scandal about Cambridge Analytica firm harvesting personal data taken from millions of this social media channel without users’ consent.

It’s still the most popular social media network where everyone is active and use it on a daily basis to keep in touch with friends and colleagues. Unfortunately, it has become also the perfect place for online scammers to find their victims.

Just imagine your account being hacked by a cyber criminal and gaining access to your close friends and family. Nobody wants that!

Since it is so important for your privacy and online security, you should be very careful in protecting your personal online accounts just the way you protect your banking or email account.

Facebook security wise, these tips might help you stay away from these online scams:

  • Do not accept friend requests from people you don’t know
  • Do not share your password with others
  • When log in, use two-factor authentication
  • Avoid connecting to public and free Wi-Fi networks
  • Keep your browser and apps updated
  • Add an additional layer of security and use a proactive cyber security software.

To enhance your online privacy, I recommend reading our full guide on Facebook security and privacy.

facebook-scam

10. Make money fast scams (Economic scams)

Cyber criminals will lure you into believing you can make money easy and fast on the internet. They’ll promise you non-existent jobs, including plans and methods of getting rich quickly.

It is a quite simple and effective approach, because it addresses a basic need for money, especially when someone is in a difficult financial situation.

This scamming method is similar to the romance scam mentioned above, where the cyber attackers address the emotional side of victims. The fraudulent posting of non-existent jobs for a variety of positions is part of the online criminals’ arsenal.

Using various job types, such as work-at-home scams, the victim is lured into giving away personal information and financial data with the promise of a well paid job that will bring lots of money in a very short period of time.

Read and apply these ten tips that can help you avoid some of the most common financial scams.

this is how a financial scam looks likeSource: Makerealmoneyonlinefree.com

11. Travel scams

These scams are commonly used during hot summer months or before the short winter vacations, for Christmas or New Year’s Day.

Here’s how it happens: you receive an email containing an amazing offer for an exceptional and hard to refuse destination (usually an exotic place) that expires in a short period of time which you can’t miss. If it sounds too good to be true, it might look like a travel scam, so don’t fall for it!

The problem is that some of these offers actually hide some necessary costs until you pay for the initial offer. Others just take your money without sending you anywhere.

In such cases, we suggest that you study carefully the travel offer and look for hidden costs, such as: airport taxes, tickets that you need to pay to access a local attraction, check if the meals are included or not, other local transportation fees between your airport and the hotel or between the hotel and the main attractions mentioned in the initial offer, etc.

As a general rule, we suggest that you go with the trustworthy, well known travel agencies. You can also check if by paying individually for plane tickets and for accommodation you receive the same results as in the received offer.

If you love to travel, you can easily fall prey to airline scams by simply looking for free airline tickets. Airline scams are some of the most popular travel scams, and we recommend applying these valuable tips.

travel

12. Bitcoin scams

If you (want to) invest in Bitcoin technology, we advise you to be aware of online scams. Digital wallets can be open to hacking and scammers take advantage of this new technology to steal sensitive data.

Bitcoin transactions should be safe, but these five examples of Bitcoin scams show how they happen and how you can lose your money.

The most common online scams to watch out for:

  • Fake Bitcoin exchanges
  • Ponzi schemes
  • Everyday scam attempts
  • Malware

Here’s how you can spot a Bitcoin scam and how to stay safe online.

Source: Express.co.uk

13. Fake news scam

The spread of fake news on the Internet is a danger to all of us, because it has an impact on the way we filter all the information we found and read on social media. It’s a serious problem that should concern our society, mostly for the misleading resources and content found online, making it impossible for people to distinguish between what’s real and what is not.

We recommend accessing/reading only reliable sources of information coming from friends or people you know read regular feeds from trusted sources: bloggers, industry experts, in order to avoid fake news.


If it seems too good to be true, it’s most likely a scam. Take a look over these online scams
Click To Tweet


This type of scam could come in the form of a trustworthy website you know and often visit, but being a fake one created by scammers with the main purpose to rip you off. It could be a spoofing attack which is also involved in fake news, and refers to fake websites that might link you to a buy page for a specific product, where you can place an order using your credit card.

To avoid becoming a victim of online scams, you can use tech tools such as Fact Check from Google or Facebook’s tool aimed at detecting whether a site is legitimate or not, analyzing its reputation and data.

Cyber security experts believe that these Internet scams represent a threat for both organizations and employees, exposing and infecting their computers with potential malware.

Source: Opportunitychecker.com

14. Fake shopping websites

We all love shopping and it’s easier and more convenient to do it on the Internet with a few clicks. But for your online safety, be cautious about the sites you visit. There are thousands of websites out there that provide false information, and might redirect you to malicious links, giving hackers access to your most valuable data.

If you spot a great online offer which is “too good to be true”, you might be tempting to say “yes” instantly, but you need to learn how to spot a fake shopping site so you don’t get scammed.

We strongly recommend reading these online shopping security tips to keep yourself safe from data breaches, phishing attacks or other online threats.

Source: Originalo.de

15. Loyalty points phishing scam

Many websites have a loyalty program to reward their customers for making different purchases, by offering points or coupons. This is subject to another online scam, because cyber criminals can target them and steal your sensitive data. If you think anyone wouldn’t want to access them, think again.

The most common attack is a phishing scam that looks like a real email coming from your loyalty program, but it’s not. Malicious hackers are everywhere, and it takes only one click for malware to be installed on your PC and for hackers to have access to your data.

As it might be difficult to detect these phishing scams, you may find useful this example of a current phishing campaign targets holders of Payback couponing cards, as well as some useful tips and tricks to avoid being phished.

Source: G Data Security Blog

16. Job offer scams

Sadly, there are scammers everywhere – even when you are looking for a job – posing as recruiters or employers. They use fake and “attractive” job opportunities to trick people.

It starts with a phone call (or a direct message on LinkedIn) from someone claiming to be a recruiter from a well-known company who saw your CV and saying they are interested in hiring you. Whether you’ve applied or not, the offer might be very appealing, but don’t fall into this trap.

To protect yourself from job offer scams, it’s very important to:

  • Do a thorough research about the company and see what information you can find about it;
  • Check the person who’s been contacted you on social media channels;
  • Ask for many details and references and check them out;
  • Ask your friends or trustworthy people if they know or interacted with the potential employer.

To avoid these types of online job scams, check this article.

Source: Drexel.edu

17. SMS Scaming (Smshing)

Smartphones. You can’t live without them in the era of Internet. They’ve become essential for communication, online shopping, banking or any other online activity.

Needless to say the amount of data we store on our personal devices which make them vulnerable to cyber criminals, always prepared to steal our online identities or empty our bank accounts.

Smishing (using SMS text messages) is a similar technique to phishing, but, instead of sending emails, malicious hackers send text messages to their potential victims.

How this happens? You receive an urgent text message on your smartphone with a link attached saying that it’s from your bank and you need to access it in order to update your bank information, or other online banking information.

Be careful about these SMS you receive and don’t click on suspicious links that could redirect to malicious sites trying to steal your valuable data. These useful tips can help you easily spot these types of online scams.

Source: Malwarebytes Labs

18. Overpayment Online Scam

If you are considering selling different items on specialized online sites, we strongly recommend watching out for overpayment scam.

A typically overpayment online scam like this works by getting the potential victim “to refund” the scammer an extra amount of money because he/she send too much money. The offer will often be quite generous and bigger than the agreed price. The overpay (extra money) is to cover the costs of shipping or certain custom fees.

One such story can unfold right now and can happen to each of you. This happened to one of our Heimdal Security team members. After smiling a bit and seeing the method, we did realize that’s a common online scam and we had to share it with you. Also, we included a few security tips and actionable advice to prevent falling prey to overpayment online scam.

Our colleague posted a sofa for sale on a Danish site called dba.dk which is a sort of a flea market online. After a few days, he received a message from a person claiming to be interested in the item and willing to pay more than the price offered, via PayPal account.

Here’s how a scam email looks like in which the malicious person asks for personal information to transfer the money.

Also, here’s the confirmation email coming from the scammer which shows that he paid an extra amount for the sofa, including extra shipping fees and MoneyGram charges the extra fee for transportation.

After that, he also got another email saying that he needs to refund the extra amount of money, including the shipping and transportation charges to a certain shipping agent via MoneyGram transfer.

Here’s how the phishing email looks like that you should be very careful and don’t fall for it:

Follow these security tips to protect yourself from overpayment online scam:

  • If you notice a suspicious email coming from untrusted source or something out of ordinary, you should report it as soon as possible.
  • If you receive a similar email like the one our colleague got, do not transfer extra money to someone you don’t know, especially if he/she wants to overpay. A legitimate buyer won’t do that.
  • Also, do not transfer money to a fake shipping company or some private shipping agent, because it’s part of scam and you need to be very careful.
  • Do not provide personal information to people who don’t show a genuine interest in buying your item.
  • Do not send the product to the buyer until the payment was completed and received in your bank account.

19. Tech Support Online Scams

Here’s another online scam that is common and you need to be extra careful. The next time your smartphone rings and you don’t know the number, think twice before answering. Maybe it’s not your friend on the other end of the phone, maybe it’s the scammer!

According to a recent report “nearly half of all cellphone calls next year will come from scammers”, so we need to learn how to better detect and prevent such malicious actions coming from skilled persons.

Tech support scams are very common and widespread these days. Scammers use various social engineering techniques to trick potential victims into giving their sensitive information. Even worst, they try to convince potential victims to pay for unnecessary technical support services.

These tech “experts” pretend to know everything about your computer, how it got hacked and many other details that help them gain your trust and convince victims to fall prey for their scams.

A scenario like this can happen as we write this, and one of our Heimdal Security team members recently got a phone scam call. While we got amused by the conversation he had with the person pretending to work for an Indian tech support company, we realized it can happen to anyone which can become an easy target.

What happened?

The person, pretending to be the representative of a software company and experienced one, is informing our colleague that his computer got hacked by cybercriminals, and offers to guide him and solve this urgent problem.

With poor English skills, he gives details about the serial number of the computer, and provide guidance to access the unique computer ID, trying to misrepresent normal system as having serious issues. After a few minutes, the call is transferred to another tech representative who informs our colleague that they detected unusual activity going through his computer. He’s been told that multiple attempts have been seen on the PC in which hackers tried to get unauthorized access to his computer.

Our colleague detected this as being scam and didn’t go along with it, but for someone without technical knowledge, it may not be so easy to spot.

You can listen to this call here:

If someone else would have fallen prey for this online scam, things would have gone even further. The so-called tech scammers could persuade the potential victim to give them remote access to the system. To “help” the victim, scammers mention about additional software that are required to be installed and victims need to pay for these software victims, hence, provide credit card details. You can find out more info here

How to avoid getting scammed by tech support “specialists”

To avoid becoming an easy target of these sneaky tech support scammers, we strongly recommend following these basic rules:

  • Do not trust phone calls coming from people pretending to come from tech “experts”, especially if they are requesting for personal or financial information;
  • DO NOT PROVIDE sensitive data to them or purchase any software services scammers may suggest you as a solution to fix your tech problem.
  • DO NOT allow strangers to remotely access your computer and potentially install malicious software;
  • Make sure you download software apps and services only from official vendor sites;
  • Don’t take it for granted when a stranger calls you out of the blue, pretending to have a technical solution for your issues. Make sure you ask for proof of their identity and do a quick research about the company they are calling you from;
  • Always have an antivirus program installed on your computer, and for more protection, consider adding multiple layers of security with a proactive security solution like our Thor Premium Home, which will stop any type of online threats.
  • Have a security-first mindset and be suspicious about everything around you. Also, consider investing in education and learn as much as possible about cyber security.

 Conclusion

Since some scams are so well organized and really convincing, and people behind them so difficult to catch, we need to always keep our guard up. Stay informed about the latest scamming strategies.

Have you met some of the above scams while browsing or in your email inbox? What were the most convincing ones?

Spend time with your family, not updating their apps!
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Thor FREE

The post Here are the Top Online Scams You Need to Avoid Today [Updated 2018] appeared first on Heimdal Security Blog.

Playerunknown’s Battlegrounds (PUBG) PC Download Free And Paid

PUBG is possibly the most popular online multiplayer battle royale game available for consoles, computers, and smartphones. Winning games in Playerunknown’s battlegrounds entirely depends on skills and the amount of experience you have gained playing the game. In this article we have provided with PUBG PC download tips and how to play.

A majority of gamers rely on PC for playing PUBG. So here’s how you can easily download both free and paid versions of PUBG on your PC.

ALSO READ: How PUBG Mobile hack works? Is hacking APK legal?

How To Download Free PUBG Game On PC

If you want to play PUBG for free on PC, then you have to rely on PUBG Mobile. That said, playing PUBG Mobile on PC can be a tricky process, and may end up offering substandard gameplay coupled with random frame drops. So these are the four best emulators that will help you to download, install and play PUBG Mobile for free on PC.

1. Tencent Gaming Buddy

The first emulator on the list is created by Tencent Games. These are the same developer who created PUBG Mobile. Consequently, Tencent Gaming Buddy can be considered as the official emulator whose primary purpose is to play PUBG Mobile on PC.

Well, Tencent Gaming Buddy will offer the best performance and optimization as compared to other emulators.

The installation process of Tencent Gaming Buddy is very straightforward. Once the emulator is installed on your PC, it automatically begins downloading and installing PUBG Mobile. You get full access over the controls with this emulator.

Furthermore, there is no need to create an account or use VPN for playing the game. Lastly, its the only emulator that regularly checks and update PUBG Mobile on your PC.

DOWNLOAD PUBG Mobile

2. NoxPlayer

The next highly compatible emulator for PC is NoxPlayer. To install and play PUBG Mobile on PC via NoxPlayer, install the game from Play Store. If you face any problem while installing the game try to clear up Google Play Store data.

If everything goes right, then you can easily play PUBG Mobile. That said if you have any performance issues follow the below mentioned steps.

You can improve the performance and framerate of PUBG Mobile for PC by tweaking a few settings.

Open Emulator settings

  • CPU at least 2 or more than 2
  • Memory minimum 2048MB or more
  • Graphics rendering mode: either DX mode or OpenGL
  • Resolution: 1280*720

Save these settings and restart the emulator, you will get better frame rates and improved performance.

DOWNLOAD NoxPlayer

3. KO Player

KO Player is a completely free Android emulator which is dedicated for playing Android games on PC. This gaming emulator offers many nifty features like KeyMapping, screen recording while gaming and much more.

The installation process of PUBG Mobile is a bit tricky on KO Player. You can easily install the apk file of PUBG Mobile on KO Player. Now, the game requires OBB or the data file. You have to copy this file from your smartphone and paste it in the correct directory on PC. This OBB file named as com.tencent.ig is located in storage > Android > obb.

Once the installation is completed you can easily play PUBG Mobile. Though we still suggest you tweak some settings for enhanced gameplay experience and higher frame rates.

DOWNLOAD KO Player

4. BlueStacks 4

Bluestacks is one of the oldest and most popular Android emulators that has witnessed many enhancements in the past. Bluestacks 4 is now very well optimized for playing Android games. The developer even claims that you can get up to 6 times better performance as compared to Samsung Galaxy S9+ on Bluestacks 4.

Furthermore, the installation is similar to the way you install games on your smartphone.

So as to play PUBG Mobile on PC simply open Play Store and download the application. You can remap keyboard keys as per your preference. Well, if you spend some time adjusting the setting you can even expect drastic improvements in performance. Lastly, BlueStacks also doubles up as a perfect smartphone on your PC.

DOWNLOAD BlueStacks

ALSO READ: PUBG Mobile Season 3 update with new Royale Pass is here!

Download PUBG On PC

You can easily download and install PUBG on PC using Steam. The game is available for both Windows and MacOS and once added to your steam library it can be installed on any computer. Well, Steam offers many discounts during sales so keep an eye on that. Before, purchasing the game ensure that your PC fulfills the below-mentioned requirements.

  • OS: 64-bit Windows 7, Windows 8.1, Windows 10
  • Processor: Intel Core i5-4430 / AMD FX-6300
  • Memory: 8 GB RAM
  • Graphics: NVIDIA GeForce GTX 960 2GB / AMD Radeon R7 370 2GB
  • DirectX: Version 11
  • Network: Broadband Internet connection
  • Storage: 30 GB available space

DOWNLOAD PUBG From Steam

CONCLUSION

So these were some easy ways to download and play PUBG on your PC. If you come across any issue while installing PUBG, do let us know in the comments section below. Lastly, if you wish to share any other efficient method to install PUBG to share it.

The post Playerunknown’s Battlegrounds (PUBG) PC Download Free And Paid appeared first on TechWorm.

Safari users: Where did your extensions go?

Safari 12 has brought with it some changes to how OSX handles browser extensions. At WWDC in June, Apple announced that Safari would block legacy extensions installed from outside the Extensions Gallery, which itself would now be deprecated.

As a replacement, Safari will now rely on “app extensions.” Apple said that app extensions don’t see any browsing details, are more segregated from user data, and put much less of a strain on overall performance. Sounds great, right? Unfortunately implementation has been somewhat high-handed, as you can see below:

No user interaction required, no real information on why specific extensions were turned off to the exclusion of others, just an automatic disabling. When this happens with security-focused extensions, it can be a little alarming, and a lot of users seem to have been caught by surprise.

How to re-enable extensions

Some extension makers like Adblock Plus have released new versions to comply with Apple’s security requirements. But if your favorite hasn’t been updated yet, how do you re-enable it?

With Safari open:

  • Go to Preferences
  • Click the Extensions icon
  • Manually check the box next to the extension you’d like to enable

But why is this a security issue?

That’s not very much work to get your extensions back, so what’s the big deal? Apple announced it in advance, after all. Let’s look at a few reasons why this might not have been the best way to roll out new OSX features.

The dialog box lies

“Safari turned off extensions that slow down web browsing.” In the most literal sense, this is true.  Browsing without any extensions at all would most likely be fractionally faster. This is not why Safari turned them off, however.

“You can find newer extensions in the App Store.” This is literally true. But can you find newer versions of the specific extensions referenced? Who knows? The extensions in the screenshot at the top were most likely turned off because they did not come from the extension gallery to begin with, and only one had a new app extension available at time of writing.

Apple does not communicate any of this via the dialog box.

The release notes are confusing

Here’s what the Safari 12 release notes say on the subject:

  • Automatically turns off Safari extensions that negatively impact browsing performance
  • Improves security by only supporting legacy Safari Extensions that have been reviewed by Apple

In the above example, the extension block was most likely due to the second bullet. But the dialog only references the first bullet. Which one was it? How can I tell which of my legacy extensions will continue to receive support?

The choice is made for you

This is somewhat a matter of taste, as not everyone wants to be bothered with the inner machinations of their Mac. Very few people read the text in any dialog box, and when it comes to security, most people assume that their Mac knows best.

But when security improvements impact performance, shouldn’t you be given the option to think about it before a change? Further, what about extensions that are used routinely to get work done? Some are much more critical than those that change the word “millennial” to “snake people” on web pages. Switching off everything indiscriminately can have negative effects on productivity.

Apple’s motives with the change are pure, and strengthening a wall between extensions and user data is a great idea. But implementations that don’t consider user experience create a great deal of short term frustration, and can erode trust in future security improvements.

The post Safari users: Where did your extensions go? appeared first on Malwarebytes Labs.

Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe

October 8-11, the international cybersecurity forum HackIT 4.0 will be held in Kiev, Ukraine. The annual forum aims to be

Security In The Crypto World: Exchanges, Wallets, Personal Data. Kiev To Host The Largest Cybersecurity Forum In Eastern Europe on Latest Hacking News.

Q&A with One of The Youngest People to Gain OSCP at Only 17 Years Old

OSCP is considered one of the top certifications within the IT security industry owing to the fact it leans heavily

Q&A with One of The Youngest People to Gain OSCP at Only 17 Years Old on Latest Hacking News.

Windows 10 Compatibility Checker- Test If Your PC Can Run It (Working 2018)

Microsoft claims that Windows 10 has more than 700million active users, this makes Windows 10 the most popular computer operating system. Well, if you were living under a rock and still use Windows 7, Windows 8, or Windows 8.1 then Windows 10 compatibility checker will definitely help you. So here’s how you can use Windows 10 compatibility test and upgrade to Windows 10.

Windows 10 Minimum Hardware Requirements 

The first and foremost step before checking Windows 10 compatibility is to fulfill the minimum hardware requirement as stated by Microsoft.

  • Processor: 1 gigahertz (GHz) or faster processor or SoC
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS
  • Graphics card: DirectX 9 or later with WDDM 1.0 driver
  • Display: 800×600

Well, if you are using a computer that was manufactured in the last decade then you might not face any problem, but anything before that should be properly upgraded.

Windows 10 Compatibility Checker

Microsoft officially supports the ability to upgrade Windows 7 and Windows 8.1 computers to Windows 10. So if you are using a Windows 7 or Windows 8.1 PC then you can easily upgrade to Windows 10. As for people using vintage operating systems like Windows XP and Windows Vista, you will have to install a fresh copy of Windows 10.

That said, the free upgrade offer for Windows 10 by Microsoft was ended on July 29, 2016. Though you can still update to Windows 10 if you were running an original and licensed version of Windows 7 or Windows 8.1. Simply download Windows 10 and select the “Upgrade This PC Now” option and follow on-screen instructions to upgrade to Windows 10.

Also Read- 10 Best Windows Themes/Skins To Improve Your Windows 10 Look

Windows 10 Compatibility Check For Drivers

After or before installing Windows 10 it is necessary to download updated drivers from the website of various hardware manufacturers. Updating drivers will ensure that Windows 10 runs flawlessly without any issue.

Do share any other method for checking Windows 10 compatibility for older computers.

The post Windows 10 Compatibility Checker- Test If Your PC Can Run It (Working 2018) appeared first on TechWorm.

Nmap-bootstrap-xsl Hack Creates Visually Appealing Nmap Scan Reports : Interview With Its Creator, Andreas Hontzia

As the title itself states, nmap-xsl-bootstrap, a brand-new utility or, better to say an Nmap hack, that helps in beautifying

Nmap-bootstrap-xsl Hack Creates Visually Appealing Nmap Scan Reports : Interview With Its Creator, Andreas Hontzia on Latest Hacking News.

Winamp’s new beta version 5.8 leaks online

Winamp 5.8 beta leak surfaces on the web

A beta version of the upcoming Winamp 5.8 has been leaked online where it is being distributed heavily.

For those unaware, Winamp is one of the oldest popular MP3 players for Microsoft Windows devices, that supports numerous audio and video formats. Released in 1997, Winamp was originally developed by Justin Frankel and Dmitry Boldyrev by their company Nullsoft, which they later sold to AOL in 1999 for $80 million.

In November 2013, AOL announced that it would be shutting down Winamp.com in December 2013, and the software would no longer be available for download, nor supported by the company after that date. While the shutdown did not take place, but in January 2014, it was announced that Winamp was acquired by Radionomy, owners of the platform to create, discover, and listen-to online radio stations, for an undisclosed sum.

After the acquisition, Radionomy relaunched the Winamp website and made it available for download again. Back then, the company had promised to release a new version of Winamp with numerous features. However, no new stable version has been developed since Radionomy’s acquisition of Winamp in 2014.

Now, more than 4 years later, an anonymous user has uploaded a beta version of Winamp 5.8 media player leaked build that dates back to October 26, 2016. This leaked version also happens to be the first Winamp beta released under Radionomy’s umbrella. There are many change logs of the leaked build that mentions several new features and improvements, including the full compatibility with Windows 10 and Windows 8.1. The changes of the beta version have been listed on a forum post on the official Winamp forum.

Please note that Radionomy has not released the stable version of Winamp 5.8 yet, which means that the .exe uploaded online could contain numerous bugs and may lead to unexpected software crashes.

Hence, it is advisable not to install the media player yet. However, if you still choose to install it, it will be at your own risk and Techworm shall not be responsible for any consequences. You can download the file from here.

The post Winamp’s new beta version 5.8 leaks online appeared first on TechWorm.

How To Add Bots To Discord Server; Working-2018

Discord is possibly the best cross-platform voice and text chat service for gamers. Well, adding bots to discord server makes the messaging service even more feature rich. There are bots dedicated to specific games that show updated stats and scores. So here’s how to add bots to discord.

How To Add Bots To Discord Server

Adding bots to discord server is a straightforward process. First of all, ensure that you are logged in to your discord account. Next up select the bot that you want to add on discord. You can even check out some useful bots from Carbonitex. Once you have chosen bots to be added on discord server follow these simple steps.

1. Open general permissions of your discord server and ensure that Manage Channel, Manage Permissions, and Manage Webhooks are all turned on.


2. Select a bot from Carbonitex and click on “Add Bot to Server” button.
3. Next up select the server to which you want the bot to be added.
4. Lastly, authorize the bot and verify the captcha.

Alternate Method For Adding Bots To Discord Server

The method as mentioned earlier is very simple, but if you are a pro user and want to add bots quickly to your discord server, then this method might help you.

  1. Paste the following URL into any browser of choice  https://discordapp.com/oauth2/authorize?client_id=<Bot_Client_ID>&scope=bot&permissions=0
  2. Replace the ‘Bot_Client_ID’ in the above URL with the client ID of the bot you want to add.
  3. Similar to the previous method, authorize the bot and verify the captcha.

Benefits of Adding Bots To Discord Server

These bots can be considered as the virtual assistants that enhance your communication experience. Once, you add a bot to discord server you can use it anytime as per your preference. Furthermore, adding bots on discord also eliminates the need for tracking scores and stats of other gamers in the server. Bots can help improve productivity or make you laugh during intense gaming sessions. 

Do share some of the best Discord bots that you use. You can also share any alternate method on how to add a bot to discord and help the community.

The post How To Add Bots To Discord Server; Working-2018 appeared first on TechWorm.

SonarSnoop attack can steal your smartphone’s unlock patterns

Smartphone unlock patterns can be hacked using SonarSnoop attack

Researchers from Lancaster and Linkoping University have come up with a new attack technique that uses your smartphone’s speaker and microphone to steal unlock patterns from Android devices, reports ZDNet.

Dubbed as ‘SonarSnoop’, this method transforms a smartphone’s speaker and microphone into a sonar and uses sound waves to track a user’s finger position across the screen. In other words, the attack technique depends on the basic echo principle of sonar systems.

Also Read- Android smartphones can be hacked with AT commands attacks

For those unaware, Sonar (Sound Navigation and Ranging) uses sound propagation normally in submarines for detecting objects on or under the surface of the water, such as other vessels.

The study has been published in the research paper titled “SonarSnoop: Active Acoustic Side-Channel Attacks” that has detailed testing information of SonarSnoop on a Samsung Galaxy S4 running Android 5.0.1.

How does the SonarSnoop attack work?

SonarSnoop uses FingerIO as the primary source of inspiration and is the malicious version of FingerIO. The attack uses a malicious app on the device that emits sound waves from the phone’s speakers generated at frequencies – 18 KHz to 20 KHz – that are inaudible to the human ear.

The malicious app uses the device’s microphone to pick up the sound waves and bounces it back to nearby objects, which in this case are the user’s fingerprints. Depending on the position of the speakers and microphones, a machine learning (ML) algorithm is employed in the malicious application to determine the possible unlock patterns.

“The received signals are represented by a so-called echo profile matrix which visualizes this shift and allows us to observe movement. Combining observed movement from multiple microphones allows us to estimate strokes and inflections,” the researchers explained.

Results of SonarSnoop attack

With the help of SonarSnoop, the researchers were able to reduce the number of possible unlock patterns by more than 70%. Thanks to the ML algorithms built into the attack. The research team used 12 unlock patterns with 15 unique strokes in their experiment.

SonarSnoop currently cannot unlock the devices with 100% accuracy, as the method is still in the experimental stage. However, the accuracy is expected to improve with the ML Algorithm becoming more efficient with time, thereby reducing false unlock patterns.

Researchers also point out that although their experiment focuses on smartphones, SonarSnoop is “is applicable to many other kinds of computing devices and physical environments where microphones and speakers are available.”

Also Read- Hackers can spy on your computer screens through the webcam microphone

The post SonarSnoop attack can steal your smartphone’s unlock patterns appeared first on TechWorm.

Here Are The Essential Security Tips To Stay Safe On Social Media

When you say “social media”, the first thing that comes to mind is fun and entertainment. Social media is mostly about this.

Everyone has a social account on at least one platform. Whether it is Facebook, Twitter, Instagram or LinkedIn, we can easily stay in touch with friends and family, share memorable moments of our lives, follow experts from our professional area, or just read the news.

Social media habits may differ from one person to another, but the reality is we spend a lot of time on these networks. This is why we should ask ourselves more often:

“Do we really know how to stay safe on social media and avoid becoming easy targets for cyber criminals?”

Nowadays, privacy and security should be top priorities for us.

In this guide, you will find actionable and useful security tips to help you stay safe on social media.

You will also learn about the best security practices you need to apply to protect your most valuable data.

How to better secure your Facebook account

There’s no doubt that Facebook is one of the most used and popular social networks out there with over 2 billion people using the platform on a daily basis. Who doesn’t have a Facebook account these days?

It is the platform that helps us better connect with friends and family, and keep up with what they’re doing. But it’s also the place where we share a lot of personal information, so securing our online accounts need to be of utmost importance.

In light of the recent scandal between Cambridge Analytica and Facebook that involved a massive amount of personal information of about 50 million Facebook users, it raised lots of questions on how data is controlled and managed by this platform. I want to believe it was actually a wake-up call suggesting that privacy and security should have serious attention from us.

Follow these basic security tips so you can stay safe on the platform:

  • Do not share your password with others and make sure you always set a unique and strong one. Use this security guide that will teach you how to easily manage passwords like a pro and keep malicious actors away.
  • If you’ve logged in from a different computer/device you’ve shared with others, remember to always log out and don’t check “Keep me logged in”
  • Use two-factor authentication feature which can be activated by clicking the Setup button from Settings. Confirm this action by enabling it and re-enter your password, and then you will receive an email or a code via your mobile phone saying that two-factor authentication has been activated
  • Strongly advise you to accept friend requests from people you know in real life, or at least, verify if you have a few friends in common. There are many Facebook fake accounts used by malicious people who might spam or impersonate you
  • If you notice something suspicious on Facebook, report it immediately. You can do this here.

If you care about your data (and we know you do), make sure you got all covered in terms of security by reading this useful Facebook privacy and security guide.

Apply these security measures to better secure your Twitter account

I don’t know about you, but I am a big fan of this platform and love to tweet :-), look out for cyber security specialists and inspiring people, or read news from people and brands I follow.

Whether it’s for personal use or business reasons, this network is a great option to promote yourself, your company, as well as to reach out to someone and stay up to date with various topics you may be interested in.

We strongly recommend to apply these basic security and privacy tips to strengthen your Twitter account:

  • Always use strong and unique passwords for your Twitter account, and consider choosing a password manager to encrypt and better secure them. This rule should be followed to ensure safety for every social platform;
  • Use two-factor authentication system as a second layer of protection to enhance safety and verify your identity each time you sign in;
  • Activate the option “Protect my tweets” from Settings and Privacy -> Privacy and safety module, if you want to get some control over the info shared and who is following you;
  • Do not click on suspicious links you receive via private messages, because you could be exposed to phishing attacks used by cyber criminals or malicious persons who want to obtain your Twitter credentials or any other personal information;
  • Revise and pay attention to third-party apps that connect to your account, and implicitly have access to your personal data.
  • if you ever connect to your Twitter account from someone else’s computer, do not forget to log out and delete all the data of the browser or app.

We have a dedicated article on how you can secure your Twitter account in 10 basic steps that we recommend to check out so you can be one step ahead of scammers.


These actionable tips help me better secure my social media accounts
Click To Tweet


Privacy and security tips for your LinkedIn account

LinkedIn, the largest professional social network has more than 562 million users and is focused on bringing together professionals from all over the world. It keeps you connected with people you’ve worked or with whom you want to collaborate at some point in the future. It is also the place where you can find freelance projects, and, why not, your future dream job, could be one click or message away 🙂

Given the increase of phishing attacks which are still one of the most widespread and effective methods used by cybercriminals, it is essential to be aware of these scams on LinkedIn too. You don’t want to see your sensitive data exposed out there, right?

Follow these pro security tips to boost your LinkedIn security and privacy today and keep your data away from prying eyes:

  • Do not use generic and easy to crack passwords such as “Abcd123” or “Password123” like the Western Australian government employees did, because malicious actors can easily break them. Secure them by using a password manager that generates complex and unique passwords, and stores them in an encrypted database.
  • Choose wisely what information you share in your public profile and limit the data you make visible by reviewing and editing your sensitive data.
  • Have a look at those third-party apps you authorized to connect to your LinkedIn account because they get access to all your data. Make sure you authorize only the trusted ones and remember to deactivate those you are not using anymore.
  • Be very careful about potential phishing messages that might request sharing personal or sensitive information. Don’t! For that, you need to understand how phishing works and this in-depth guide is exactly what you are looking for.

Keep in mind that all our social accounts are very vulnerable to data privacy breaches and other malicious methods. The bad guys will always find creative ways to steal any personal information, including your valuable data from LinkedIn. Do not forget that when you share private information.

Follow these pro tips to better secure your Instagram account

Instagram is the photo and video-sharing social media network where you can explore beautiful places and images. For visual artists, it is also an excellent platform where they can share and promote their work and projects.

However, it is in our best interest to keep in mind the risks we could be exposed to when we share personal information. Especially now that it has become such a popular platform, with more than 1 billion monthly active users.

Security wise, Instagram seems to make efforts to enhance protection for its users. Recently, the company announced its plans to boost security and privacy by adding new security tools: support for third-party two-factor authentication (2FA) instead of traditional text-based 2FA, account verification and “about this account” new feature.

Besides these new security tools, here are some great tips that will help you keep your account safe:

  • Activate two-factor authentication feature as an extra layer of protection for your Instagram account. This way, you are one step ahead of cyber criminals who won’t be able to take over your account.
  • Change your passwords regularly and make sure you use strong and unique ones, so no one can break them. If you want to change it, use these simple steps.
  • Think twice before you give access to third-party apps and revoke access to those you don’t use anymore, appear suspicious or you simply can’t remember them
  • Do not share sensitive data in your photos or captions, because you don’t want to expose personal information to everyone following you on Instagram, especially, if your account is public
  • Don’t reveal your location to others and make sure the service is turned off, especially for the check-ins made at home, at work or while on a vacation.
  • Make your account private, so you can share your photos and videos with people you only approve to see them, like your friends and family.

We have an essential guide on how to secure your Instagram account and increase it, so no cyber criminals and scammers get access to it.

Security tips to keep your Snapchat account safe 

Snapchat is both a social media network and a messaging platform which is more popular among teenagers and young people. According to a new report, analysts forecast that by 2019 Snapchat will have almost 5 million regular users aged 18-24 years, half a million more than Facebook.

Bill Fisher, senior analyst at eMarketer stated:

Many younger social network users are forgoing Facebook altogether in favor of more appealing mobile-first alternatives, such as Snapchat.

Snapchat shows instant messages, photos or videos that are deleted instantly, after they’ve been viewed by all recipients, but oh, snap! “How secure is your data on this social platform?”

Here’s how you can add extra levels of security to avoid seeing your data in the hands of hackers:

  • Enable two-factor authentication feature to make the account more secure and add double security layer when logging in. You can do this using an SMS verification code or an authenticator app. Here’s how to activate it.
  • Do not accept friend requests from people you don’t know, and stick to friends-only. For security measures, Snapchat has the option “friends-only” set by default, which means only those that follow you back can see your Snaps and vice versa.
  • Make your videos and stories posted to the “My Story” section are visible only for people you know or customize them from the Setting menu, but avoid making them available to prying eyes.
  • For more privacy, hide your profile from the “See me in quick add” section which can show your profile to random people who might want to add you. You can disable it from the Settings menu.
  • If you want to keep your Snapchat activity more private, don’t share screenshots or photos of your Snapcodes with others!
  • We keep saying this piece of advice until everyone understands its importance that applies to every online account or service used: Make sure you use only strong and unique passwords for Snapchat too. You don’t realize how easily malicious actors can hack them.

How do you secure your social media accounts?

All of these security and privacy tips may not be new to any of you, but we live in a world of oversharing on social media and it helps remind you how to stay safe on the most important and used networks: Facebook, Twitter, LinkedIn, Instagram or Snapchat.

Have you applied any of these security measures? Do you have others we should add? Let us know, we’d love to know your thoughts!

The post Here Are The Essential Security Tips To Stay Safe On Social Media appeared first on Heimdal Security Blog.

How to Avoid Falling Prey to Sextortion

When it comes to the world of online scams, sextortion is one of the most common ones and a threat that’s not going away anytime soon. Because this threat is so pervasive and can take so many forms, we thought it would be best to do a write-up and offer you ways to protect yourself online and avoid sextortion scams.

What is sextortion?

It’s a form of blackmail in which a cybercriminal or a former friend or romantic partner tries to extract favors or financial gain from a victim.

Ever since the web became a daily destination for a majority of people, there have been cases of sextortion through the use of webcams, the threat of intimate pictures leaking and hundreds and thousands of victims. We believe that, with proper education, such damaging attacks could be averted or, at the very least mitigated.

Even though most people exercise caution in sending potentially compromising pictures and videos, sometimes even the best of us could be exposed to sextortion. A survey of 1,631 victims of sextortion revealed how every online user is, at one point or the other, potentially liable to become a sextortion victim.

Here’s why:

  • They were in a wanted romantic or sexual relationship—72% of those who knowingly provided images
  • Perpetrators pressured them to provide images or made them feel bad—51%
  • Perpetrators tricked them into providing images—15%
  • Perpetrators threatened or forced them to provide images—13%
  • They expected to be paid for the images—2%
  • They thought the pictures would be used for purposes such as modeling or acting—2%

But what if no one actually has compromising pictures of you?

Sextortion that demands a Bitcoin payment

Enter 2018’s most popular sextortion scam. It circulates via email and the cybercriminal will send you one of your own passwords to prove they have compromising images of you. Of course, they don’t, but some people have been fooled. Cybercriminals obtain stolen passwords and then simply fire off a flurry of emails to their owners, making threats and demanding hefty payments.

Here is one such email received by the mom of one Heimdal Security team member. After laughing for a bit at the sheer audacity of it, we had to investigate a bit further and see if anyone fell victim to it.

jpegbase6459dac5475d80ed0f

What’s worse is the fact that, in this case, 24 hours before the email above was sent, someone already fell victim to this scam. A simple search of the bitcoin address provided by the cybercriminal shows that someone sent 0.26 BTC there.

pngbase6476bc82bd3ccfdf39

On July 17, one Bitcoin traded for around $7,500, which means a sextortion victim paid almost $2,000 after receiving a bogus email. If this scam were to circulate back in December 2017, that same victim would have paid around $5000.

This type of sextortion scam demanding payment in bitcoin is so widespread, it’s unbelievable. Just hours after Reddit officially announced they had a breach, due to the fact that employees relied on SMS-based two-factor authentication, plenty of users found threatening emails in their inbox. Why? The Reddit data breach exposed quite a few old usernames and passwords. Cybercriminals took those passwords to provide some “legitimacy” to their common online scam. Even one of Reddit’s employees received the sextortion message, pointing out the ways cybercriminals try to monetize stolen email databases.

Other types of scams and how to steer clear of online scams

As long as people will continue to have digital lives, sextortion will, in one way or another, remain one of the most common types of online scams. Whether it will come from a known person, after a phishing attack or as part of a spray-and-pray email scam campaign, there’s no question about it, it will happen time and time again.

As a regular user, you can’t prevent or anticipate all the tactics a cybercriminal might adopt. What you can do is remain vigilant and spend a bit of time educating yourself on the various types of online scams.

We gathered here quite a few resources:

How to proactively stop scams from even reaching you

As we said in our analysis over what happened at Facebook and how your privacy was breached, the best way to stop online scams (sextortion included) is to make sure your own defenses are up.

Here are the five essential steps to protect your privacy:

  1. Always consider the type of information or pictures you post or share online. Ask yourself: “What would I do if someone threatened to show this to everyone I know?” (more on this here and here, in our guide to protecting yourself against doxxing)
  2. Keep your devices and PC updated and protected not just with antivirus, but with a tool that can block infected links (more on this here)
  3. Use strong passwords and, to avoid reusing them, consider trying a password manager that can generate unique ones for every account
  4. Go on every social media account you have and review the privacy settings. Also, take the time to consider what friends and followers you have.
  5. Learn how to spot phishing attempts that could lead to a criminal obtaining your passwords and other sensitive information.

Here are a few quick tips to avoid phishing, one of the most common ways in which scammers can get to you:

  • Be careful what you click on in emails, especially when it comes to attachments.
  • Consider having an email just for subscriptions and another one for actually important stuff. Both of them should be secured strong (and different!) passwords.
  • Always hover your mouse over links and check where they go (a misspelled letter almost always means a compromised link)
  • Always check the sender and, if you don’t know the person, it’s probably best to not click on any attachments.
  • Secure your valuable accounts with two-factor authentication that relies on unique codes, not texts messages (it avoids the risk of SMS-hijacking). That way, even if someone gets your password, they’ll still be unable to login into your account.
  • Periodically check if your email addresses were compromised in a data breach (unfortunately, they happen quite often) using a tool like this.

If you want to know more, we have a mega-guide with phishing prevention tips here.

We want to know if you’ve been exposed to scams like these or ever received threatening messages of this type. It would be great if you’d comment below (and even include a screenshot!) to help others better spot scams.

Do you have another tip for staying safe? Let us know.

Spend time with your family, not updating their apps!
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

The post How to Avoid Falling Prey to Sextortion appeared first on Heimdal Security Blog.

20+ Security Forums for Free Malware Removal Help

Malware can hide in places you probably haven’t though about them before, If you’ve been affected by malware, it’s important to know where you can ask for help.  We recommend checking out (and bookmark) this useful list of security forums that will provide guides and step-by-step instructions to solve your malware issues.

Don’t be so sure and believe that “this can’t happen to me”, especially today when we are dealing with malware as a business (MaaS) that it’s alive and growing day by day.

We think that one of the easiest and cheapest ways to address your malware problems is on a security forum. That’s the place where other people have encountered the same problem as yours and found a solution.

But with so many security forums out there, which one should you choose?

We have organized a list of security malware forums below, places where you can find professional insights and assistance when in trouble.

The security forums from this list can help you on a variety of topics, from best practices, how-to articles, step-by-step guides to security news and friendly advice. So, feel free to bookmark the article and use it accordingly.

1. Major Geeks

Major Geeks is the place where you find not just a good malware section in the support forum, but also lots of useful reviews for beginners to improve the computer performance.

2. MalwareHelp.org

This security website provides step-by-step instructions on removing malware, security news, including plenty of useful articles and free utilities that can help to remove malicious software from the system.

3. TechSupport Forum

A very well organized forum that addresses many online security issues, from spyware, malware, Windows problems, networking to hardware related subjects. Their technical articles are a good source of information to stay up-to-date and learn more about technology.

4. What the Tech?

This forum defines itself as a community of volunteers who provide IT knowledge and answer to various technical questions. The Spyware/ Malware/ Virus Removal section contains instructions to provide solutions to common spyware/ malware infections. Only trained people are allowed to offer help with infection removal processes.

5. Geeks To Go!

The team behind this forum say it is a helpful hub, where you can find answers and free support for your malware and technical questions, including malware removal, how-to guides, and tutorials.

6. Malware removal

This forum defines itself as providing 100% free of charge malware removal help from well-trained helpers and security experts to people with infected systems, so they have a clean and safe computer. A malware library of tips and tricks is available.

8. Sensors Tech Forum

This is the forum where you can find solutions to your PC issues and educate yourself about malware, so you learn how to remove it or prevent from getting infected in the first place.

9. DSLReports.com

DSLReports is an online location where you can find security news, technical information and reviews on software. Their forum on security and privacy addresses technical issues and malware removal tools.

10. Bleeping Computer

Bleeping Computer is one of the best security forums online and we recognize it as a source of inspiration for all of us, whether we talk about security news or forum. It defines itself as a community that provides free original content and tutorials that anyone can understand.

11. Malware Tips

MalwareTips forum is an online community where you can find security news, how-to articles and guides, troubleshooting, technical and malware advice. It’s the place where you can also find plenty of useful resources, reviews and many more.

You’ll get all the assistance you need to clean infected PCs and avoid getting infected with malware.

12. Computer Hope Forum

Here’s another security forum that includes a good spyware/ malware removal section and plenty of others places where you can find advice related to computer software, from anti-spyware tools, scanners to antivirus and Trojan protection utilities.

13. Malwarebytes

The Malwarebytes forum, from the renowned security provider, comes with a malware removal section and an FAQ area that you can use. It also offers a Tools section and a general computer support area, where you can find self-help articles and general computer help.

14. TechSpot

Virus and Malware Removal forum from TechSpot, the PC technology publication, comes with product guides, software recommendations and technical advice on software issues and malware problems. If you are encountering a malware issue, make sure you check out this forum and get help.

15. Cyber Tech Help

Here’s a helpful community in which you’ll find free assistance and guidance when they are dealing with a technical problem or a malware is reaching your device. At the same time, it is a great place to look for tutorials and news articles.

16. Spybot Forum

Here are useful malware and rootkit removal tools that provides free help and analysis in case you’ve been infected with malware. If you access their forum, you will find a team of authorized volunteer analysts who can assist and offer guidance with malware removal.

17. Tech Support Guy

Need help to remove your malware infection? We recommend to check out this malware forum and ask for help, whenever you have a technical problem. There’s a group of volunteers who are experts in Windows, Mac, Linux, and more, offering you free technical support and hardware issues, including malware removal.

18. Technet Forum

This forum belongs to Microsoft provides antimalware and antispyware support to users, and it’s a great place to discuss with the community about any technical issue you may encounter.

19. BestTechie

The BestTechie Malware Removal forum is the place where you can receive malware removal assistance, find self-help guides and learn how to clean the toughest malware from the system.

20. Techie7

Techie7 is a security forum that provides free resources and support to advanced users and beginners alike on a variety of computer issues, from malware and spyware to the Windows operating system.

21. TechRepublic Forum

We advise you have a look at this friendly community of IT experts that can help with any of your malware questions, from learning how to detect, fix or remove all types of malicious threats. A good place to seek recommendations and ask malware related matters.

22. MalwareTips Forum

Here is another security forum in which you can share your cyber security knowledge and get in touch with people from this field, as well as to discuss and find out useful guides on how to remove malware, the latest cyber security news and many more.

23. Gladiator Security Forum

An extensive forum where you can find answers and solutions to many security-related issues, from news and alerts to data breaches, online threats or info about security software products. For a fast solution, you can address your issue to a special malware help area or you can receive advice on what security software to use.

24.LandzDown Forum

The forums from LandzDown have the purpose to help users get their computers “cleaned up” from malware or any other forms of malicious software, like spyware, rootkits or adware. At the same time, they don’t forget to have a bit of fun, so you will find the “Jokes” section, including general software news and many more.

25. SpywareInfo

This forum comes in handy with to main security sections offered to its readers and users. You can access the “Malware removal” part to find information on how you can get rid of rootkits, spyware and other types of malware. Or, you can check out a program or software to make sure it’s not dangerous for your system from the Spywatch section.

26. Wilders Security Forums

Wilders Security Forums cover a wide array of topics, from spyware, malware, and privacy issues to antivirus software, backup options, firewalls and virtualization.

Conclusion

Keeping your online assets safe from cybercriminals requires constant attention and continuous learning.

All these forums that address online security are free and easy to use by anyone and we recommend you check them out at any time you are encountering a problem.

How do you keep safe from malware? What malware forums would you recommend?

This list isn’t complete, and we’ll continue to constantly keep it up to date. If you have any recommendations or know other security forums that should be on this list, please let us know.

This article was initially written by Andra Zaharia in March 2015 and updated by Ioana Rijnetu in August 2018

The post 20+ Security Forums for Free Malware Removal Help appeared first on Heimdal Security Blog.

The ABCs of Detecting and Preventing Phishing

Have you ever considered that you could be a target for phishing attacks?

It’s not a new issue, but it’s a rising threat. Phishing attackers have been constantly growing and improving their techniques. Let’s see how you can actually start preventing phishing, since cybercriminal strategies became so convincing that you can barely distinguish them from harmless communications.

And all it takes to fall into their trap is a fraction of a second.

Perhaps the most dangerous reaction to this concern was: “Ehhh, so what? It don’t think it can happen to me. And I don’t have important stuff anyway”.

Actually, they can harm you a lot if you’re not paying attention.

They can: withdraw money, make purchases, steal your identity and open credit card accounts in your name, or further trade those information about you and much more.

The latest Kaspersky report shows that, in 2017, Facebook was one of the top 3 most exploited company names.

Telegram, a popular messaging platform, was so frequently a target of phishing attempts that there is now an anti-phishing bot that attempts to protect user accounts.

Just look at what types of seemingly-innocent messages actually hide dangerous attempts to hijack your data.

phishing scenarios emotional motivators

Source

And the context is ripe for phishing attacks to happen, especially on an enterprise level. According to Allen Paller, the director of research at the SANS Institute 95% of all attacks on enterprise networks are the result of successful spear phishing.

Even worse, research suggests that, in the event of a security breach, 60% of customers will think about moving and 30% actually follow up on that thought.

For regular users, the threat of identity fraud always looms and is usually preceded by a phishing attack. According to a report that tracked identity fraud incidence rate since 2003, in just 2016 the number of cases rose by sixteen percent. Regular users exposed to phishing had to pay an average of $263 out of pocket costs. Together, all the users who were affected by phishing that year had to spend 20.7 million hours to deal with the consequences of account takeovers.

Phishing

Keep reading if you want to avoid getting caught in their net, as we’ll cover the ABCs of phishing: what it is, what you can do to detect and prevent any attacks and what measures to take if you think you got caught in the phishing net.

 

WHAT IS PHISHING?

Phishing is the name given to cybercriminals’ attempts to lure you into giving them sensitive information or money.

The word “phishing” is similar to “fishing” because of the analogy of using bait to attempt to trap victims.

By sensitive information we mean anything that ranges from your social security number to passwords, bank account number, credit card details, PIN number, home address, social media account, birthday, mother’s maiden name and so on.

This information can be used for financial damages, identity theft, to gain unlawful access to different accounts, for blackmail etc.

No phishing

 

HOW DOES PHISHING WORK?

Attackers use different methods of deception as phishing strategies.

They will create fake messages and websites, that imitate the original ones. With their help, they will try to lure you into handing over your personal information. They will either ask you to reply to them, follow a link included in the message or download an attachment.

The communication appears to be initiated by a legitimate person or company. Famous phishing attacks imitate messages from financial institutions, government agencies (ex: IRS), online retailers and services (ex: Amazon, eBay, PayPal), social networks (ex: Facebook), or even from a friend or colleague.

In order to make phishing look genuine, attackers include photos and information from the original website.

They may even redirect you to the company’s website and collect the data through a false pop-up window. Or it can happen the other way around: they first request your personal data, then redirect you to the real website.

Other times, they tell you that you have been targeted by a scam and that you urgently need to update your information in order to keep your account safe. That’s how millions of Walmart consumers were tricked in 2013.

All these gimmicks will minimize the chances for you to realise what happened.

Here’s an example of Standard Bank phishing from 2010, via McAfee:

Standard Bank phishing example

Phishing has become a way to spread malware. The attackers will deliver malicious content through the attachments or links they trick you into clicking on. The malicious code will take over a person’s computer in order to spread the infection.

Although phishing is mostly transmitted via email, it can also work through other mediums. In the past years, cyber attackers moved their focus on phishing attacks done through instant messaging services, SMS, social media networks, direct messages in games and many others.

 

WHY DOES IT WORK?

Phishing is popular among cyber attackers because it is easier to trick someone into clicking on links or downloading attachments than trying to break into their system defenses.

It works because they appeal to emotions. It promises great deals or alerts you that there may be a problem with an account.

It’s also so effective because more than 50% of users use the same passwords for different accounts. This makes it easy for the cyber criminals to gain access to them.

 

PHISHING EFFECTS

Phishing damages can range from loss of access to different accountsbanking, email, social media profiles, online retailers, to identity theft, blackmail and many more.

Just to name a few of them:

  • financial loss
  • data loss
  • accounts loss
  • ransom asked in exchange for regaining access to your data
  • blacklisting from institutions
  • malware or viruses infections into a PC or network
  • illegal use of personal data
  • illegal use of social security number
  • creation of fake accounts in your name
  • ruining your credit score
  • losing your job, if you happen to be phished via your work email address and give out essential company details as a consequence

 

A LITTLE BIT OF HISTORY

The first phishing records date back to the beginning of 1996, when cyber scammers were trying to lure AOL (America Online) customers into a trap and get access to their accounts and billing information.

Cyber scammers would contact users through the AOL instant messaging and email system and pose as AOL employees. Needless to say that it was pretty effective, especially since phishing was virtually unknown at the time.

You can find out more about the first records of phishing here.

 

TYPES OF PHISHING

 

1. SPEAR PHISHING

Spear phishing is an email directed at specific individuals or companies. It is highly effective and very well planned.

The attackers will take their time and gather all the available information about their target before the attack: personal history, interests, activities, details about colleagues and any other details they can find. These are used in order to create a highly personalized and believable email.

It’s a technique that works because the phishing email appears to be from someone you know and requires urgent action. Maybe it will even make reference to a mutual friend or a recent purchase you’ve made. The attacker takes advantage of the fact that people are inclined to act before they double-check it. They also leverage your trust in companies, organizations and people.

Spear phishing requires higher efforts, but its success rates are also higher. It’s currently the most successful phishing technique, accounting for 95% of attacks.

And all this just by gathering publicly available information that we freely share on our social media accounts and blogs. It’s one of the main reasons why we should think twice before divulging any more personal information online. Even if all your privacy measures are in check, you can never know whose friend account may have been compromised.

 

2. WHALING

Whaling phishing is the term used for attacks directed at high profile targets within companies, such as upper management or senior executives.

These are tailored to appear as critical business email, sent from a legitimate business authority, that concern the whole company.

Here are a few examples: legal subpoenas, managerial issues, consumer complaints.

Needless to say that return on investment for attackers is very high in this case. And, contrary to what you’d think, these types of targets are not always as security savvy or protected as they should be.

 

3. CLONE PHISHING

Clone phishing uses legitimate, previously delivered emails.

The cyber attackers will use original emails to create a cloned or almost identical version. Clone phishing emails may claim to be a resend of the original or an updated version of it. Only this time, the attachment or link is replaced with a malicious version. It appears to come from the original sender and uses a fake reply-to address.

This phishing strategy works because it exploits the trust created from the original mail.

 

HOTTEST PHISHING TRENDS:

 

1. CLOUD PHISHING

Cloud phishing attacks also had a boost in the past year, because of the increasing usage of cloud storage technology.

This is usually distributed via email or social media, as a message sent by compromised friends accounts or on behalf of a cloud service provider. It will invite users to download a document uploaded to a popular cloud service. When the victim clicks on the link, malicious software will be downloaded.

The stolen information can be used for extortion, sold to third parties or used in targeted attacks.

Here’s an example of cloud phishing using Dropbox brand, via Kaspersky:

Dropbox phishing

 

2. GOVERNMENT PHISHING

Be vigilant when it comes to communications that claim to be from law enforcement agencies, such as the IRS, FBI or any other entity.

The most fraudulent attempts in the past years were created to mimic IRS communication, in an attempt to steal your financial information.

You should know that government agencies don’t initiate contact with taxpayers via email, especially to request personal or financial information.

You should read these actionable advices provided by the IRS.

Also keep an eye out for insurance offers, as this was one of the hottest topics for spamming and phishing in 2015.

 

3. SOCIAL MEDIA PHISHING

Phishing on social media networks isn’t novelty, but it will probably never get old. Phishers create websites that look identical to Facebook or LinkedIn or any other social media websites, using similar URLs and emails, in an attempt to steal login information.

Phishers will ask you to reset your password. If you click on the link, you’ll be redirected to a page that looks identical to Facebook and asks you to enter your login information.

The attackers can then use this to access your account and send messages to friends, to further spread the illegitimate sites.

Other times, they can make money by exploiting the personal information they’ve obtained, either by selling them to third parties or by blackmailing.

Read this warning note from Facebook to see how this phishing category may look like.

Facebook phishing

 

HOW TO START PREVENTING PHISHING

 

1. SENDER DETAILS

First thing to check: the sender’s email address.

Look at the email header. Does the sender’s email address match the name and the domain?

Spoofing the display name of an email, in order to appear to be from a brand, is one of the most basics phishing tactics.

Here’s an example: an email from Amazon that comes from “noreply@amazon.com” is legitimate. But an email that appears to be from someone at Amazon but was sent from a different domain, like the email in the picture below, is most certainly not from Amazon.

Phishing example - Amazon Prime (22-12-2015)

Compare the headers from a known valid message from a given source with those on a suspect message.

If they don’t match, don’t click on anything, don’t download any attachment.

For experts: You can also analyze the email header and track IP using this tool.

If you are using Gmail, you can turn on the authentication icon for verified senders. This way, you will see a key icon next to authenticated messages from trusted senders, such as Google Wallet, eBay or PayPal. Unfortunately, only few domains are currently supported by this program, but hopefully it will extend in the future.

Another verification method available for Gmail users:

Check whether the email was authenticated by the sending domain. Open the message and click on the drop-down arrow below the sender’s name. Make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Find out more about it here. It will look like this:

Sent by & Signed by - Amazon & Gmail authentication example (22-12-2015)

The second thing to check: the address the email was sent to.

Look at TO and CC fields. If the email was sent to old or wrong addresses, it may indicate it was sent to old lists or randomly generated emails.

 

2. MESSAGE CONTENT

Clue number one: They ask you to send them or verify personal information via email.

Or they are asking for information which the supposed sender should already have.

Here is a recent example of phishing using the brand DHL (screenshot via Comodo):

DHL Shipment phishing 2015

Clue number two: They are likely to play on your emotions or urgency.

As a general rule, be suspicious of any mail that has urgent requests (e.g. “respond in two days otherwise you will lose this deal”), exciting or upsetting news, offers, gift deals or coupons (especially around major holidays or events, such as Black Friday or Christmas).

Clue number three: They claim there was some sort of problem with your recent purchase or delivery and ask you to resend personal information or just click on a link to resolve it.

Banks or legitimate e-Commerce representatives will never ask you to do that, as it’s not a secure method to transmit such information.

Here’s an example of PayPal phishing:

PayPal Phishing Example 2015

Clue number four: They claim to be from a law enforcement agency.

They never use email as a form of contact.

Clue number five: They ask you to call a number and give your personal details over the phone.

If this is the case, search for the official correspondence from the company and use the phone number provided them to verify if this is true.

 

3. MESSAGE FORM

First rule: Beware of bogus or misleading links.

Hover your mouse over the links in the email message in order to check them BEFORE clicking on them.

The URLs may look valid at a first glance, but use a variation in spelling or a different domain ( .net instead of .com, for example). Thanks to the new generic topic-level domains that were introduced in 2014, spammers and phishers gained new tools for their campaigns.

Other phishing scams use JavaScript to place a picture of a legit URL over a browser’s address bar. The URL revealed when hovering with your mouse over a link can also be changed using Java.

Second rule: Look out for IP addresses links or URL shorteners.

They can take a long URL, shorten it using services such as bit.ly, and redirect it to the intended destination. It’s hard to find out what’s on the other end of that link, so you might be falling into a trap. Better be safe than sorry.

It’s not unusual for the domain to be deliberately distorted in the email, by adding extra spaces or characters, together with instructions on how to use it (“Remove all the extra characters / spaces and copy to the address bar”).

Useful tools:
Check a redirect with this Redirect Checker from Internet Officer, to see where it’s leading to.

Or screenshot the page remotely using Browser Shots.

Third rule: Beware of typos or spelling mistakes.

This used to be the norm, but it’s no longer an imperative.

Fourth rule: Beware of amateurish looking designs.

This means: images that don’t match the background or look formatted to fit the style of the email. Stock photos. Photos or logos uploaded at low resolution or bad quality.

Fifth rule: Beware of missing signatures.

Lack of details about the sender or how to contact the company points into phishing direction. A legitimate company will always provide such information.

 

4. ATTACHMENTS

Look out for attachments.

They can attach other types of files, such as PDF or DOC, that contain links. Or they can hide malware. Other times, they can cause your browser to crash while installing malware.

A Kaspersky Labs reports shows that in Q3 of 2015 there’s been an increase in phishing using attachments, a trend that doesn’t seem to want to go away.

“A particular feature was a new trick used in phishing emails – in order to bypass spam filters they placed the text of the email and fraudulent link in an attached PDF document rather than in the message body.”

 

5. EXTERNAL LINKS / WEBSITES

Let’s assume that you already clicked on a link from a suspicious email.

Is the domain correct? Don’t forget that the link may look identical, but use a variation in spelling or domain.

Before submitting any information on that website, make sure that you are on a secure website connection. You can easily check that by looking at the link: does it start with “https” or “http”? The extra “s” will mean that the website has SSL. SSL is short for Secure Sockets Layer and is a method to ensure that the data sent and received is encrypted. More legit and safe websites will have a valid SSL certificate installed.

Another way to check that is to look on the left of the web address: is there an icon of a closed padlock? Or is the address highlighted in green? This will indicate that you are visiting an encrypted site and the transferred data is safe. Fortunately, from now on, Google Chrome will mark sites without http as insecure, so it should be easy for you to spot them.

google chrome connection not secure phishing prevention

HELPFUL TOOLS

Use browsers that offer built-in phishing protection.

In general, there are two ways to detect phishing websites: heuristics and blacklists.

A heuristic method analyzes patterns in URL, words in web pages and servers in order to classify the site and warn the user.

Google and Microsoft operate blacklists. Google integrated them with Firefox and Chrome, so a warning message will appear before entering a phishing website. Microsoft is integrated with Internet Explorer and Edge.

You can also install browser add-ons and extensions designed to block phishing attempts. Read more tips on this subject on Tech Support Alert.

Other useful tools:

Check and Secure browser & plugin

Browser & Plugin-Check by Check & Secure. This scans your browser and all the installed plugins, to see if they are up to date.

“83% of all malware infections could have been avoided, if the browser plugins had been updated in the first place.”

Cyscon PhishKiller

 

BASIC ONLINE SECURITY

IN ORDER TO KEEP YOUR PC SAFE:

Be aware that cyber attackers are one step ahead of the defenders. That means that you cannot always be 100% protected against them, not even with all the email filtering systems or anti-virus software.

Of course, this doesn’t mean that you want to make their jobs easier, so taking these steps will go a long way in preventing phishing.

Keep your software updated as well. If you use a free tool that offers automatic and silent software updates, you can eliminate up to 85% of security holes in your system.

Install a reliable antivirus. It should include real-time scanning and automatic update of virus database.

Choose an antivirus that scores high on phishing protection tests. More tips on this you can read in our guide.

You should also create a separate email account that you only use to subscribe to newsletters, forums, online retailers, social media accounts or other public Internet services. Keep your personal email account as private as possible. This will help reduce the amount of spam and phishing attempts you receive.

Also, beware not to click on the Unsubscribe button or follow instructions for unsubscribing. Many spammers and phishers use these in order to find out if your email is valid.

 

BASIC SAFE PASSWORDS MANAGEMENT RULES

Phishing is very effective because more than 50% of users use the same passwords for different credentials. This makes it easy for the cyber criminals to gain access to other accounts.

It’s important to use different passwords for your accounts. The same way you don’t use only one key for your house and your car, you shouldn’t use the same password more than once. This simple preventing phishing technique won’t let cyber attackers get into your other accounts.

If available, activate two-factor authentication. This way, you’ll receive a unique one time code on your phone every time you want to log in from a different device. It will add a second layer of protection, that’s much more difficult to breach by cyber attackers.

For more actionable tips on this subject, check out our password security guide.

How Tough is Your Password Security

 

FINANCIAL SECURITY STEPS

Periodically review your bank account activity (daily, if possible), to check all the transactions.

If you don’t recognize any of the transactions, regardless the amount, contact your bank straight away.

Turn on text messages notifications for all card transactions.

It will alert you in real time if an online transaction exceeds the limit that you set (make sure you set it to the minimum available).

Also enable two-steps approval for transactions, so that you will have to use your mobile phone number.

Put a security freeze on your credit report.

In case of identity theft, it will prevent any openings of new accounts in your name. However, you will have to lift it every time you want to apply for a loan or rent a new place.

And lastly but not least important: try to use a separate card, dedicated only to digital transactions.

Transfer money on it every time you plan to buy something. In the rest of the time, leave only a small amount of money on it.

Credit cards

 

IF STILL UNSURE WHETHER IT’S PHISHING OR NOT

What steps to take:

Try to always directly type the web address of the site you want to access in your browser, instead of clicking on links from emails or social media networks.

Directly contact the company or organization from which the message appears to be sent. Grab the phone or forward them the phishy email. Search for prior communications with them, such as post mail, and use the contact information provided there. Don’t use the contact information provided in the email.

You can also improve your phishing detection skills by taking these quizzes gathered by Capterra on their blog. They also have plenty of phishing emails examples.

Phishing_Login

 

WHAT TO DO IF YOU THINK YOU WERE PHISHED

If you have a hunch that something is wrong, immediately contact your bank or credit card institution and close the accounts you believe they may have been compromised.

Change the passwords used for those accounts and then also change the passwords used for the emails linked to them.

WHERE TO REPORT PHISHING ATTACKS

Forward the message to the last known good address of the sender.

There are several places where you can submit phishing attacks or websites:

If it appears to be from IRS, you can forward it to phishing@irs.gov
Or to the Federal Trade Commission at spam@uce.gov
At US Cert: phishing-report@us-cert.gov
At The Anti-Phishing Working Group: reportphishing@apwg.org

Submit a suspected website using the phish site reporting service, PhishTank.

If you are using Gmail, in the drop down menu at every email there is a Report Phishing button.

Report Phishing at Gmail example

If you aren’t using Gmail, you can complete this form.

 

Conclusion

One last advice: for preventing phishing, always trust your gut. It may not be the most scientific approach, but, ultimately, you should just listen to what your intuition tells you. If something feels wrong, even if you cannot specifically explain why, or if it’s too good to be true, it’s better to stay away from it.

 

This article was originally published in December 2015 by Cristina Chipurici and was last updated with current information on July 7, 2018.

The easy way to protect yourself against malware
Here's 1 month of Thor Foresight Home, on the house!
Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe

EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.

Try Thor Foresight

The post The ABCs of Detecting and Preventing Phishing appeared first on Heimdal Security Blog.

Why Malware as a Business is on the Rise

The alarming growth of malware attacks in the last years should concern each of us, but what is more important, should make us AWARE of the risks and consequences. Taking action and preventing these malicious activities operated by cybercriminals has to be a top priority IF we want to stay safe online.

The reality is that cyber attackers now use different strains of malware, much more sophisticated and agile that prove to be effective and successful, challenging us to build a stronger defense against them.

Malware evolves at a rapid pace because of advanced malware mastering the art of evasion. Thus, traditional antivirus engines find it difficult to detect attacks in the first stages. Malware is getting bigger and bigger. It fuels growth, innovation and encourages malicious actors to easily reach their goals.

In this article, we’ll have an in-depth analysis of malware and learn: where it hides, what are the most dangerous malware attacks so far, why malware a profitable business for cybercriminals and offer actionable security tips to help you better prevent these attacks and keep yourself (and your digital assets) safe.

Why malware attacks keep happening?

In the context of this ever-changing threat landscape that never ceases to challenge everyone from home users, organizations to security researchers and communities, this question makes a good point.

It’s simple. Malware still works, and humans have their contribution to helping attackers succeed with their malicious plans.

True fact: Throughout our old habits that seem to die hard (not updating our software frequently, or reusing the same password for various online accounts), we maintain security holes that malicious actors are exploiting and fueling this growing malware business.

According to a report from Trustwave security company, 22 percent of respondents (security respondents) said that “preventing malware, including ransomware, was their biggest security threat and obligation for 2018”, while the second biggest pressure was identifying vulnerabilities (17%) and the third one (13%) was preventing social engineering and phishing attacks.

Paul Edmunds, Head of Technology at the National Crime Agency’s National Cyber Crime Unit (NCCU) states that:

 It’s really important to understand the impact that malware has. It’s a massive criminal enabler that underlines most cybercrime. It’s an infrastructure that’s used for compromising devices to conduct most of the prominent attacks that you see.

The evolution of malware

Before we understand its impact, let’s take a few steps back and have a look at how malware evolved lately to become such a serious and threatening business to everyone.

The malware market evolved from something that was tested and probably used for fun, – with hackers creating programs to see how they can gain access to unauthorized places and then focusing on money and going for stealing personal data – into a more targeted attack vector.

Did we ask for malware? No, but there’s a big business out there and we are all responsible in a way or another for making it alive and growing.

According to Cisco 2018 Annual Cybersecurity Report, the evolution of malware was “one of the most important developments in the attack landscape in 2017”. “Malware is becoming more vicious. And it’s harder to combat. We now face everything from network-based ransomware worms to devastating wiper malware.”

This graphic from AV-Test shows the growth of total malware over the last five years:

Here's how malware evolved

Source: AV-TEST.org

Also, did you know that “in the second half of 2017 on average 795 new malware specimen were discovered per hour i.e. 13 per minute.”?

Source: Gdatasoftware.com

Regardless of the smartphone landscape, mobile malware is one of the fastest types of malware, targeting more and more Android users. In the first quarter of 2018, the G DATA security experts detected “an average of 9,411 new malware every day for the popular Android operating system”. This means: A new malware appearing every 10 seconds.

The rise of ransomware attacks

Perhaps a clear evolution of malware economy has seen last year with the two massive and devastating cyber attacks: WannaCry and (non)Petya.

The first one was called by Europol an attack of “an unprecedented level” that took down entire networks and caused business disruption across 150 countries and infecting more than 200,000 computers. Not to mention about the financial damage caused, because many companies and public institutions have had their computers and data encrypted, and the only way to get it back was to pay a ransom.

If during the WannaCry ransomware, cyber criminals used the EternalBlue method, with (non)Petya ransomware outbreak, – that also spread fast and had self-replicating abilities. -, they changed the type of malware from ransomware to wiper. How is this different? The purpose of a wiper is to destroy and damage, while ransomware is mainly focused on making money.

In 2018, malware is even more agile, and Gandcrab ransomware is a great example. It is a fast-growing malware that’s been used and spread in waves of spam campaigns. While it reached the version 4 already, this piece of malware was initially distributed via exploit kits which abuses software vulnerabilities found in systems.


Here’s what you need to know about the growth of malware as a business.
Click To Tweet


The newest version 4 of this malware family includes “different encryption algorithms, a new .KRAB extension, new ransom note name, and a new TOR payment site”. So far, Gandcrab is one of the most prevalent and biggest ransomware attacks in 2018. Here’s a more in-depth and technical analysis of how Gandcrab ransomware evolved if you want to dive into this topic.

If you’ve been hit by any of these ransomware attacks or others, we strongly advise you NOT to pay the ransom to get your data back. Instead, check out this list of decryption tools to unlock your data for free.

5 key places where malware can hide

Malware authors often look out for new techniques to hide their malicious files which often go unnoticed by antivirus software or threat intelligence analysis.

Here are the most common places where malware can hide:

  • Email attachments – Most of the security alerts we’ve written talk about malware being delivered via emails to potentially infect victims’ computers. Sadly, many people still download, open, click and enable malicious attachments to run on their computers. Here the example of a variant of Trickbot malware in which cybercriminals lure victims into clicking on a malicious word document attached in the email.
  • Links sent via email – Another common place where malware can hide is a link received via email which is more tempting for users to simply click it than downloading an attachment. This mindless clicking behavior is known and exploited by cybercriminals.
  • Traffic redirect – Another place that malicious actors exploit to hide malware is in the Internet traffic(especially in the browser). As we spend most of the time reading online, browsing blogs or buying on the Internet, it’s easy to become a target. Traffic redirect may be invisible for the unskilled users, so they land on sites where malware is hidden in the code of the page or on the ads listed on the site.
  • Software updates – Probably the story of compromised versions of CCleaner software apps is the best example here. Hackers spread hidden malware in the version 5.33 of the CCleaner software which has been downloaded by more than two million users. Full story here.
  • Hidden and infected mobile apps – Given the rise of mobile apps, we’re likely to download and install all kind of apps on our device, without taking any caution. Here’s an example of malware threat known as hidden administrator app that targets Android users. It is an infected app that installs itself with administrator privileges and takes control of your mobile device.

If you want to find out more about how and where cybercriminals hide their malicious code in files, links, apps we use on a daily basis, read this guide.

Why Malware is a profitable business for malicious authors

Just like any other business, the purpose of malware authors is to turn it into a big and profitable business of millions (or even billions of dollars). To do that, it’s important for them to know and ask for the right price.

Making money from malware has proved to be a winning option for cybercriminals. Usually, they choose rich and developed countries, target large and successful organizations, from where they can extort a lot of money and access their valuable data.

As the number of ransomware attacks continue to grow exponentially, its authors will keep making a lot of money, because most of the victims choose to pay the ransom.

According to the Telstra Security Report, more than half of businesses who were victims of a ransomware attack have paid the ransom and they would do it again. “Some 60 percent of ransomware victims in New Zealand and 55 percent in Indonesia paid the ransom, making it the highest for Asia. In Europe, 41 percent of respondent ransomware victims paid up.”

On top of that, another research conducted by Cybersecurity Ventures estimates that ransomware damages will cost the world more than $8 billion in 2018 and they will reach $11.5 billion annually by 2019.

The attackers behind Wanna cry ransomware may have caused global panic among users and organizations, but what about its financial costs? In total, it has been estimated that they made $143,000 in Bitcoin of this massive attack.

The Gandcrab ransomware that continues to evolve and quickly being spread into various spam campaigns “has infected over 50,000 victims and claimed an estimated $300-600K in ransom payments”, according to Check Point Research. In the figure below, you can see the attack by geographic location of a target.

Source: Checkpoint.com

The success of Bitcoin cryptocurrency and its price reaching a historic $20K at the end of 2017 influenced the rise of cryptojacking malware attacks.

New findings from Check Point research stated that “the number of global organizations affected by crypto-mining malware more than doubled from the second half of 2017 to the first six months of this year, with cybercriminals making an estimated $2.5 billion over the past six months.”

The research also discovered that hackers are now targeting cloud services because most businesses store their sensitive data there. And there are more cyber security threats that should concern us and determine to implement solid prevention and security measures.

All these examples from above show that malware business is still growing, by switching from a macroeconomic level to microeconomic level. The malware market, like any other, offers a wide range of products to fit users’ diverse needs. You can find APTs, ransomware, banking trojans, cryptojacking, data breach, online scams, malware families with as many names as you can possibly wish for. Just like when you go to the supermarket and you have a plethora of vegetables and fruits to choose from.

Today’s malware is more targeted, but not necessarily more sophisticated. They still exploit software vulnerabilities found in devices, and that’s not something too complicated about it. Today malicious actors are both agile and creative and try techniques that still work. Today next-gen malware attacks have the ability to evade detection and bypass antivirus programs users install on their computers to keep their data safe.

Security measures to apply against malware attacks

We might not have asked for a malware market, but we are still serving it through unpatched software, by not backing up data, not getting enough education and knowledge of cyber security and many more.

Time to act is right NOW!

Malware threats are wide spreading and difficult to combat, so, once again, we emphasize that prevention is the best strategy to stay safe online.

Make sure you don’t fall victim to malware and follow these cyber security measures:

  • Always keep your software patched and up to date, including the operating system and every application you’re using on a daily basis;
  • Keep a backup with all your important data on external sources like a hard drive or in the cloud (Google Drive, Dropbox, etc.). This guide shows you how to do it;
  • Once again, we urge you: Do NOT OPEN emails or click on suspicious files/attachments. Be very cautious!
  • Remember to set strong and unique passwords with the help of a password management system. This security guide comes in handy.
  • Use a reliable antivirus program as a basic protection for your device, but also consider including a proactive cyber security solution as a second layer of defense for maximum protection.
  • Always secure your browsing while navigating the Internet and click on websites that include only HTTPS certificate;
  • Teach yourself (and master basic cyber security) to easily spot online threats delivered via emails, social engineering attacks or any other method attackers may use.
  • We remind you that security is not just about using a solution or another, it’s also about improving our online habits and being proactive every day.

Will malware as a business continue to grow? I think it will, as long as was – and still is – heavily sustained by ransoms paid by victims who want immediate access to their valuable data. It will continue to grow as long as we don’t apply basic security measures that can make us less vulnerable to these attacks.

This article was initally written by our CEO, Morten Kjaersgaard, in 2015, but refreshed and improved by Ioana Rijnetu in July 2018.

The post Why Malware as a Business is on the Rise appeared first on Heimdal Security Blog.