Home + Mobile

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Happy Video Game Day 2015

Webroot would like to wish our fellow gamers a happy Video Game Day! To celebrate this epic game playing day, we want to help keep you safe and highlight the top motivation for PC gaming attacks.

TopReasons

Gamers are being targeted more and more by malware, trojans, and keyloggers, especially those that participate in pay-to-play games and MMORPGs (Massively Multiplayer Online Role-Playing Game). Your accounts, personal identity, banking information and even credit card numbers can be stolen if you are playing without a cyber-security solution. The PC gaming market is increasing rapidly and is expected to reach $30.9 Billion in 2016, and with that, the targets are getting bigger and more lucrative.

Top Motivations for PC Gaming Attacks:

  1. Financial Gain: To obtain records of your secure data
  2. Digital Assets: Take control of your account to sell or trade
  3. Social Hacking: Damage to user reputation and identity theft
  4. Free Gaming: Access to your user account for free gameplay

So the motivation is there, but some people might insist that the threats do not exist. But already this year, we have seen a large variety of attacks targeting gamers through a variety of methods. Some are simple, others more advanced, but the threats against gamers and their accounts do exist.

Top Threats in 2015:

  1. Spear Phishing: Targeted attacks via email and game chat to steal login information
  2. Keylogging: Captures keystroke information and sends it to the attacker
  3. Chat Attack: Hacking attempts where the attacker embeds the attack via chat systems on Skype, TeamSpeak, Steam, League of Legends, etc.
  4. Ransomware: Malware that restricts access to a system until the ransom is paid
  5. Trojans: The attacker sends the system instructions to install malicious software or remote execution of system commands and other data intrusion

Some gamers defend the idea of installing no antivirus security one their machines, citing claims of slowed performance and interruptions. While traditional security solutions often have gamer modes, they still impact security, and others will turn off security layers during game play, rendering machines less secure.

Top Reasons Why Gamers Don’t Use a Security Program:

  1. They rely on free diagnostic and clean-up tools
  2. There are too many alerts and interruptions during gameplay
  3. It slows down their gameplay
  4. They aren’t concerned about infections
  5. It requires switching to a gamer mode

But new technologies do exist that are designed to keep gamers safe while playing online, even in this ever increasing threat world. Webroot SecureAnywhere for Gamers will not scan or update during your game and does not require a gamer mode.

Using real-time protection without sacrificing performance be using the cloud, Webroot SecureAnywhere ® Antivirus for PC Gamers reduces maintains a small  footprint the PC increasing drive space, decreasing hard drive read/writes, and improving overall performance. No longer do gamers need to make the sacrifice of turning off security software to increase their speeds. One of a gamer’s worst nightmares is being milliseconds away from a kill shot or reaching a checkpoint when their screen minimizes for a Windows Update or a system scan from their antivirus solution. That’s why Webroot’s gamer security will not alert you or minimize your screen during gameplay. We understand the importance of lightning fast internet connections and zero slowdowns during gameplay.

To learn more about Webroot SecureAnywhere ® Antivirus for PC Gamers, click here.

InstallSize

Google’s new Chrome extension is worth downloading

Yesterday, Google announced the release of their newest Chrome extension, Password Alert. The new free tool is designed to warn users of the popular browser when they are entering their Google passwords on non-Google websites, helping to protect their Google accounts from phishing attacks. The application also prevents users from using the same password for their Google account on other sites. While this secondary feature may seem overzealous, it is a necessity if one of these accounts are breached, then a hacker would have a higher chance of accessing the victim’s Google account with the same credentials.

Google is by far the number one target of phishing attacks. Developing a Chrome extension that protects users accessing their Google accounts will certainly help defend against the onslaught of phishing attacks targeting Google. It would be great to see this same technology extended to other browsers and also to protect other major targets of phishing. The Threat Brief includes the top targets for phishing, and while each company uses a different login technique, there is something to be learned from what Google has done with respect to protecting customers as they access their accounts.

This is a good time to remind everyone of very simple and effective strategies to keeping online accounts secure. To start, make sure your primary email password is different from all other passwords. As I mentioned, there is a domino effect if you can break into this account. We all hate remembering different passwords, but this one is a must for proper online security. Secondly, hard to break passwords are very easy to create, and the key is length. My tip is to think of a phrase that is unique to you. For example, I love cheese and skiing -> !Lovech33s3andsk!!ng*. A password like this is very easy to remember and very difficult to crack.

Technology like this is not the end all to password and internet security, but adding this to your tools for everyday use will only help to enhance your protection online.

Download the Password Alert for Chrome here: https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep

Apple’s Sept 9 Event: New (and larger) iPhones and (gasp), a Watch!

Well, September 9th is here, and the launch of Destiny, one of the most (if not the most) anticipated video games ever, isn’t the only major piece of news coming out of the tech world today.

You may have heard that one Cupertino fruit-logo’d tech company had an event today. And now the details of Apple’s next big(ger) things are official. Initial takeaway? They’re pretty in-line with the the rumors that have been swirling around for months now.

In other words, people got a lot of what they were expecting. Is that a good or bad thing? Depends on what camp you’re in. Probably.

Similar Phones, New Sizes

If you’re an Apple fan who’s only gripe was the small-by-today’s-smartphone-standards screen, your wish is (finally) Apple’s command. The company announced two new phones, each with a never before used (by Apple) size: the new iPhone 6 has a 4.7 inch screen while the new iPhone 6 Plus sports a 5.5 inch one. Yep, the iPhone will finally be competing in the phablet category.

 

iPhone 6 and 6 Plus

(Source: ARS Technica)

The new devices are also thinner than the current 7.6 mm enclosure of the 5s, with the iPhone 6 measuring 6.9 mm and the iPhone 6 Plus coming in just slightly chubbier at 7.1 mm. To accompany these ‘gains’, Apple also introduces a new ‘Horizontal Mode’, which will help retain comfortable one-handed use and make everything within reach.

The glass now curves around the edges of the phones, but the screen isn’t the sapphire one many people expected, but rather incorporates “a slightly different design element”, according to CNET’s report. The phones’ power/lock button make a move from the top edge to the right spine.

The colors remain unchanged. You will be able to get the new devices in gold, silver, or space gray.

iPhone 6 colors

(Source: PC Mag)

What about the display? The regular 6 gets a 1334×750 resolution with 326 PPI (Pixels Per Inch) while the 6 Plus gets a slightly crisper 1920×1080 resolution with 401 PPI. Both iPhones sport Apple’s familiar ‘Retina Display’ (although it’s now being called ‘Retina HD’). While these numbers improve on the 1136×640 (326 PPI) display of the 5s, they still lag behind many of today’s higher-end Android devices, a few of which (LG G3 and the newly-announced Galaxy Note 4 and Note Edge) pack 2560×1440 displays.

But pixels don’t always tell the whole story and it’s very difficult to tell the difference between 1080p and 1440p on such (relatively) small devices. That, and battery life typically suffers from a higher resolution. Speaking of…

The Internals

When it comes to battery life, Apple is claiming an improvement in battery life in both phones over the current 5s (see chart below)

new iPhone battery life

(Source: ARS Technica)

The devices’ internal hardware gets a boost as well. The new iPhones are powered by Apple’s new A8 processor, which Apple says has 50% faster graphics and a 25% faster CPU. The transistor count has also been bumped up to 2 billion from the A7’s 1 billion. This should all lead to better efficiency and performance.

There’s also the M8 co-processor, which improves on the 5s’ co-processor and will assist the health-conscious iPhone users keep track of their activity and take better advantage of the iPhone’s fitness apps. It’ll also be handing the data coming from the new barometer sensor.

The phones also get upgraded LTE connectivity, bumping speeds up to 150Mbps. Wi-Fi speeds should also clock in at about three times faster than those of the 5s, thanks to Wi-Fi 802.11 support. VoLTE (Voice over LTE) and Wi-Fi calling are also now supported.

Camera

Updated rather than upgraded (if pixel count is your measurement), the camera in the iPhone 6 and iPhone 6 Plus retains its 8MP, but gets a new sensor with ‘Focus Pixels’ technology, which Apple claims uses DSLR-style phase detection autofocus, helping the new devices autofocus lock up to 2x faster than previous iPhones. Users will be able to record 30 and 60 FPS videos in 1080p and capture slow motion videos at 120 or 240 FPS, an improvement.

As far as image stabilization goes, the iPhone 6 gets digital stabilization, but you’ll have to purchase the bigger and more expensive (more on that later) 6 Plus if you want optical image stabilization.

If selfies are your thing, Apple also didn’t forget about its Face-Time camera (otherwise known as the front-facing camera), which receives a larger f/2.2 aperture plus a new sensor for better lighting and sharper image quality. Video capture remains at 720p and there’s also now a burst mode.

NFC/Apple Pay

Apple Pay

(Source: Macworld)

Apple has resisted the NFC (Near Field Communication) push for years, but that no longer the case with the new iPhones. With the 6 and the 6 Plus, Apple not only added the protocol, but have also built their new Apple Pay payments system entirely for this cause. It works with the Passport app (as well as without it) and will finally allow users to use their new iPhone to purchase things. For more on Apple Pay, check out this Macworld article.

iOS 8

Apple announced that the new operating system will be available Wednesday, September 17th. For a detailed breakdown of the new features of iOS 8, check out this CNET article.

Pricing and Availability 

The new iPhone 6 and 6 Plus will launch in eight countries on September 19th. Pre-orders begin on September 12th.

So far, Apple has only released US pricing, but, as you might expect, the new iPhones ain’t cheap. The iPhone 6 starts at $199 for the 16GB version. $299 will get you 64GB, and if you want the max 128 GB of storage, you’ll need to dish out $399. Tack on $100 across the board (for the same amount of storage) and voila, that’s how much the iPhone 6 plus will cost you. Yep, that means on-contract pricing for a 128 GB iPhone 6 Plus is a whopping $499!

In the US, the new iPhones will be available on AT&T, Verizon, T-mobile, Sprint, and US Cellular to start.

The other seven countries that get the September 19 launch are UK, Australia, Canada, France, Germany, Hong Kong, Japan, Puerto Rico, and Singapore.

This also means that the iPhone 5C’s price will drop to ‘Free’ and the iPhone 5S’s price goes down to $99 (for the 16 GB version).

iPhone Prices

(Source: Apple.com)

‘One More Thing’: The Apple Watch 

Apple didn’t end with the iPhone 6 and 6 Plus reveal, however. It wouldn’t be an Apple event if they did, would it? As many people expected, they introduced a new wearable device, called the Apple Watch (interestingly not iWatch like most predicted).

iWatch

(Source: CNET)

The Verge has a very visual ‘hands-on’ write up and you can read it in its entirety here. Nevertheless, here’s some basic info on Apple’s long-rumored entry into the wearables market:

  • Will be available ‘Early 2015’ starting at $349
  • Will come in three collections – all different versions (with different finishes) of the same watch. The Apple Watch Edition will be finished in 18K gold.
  • Touch-screen (flexible Retina) display, digital crown, infrared LEDs, and photo diodes
  • Runs on an S1 Processor
  • Equipped with gyro accelerometer
  • Has NFC
  • You need an iPhone 5 or better to use it

Security 

Many people forget that iPhones are not malware-proof. I won’t dive deep into this, but it’s important to keep your new devices protected, whether you’re an iPhone or Android user. We offer protection for both.

Concluding Thoughts

It will be interesting to see how consumers will react to the new iPhones. Many Android vs. Apple battles are already raging on in pretty much every comment section of every story written up on the iPhone 6 and 6 Plus.

The thing is, most Android and Apple users are already dedicated to their respective camps and I don’t think these new iPhones have enough revolutionary features that will lure many Android users away from their Google-powered machines, most of which already have the screen sizes Apple is finally embracing.

But because the 4.7 and 5.5 inch screens are a first for Apple, the real question comes down to the Apple fans themselves. Will the new screen sizes be the must-have addition many previous iPhone users were wishing for or will it alienate the fan base that loved Apple for offering a pocket-friendly premium smartphone?

For now, all we can do is wait and see.

8 Tips to Stay Safe Online

Yesterday, the New York Times published an exclusive story on what many are stating to be the largest series of hacks ever, all revealed by Hold Security in their latest report. With a report of over 1.2 billion unique username-password combinations and over 500 million e-mail addressed amassed by a Russian hacker group dubbed CyberVol (vol is Russian for thief). While the reactions among the security industry are mixed, with some researchers raising a few questions of the masterwork behind the hack, the story does bring to the public’s attention the necessity of strong, personal, online security policies for all aspects of the connected life.

As our researchers have shown in the past, gathering a collection of username and passwords can be easier than many think, with many scraping programs being sold on the deep-web market to the highest bidders. And while some companies, including Hold Security, are offering paid solutions to help detect and monitor if their accounts have been breached, this does not change the fact that the first layer of security begins at the user.

8 tips to help you stay safe and secure on the internet

  1. Use two-factor authentication whenever possible. Two-factor authentication adds another layer of security when logging into a website, be it e-mail, banking, or other websites.  Some websites, such as Google, will text you a code when you login to verify your identity, while others have small devices that you can carry around to generate the code.  Authenticator apps are also available on all major smartphone platforms. Other types of two-factor authentication do exist as well, so look in the settings of your banking, shopping, and e-mail hosts for the option.
  2. Signup for login notifications. This security layer is often used in place of two-factor authentication, including by websites such as Facebook.  If your account is accessed from an unfamiliar location, a notification is sent via e-mail, app, or text-message to the account holder.  This is a great layer of security that offers you on-the-go protection.  This feature, if offered, can usually be found in the security settings of the website, such as banking and social media, you are accessing.
  3. Use a secure password. We have all signed up for some website with a basic password, thinking there is no way that someone would want to hack our account.  But that may not be the case.  Setting an easy password on one website often leads to that password being used across many websites.  The easier you make it for a thief to brute-force access your account, the more likely you are to have your other accounts hacked.  By establishing a mixture of characters, numbers, and letters into a password, recommended to be 10 characters or more, you add a high level of difficulty for any brute-force password theft. Password managers like the one included in our Internet Security Plus and Complete antivirus programs can help make managing this easier.
  4. Change your passwords regularly. There is a reason your office requires regular password changes for your e-mail.  Even if your password is compromised, by changing it regularly across all your accounts, you remove the chance of your account being accessed. A pro-tip would be to set a reminder for every 90 days on your calendar with a link to all your accounts settings pages. It makes it easiest to click through and make the changes regularly.
  5. Only access your accounts from secure locations. It might only be 30 seconds of access to your bank account on that free WiFi at the coffee shop, but if the network has been compromised, that is more than enough time to collect all the data needed for a thief. While the convenience factor is there, if you must access the accounts, you might want to look into a VPN (Virtual Private Network) to ensure an encrypted connection to your home or work network.
  6. HTTPS access. In most browsers and information heavy websites, there is a way to force a HTTPS connection when available. This connection adds another level of encrypted security when logging in, making it even more difficult for data thieves to gather your information when logging in. To check if you are on a HTTPS connection, look for a padlock in the URL bar in the browser or check the URL itself for it to begin with HTTPS.
  7. Increase junk filtering and avoid clicking through on e-mails. You just received an e-mail letting you know that you have a new deposit pending and need to login and verify. Many phishing schemes start with something looking very innocent and official, but lead unassuming users to websites designed to collect the information direct from you. If you receive an e-mail from one of the account-holding websites, open a new tab and go direct to the website instead of clicking the links provided. It adds only a few seconds to the access, but keeps you out of any legit-looking phishing websites. Most legitimate services will never ask you for your login credentials, so make sure to avoid giving out this information. By increasing your level of junk filtering with your e-mail client as well, many of these e-mails will be caught before making it to your inbox.
  8. Use an up-to-date security program. Ensure you have the most up-to-date version and have the correct security settings enabled. Security AV programs are designed to keep the malicious files such as keyloggers and data-miners off your computer and the user protected. This direct layer of security ensures your devices, from phones to tablets to computers, are all protected when you are downloading and accessing files. Note that some programs, such as Webroot SecureAnywhere, are always up-to-date and require no further action from the user.

While the threats to online accounts are out there, the tips to staying safe can help you stay protected and utilize features often already available by the companies and their websites, and most without costing you additional money. These internet safety tips should help ensure your security online while still providing the convenience online access offers.

Helpful links:

A Look at PC Gamer Security

Gamer Infographic

In the new study on security and PC gamers, Webroot found that many gamers sacrifice their protection to maximize system performance and leave themselves vulnerable to phishing attacks and gaming-focused malware. The study also provides tips for protecting gaming credentials and safeguarding against phishing attacks.

Webroot PC Gamer Security Study Findings:

  • 47% experienced an online attack with 55% of the attacks impacting system performance.
  • 35% of PC gamers choose not to use security or rely on free clean-up tools.
  • “Does not slow down system performance” ranked among the most important security program characteristic to gamers and Webroot has the first antivirus for PC gamers without system impact.
  • Trojans, Phishing, and Rootkits ranked as the top attacks against PC gamers.
  • The top source for information about Internet security were from forums and fellow gamers.
HalfPCGamers

The survey was conducted during E3 2014 and was based on the responses gathered from over 1,200 PC gamers. The conclusion was that one third of PC gamers do not use a security program while gaming, although 47% have experienced a malware or phishing attack.

“We understand the high expectations that gamers have of their systems, and the frustration they have had with traditional antivirus programs. But the desire for performance can’t be at the expense of protection – there’s too much to lose,” said Mike Malloy, executive vice president of products and strategy at Webroot. “We believe by following some basic best practices and using a cloud-based security program that is very light on system resources, such as Webroot SecureAnywhere Gamer Edition, PC users don’t have to choose between performance and protection.”

Running a gaming system without traditional antivirus security can improve gameplay performance, but it leaves gamers vulnerable to identity theft and online attacks that can jeopardize both their real and in-game lives. This is why Webroot created the first cloud-based antivirus for PC gamers and developed a list of tips for staying safe online.

Tips for Gaming Securely:

  • Use browser-based URL filtering.
  • Deploy anti-phishing detection.
  • Avoid public Wi-Fi and use a cloud-based anti-malware program.

To read the full press release, please click here.

If you’d like to view or download the infographic on the report, you can do so by clicking here.

Successful Launch of Webroot for Gamer at E3

photo 4Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the 18th annual Electronic Entertainment Expo, or E3 for short, hosted by the Entertainment Software Association.  Used by many of the video game manufacturers across the various platforms, as well as hardware and software developers, the trade show is used to show off the next generation of games-related products.  Hosted at the Los Angeles Convention Center, the 2014 conference had over 50,000 reported attendees between June 9th and 12th, 2014.

With this being Webroot’s first appearance at E3, the company was on site to show off Webroot’s new gaming specific antivirus, SecureAnywhere™ AntiVirus for PC Gamers.  Designed to keep users protected with maximum performance and protection, the newest protection offering for consumers garnered a large amount of interest from those in attendance, with a busy booth all day.  From the gamers themselves to the industry experts, many were impressed with the performance, speed, and direct gaming focus that Webroot was providing with the gamer protection product.

Along with the booth presence, Webroot’s team hosted an online campaign to drive awareness of the products with the #CyborgSelfie giveaway, a contest where entrants had to submit a selfie of themselves with the specific Twitter hashtag in hopes of winning a custom built Origin PC protected by Webroot.  With over 40,000 entries, the winner, Johnny Interiano, was drawn at random, and will soon have one of the most powerful Origin PC machines at their disposal for their next gaming conquests.  And to not pass an opportunity to work with Webroot’s newest partner Plantronics, twelve runner-up winners from the same contest won Plantronics RIG gaming headsets.

Through a strong awareness campaign and booth presence, all backed by an innovative security product designed specifically for gamers, Webroot’s presence at E3 was a major success for all that were involved.

How to avoid unwanted software

We’ve all seen it; maybe it’s on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you’ve never heard of, there’s a new, annoying toolbar in your browser. Maybe you’re getting popup ads or have a rogue security product claiming you’re infected and asking you to buy the program to remove the infection. Even worse, you don’t know how it got there! Welcome to the world of Potentially Unwanted Applications (PUAs.) Chances are that these programs were inadvertently installed while installing software from sites that use “download managers” that add additional software to otherwise free downloads.

Many of these “download managers” and the additional applications they install use a Pay Per Install business model that is often used by unscrupulous individuals that use various techniques to trick you into clicking on their sites rather than the official download site for the software you’re attempting to download. These techniques include using advertisements on search engines and various Search Engine Optimization (SEO) techniques to get their sites to show up before the official downloads in search results. We’ve even seen fake image upload sites whose sole purpose is to direct you to a page that looks like an official download page for a program but uses one of these “download managers” instead.

So how do you avoid these “download managers?” It’s actually pretty simple. Whenever possible, download software from the software company’s official page (this is not always possible since some software is only available through third-party download sites.) As mentioned earlier, some of the most popular techniques to get you to install software using these “download managers” is through ads and SEO techniques on search engines, so we’ll show you how to locate the official download links in search results from Google, Bing, and Yahoo.

For this example we’ll search for the popular voice and video chat program Skype by searching for “download Skype.”

With Google it is rather easy to spot the official download link since the advertisements are clearly marked, and the first actual result is the official download link:

google

 

Let’s have a look at Bing next. Since both Skype and Bing are Microsoft products, the first two search results are for the official download links:

Bing_Skype

 

For a better example of Bing results, let’s search for Adobe Reader by searching for “download adobe acrobat reader.” This one is also pretty easy to spot since the ads are clearly marked.

Bing_Adobe

 

Now let’s have a look at the results for “download Skype” on Yahoo. Once again, the ads are clearly marked and the first actual result is the official download link.

Yahoo

 

Looking at these search results, you’ll notice a few things in common: The top results are all ads, and none of the ads point to the official download links, and the first actual link that is not an advertisement is the official download link. While this will not always be the case, it is common, and fortunately the three search engines we used in this example all do a very good job at identifying their advertisements. Does this mean that all ads are bad? Of course not! But when looking to download free software, the ads may not be your best choice. Also pay attention to the URLs, the official downloads are all on “skype.com” domains, while all the adds point to other domains.

Now you should have a better understanding of how some of those unwanted toolbars and search pages ended up on your computer, that clicking on the top result on a search page may not be the best way to go about downloading free software, and how to find the official download links for software on some of the most popular search engines. Pass this information onto others, and maybe you’ll save yourself a trip to a friend or family member’s house to remove an unwanted toolbar.

Phishing For Bank Account Information

When you’re a threat researcher, you are always on the look out for anything that looks ‘phishy’, even if it’s on your own personal time. Today, I opened my personal email to find this:

Although the email looked very convincing, I don’t bank with Smile Bank so I knew something was up. Smile Bank is an actual bank based in the UK. The bad guys used a spoofed email address to make it look like it came from the legit Smile Bank domain smile.co.uk. If someone did bank with Smile Bank, I can see how they could easily be tricked. It’s the “Click here to proceed” link that gives the bad guys away. The link goes to a page hosted by pier3.hk, which is a legitimate domain, but appears to be compromised with a simple HTM page that is a redirect to the real malicious site. The redirect sends you here:

Once filled in and submitted, it then sends you here:

When this page is filled in and submitted, it sends you to the legitimate Smile Bank site:

In the background, I captured the network traffic to discovery all the input I entered being sent in plain text to the malicious URL:

In comparison, I went to Smile Bank’s real login screen. It was identical except for the fact it didn’t accept my nonsense for inputs:

This trick could easily be done with any large bank. Make sure to always be suspicious of any email claiming to be from your bank that threatens your account has been locked and insists that you need to enter your account information. Also, if the link to enter your account information isn’t to the URL of the bank it claims to be from, you know it’s malicious.

Beware of Malicious Olympic 2012 Android Apps

By Joe McManus

There are too many events happening at one time during the Olympics, which might tempt you to install an app for that. But be careful of what you install. Not all apps are what they appear to be. As an example let’s look at the app called “London Olympics Widget”.

More details:

read more…

8 Tips for Filing Taxes Online Safely

By Mike Kronenberg

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

Getting ready to file your taxes online — and doing it at the last minute? Well, cyber-scammers are ready for you. Thieves are schemers, and they’ve got a bag full of tricks to steal your identity. You might even be doing things to make their job easier. And if you use a PC at work to do your return,  identity theft could be as simple as a crook (or an unscrupulous coworker) digging around and finding sensitive files.

One might send you an e-mail that offers a quick refund — or a warning about a problem with your already-filed tax return. Maybe they’ll pitch you with an expert’s review of your tax return, or helpfully offer advice, asking for all the sensitive financial details you’d normally put on your return so they can “look up your account.”

Here are eight tips to stay one step ahead of these virtual pickpockets and protect yourself.

read more…

Gamers: Fight the Phishers

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20090616-gamephish2-selltous_cropLast week, I posted a blog item that explained how gamers face a growing security threat in phishing Trojans — software that can steal the passwords to online games, or the license keys for offline games, and pass them along to far-flung criminal groups. We know why organized Internet criminals engage in these kinds of activities, because the reason is always the same: There’s a great potential for financial rewards, with very little personal risk.

So I thought I’d wrap up this discussion with some analysis of how the bad guys monetize their stolen stuff. After all, how do you fence stolen virtual goods? And knowing that, is there a way to put the kibosh on game account pickpockets?
read more…

5 PC Gaming Threats and How To Beat Them

By Mike Kronenberg

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

WoW keyloggerE3, the annual trade show for the computer and video games industry, kicked off in Los Angeles yesterday, not long after the unofficial start of summer on Memorial Day. These events got me thinking about what many students might do with their free time over the next three months. I imagine that for legions of young PC gamers, this could mean hour after blissful hour spent honing their skills as a blacksmith and earning gold in their favorite online fantasy universe. You can bet cybercriminals are imagining the same thing, too – and banking on it. 

In PC gaming, it used to be that hackers would seek to steal log-in information to take control of someone’s character for their own personal enjoyment. But they’ve figured out in-game currency translates into real-world money, and now many people log onto World of Warcraft or Lineage to find their account balances wiped to zero. 

To help keep hackers out — and hopefully make their summer a little less lucrative – I’ve outlined the most common tactics for infection during gaming and how gamers (of all ages) can avoid them. read more…