Posts Tagged: ‘Malware’

Scam of the day – September 23, 2014 – How LinkedIn can be used to hack companies

September 22, 2014 Posted by Steven Weisman, Esq.

LinkedIn is a very popular social networking service site for business people where 300 million people share knowledge and opportunities.  Unfortunately, however the information provided on LinkedIn can be manipulated in the hands of a hacker to provide information that can be used to hack a business’ computers and data.  If you look up a company on LinkedIn you will find a number of profiles for individual employees of the company.  Many of these will include the employee’s email address.  After viewing a few employee profiles a hacker can determine the protocol used for emails within the company, such as initial of first name, last name@companyname.com.   Using this information, the hacker can send a legitimate appearing email to a company employee that looks like it comes from within the company luring the real employee to either click on a tainted link or enter a username and password.  This can be used to either directly install malware on to the company’s computers through the tainted link or get access through the user name and password of the employee victimized by the scam.  From there it is an easy thing to install malware to steal information from the company.

TIPS

Never click on links in emails, text messages or social media or download attachments until you have absolutely confirmed that they are legitimate.  Also, when it comes to network security, most companies will never ask for an employee’s user name or password.  Again, never provide this information on any website or anywhere else until you have first confirmed that the website is legitimate.  It might be a phony, tainted website merely phishing for your information.  Trust me, you can’t trust anyone.

Scam of the day – September 17, 2014 – JP Morgan data breach update

September 17, 2014 Posted by Steven Weisman, Esq.

In August I first told you about the hacking of banking giant J.P. Morgan and as many as four other banks.   Investigators believe the hacking was the work of sophisticated hackers from Eastern Europe.  Some are theorizing that the hacking was sponsored by the Russian government.  Much sensitive data was compromised and stolen as a result of the hacking although to date none of the million customer accounts compromised have suffered any loss or fraudulent activity.  Investigators are now saying that the breach was limited to names, addresses and phone numbers.  The initial investigation appears to be focusing on the exploitation of computer programs used by a J.P. Morgan employee to work from a remote location.  This type of exploitation of remote desktop software such as Microsoft’s Remote Desktop, Apple’s Remote Desktop, Chrome’s Remote Desktop, Splashtop, Pulseway and LogMein that enable the convenience of logging into a company’s computers from an off site location has proven to be a major security flaw that has been continually exploited in company after company for quite a while going back to Target’s hacking last year to the recent UPS hacking.  I have warned people about this flaw for sometime and the FBI has warned American businesses to watch for this.

TIPS

Banks are a frequent target of cyberattacks and American banks have generally done a good job in recent years in protecting data, however, as this latest hacking shows, more needs to be done, particularly in regard to the particular type of malware used in this attack which may be or be similar to the “Backoff” malware I have been warning about.  As for we as consumers, there is little we can do other than to carefully monitor all of our accounts, only use credit cards rather than debit cards for retail purchases and limit the amount of personal information you provide to any company or governmental agency with which you do business.  This will not be the last major hacking exploiting this flaw to occur.

Scam of the day – September 5, 2014 – Latest security updates from the Department of Homeland Security

September 5, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates include an important security patch for Google Chrome and Mozilla Firefox and Thunderbird.

TIPS

Here are the links to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-244 and https://www.us-cert.gov/ncas/current-activity/2014/09/03/Mozilla-Releases-Security-Updates-Firefox-and-Thunderbird

Scam of the day – September 2, 2014 – Beware of nude photos of Jennifer Lawrence, Kate Upton and others

September 2, 2014 Posted by Steven Weisman, Esq.

News of stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Cat Deeley, Kayley Cuoco, Kim Kardashian, Scarlet Johannsson and others is sweeping across the Internet.  Although a few of the named celebrities, such as Victoria Justice have denied the accuracy of the photographs, many of the celebrities including Jennifer Lawrence and Kate Upton have confirmed that, much to their chagrin, the photos and videos are real.  Although the exact manner by which these photographs and videos were hacked and stolen is not known at the moment, it appears that they were taken from Apple’s iCloud.  The possibility exists that a vulnerability in Apple’s iCloud security is at the root of the problem, but another scenario is that the fault is with the individuals who took these photographs and videos of themselves.  Anyone who is able to get someone’s email address and password would find it easy to gain access to that person’s iCloud account and download the photographs and videos.  Obtaining an email address is a relatively easy task for any hacker and passwords can be obtained either from other hacked devices or by, as often is the case, by using the “forgot password” link on Apple’s iCloud, as with other accounts.  The answers to the security questions used to obtain the password through the “forgot password” function are generally easy to find for celebrities whose personal information, such as where they went to high school or other information used in security questions is easily found online.

The security flaw, however may also have been with Apple.  A vulnerability with the Find My iPhone  may have permitted hackers to use a brute force attach whereby they would flood the page with computer generated passwords until the correct password was guessed.  This vulnerability has now been patched and brute force attacks will not be effective because repeated failures to enter the correct password will result in the user being locked out.

So what does all of this mean to you?

This hacking presents two separate problems.  The first is that identity thieves will be taking advantage of the public’s interest in these photos and videos.  You will be receiving emails, text messages or social media postings with links that promise to bring you to these stolen photographs that will download keystroke logging malware when you click on the links.  Once this malware is installed on your computer, smartphone or other portable device, your personal information will be stolen and the information will be used to make you a victim of identity theft.

The second problem is the same problem faced by the celebrities whose accounts were hacked.  How do you keep your accounts secure?

TIPS

Don’t give in to the temptation to view these photos and videos online.  Ethically, it is the wrong thing to do.  However, it also is too risky an activity.  You cannot trust any email, text message or social media posting that promises access to these photos and videos.  Many of these will be laced with malware and you cannot know which one’s to trust.  Trust me, you can’t trust anyone.  In addition, identity thieves will be setting up phony websites that promise to provide these photos and videos, but again will only end up installing malware on your computer when you click on links in these websites.  Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser.

As for securing your own account, you should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.  Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password.    Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the two-factor identification protocols offered by Apple and many others.  With two-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Jennifer Lawrence and the other hacked celebrities used the two-factor identification protocol, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.

Scam of the day – August 27, 2014 – Android phones vulnerable to hacking

August 27, 2014 Posted by Steven Weisman, Esq.

The Android operating system is used in many popular smartphones including the Google Nexus, HTC, Samsung Galaxy, Motorola Moto and LG Electronics phones.   Recently, researchers at the University of California Riverside have discovered a dangerous vulnerability in the Android operating system that permits most Android apps to be easily hacked.  This is done when an app infected with malware is unwittingly installed that uses the shared memory of the apps to hijack information from other apps such as those used for online banking while avoiding the Android system’s permission and security system.  Some of the apps that the researchers found they were able to access by exploiting this Android vulnerability included apps of Chase Bank and Gmail.  The Chase Bank app is particularly problematic because it would allow a hacker to see pictures of checks taken using the Android smartphone as well as bank account information thereby making identity theft and stealing from the victim’s bank account a simple task.

TIPS

Until the Android developers manage to fix this vulnerability in their operating system, the most prudent thing that Android users can do is to make sure that they are careful in downloading apps to avoid the tainted apps required to exploit this vulnerability.  Stick to apps sold or provided at legitimate app stores and make sure that your anti-virus and anti-malware software is up to date.

Scam of the day – August 26, 2014 – Sony PlayStation Network hacked

August 26, 2014 Posted by Steven Weisman, Esq.

Over the past weekend, Sony’s PlayStation Network was hacked and taken offline by a group of hackers identified as Lizard Squad.  The PlayStation Network is used by 53 million gamers around the world to play games with other people in a virtual environment.  The PlayStation Network was brought down by a simple, but still effective tactic called a distributed denial of service attack (DDOS) by which  hackers utilize a botnet to overwhelm and clog the network with artificially high traffic.  A botnet, as you may remember is brought about when hackers infiltrate the computers of unwary users and take over those computers, using them to send malware, spam or other harmful material.  Often the people whose computers are part of this botnet of what is often called zombie computers are not even aware that their computers are being used for these purposes.  In this case, all that Sony suffered was a minor embarrassment, however in 2011 the PlayStation Network was hacked and the personal information including credit card information of 77 million people was stolen.

TIPS

Although this particular hacking of Sony did not result in the personal information of any users of the Sony PlayStation Network being compromised, the security of Sony and the other online gaming network companies remains vulnerable.  It is for this reason that you should limit, as much as possible the personal information that you provide these companies to protect yourself in the event of a data breach.  Also, do not leave your credit card number on file with any company as a convenience.  Provide the number anew each time you use it online at any company so that it is not stored by the company and vulnerable to a data breach.  Also, as I constantly remind you, never use your debit card for any retail purchases.  Limit its use to ATMs.

Scam of the day – August 14, 2014 – Latest security updates from the Department of Homeland Security

August 14, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates that will help protect against the SQL attack used by the Russian hackers recently to steal data on more than a billion people.

TIPS

Here is the link to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-223

Scam of the day – August 9, 2014 – Identity thieves defeat two-factor identification at banks

August 9, 2014 Posted by Steven Weisman, Esq.

In the battle to prevent identity thieves from being able to access online the bank accounts of their victims, many banks in Austria, Japan, Sweden and Switzerland have gone beyond the simple password to the more secure (supposedly) two-factor identification.  With two-factor identification, in order to access their accounts bank customers must enter a second one-time password that has been emailed or texted to the customer.  The thought was that by requiring this second password, identity thieves who may have hacked the customer’s password still would not be able to access the customer’s account because the identity thief would not have the required second password sent by the bank to the customer’s smartphone.  However, now it has been uncovered by computer security company Trend Micro that identity thieves have found a way to defeat two-factor identification.  As with so many identity thefts, this one starts when the customer unwittingly clicks on a link in a phishing email or downloads an attachment in a phishing email that appears to be from a legitimate source.  Unfortunately, when the victim clicks on the link or downloads the attachment, he or she is actually downloading malware that sends the victim to a phony bank website when the customer attempts to do online banking.  Once at the phony website, the victim is prompted to enter their account details, passwords and personal identification number.  They are then prompted to download a mobile application found in Google’s Android store that is represented to provide enhanced security, but in actuality permits the identity thief to intercept the second password that banks would send to the customer.  Armed with all of this data, the identity thief is able to gain full access to the victim’s bank account and empty it.

TIPS

Although two-factor identification is an improvement over the present password system used by many financial institutions in the United States and other parts of the world, it is still vulnerable.  Business and government must come up with better authentication protocols.  Meanwhile as with so many of these complex identity theft schemes, this one requires the victim to download the necessary malware that makes the identity theft possible.  The solution is a simple one.  As I have warned you many times.  Never click on a link in an email or download an attachment in an email unless you are absolutely sure that it is legitimate and the only way to do this is to independently call or email the real company or person purportedly sending the email at an address or telephone number that you know is accurate.  For even greater security, you may wish to have a separate computer for financial transactions where you do no emails and click on no links and download no attachments.

Scam of the day – August 1, 2014 – Homeland Security warning about retail hackings

August 1, 2014 Posted by Steven Weisman, Esq.

Everyone is aware of the epidemic of hackings of major companies, such as Target, P.F. Chang’s, Neiman Marcus, Michaels, Sally’s Beauty Supply and Goodwill Industries and, as I have repeatedly warned you, these hackings will only increase in frequency in the upcoming months.  Yesterday, the Department of Homeland Security issued  a report that details how these hackings occurred and what needs to be done to reduce them.  A major part of the problem is that more and more companies permit both their employees as well as third party contractors to access the company’s computers over the Internet.  There are many legitimate reasons for doing this, but it tremendously increases the chances of major data breaches as employees and third party contractors who may not be following proper security practices are being hacked and, in essence, providing identity thieves and hackers with access to the computers of the targeted companies.  In addition there are some inherent security flaws in the Microsoft and Apple software used by these employees and third party contractors.   Thus the hackers exploit the weakest links, which they are doing quite effectively.

The Department of Homeland Security identified a malicious software which they have called “Backoff” that, when it makes its way on to the Point of Sale credit and debit card processors, is able to steal credit and debit card information, account numbers, expiration dates of credit card and debit cards and PINs.  Backoff is a very evolved type of malware that, to date, has avoided detection by the anti-malware and anti-virus software used by companies today to protect their computers from data breaches and hackings.

TIPS

Corporate America has a lot of things it should be doing, but it is unlikely that these steps will be done in a sufficiently timely manner to stop data breaches in the upcoming months.  A switch to smartcard technology with computer chips in the credit card would render this type of credit card data unusable to identity thieves, but retailers have been extremely slow to adopt this technology.  Requiring employees and third party vendors to use stronger passwords and to change those passwords regularly would help as would the requirement of two-step verification rather than merely using passwords to provide access.  Another important step for companies to do is to limit access to the credit card and debit card processing systems by people having access to other computer systems within the company.   Credit and debit card processing systems should be isolated.

But what can we do?

The most important thing to do is to recognize that data breaches will be occurring.  Everyone should regularly monitor their credit card usage carefully to recognize security breaches as soon as possible and then to report the breach to your credit card company.  In addition, limit your use of your debit card to use as an ATM card.  Do not use it for retail purchases.  The consumer protection laws available to you if your debit card is hacked are not as strong as the laws that protect fraudulent use of your credit card.  In addition, even if you do become aware and report a breach of your debit card security right away, your access to your account will be delayed while your bank investigates the matter.

Scam of the day – July 25, 2014 – Important security updates for Java and other software

July 24, 2014 Posted by Steven Weisman, Esq.

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always identifying and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates for a number of important software programs which we all use which if not used will put you in serious jeopardy of identity theft and being hacked.  In particular, this round of security updates provides important security updates for Java software.  Java has been a favorite target of scammers and identity thieves so much that the Department of Homeland Security has even advised people who don’t have to use Java, to disable it.  For more information about Java software I suggest you check out earlier Scams of the day that dealt with Java problems.  You can find these in the Scamicide archives.

TIPS

Here is a link to the latest security alert and updates as issued by the United States Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-202