Scams like Phishing and Vishing are designed to steal your web identity and personal data.

Phishing is carried out via fraudulent emails and Vishing is orchestrated via bogus voice messages and phone calls.

Follow these simple steps to avoid falling prey to these scams:

In case of doubt, do not click on any link provided in the e-mail

Do not give any confidential information such as password, customer id, Credit/Debit Card number or PIN,CVV,DOB to any e-mail request, even if the request is from government authorities like Income Tax department or any Card Association company like VISA or Master Card

Do not open unexpected e-mail attachments or instant message download links

Always check the web address carefully before sharing any sensitive information

For logging in, always type the website address on your web browser

The Padlock icon at the upper or bottom right corner of the webpage must be always ‘On’ during secure transactions

Ensure that you have installed the latest anti-virus/ anti-spyware/ personal firewall/ security patches on your computer or high end mobile phones

Use non-admin user ID for daily work on your computer

Do not access NetBanking or make payments using your Credit/ Debit Card from shared or unprotected computers in public places

Do not call and leave any personal or account details on any telephone system, voice message, e-mail or an SMS

Do not transfer funds to or share your account details with, unknown/ non-validated source, luring you with commission, attractive offers.

Share on Facebook

The USB ports on a computer present a security risk. Not only are storage devices able to plug in and interface with the hardware, but also coffee cup warmers, fans, and even mini-vacuums.

A team of computer engineers from Royal Military College of Canada in Kingston, Ontario exploited a weakness in the USB plug-and-play functionality. What the team did was create a fake USB device that reported itself as something that computer already recognized.

For example, if the computer already paired itself with a USB camera, a hacker could spoof the same identity on another device.

As a proof of concept, the team designed a USB keyboard that contained a circuit that stole data from the hard drive and transmitted it by flashing an LED in a morse code-like fashion, as well as through sounds output by the sound card. While such methods are hugely inefficient and likely ineffective, it was just a proof of concept of the vulnerability.

Even though virus scanning software may check USB storage for malware, secretly planted trojans inside USB peripherals will likely be missed.

Share on Facebook

Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process.

What is scareware?
Basically, scareware, also known as rogueware or put in simple terms, fake security software, is a legitimately looking application that is delivered to the end user through illegal traffic acquisition tactics starting from compromised web sites (Sony PlayStation’s site SQL injected, redirecting to rogue security software), malvertising (MSN Norway serving Flash exploits through malvertising; Fake Antivirus XP pops-up at Cleveland.com; Scareware pops-up at FoxNews; Ukrainian “Fan Club” Features Malvertisement at NYTimes.com), or blackhat search engine optimization (9/11 related keywords hijacked to serve scareware; The most dangerous celebrities to search for in 2009; The Web’s most dangerous keywords to search for), to ultimately attempt to trick the user into believing their computer is already infected with malware, and that purchasing the application will help them get rid of it.

Upon execution, certain scareware releases will not only prevent legitimate security software from loading, but it will also prevent it from reaching its update locations in an attempt to ensure that the end user will not be able to get the latest signatures database. Moreover, it will also attempt to make its removal a time-consuming process by blocking system tools and third-party applications from executing.

There have also been cases where scareware with elements of ransomware has been encrypting an infected user’s files, demanding a purchase in order to decrypt them, as well as a single reported incident where a scareware domains was also embedded with client-side exploits.

Share on Facebook

PC users – victimized by malware, spyware and never-ending pop-up windows in the past – know better today than to click on links from strangers or download and install random programs on their computers. But smartphone users haven’t learned those tough lessons yet.

A company called Lookout Mobile Security, which is announcing its 1 millionth customer today, said that mobile security is entering a new phase, just as PC security did so many years ago. Old timers will recall that some hackers initially launched massive attacks for the fame or notoriety. But then came the opportunity to make money off of this hacking business – and so they did.

That’s where we are with mobile security today, according to Lookout’s CEO and founder, John Hering. The company has seen a rise in the number of apps that are loaded with malware. Six months ago, four pieces of malware would be found per 100 phones per year. Today, that’s jumped to 9 pieces of malware. And it’s not just on open source platforms like Google’s Android. There have been instances of problems with apps that get past the app judges on Apple’s iOS platform, as well.

Malware and spyware were always risks in the PC world, as well, but because third-party developers are the ones who are showcasing their mobile apps in mobile app stores, you never know if the developer is a tech genius at MIT or a bad person with bad intentions somewhere overseas. The latest attack: apps loaded with malware that sit dormant and then, days later, starts to auto dial overseas numbers to premium services.

Share on Facebook

Microsoft has officially unveiled its long-awaited consumer antivirus offering. Formerly code-named “Morro,” it’s now been christened Microsoft Security Essentials, and it will enter public beta testing next week. If you have a licensed copy of Windows XP (Service Pack 2 or above), Windows Vista, or Windows 7, you’ll be able to download and install the software at no additional charge. No subscription is required for ongoing definition updates, either. The final release is scheduled for this fall.

The public beta will be limited to 75,000 downloads, Microsoft says, and the targets are global. The initial beta release is limited to the United States, Israel (where a core development team is based), and Brazil. Next month, the beta will open up for users in China. It’s no coincidence that Microsoft is rolling out early in Brazil and China, which are large-scale vectors of malware infections because of the sheer number of Windows users running without antivirus protection. According to Microsoft, barriers to adoption of paid security software are especially high in developing markets, where internet access is slower and credit cards are unavailable to a large percentage of the population.

Over the past few days I’ve been testing recent builds of Microsoft Security Essentials on two machines, one running a 32-bit edition of Windows Vista, the other running a 64-bit copy of the Windows 7 release candidate. The software I describe in this post is a more recent build than the current beta that has been floating around back channels on the Internet.

Share on Facebook