Scams like Phishing and Vishing are designed to steal your web identity and personal data.

Phishing is carried out via fraudulent emails and Vishing is orchestrated via bogus voice messages and phone calls.

Follow these simple steps to avoid falling prey to these scams:

In case of doubt, do not click on any link provided in the e-mail

Do not give any confidential information such as password, customer id, Credit/Debit Card number or PIN,CVV,DOB to any e-mail request, even if the request is from government authorities like Income Tax department or any Card Association company like VISA or Master Card

Do not open unexpected e-mail attachments or instant message download links

Always check the web address carefully before sharing any sensitive information

For logging in, always type the website address on your web browser

The Padlock icon at the upper or bottom right corner of the webpage must be always ‘On’ during secure transactions

Ensure that you have installed the latest anti-virus/ anti-spyware/ personal firewall/ security patches on your computer or high end mobile phones

Use non-admin user ID for daily work on your computer

Do not access NetBanking or make payments using your Credit/ Debit Card from shared or unprotected computers in public places

Do not call and leave any personal or account details on any telephone system, voice message, e-mail or an SMS

Do not transfer funds to or share your account details with, unknown/ non-validated source, luring you with commission, attractive offers.

Share on Facebook

Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process.

Not surprisingly, Q3 of 2009 was prone to mark the peak of the scareware business model, whose affiliate program revenue sharing scheme is not only attracting new cybercriminals due to its high pay-out rates, but also, is directly driving innovation within the cybercrime underground acting as a reliable financial incentive.

This end user-friendly guide aims to educate the Internet user on what scareware is, the risks posed by installing it, how it looks like, its delivery channels, and most importantly, how to recognize, avoid and report it to the security community taking into consideration the fact that 99% of the current releases rely on social engineering tactics.

What is scareware?
Basically, scareware, also known as rogueware or put in simple terms, fake security software, is a legitimately looking application that is delivered to the end user through illegal traffic acquisition tactics starting from compromised web sites (Sony PlayStation’s site SQL injected, redirecting to rogue security software), malvertising (MSN Norway serving Flash exploits through malvertising; Fake Antivirus XP pops-up at Cleveland.com; Scareware pops-up at FoxNews; Ukrainian “Fan Club” Features Malvertisement at NYTimes.com), or blackhat search engine optimization (9/11 related keywords hijacked to serve scareware; The most dangerous celebrities to search for in 2009; The Web’s most dangerous keywords to search for), to ultimately attempt to trick the user into believing their computer is already infected with malware, and that purchasing the application will help them get rid of it.

Upon execution, certain scareware releases will not only prevent legitimate security software from loading, but it will also prevent it from reaching its update locations in an attempt to ensure that the end user will not be able to get the latest signatures database. Moreover, it will also attempt to make its removal a time-consuming process by blocking system tools and third-party applications from executing.

There have also been cases where scareware with elements of ransomware has been encrypting an infected user’s files, demanding a purchase in order to decrypt them, as well as a single reported incident where a scareware domains was also embedded with client-side exploits.

Share on Facebook

Anu Sharma, 30, suspected that her husband was lying to her every time he cited urgent business tours to stay out of the house. One day she finally got proof in the form of a tweet. The next day, she filed for divorce, using the tweet as evidence.

When it comes to fighting a divorce case, tweets are not necessarily sweet. Your status message on social networking websites can even be used as secondary evidence in court cases.

Legal experts say tweets and messages on social networking sites like Facebook and Orkut can reveal one’s state of mind; therefore they can be taken as secondary evidence in legal matters. This clause comes under the IT Act of 2000, amended in October last year.

Pavan Duggal, a Supreme Court lawyer, said: “The IT Act of 2000 was primarily legislation promoting e-commerce and the concept of social networking was not even heard of then. Thus, this clause was incorporated because of the widespread use of microblogging and social networking sites.”

“This trend is catching up now, specially in divorce cases, although it started only last year,” Duggal told IANS.

Citing Anu Sharma’s example, Duggal said: “Her husband used to give her excuses that he was going out on business tours. But instead he would meet friends and socialise. Finally, he was caught when on one of his ‘so called’ business tours, he tweeted: ‘Having a great time with friends over beer, I am in town, come over and join me.’

“Tweets and status messages are usually taken up as secondary evidence. And they are as important as the primary ones,” Duggal told IANS.

He said even an angry tweet or status message like, “I hate my wife”, if produced in court as a printout or screen shot becomes secondary evidence.

“Any written word available in the public domain can be used under this Act. A statement like this can be used on grounds of mental cruelty,” added Duggal.

Agreed Karnika Seth, attorney at law firm Seth Associates who specialises in cyber crime.

“There are couples who are filing for divorce on reasons which could not have been proved before, but with tweets and status message updating several times a day, it works as additional evidence, often making adultery easy to prove,” Seth told IANS.

She also added that many people used to hire private detectives, but this had become a new way of finding the truth.

“In one such case, a man had e-mailed threatening messages to his wife. His IP address could be traced, but the message was not digitally signed, thus the messages were taken as a secondary evidence and a divorce case was filed.”

Seth said a numeric address or domain name given to a website to track it is called IP address. Digital signatures are specially designed icons or even one’s original sign encrypted on the e-mails are the two criteria on the basis of which primary or secondary evidence is distinguished.

According to her, blogs and chat messages can also be used as evidence.

As the clause is only a few months old, no specific statistics is available yet on how many people have used tweets or status messages in legal matters.

Maninder Walia, researcher with the website Cybersmart, feels the act curbs people’s freedom of speech and thoughts.

“The idea behind this act is to control the ever expanding cyber crime which is a threat to national security. But when it comes to freedom of speech and thoughts, this act may be a hindrance,” he said.

Walia feels if a person writes on his or her status message about drinking a lot or something similar, this could also be presented as evidence tagging him or her as an alcoholic in court.

He feels social networking sites are easy interaction platforms, hence things written as tweets, status messages in good humour or otherwise should not be put under the scanner.

“The law needs to pinpoint what kind of information should be used as evidence and in what cases. The act should be reviewed; the internet is moving fast, the law should not lag behind technology,” he said.

Share on Facebook

Are you downloading your favourite game or a particular application that allows you to share pictures, videos and information? These days, we have various gaming applications and individual developers coming out with unique and interesting downloadable applications. But, you need to make sure you are not inviting virus to disrupt your mobile handset. You should know that Internet/ mobile applications, if certified, can be trusted; if not, they can hamper your mobile data.

Worms, trojans, viruses and hackers – they not just threaten for your home PC or laptop anymore. As per Trend Micro, an Internet security firm, cyber crooks are on their way into your pocket. The popularity of smartphones like the Blackberry, iPhone and the emerging Droid is on a boom and that’s making them a lucrative target for cyber crooks to cause mischief.

The possibility of someone hacking cellphone became public knowledge when Paris Hilton’s mobile was hacked. Unfortunately for her, numbers of all her celebrity friends were also placed on the Internet – resulting in a barrage of calls to each of them. This was one of the highlighted cases of phone hacking through extracting personal information from the mobile handset.

The ingenuity of cyber criminals to come up with new social engineering angles seems endless. Mobile worms and viruses are similar to those that infect PCs. An unsuspecting user can be tricked into installing a harmless-looking file that infects a device and seeks additional mobile phones to target, often disrupting the phone’s operations.

What can a mobile hacker do? There are quite a number of things that can be done by the mobile hacker. Depending on intent, their main targets are:

Steal your number: Your phone number can be accessed and obtained by hacking. This allows them to make calls and have it charged on your account.

Extract your information: Mobile hacking allows a hacker to contact your cellphone, without your knowledge, and to download your addresses and other information you might have on your phone. Many hackers are not content to just getting your information. Some will even change all your phone numbers! Be sure that you keep a backup of your information somewhere. All you have to do is to ensure that the handset is malware-protected. Here are some quick and easy points a user should keep in mind when downloading applications on mobile phones.

First, identify the source from where you are downloading the application. A general community site that does not have any face is not contactable. For example, download.com is the worst place to get the software from. You can download applications like our P2P software on your mobile.

Check the software for security certificates. Try not to use any unsigned application. These are third-party signatures from Verisign, Symbian and Sun. Absence of any trusted signature can make the application very dangerous. The only warning that you will get is when you install and load the application. So, go for trusted applications.

Once the signature is there, visit the company site to verify application that you have downloaded. Check for warnings, known bugs and the functions that it would provide. This may help you understand the resources the application will take, such as memory, CPU, etc. Applications like file share, Voip, etc use some core OS functionality. In case of a bug, such an application can disrupt other functionalities of the phone.

Social media-based applications that download the files can also bring in a virus-infected file to your handset. In such a case, one should have some anti-virus software installed in the system or the application should check for MIME-type before it allows the download of the content. But, make sure that you protect your handset with anti-virus software to ensure that even if by chance you have downloaded a non-trusted application, security solution providers like Trend Micro or McAfee have anti-virus solutions for you.

Check for your data plan before you start to use an application that uses some sort of data transfers. An application like mBit p2p can generate huge data transfers. The user is advised to get in touch with the customer care to identify an appropriate plan for it. The user can tell the customer support about the desired application and an appropriate plan for the same.

Follow these simple steps and you’ll ahve a happy downloading session. So, treat your smart phones like your laptops or computers, and not a landline phone.

Share on Facebook

Mon-Oct 05, 2009
Washington / Associated Press

When swine flu broke out, the government revved up a massive information campaign centered on three words: Wash your hands.

The Obama administration now wants to convey similarly clear and concise guidance about one of the biggest national security threats in your home and office – the computer.

Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace – for many to see, steal and use against you or your government.

The Internet, said former national intelligence director Michael McConnell, “is the soft underbelly” of the US today. Speaking at a new cybersecurity exhibit at the International Spy Museum in Washington, McConnell said the Internet has “introduced a level of vulnerability that is unprecedented.”

The Pentagon’s computer systems are probed 360 million times a day, and one prominent power company has acknowledged that its networks see up to 70,000 scans a day, according to cybersecurity expert James Lewis.

For the most part, those probes of government and critical infrastructure networks are benign. Many, said McConnell, are a nuisance and some are crimes. But the most dangerous are probes aimed at espionage or tampering with or destroying data.

The attackers could be terrorists aiming at the US culture and economy, or nation-states looking to insert malicious computer code into the electrical grid that could be activated weeks or years from now.

“We are the fat kid in the race,” said Lewis. “We are the biggest target, we have the most to steal, and everybody wants to get us.”

And if, for example, the US gets into a conflict with China over Taiwan, “expect the lights to go out,” he said. The exhibit at the Spy Museum – “Weapons of Mass Disruption” – tries to bring that threat to life.

A network of neon lights zigzags across the ceiling. Along the walls computer screens light up with harrowing headlines outlining the country’s digital dependence.

Drinking water, sewer systems, phone lines, banks, air traffic, government systems, all depend on the electric grid, and losing them for weeks would plunge the country into the 1800s.

Suddenly, the lights go out and the room is plunged into silent darkness. Seconds later as the sound system crackles, a video ticks off a pretend crisis: no food, no water, system shutdown.

That faux threat has become a prime concern for the government, but fully protecting the grid and other critical computer systems are problems still waiting a solution.

Federal agencies, including the Pentagon and the Department of Homeland Security, are pouring more money into hiring computer experts and protecting their networks.

But there are persistent questions about how to ensure that Internet traffic is safe without violating personal privacy.

One answer, experts said last week, is to begin a broader public dialogue about cybersecurity, making people more aware of the risks and how individuals can do their part at home and at work.

Some will find it easier than others.

Much of the younger generation has grown up online and are more likely to know about secure passwords, antivirus software and dangerous spam e-mails that look to steal identities, bank accounts and government secrets.

Older people moved into the digital universe as it began to evolve and most have not grown up thinking about how to protect themselves online.

“Detection and prevention are fast, but crime is still faster,” said Phil Reitinger, director of the National Cybersecurity Center. The key, he said, “is to make sure that we’re all getting the word out about not only the seriousness of the threat, but the fairly simple steps that people can take to help secure their systems and their lives and families from the threats that are out there.”

In the computer world, “wash your hands” is less about tossing your keyboard into the dishwasher – although some have tried – and more about exercising caution.

Those steps include:
* Using antivirus software, spam filters, parental controls and firewalls.
* Regularly backing up important files to external computer drives.
* Thinking twice before sending information over the Internet, particularly when using wireless or unsecured public networks.

Share on Facebook