Rossander’s Security Reader

It seems that nothing is safe from being abused these days. Several security software vendors have announced a number of different scams based on the 2010 Winter Olympics in Vancouver. MessageLabs offers two examples.

• An email with the subject, “Information and resources to help you travel during the Vancouver 2010 Winter Games. TravelSmart 2010.htm” includes legitimate links but contains hidden code embedded in the email which can be used to drop almost anything on the victim’s computer.
• An email with the subject, “How to make Olympics more interesting”. In this case, the attack is buried in an attached presentation file and will attempt to install other malware on your computer.

Based on the reports so far, these scams appear targetted at specific people (an attack mode known as spearphishing). The rest of us may or may not ever see them but they are highly dangerous to the few people that do get targetted. Here are some ways to stay safe:

1. Buy from legitimate sites. This includes your Olympic tickets. Scalpers are already showing a disdain for the law. What makes you think they’ll respect your computer privacy? There are legitimate online fan-to-fan sites for reselling tickets (one such is Vancouver2010.com) but you have to do your homework to be sure it’s a reputable site.
2. If it sounds too good to be true, it probably is. We’ve said this many times before but greed remains one of the hackers’ best weapons. Be suspicious.
3. Be especially suspicious of links in emails or IM messages. Look up the legitimate site on google or type the address into your browser yourself.
4. Never fill out forms in messages. Legitimate companies will never ask for personal, financial or password information through an email message.

Enjoy the games – safely.

Online scams are up sharply since the start of the latest recession. According to MarkMonitor, phishes in Q1 2009 are up 36 percent over the same quarter 2008. The current trend is toward mortgage refinancing traps and phony get-rich-quick investments.

At the same time, the quality of the scams is dramatically better than in years past. Fraudulent “advertising” sites look just like the real sites. They pepper their pages with trusted financial, TV and/or newspaper brands to give the impression of legitimacy. Some even include encryption to give a greater appearance of legitimacy.

There is also a new trend to use social media to find and con victims. Just because it looks like a blog, if the author is bragging about how much money they got and has a link to a “home business kit”, it’s still a scam. Beware of any offer that asks you for personal information up front.

MarkMonitor also reports a huge increase in suspicious domain registrations, especially domains including the keywords “foreclosure”, “mortgage”, “refinance” and “unemployed”. These keywords are being combined with legitimate company names or domains to create fraudulent clone sites. And while most phishes are still targetted against large companies, an ever-increasing number are exploiting the trust and brand of small businesses. (This is especially true if your legitimate site accepts payments over the web. Payment services frauds are up 285 percent over last year.)

Be on the the watch for scams. And help your customers watch, too. In this economy, you have a right to be a little bit paranoid about offers that look too good to be true.

To read more, download MarkMonitor’s whitepaper on “brandjacking” at markmonitor.com.

I trust everyone had a good holiday break and hope you have a good new year. With the way 2008 ended, many people are making plans for the future. Unfortunately, some of those planners include phishers and social engineers. And as I’m sure you’ve seen, they are getting more and more creative and professional in their scams. The days when you could delete a message just because it was poorly written are long gone. Today’s scams are targeted, well-written and spell-checked.

In particular, we are already an increase in phishing messages that reference the recipient’s holiday credit care spending pattern. The messages will claim to be requests for confirmation, reports of transactions and even a few of the traditional “your account has been frozen” scams. During the holiday season, many people have more transactions and shop with more different merchants; the scammers are attempting to exploit any confusion over those transactions in order to trick you into disclosing your account information, passwords, etc. If last year is any indication, expect that phishing campaign to accelerate during this week and last until the middle of next month or so.

We are also seeing a number of scams related to the economy. The number of work-at-home scam messages is up dramatically. As you may remember from prior tips, these scams promise easy money either for helping transfer funds or to conduct “quality control checks” on merchandise. In the first case, you become part of a money laundering operation, in the second, a fence. Either way, you’re like to get a visit from some federal law enforcement agency. If it were that easy to make money, they wouldn’t need to be sending out random emails about it.

Interestingly, the old “Nigerian fraud” is back in large numbers. These are fairly transparent messages alleging that someone needs your help to get money out of a foreign country (usually in Sub-Saharan Africa) and offering you a percentage if you will allow the person to transfer the money through your bank account. Foreign lottery scams are also back in significant numbers. I believe that by now most people know that these messages are scams but in times of financial difficulty, sometimes hope trumps common sense.

If an email asks for your personal information or if it contains an offer that looks too good to be true, trust your intuition and delete the message. To learn more about how to identify common scams, check out some of the links in the archived Tips on phishing. Have a safe New Year.

For the past year or so, we’ve seen a significant uptick in attempted scams and frauds around every holiday. Many of them trace back to the Storm Warn gang, a crime ring based out of Germany that sells hacker software. Their last big attack was at the Fourth of July and tricked many thousands of users into downloading the ‘storm-bot’ trojan by offering a fake video clip of “the largest fireworks” celebration in the nation. Victims found their computer hijacked as part of a bot-net or had keystroke loggers and other malicious software loaded onto their computer.

If past patterns hold true, we can expect to see a dramatic rise in the volume of spam and phishing attempts during this holiday season. Some of their cons last holiday season included dedicated sites like the Merrychristmasdude.com website (a site offering suggestive holiday-themed photos along with a very malicious download) and spam emails such as the Happy New Year phishes. This group develops very sophisticated software with hundreds of variants that attempt to evade and outrun standard anti-virus software.

To combat these scams, first be suspicious. Never open unexpected messages or attachments.

Second, keep your anti-virus up to date at all times. Set your anti-virus to automatically update itself as often as the software allows. And if you’re particularly suspicious about an email or website, force a manual update before clicking the link. Remember that if your kids have a computer at home that runs under parental controls, their computer may not be able to complete the update under the restricted ID. Their computer may be at risk until you log on under your parental ID so the updates can take hold.

Finally, keep your firewall turned on and be very suspicious of any ‘free’ video or other offer sent through the internet. In particular, be cautious about electronic greeting cards. While some are legit, many are frauds. See this tip for some thoughts on how to sort out e-card invitations.

The Ohio Department of Insurance has confirmed an on-going scam targeting insurance policyholders. According to the ODI, the scam is currently targeted primarily at auto policies. In this scam, the caller alleges that “there was a problem with your insurance payment” and asks for confidential information such as bank account numbers, birthdates, SSNs, etc. The call often includes a threat that “your coverage will lapse” if the customer does not comply.

You can read the full ODI press release at ohioinsurance.gov.

Insurance companies do sometimes ask for confidential information such as SSNs and birthdates in the normal course of business. However, it would be highly unusual for the insurance carrier to contact the customer directly or to do so other than in writing. If you receive a call that strikes you as suspicious, hang up and call the number printed on your last policy statement. If the call was legitimate, the customer service representative will be able to look up your account and confirm it.

Be very cautious about handing out your personal information to anyone you do not know well. Ohio customers who have already received one of these fraudulent calls, are asked to report it to the ODI at 1-800-686-1527.

Lastly, if you believe that you may have given up your confidential information to a fraudulent caller, you should check your credit report and consider putting a fraud alert on your account. For more on how to check your credit report, you can follow this link to the archive of tips on this topic.