" cybercrime "

Top scams on the Web

–       Every year, thousands of users fall victim to Internet scams. Being able to identify them is the best defense

Panda Security has drawn up a list of the most widely used scams over the last few years. These circulating tricks all have the same objective: to defraud users of amounts ranging from R5000 and upwards.

Typically, these scams follow a similar pattern: initial contact is made via email or through social networks. The intended victim is then asked to respond, either by email, telephone, fax, etc. Once a user has made contact, criminals will try to gain their trust, finally asking for a sum of money under one pretext or another.

“As with all the classic scams that predate the Internet, many of the numerous users that fall for these tricks and lose their money are hesitant to report the crime”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “And if recovering the stolen money was difficult in the old days, it is even harder now as the criminals’ tracks are often lost across the Web. The best defense is to learn how to identify these scams and avoid taking the bait”.

Panda has ranked the most frequent scams of the last 10 years, based on their distribution and the frequency with which they are received. They are as follows:

Nigerian scam: This typically arrives in the form of an email, claiming to be from someone who needs to get a very large sum of money out of a country (normally Nigeria, hence the name). You are promised a substantial reward if you help to do this. However, those that take the bait will be asked to forward an initial sum to help pay bank fees (often around R 5000). Once you have paid, the contact disappears and your money is lost.  

Lotteries: An email arrives claiming that you are the winner of a lottery, and asks for your details in order to transfer the substantial winnings. As with the previous scam, victims are asked to front up around R 5000 to cover bank fees, etc.

Girlfriends: A beautiful girl, normally from Russia, finds your email address and wants to get to know you. She will always be desperate to visit your country and wants to come immediately, but at the last moment there is a problem and she needs some money (once again, around R 5000 should cover it) to sort out flight tickets, visas, etc. Not surprisingly, not only does your money disappear, but so does the girl.

Job offers: You get an email offering you a job from a foreign firm looking for financial agents. If you accept and hand over your banking details, you will be unwittingly used to help steal money from people whose bank account details have been stolen by the cyber criminals. The money will be transferred directly to your account, and you will then be asked to forward the money via Western Union. You become a ‘money mule’, and when the police investigate the theft, you will be seen as an accomplice.

Facebook / Hotmail: Criminals obtain details to access an account on Facebook, Hotmail, etc. They then change the login credentials so that the real user can no longer access the account, and send a message to all contacts saying that the account holder is on holiday (London seems to be a popular choice) and has been robbed just before coming home. They still have flight tickets but need between R 3000 and R 10 000 for the hotel.

Compensation: This is recent and originates from the Nigerian scam. The email claims that a fund has been set up to compensate victims of the Nigerian scam, and that your address is listed as among those possibly affected. You are offered a huge sum of money but naturally, as in the original scam, you will need to pay an advance sum of around R 5000.

The mistake: This has become very popular in recent months. Contact is made with someone who has published a classified ad selling a house, car, etc. With great enthusiasm, the scammers agree to buy whatever it is and quickly send a check, but for the wrong amount (always more than the agreed sum). The seller will be asked to return the difference. The check will bounce, the house remains unsold and the victim will lose any money transferred.

It’s normal that if you’re not aware of these types of criminal ploys, you might think that you have won a lottery or found true love on the Internet. So here are some practical tips that will help keep you out of harm’s way:

Have a good antivirus installed that can detect spam. Many of these messages will be detected and classified as junk mail by most security solutions. This will help you be wary of the content of any such messages.

Use your common sense. This is always your best ally against this kind of fraud. Nobody gives away something for nothing, and love at first sight on the Internet is a very remote possibility. As a general rule, you should be highly suspicious of these kinds of contacts from the outset.

The Internet is a fantastic tool for a great many things, but if you really want to sell something, it’s better to have the buyer standing right in front of you. So even if you make contact across the Web, it’s better to make the transaction in the ‘real world’, to verify the genuine intentions of potential buyers.

If however, you do fall victim to fraud, Panda advises you to promptly report the crime to the police. “Even though tracking down this type of crime can be complex, law enforcement agencies are becoming increasingly adept at dealing with cyber criminals”, concludes Matthews.

For more information about these and other threats, go to www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Recession could spark cybercrime surge

Several months ago Panda claimed that cyber-crime would increase as a result of the global economic downturn. This has been confirmed by Microsoft. A report on News24 says:

The global financial crisis threatens to spark a rise in cyber crime as computer experts lose their jobs and resort to illegal ways to earn a living, a senior official of Microsoft said on Thursday,

“Today these (cyber) attacks are not about vandalism any more, today it’s about cash,” said Roger Halbheer, Microsoft’s chief security advisor for Europe, the Middle East and Africa.

“Cyber crime has gone from cool to cash. And this will definitely grow in the future,” he told AFP on the sidelines of an international conference on terrorism and cyber security.

Read the rest of the report here.

Cyber-crooks manipulate Google searches to sell fake antivirus products

Panda Security has revealed that cyber-criminals are manipulating search engine results to distribute malware, in particular, fake antivirus products.

‘The reasons for this is simple – the criminals need to attract users to malicious sites in order to infect them,’ says Jeremy Matthews, head of Panda’s sub-Saharan operations. ‘What’s new, however, is the inventive ways they are drawing users to these Web pages.’

In the past, users were lured to compromised websites by means of massive sending of spam. Targeted users read emails, clicked on the links they included and were unwittingly directed to a malicious Web page. Now, there’s a change in strategy: due to the fact that users are more wary of messages received from unknown senders, criminals are using more effective ways of ensnaring new victims. They are using a Google tool called Google Trends which, among other things, lists the most popular searches of the day – anything from Obama’s inaugural address to the Oscar nominations).

Once they know the top searches and hot topics of the day, they create a blog full of the most searched for words (e.g. Obama, Penelope Cruz etc.) and videos supposedly related to these topics. This way, they increase the blog’s ranking to place it among users’ first search results.

“Users who trust these results will end up on a Web page where they will be asked to download a codec or plug-in, etc. in order to watch the video. If they do so, they will be downloading malware – in most cases a fake antivirus,” explains Matthews.

Fake antiviruses try to pass themselves off as real antivirus products to convince targeted users they have been infected by malicious codes. Victims are then prompted to buy the rogue antivirus to remove these bogus infections. Cyber-crooks are currently profiting substantially from this type of fraud.

SEO techniques

This type of attack is benefiting from advanced SEO (Search Engine Optimization) techniques. These are legitimate Web programming techniques aimed at increasing the volume and quality of traffic to a website and improving its ranking in search engine results lists. This is the case of the webpage selling the Malwaredoctor fake antivirus, designed specifically to achieve a high ranking in search engines (for more info about this phenomenon click here).

In addition to standard SEO techniques, attackers are also using techniques known as “Black Hat SEO”, which could be described as illegal search engine positioning techniques used to by-pass search engine policies, present alternative content or affect the user’s experience. Occasionally, it can be difficult to determine which techniques are legitimate or not, as this can depend on the policies of the search engine.

Attack obfuscation

Attackers are always keen to make malicious site identification for anti-malware vendors harder.  In order to do this they are starting to use a more advanced way of launching these attacks. Some of the malicious pages they handle behave differently and show different content depending on the origin of the user that visits them.

In order to hide the attack, a script is inserted that determines the origin of the visitor. If a user types the URL they want to visit in the browser bar, the legitimate, correct content is displayed. However, if the user has come from a manipulated Google search, they will be taken to the malicious Web page.

MSAntispyware 2009: A different example

PandaLabs recently detected a Web page that appeared to establish a new model. While generally pages selling fake antiviruses either do not contain specific tags or those they contain are designed to improve indexing in search engines, the page from which MSAntispyware 2009 was distributed represented a significant change. Here, all the tags and processes were designed to prevent the page from being indexed in search engines.

The reason for this was to make it more difficult for malware analysts and security companies to prevent infections by techniques such as the blocking URLs through search engine queries with specific parameters.

Money transfer industry riddled with serious security flaws

Lack of security could allow cyber-crooks to obtain users’ bank details and empty their accounts

An assessment of over 300 businesses for sending money abroad commissioned by Panda Security, the global IT security vendor, has revealed that 30% of the PCs used for bank transfers had an outdated antivirus and 60% were infected with malware. Inadequately protected and often used for other purposes (like instant messaging and downloads), Panda has expressed concern that the computers’ lack of security could allow criminals to intercept authorised remittances using the following tactics:

  • A Trojan/keylogger can be installed on the target computer capable of capturing screen information such as account numbers, banking credentials, PIN codes, etc. This would be facilitated by high-risk behaviour of the people who operate the terminals and poor security standards, such as trial antivirus software and infrequent system maintenance.
  • A targeted phishing attack (pretending to come from one of the most popular money transfer entities) or infections with malicious codes that lead users to fraudulent websites. Any banking data entered on these pages would end up in the criminals’ hands.

As a result of these attacks, banking details of money senders could be intercepted by cyber-crooks who would then have open access to the victims’ accounts.

“Despite being unsafe, these computers are very frequently used to conduct bank transactions. The risk is enormous as we are talking about very sensitive information being stored on infected, vulnerable computers,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This combination of lack of maintenance, low security consciousness and risky end-user behaviour results in highly vulnerable systems that are very easy for cyber-criminals to infiltrate.”

“This is an extremely serious issue,” says Matthews, “ especially when you bear in mind that according to the World Bank’s latest data, almost $11 billion of remittances were sent to sub-Saharan Africa last year from economic migrants around the world.”

Preventing and protecting

For all businesses geared engaged in money transfer services, Matthews recommends having an up-to-date anti-malware suite.  “You must also make yourself aware of the security practices put into place before conducting your business,” he says. “We suggest using banks accredited by the relevant authorities because they have higher security standards than most multi-service businesses.”

Cybercrime surge grabs attention at Davos

Cybercrime is in the news. The BBC reports on a panel discussion at the World Economic Forum in Davos where experts warned that the scourge was “rising sharply”. The article says:

Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves, they [the panel] said.

The internet was vulnerable, they said, but as it was now part of society’s central nervous system, attacks could threaten whole economies.

The past year had seen “more vulnerabilities, more cybercrime, more malicious software than ever before”, more than had been seen in the past five years combined, one of the experts reported.

The findings of the panel reflect Panda Security’s own observations: more malware was detected within the last year than within the past 17 years combined!

Read the rest of article here.