" fraud "


New Android Ransomware Changes Lock Screen PIN

Dubbed Android/Lockerpin.A, the new trojan app tricks users into granting it device administrator privileges. To achieve this it mimics a patch installation window on top of an activation notice. When victims click on the continue button, they actually grant the malicious app rights that allow it to make changes to the Android settings. Lockerpin the sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.



5 Tips for More Secure Online Shopping

Over 100 000 stores worldwide use online credit card facilities as a method of payment. Cyber-criminals do not steal each individual’s details,  instead they  infect the most sensitive part of the system with malware, that is designed to collect payment data of the entire customer base. 

Far from wanting to make you fear shopping online, cases like this are used to point out the risks we face.

Below are some tips on how to avoid becoming the victim of a cyber-attack when using an e-commerce platform:



Smart TVs; the New Big Brother

Smart TVs offer countless benefits such as Internet access, social media access, live streaming and communication with other similar devices; mobile phones and tablets.

It’s the age of ubiquitous surveillance, driven by both Internet firms and governments. The Internet of Things is full of eavesdroppers who want to “listen”. Newer cars contain computers that record speed, steering wheel position, pedal pressure, even tyre pressure and third party companies such as insurance companies want to listen. And, of course, your cell phone records your precise location at all times. Add security cameras and recorders, drones and other surveillance airplanes and we’re being watched, tracked, measured and listened to almost all the time.


Connect With Panda and Win!

Here at Panda Security we believe in protecting our fans and supporters. This is why Panda is giving away monthly prizes to our Facebook and Twitter followers. Our Prize for this month is a Panda Antivirus Pro 2011.

The new Panda Antivirus Pro 2011 offers the easiest and most intuitive protection for your computer. It’s an install-and-forget solution that offers protection against viruses, spyware, root kits, hackers and online fraud. Chat, share photos and videos, do online shopping and banking, read your favourite blogs or browse the web with total peace of mind and without interruptions.

To win, simply join the Panda Security South Africa Facebook page and tell us about your worst malware experience. It could be anything from a funny money scam, to a virus that turned your screen display upside down! The most shocking story this month wins the Antivirus Pro 2011.

We are giving away more prizes next month so continue to follow Panda South Africa for more details on how to enter.

Good luck!

Top scams on the Web

–       Every year, thousands of users fall victim to Internet scams. Being able to identify them is the best defense

Panda Security has drawn up a list of the most widely used scams over the last few years. These circulating tricks all have the same objective: to defraud users of amounts ranging from R5000 and upwards.

Typically, these scams follow a similar pattern: initial contact is made via email or through social networks. The intended victim is then asked to respond, either by email, telephone, fax, etc. Once a user has made contact, criminals will try to gain their trust, finally asking for a sum of money under one pretext or another.

“As with all the classic scams that predate the Internet, many of the numerous users that fall for these tricks and lose their money are hesitant to report the crime”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “And if recovering the stolen money was difficult in the old days, it is even harder now as the criminals’ tracks are often lost across the Web. The best defense is to learn how to identify these scams and avoid taking the bait”.

Panda has ranked the most frequent scams of the last 10 years, based on their distribution and the frequency with which they are received. They are as follows:

Nigerian scam: This typically arrives in the form of an email, claiming to be from someone who needs to get a very large sum of money out of a country (normally Nigeria, hence the name). You are promised a substantial reward if you help to do this. However, those that take the bait will be asked to forward an initial sum to help pay bank fees (often around R 5000). Once you have paid, the contact disappears and your money is lost.  

Lotteries: An email arrives claiming that you are the winner of a lottery, and asks for your details in order to transfer the substantial winnings. As with the previous scam, victims are asked to front up around R 5000 to cover bank fees, etc.

Girlfriends: A beautiful girl, normally from Russia, finds your email address and wants to get to know you. She will always be desperate to visit your country and wants to come immediately, but at the last moment there is a problem and she needs some money (once again, around R 5000 should cover it) to sort out flight tickets, visas, etc. Not surprisingly, not only does your money disappear, but so does the girl.

Job offers: You get an email offering you a job from a foreign firm looking for financial agents. If you accept and hand over your banking details, you will be unwittingly used to help steal money from people whose bank account details have been stolen by the cyber criminals. The money will be transferred directly to your account, and you will then be asked to forward the money via Western Union. You become a ‘money mule’, and when the police investigate the theft, you will be seen as an accomplice.

Facebook / Hotmail: Criminals obtain details to access an account on Facebook, Hotmail, etc. They then change the login credentials so that the real user can no longer access the account, and send a message to all contacts saying that the account holder is on holiday (London seems to be a popular choice) and has been robbed just before coming home. They still have flight tickets but need between R 3000 and R 10 000 for the hotel.

Compensation: This is recent and originates from the Nigerian scam. The email claims that a fund has been set up to compensate victims of the Nigerian scam, and that your address is listed as among those possibly affected. You are offered a huge sum of money but naturally, as in the original scam, you will need to pay an advance sum of around R 5000.

The mistake: This has become very popular in recent months. Contact is made with someone who has published a classified ad selling a house, car, etc. With great enthusiasm, the scammers agree to buy whatever it is and quickly send a check, but for the wrong amount (always more than the agreed sum). The seller will be asked to return the difference. The check will bounce, the house remains unsold and the victim will lose any money transferred.

It’s normal that if you’re not aware of these types of criminal ploys, you might think that you have won a lottery or found true love on the Internet. So here are some practical tips that will help keep you out of harm’s way:

Have a good antivirus installed that can detect spam. Many of these messages will be detected and classified as junk mail by most security solutions. This will help you be wary of the content of any such messages.

Use your common sense. This is always your best ally against this kind of fraud. Nobody gives away something for nothing, and love at first sight on the Internet is a very remote possibility. As a general rule, you should be highly suspicious of these kinds of contacts from the outset.

The Internet is a fantastic tool for a great many things, but if you really want to sell something, it’s better to have the buyer standing right in front of you. So even if you make contact across the Web, it’s better to make the transaction in the ‘real world’, to verify the genuine intentions of potential buyers.

If however, you do fall victim to fraud, Panda advises you to promptly report the crime to the police. “Even though tracking down this type of crime can be complex, law enforcement agencies are becoming increasingly adept at dealing with cyber criminals”, concludes Matthews.

For more information about these and other threats, go to www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Exposed: website selling ‘undetectable’ bots

Panda Security has exposed a network selling bots which specialise in targeting social networks and webmail systems. The publicly available website contains an extensive catalogue of programs aimed at social networks and webmail services, including Twitter, Facebook, MySpace, YouTube, Friendster, Gmail and Yahoo amongst others.

Each entry explains the reason for which the bot has been created: creating multiple accounts simultaneously on social networks; identity theft and stealing friends, followers or contacts and the automatic sending of messages. According to the page, “All Bots Work in a conventional manner; they gather friends IDs/names and send friend requests, messages and comments automatically.”

“This is another example of the lucrative business that malware represents for cyber-criminals,” warns Jeremy Matthews, head of Panda’s sub-Saharan operations. “While some of the activities the bots are used for are more innocent – such as the creation of accounts – others are specifically focused on fraud, including the theft of identities and photographs.”

Prices range from $95 (R724) for the cheapest bot to $225 (R1715) for the most expensive. The entire catalogue can be bought for $4,500 (R34284). The network guarantees that they will never be detected by any type of security solution, claiming that they have been developed to change users, agents and headers as many times as is necessary to prevent them from being blocked. They also get round CAPTCHA security mechanisms included on many websites so the buyer just has to set the parameters and leave the bots to operate on their own. The bots also include perpetual updates.

The bots are specially adapted for each website, and the list of targets include not just globally popular social networks or communities, but also local sites. On the same portal there is also an offer to earn money by reselling these ‘products’ as an affiliate.

“It is these kinds of models that help to build cyber-mafias and organizations that operate across several countries. We should still not forget, however, that this business exists not just because there are developers creating the threats, but also because there are criminals who are prepared to pay for them. Until we are able to prevent people from defrauding victims in this way, this business model will continue to thrive,” says Matthews.