Connect with us

Cybersecurity

‘Tis the Season for Cyber Criminals

Published

on

With the end of the year, the volume of internet sales increases drastically due to Black Friday, Cyber Monday, Christmas, and New Year’s Eve. Cyber criminals also increase their activity on these dates, as they want to go unnoticed in the high number of transactions.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

For that reason, you must be aware of the threats you are exposed to in order to avoid an unwanted gift—more than your grandma’s socks.

According to Allianz Risk Barometer for 2015, cybercrime rose three positions from 2014 to become the fifth top global business risk of 2015. It is a big threat that continues to expand; you have to be informed about it and take action to avoid it.

Let’s take a look at the biggest threats that you should be aware of.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Malvertising: A growing threat

Malicious ads are online advertisements on legitimate websites created to deliver and spread spyware, ransomware, and other malware to end-user systems. They are usually shown as targeted pop-up advertisements or as banner ads on online shopping sites, news portals, social media sites, and gaming and adult platforms.

Unlike other malware delivery mechanisms which require user action (clicking a link or opening an email attachment), malvertisements often require no user interaction to work, which makes them quite dangerous.

Sometimes, just visiting a webpage with malicious ads on it is enough to infect a system. In other cases, users have to click fake Flash or Java updates, or fake anti-virus alerts, to get infected.

Typically, larger websites receive ads through multiple ad brokers and networks automatically, with little action margin to filter them. As advertisements are tailored to the user’s demographics, location, and browsing history, attackers can deliver the malware to their desired victims.

Security vendor RiskIQ reported a shocking 260 percent increase in the number of detected malvertisements in the first half of 2015, compared to the same period last year.

Unfortunately, there isn’t much you can do to avoid malvertising, but make sure you have antivirus software installed so that if you do stumble upon a bad ad, you will have an extra layer of protection.

Phishing

One of the most dangerous threats this season is Phishing. Phishing occurs when cyber criminals attempt to get your usernames, passwords, and credit card details by creating a fake version of a real and well-known site. Users get tricked into entering their sensitive information, thinking that the site is the real one. You may arrive at one of these sites by misspelling the address or by following links on forged emails, ads, or posts.

This time of year we always see several fake stores emerge. They are there for a couple of weeks, then disappear with your sensitive data and your money.

The Anti-Phishing Working Group reports that in the last quarter of 2014, there was an increase of 18 percent in the number of unique phishing reports compared to the previous quarter, and that retail/service was the most targeted industry sector, with payment services close behind.

To confirm that you are on a real, legitimate site, look for the https protocol at the beginning of the URL and check that there is a padlock icon, indicating that the identity of the site is confirmed by a third-party security firm.

When you are browsing a site look for https and the padlock icon to ensure its authenticity and that your information will be transmitted securely.

Weak Passwords

Big sites have strong security measures in place, but independent of all that security, the weakest link is probably your password.

Nowadays, several sites enforce the use of secure passwords, but for those that don’t, you should be proactive.

Here are some suggestions for creating passwords:

  • Don’t use common passwords.
  • Don’t use passwords related to your personal information.
  • Do use a combination of lowercase characters, uppercase characters, numbers and symbols.
  • Do use long passwords: 10+ characters.
  • Change your passwords periodically.
  • If you use a phrase, using random words is preferred.
  • Use multifactor authentication wherever available. Multifactor authentication adds one or more security layers to accessing accounts, making them almost impossible to compromise, even if the attacker gets your password.

Using debit cards for online purchases

As debit cards are a direct link to your bank account, you should avoid using them for online purchases. If they get compromised, a cyber-criminal can empty your bank or savings account.

Credit cards offer better protection against identity fraud, and allow you to dispute any fraudulent charges. Even better if you have a low-limit credit card that you use only for online purchases.

Remember also to frequently check your card statements, especially during the holidays, and immediately refute any suspicious charges.

Security holes due to outdated software

Update your software frequently on all your devices, including smartphones and tablets, as it will keep you safer. Cyber-criminals are constantly working to discover security flaws that will grant them access to your sensitive information.

Nowadays, people know the importance of keeping their operating systems up-to-date to be protected against viruses and malware. But they do not know that hackers have moved to targeting browsers, which everyone uses to interact with the Web. They are looking for vulnerabilities in the browser, especially in the browser’s plugins, such as Flash Player or Java.

To prevent these flaws from being exploited, make a habit of frequently updating both your operating system and any third-party applications, including browser plugins.

Not having anti-virus and anti-malware software

Whether you’re using a Windows or a Mac computer, run anti-virus and anti-malware software. Macs are just as prone to getting viruses as Windows computers, contrary to what most people believe. These software don’t degrade your computer performance, especially on new devices. Lastly, schedule periodic—at least once a month—full malware scans on your computers.

Unencrypted devices

Your personal devices—laptops, tablets, and mobile phones—typically contain a lot of sensitive information about you.

What if they end up in the wrong hands? Encrypt your devices. Encrypting scrambles the information so it is not easy to read. If any of your devices are lost or stolen, your sensitive data will be safe.

Encrypted devices protect your information if your device is ever stolen.

Public WiFi

Never, ever send your sensitive information when on a public WiFi network, especially if you want to buy online or enter your bank account. Most public WiFi services are not secure. Cyber-criminals may be watching the network, waiting for you to enter your personal information.

Recommendations

Based on all the aforementioned threats, we created the following list of recommendations that you should consider to stay protected this season.

  • One easy way to confirm that you are on a legitimate site is to look for https:// at the beginning of the URL, and look for the padlock icon, identifying that the site has been approved by a third-party certification authority.
  • It doesn’t matter how convincing a site might look—a deal that seems too good to be true probably is. Try to stick to stores you recognize, if possible.
  • Be careful against scams that spoof major retailers by always verifying the URL.
  • Do not click on any links you do not recognize, especially if they come from an unknown source.
  • Use credit cards for online purchases; if you have low-limit cards, even better. Credit cards have better protection against identity fraud, should you be victimized.
  • Periodically review your credit card statements, and report suspicious transactions immediately.
  • Never disclose your credit card information, either online or over the phone, unless you know who you are doing business with.
  • Use strong passwords for your accounts.
  • Passwords you use on shopping sites should never match passwords you use for more sensitive sites, such as your bank, social media networks, or cloud storage accounts.
  • Password management software is a very good idea, so you can have different strong passwords for each site you use without memorizing them. You just have to remember the passwords to unlock the password manager. Password management software helps you create complex passwords for your accounts and automatically submits this information when you need to log into them. There are even excellent free alternatives, such as Last Pass
  • Use multifactor authentication wherever available. Multifactor authentication adds one or more security layers to accessing accounts, making them almost impossible to compromise, even if the attacker has your password. For example, Amazon added this option a few days ago.
  • If you use your smartphone to shop online or use online banking, make sure your mobile devices are protected using a password or your fingerprint. This reduces the chance of losing confidential data if your phone is stolen.
  • Equip your devices with security software (anti-virus and anti-malware) and encrypt them if possible.

 Closing Comments

Cyber criminals are always lurking to steal information from vulnerable devices and incautious customers, especially this season.

The best defense against cyber crime is prevention—knowing the threats and taking action to minimize the risk of being an easy target. We have given you the knowledge—use it to your advantage and shop safely.

Credit to Auth0.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Cybersecurity

The Pirate Bay is Hijacking PCs to Stealth-Mine Cryptocurrency

Published

on

For the second time in as many months, The Pirate Bay has been caught mining cryptocurrency on your computer without consent. The torrent platform was actually test-driving cryptocurrency mining in your browser – no doubt a lucrative revenue stream.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The Pirates Are At It Again

The Pirate Bay has been caught using software called Coinhive, a JavaScript library that essentially serves as a cryptocurrency miner. It basically connects to visitors’ computers to mine Monero, one of the world’s most profitable cryptocurrencies.

The news was later confirmed by Bleeping Computer, which reported that,”The Pirate Bay, the internet’s largest torrent portal, is back at running a cryptocurrency miner after it previously ran a short test in mid-September.”

Estimates indicate that the scheme has earned the pirates a total of $43,000 over a three-week period.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Users had no way to opt their computers out of being test-driven by the torrent network. Back in September, The Pirate Bay got away by telling people it was just a test. The site’s owners cannot use the same excuse this time around.

CoinHive advises websites to let their visitors  know their browser is being used to mine cryptocurrency.

“We’re a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what’s going on, let alone asking for their permission,” the company said.

The good news is most ad-blockers and antivirus programs will block CoinHive, given its recent abuses. That means not all visitors of The Pirate Pay were being used as a conduit for mining Monero.

Monero Joins Global Crypto Rally

The value of Monero (XMR) shot up nearly 8% on Friday, and was last seen trading at $94.17. With more than 15.2 million XMR tokens in circulation, the total market cap for Monero is $1.4 billion, according to CoinMarketCap. That’s enough for ninth on the global cryptocurrency list.

Twelve cryptos have now crossed the $1 billion valuation mark. A handful of others have made their way north of $500 million.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Breaches

Ethereum Notches Two-Month High as Bitcoin Offspring Triggers Volatility

Published

on

Digital currency Ethereum climbed to a two-month high on Monday, taking some of the heat off Bitcoin and Bitcoin Cash, which have slumped since the weekend.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Ethereum Forges Higher Path

Concerns over Bitcoin created a favourable tailwind for Ethereum (ETH/USD), which is the world’s No. 2 digital currency by total assets. Ether’s price topped $340.00 on Monday and later settled at $323.54. That was the highest since June 20.

At its peak, ether was up 10% on the day and 70% for the month of August.

The ETH/USD was last down 2.2% at $315.02, according to Bitfinex. Prices are due for a brisk recovery, based on the daily momentum indicators.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Fractured Bitcoin Community

Bitcoin and its offshoot, Bitcoin Cash, retreated on Monday following a volatile weekend. The BTC/USD slumped at the start of the week and was down more than 3% on Tuesday, with prices falling below $3,900.00. Just last week, Bitcoin was trading at new records near $4,500.00.

Bitcoin Cash, which emerged after the Aug. 1 hard fork, climbed to new records on Saturday, but has been in free-fall ever since. The BTH was down another 20% on Tuesday to $594.49, according to CoinMarketCap. Its total market value has dropped by several billion over the past two days.

Analysts say that a “fractured” Bitcoin community has made Ethereum a more attractive bet this week. The ether token has shown remarkable poise over the past seven days, despite trading well shy of a new record.

Other drivers behind Ethereum’s advance are steady demand from South Korean investors and growing confidence in a smooth upgrade for the the ETH network. The upgrade, which has been dubbed “Metropolis,” is expected in the next several weeks. Its key benefits include tighter transaction privacy and greater efficiency.

Ethereum Prices Unaffected by ICO Heist

Fin-tech developer Enigma was on the receiving end of a cyber-heist on Monday after hackers took over the company’s website, mailing list and instant messaging platforms. The hack occurred three weeks before Enigma’s planned Initial Coin Offering (ICO) for September 11.

In addition to defacing the company’s website, the hackers pushed a special “pre-sale” ahead of the ICO. While many users realized it was a scam, 1,492 ether tokens – valued at $495,000 – were directed into the hackers’ cryptocurrency wallet by unsuspecting backers.

The irony in all this is that Engima is a cryptography company that prides itself on top-notch security protocols. The company issued a statement that its servers had not been compromised.

ETH/USD (Bitfinex)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cybersecurity

Spotting a Well-Made Investment Scam

Published

on

For every reasonably safe investment, there are 1000 scams and 10,000 reasonably toxic investments. Self-served advertising via social media and search engines exacerbates the problem – people sometimes click ads they think were search results, or, as humans are intended to, simply consumes the content on the screen instead of paying attention to where they’re being redirected to.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

In this article we will review a recent example of a well-executed investment scam.

The intended victim, who did not actually get scammed but alerted this author to the hustle, was led to believe that the above image was redirecting to a CNN news article. This is the actual URL the link went to:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

http://cnn.com-cat.press/anonymous-is-going-after-global-stock-market/?aref=http%3A%2F%2Ftrck.anony.trade%2Fsite%2Fredirectpage%3Fsid%3D99462%26hv%3Dgjalu5988de395a461839785307%26hid%3D264193#!

Now if you visit com-cat.press, all you see is a directory listing. This site’s entire purpose is to make people believe they are visiting legitimate .com websites, when in fact they are visiting others. It doesn’t always have to be a scam, sometimes it is simple an advertisement, but often enough it is a definite funnel to a scam. In this case, here’s where you wind up, at a place that looks an awful lot like CNN Money:

Again, this is not a real article on CNN. This is promotion for 10Markets.eu.

10Markets.eu is extremely professional looking. The platform looks to capture your details even just for demo trading. Most traders expect hurdles, so one can imagine tons of phone numbers and e-mail addresses entered:

The demo trading screen never loaded for this analyst, but the phone number is fake anyway. Took it from a coffee shop in Germany. Funnily, it appears the German exchange code is 030 in the first place, but you can’t edit that part. They also don’t allow you to visit the site at all if you’re in North America.

The tipster was clever enough to find out if 10Markets.eu was a registered broker or not. They’re not. According to ForexBrokerz.com:

10Markets is a forex and CFD broker that is headquartered in Scotland [sic] and supports the popular MetaTrader 4 platform. It is not licensed by any authority and there is not much information about the trading conditions on its website. What is worse, this broker is present in the warning lists of UK’s FCA, Australia’s ASIC and Cyprus’ CySEC, so we don’t recommend doing business with 10Markets.

There are review websites which help. Regarding 10Markets, we came up with this one.

The tipster happens to have been our own Jonas Borchgrevink. He is equipped with years of experience in website publishing, and this is why he quickly noticed that he was not reading a CNN article. The sad fact is that a high percentage of people who read that article believe it to be real, and a percentage of those people end up getting scammed. As such, here is a checklist for new trading outfits that you haven’t used or heard about before:

  • Always try to get phone support right away. Before creating an account. If no one answers or there is anything suspicious, this is a scam.
  • Always search for “[EXCHANGE NAME]” + “scam,” and read carefully any results that come up. Most scams could stop at one person if others listened to that one.
  • In the US, you can use FINRA to check the legitimacy of an exchange or broker. In the UK, you have FCA. Many countries have sites like these, and it’s important to check the one from the country where the broker does business.
  • Use ad blockers at least when legitimately searching for financial solutions.
  • Check the URL! For every legitimate exchange website, there are a few fake ones designed to steal your account information.

In The Event That You Spot A Scam

Tattle! Spread the word far and wide, not just so others don’t get scammed, but also to give authorities the jump on the thieves. Otherwise, they may exit and get away with all the money before anyone stops them.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending