Posts

Most Unwanted Criminals: Phishers, Shoulder Surfers and Keyloggers

McAfee’s most unwanted criminals have included pickpockets, Trojan viruses, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. Identity theft can happen online or on the ground to anyone with a pulse, and even to the deceased.

The key is awareness, vigilance, and investing in products and services that are designed to protect you.

Tony “Big Phish” Morgan sends emails that appear to come from a trusted source, soliciting login credentials or sending recipients to spoofed websites. Either way, he wants to take over existing accounts and gain access to more data on the server or your PC. Phishing emails may look like a legitimate monthly statements or obvious Nigerian 419 scams laced with scammer grammar. Phishers have stolen over a quarter billion from victims and counting.

The first rule for protecting yourself from phishing is never click on links in emails. Use your bookmarks menu or manually type in the address of the website you’re looking for. McAfee Site Advisor software provides risk ratings for websites that come up when you do a search.

Wandering Eyes” Willie is a shoulder surfer, using his eyes, binoculars, hidden cameras, or more likely, a phone with video capabilities to peer over shoulders in Internet cafes or checkout lines, capturing account data and PINs. If you are standing in a checkout line and someone nearby seems to be looking at his phone, which happens to be a camera phone pointed in the direction of your credit or debit card, he may be shoulder surfing.

Watch out for “wandering eyes.” Cover your phone’s keypad when entering usernames or passwords. In an Internet café, choose a seat with your back to the wall.  Use complicated passwords that are harder to crack.

Francis Scott Keylogger can smoothly infect your computer and track all your online activity, recording every username and password you type. An outdated browser is more vulnerable to picking up keylogging software when surfing an infected website.

Keyloggers can hide in hardware or software, so run antivirus and anti-spyware programs to eliminate viruses, but also check the back of your PC for devices that may be piggybacking on your keyboard.

To ensure peace of mind and have a fraud resolution agent assist in identity theft restoration, —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

Phishers Using Holidays and Social Media to Target

Recent reports of “The Oak Ridge National Laboratory, home to one of the world’s most powerful supercomputers, has been forced to shut down its email systems and all Internet access for employees since late last Friday, following a sophisticated cyberattack.”

The sophisticated cyber attack was reported to be the lowly unsophisticated phishing email.

Phishing is emerging as sophisticated due to ways in which the phish emails are disguised to look like legitimate communications often from other trusted employees on the inside.

The criminals behind these emails are doing their research on company websites finding key individuals to model and following up their research on Facebook and LinkedIn to make their phish emails more personal.

And while criminals are still targeting “whales” or CEOs of major corporations and their officers, they are using similar attacks on consumers, as well.

McAfee Labs discovered an attack this week with the subject line “Easter Greeting” that was spammed broadly and is currently hitting inboxes around the globe.  The e-mail that depicts a colorful picture of a bunny, chicks, and eggs has the subject line, “Easter Greeting From Alex.”  The clickable text at the bottom of the message reads “Download Animated Greeting Here” which is a booby trapped message that leads directly to malware and puts an infected PC under the control of the attacker who attempts to steal passwords and other personal information.

Since the threat has already been identified by McAfee Labs, McAfee software will protect customers against it.

This event is a good reminder for consumers to keep these basic computer safety rules in mind:

Don’t click on links in e-mail messages and be extra suspicious of messages like this Easter Greeting.  If you think it is legitimate, ask the supposed sender by sending a separate e-mail if they sent you a greeting.

Run a full, up-to-date suite of security software.

Ensure your operating system and other applications have the latest patches.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)