Protecting your identity at school

The school season is right around the corner. Young people are targeted for data theft at 35 times the rate of adults – they are considered an easy target for both digital and physical theft. You can make going back to school an easier transition by ensuring your data and devices are secure both at school and at home. Even if you’ll be using the computers provided by your school’s libraries or labs, there are plenty of steps you can take to make your data safer.

Protecting Your Devices at School

If you’re using your own desktop, laptop or smartphone, there are two things to be concerned with: Physical and information theft. There are a few things you can do to minimize the odds of both types of theft, and mitigate the damage if either does occur.

  • Minimize the target
    Don’t leave your laptop or phone unlocked and unattended, whether you’re at home or in public – these items are easily grabbed when you’re not looking. And when you take your laptop with you in public, it’s best to carry it in a bag that doesn’t advertise what’s inside; laptop sleeves or carriers let people know exactly what you’re carrying.
  • Minimize the damage
    Installing a Tracker App will help you track down your device, should it be lost or stolen. And if the files on your device are encrypted, even if someone gets access to your computer, they won’t be able to profit from your information.
  • Beef up your security
    Physical loss and thefts are not the only ways to lose information on your phone. Malware and phishing are becoming increasingly common on mobile devices, so be sure to protect yourself. To protect yourself from phishing, make sure you’re using different passwords for all your different accounts, and pick a strong password for each. Using a password manager can help make this an easier task. Once you’ve got a good password, protect it: Don’t share it with others and don’t enter your password into sites you’ve visited via links in email or IM. To protect yourself from malware, install apps only from reputable apps stores, and scan those files with an anti-malware product before installing.
  • Be cautious on public Wi-Fi
    You can never be entirely sure who’s sharing the network with you on public Wi-Fi, so be extra careful when you use public Wi-Fi, like at school or at your local coffee shop. Use VPN software so that your web traffic will all be encrypted – it’ll help keep people from electronically eavesdropping on you.

Securing Your Data When Using Communal Machines

There may be times when you may need to use the computers that are provided by the school. You really have no idea who was using that computer last, or what they were doing before you got there, so you should probably assume the worst. It’s best to act as if anything you type or see on the screen can be recorded and act accordingly:

  • Do not use public machines to log into accounts, especially accounts that store financial information (e.g., bank accounts or credit cards).
  • Avoid online shopping, as someone could get not just your login credentials, but your credit card number.
  • If for some reason you do need to log into an account on a public machine, it is essential to change any passwords you may have used, when you get back to your own machine.
  • Browse in Privacy Mode if you can – if not, be sure to clear your browser history and all cookies.

Younger people may feel that their information is of lesser value than more established adults, because they may have smaller bank accounts or less-juicy data, and may not take security as seriously. Ultimately, it doesn’t matter how young you are – your data and identity are valuable to cybercriminals and correcting the problems caused by loss and theft is a pain, no matter your age. Protecting your data now will help you avoid those headaches.

by Lysa Myers, ESET We Live Security

Scam alert: Tesco will not pay you €120 for filling out a survey!

ESET Ireland warns of a scam abusing Tesco’s name, which promises €120 for filling out a survey, but steals credit card details instead.

Irish mailboxes are bombarded by various phishing scams every week. We usually point out the most alluring of them, so that Irish computer users would know how to recognise and avoid them. This week’s winner would have to be a fake email purporting to come from Tesco, titled “YOU GET PAYD FOR YOUR FEEDBACK” (trademark phishing spelling error included) and with the following content:

tesco0

Who would say no to some free cash, right? Upon clicking the link, you’re taken to a very Tesco-looking fake website that actually does include a survey asking standard consumer questions about customer satisfaction, shopping habits, etc, to be filled out. But the scam part comes at the end.

tesco1

The fake “survey” page ends with “Thank you for taking the time to respond to this survey. In return, we will add 120 € credit to your account just for your time. Please enter your account details to credit your 120 € reward” but you have to enter all your personal and credit card details there. Full name, address, date of birth, card number, expiration date, verification code and all other relevant details for making purchases in your name are handed over to the cybercriminals.

tesco2

Don’t fall for it! Ignore this and similar emails and stay safe online.

by Urban Schrott, ESET Ireland

New sick Facebook scam exploits Robin Williams’ suicide

ESET Ireland is issuing a warning about a widespread Facebook scam, this time exploiting the tragic suicide of comic actor Robin Williams.

The scam, which has spread widely on Facebook, claims to show a “goodbye” video made by Robin Williams before he committed suicide last week. However, when Facebook users click on the link they are told to share it with their online friends and complete a survey before they can watch the promised video. Each completed survey earns the scammers a small amount of money.

How the Robin Williams Facebook scam works:

The first thing you see is a post shared by one of your Facebook contacts, entitled, “ROBIN WILLIAMS SAYS GOODBYE WITH HIS PHONE VIDEO BEFORE SUICIDE”. Here is an example of how it might look in your Facebook newsfeed:

robin-williams-1

Clicking the Facebook link takes you to a third-party website, which claims to have a video that was purportedly filmed on Williams’ mobile phone in the minutes before his death.

If you click to watch the video, you are informed that you first need to share the link on your Facebook wall. The scammers do this to encourage as many people as possible to go through the same process.

robin-williams-scam-2

EXCLUSIVE VIDEO: ROBIN WILLIAMS SAYS GOODBYE WITH HIS CELL PHONE BEFORE HANGING HIMSELF WITH A BELT AND CUTTING HIMSELF WITH A POCKET KNIFE. HE CAN STILL MAKE EVERYONE LAUGH WITH THIS VIDEO BUT IT WILL MAKE EVERYONE CRY A RIVER AT THE END.

Instead of being shown the video, you are presented with a survey, from which the scammers behind this Facebook scam are making money.

“The point of the scam is that each time someone fills in the survey, they are paid an unknown sum,” said Peter Stancik, security expert at ESET.This is not the first time that a celebrity death is used as click bait on Facebook. The more victims that complete the survey, the more money the scammers make. And, in case you were wondering: no video is shown after completing this Facebook scam.

robin-williams-3

ESET Ireland’s advice:

The best thing to do is not to share or click on this scam, and report any sightings of it to Facebook. “It is a good idea to first check the links you click on social networks, and never Share or Like something before you have seen it yourself. Putting this in other people’s feeds is a surefire way to upset your friends” added Stancik.

Read more about this scam on ESET’s security blog, We Live Security: http://www.welivesecurity.com/2014/08/15/robin-williams-suicide-phone-call-scam/

Attention gamers: You’re targets for crime!

Video games have gone since the late 1970s and early 1980s from being a small offshoot of the “traditional” computing industry to becoming a full-fledged multi-billion dollar industry in themselves. Today, companies like Microsoft, Nintendo and SONY generate billions of dollars from sales of games and gaming consoles.

To get an idea of just how pervasive computer gaming is, let’s look at these successful games and consoles, and match them up with some other real-world numbers:

ITEM
NUMBER
EQUIVALENT TO
The Sims 175 000 000
(copies sold over 15 years)
Combined population of Austria, Belgium, Denmark, Germany, Liechtenstein, Luxembourg, Netherlands, Poland, Slovakia and Switzerland
World of Warcraft 7 600 000
(avg. # players over
last 4 quarters)
Cost of 2014 upgrades (in
USD) to Kensington Palace,
United Kingdom
8th generation console units 18 680 000
(PS4+Wii+XBONE units shipped/sold)
Average number of viewers per
episode of Big Bang Theory
during its 2012-2013 season

Computer gaming is a huge and a wildly successful market, and as in any system that works at scale, there are going to be so-called businessmen or entrepreneurs who “seek to optimize their return on investment through whatever means possible” or, to put it more succinctly, criminals who abuse the ecosystem.  But in virtual worlds, can real crimes occur?

The sale of virtual goods (including virtual currencies) is an important part of in-game economies, but also presents criminals with some unique opportunities as well, such as theft of in-game goods, counterfeiting items and gold farming. But computer criminals don’t just target gamers:  Gaming companies themselves can be targeted as well.  Probably the most well-known example of this is the April 2011 breach of the SONY PlayStation Network gaming and Qriocity music streaming service, which resulted in the compromise of the names, addresses and credit card details of 77 million user accounts. ESET provided extensive coverage of the SONY data breach in our blog, starting from the initial report of the breach in April 2011 all the way up to the proposed settlement of a week ago.

For the most part, computer gaming poses no additional risks beyond any other activities you might perform on the Internet.  You may, however, wish to take a few extra precautions, as outlined in the previous two articles from We Live Security:

This is a shortened version of Aryeh Goretsky’s article on We Live Security. Go here for the full story.

What’s scamming this week? FBI, Tesco and Bank of Ireland

FBI1

ESET Ireland warns of FBI, Tesco and Bank of Ireland names abused by scammers in phishing emails sent to Irish mailboxes.

Another week, another variation of the old phishing scams hitting Irish mailboxes. This week the scammers are telling us Bank of Ireland wants us to update our account, Tesco wants to add €120 to our cards and FBI wants to pay us $5.9 million. Wow!

Dear customer,
We wish to inform you that access to your online account will soon expire. In order for this service to continue without any interruption, You are require to fill and confirm your details via the following link below:
Update Your Bank Of Ireland online account:- click here to update
After which your online account will then be automatically restored and you will be contacted by one of our bank employees.
With online banking , you have everything at your fingertips with a click .
With online banking , you have quick and easy access to your checking account. You can easily do transfers and standing orders with one click.
We are very pleased to be at your service
Sincerely,
Bank Of Ireland Customer Service.

 

So says the first phishing email. They’re basically telling us to go to their page and give them our online banking log in details, so they can do whatever they want with them. Bank of Ireland warns of these scams on their website, saying “Never respond to any unsolicited e-mail that asks you to validate your login / payment credentials no matter how reasonable the request looks.”

You have been selected to access the Tesco Survey and win a 120€ direct to your card.
Please click here and complete the form to receive your reward. Thank you.

 

The “Tesco” spam is even more straightforward, but like the one above just leads to a site that harvests people’s personal details and financial info. Tesco also offers some advice on staying safe online on their website, adding “Please remember we will never ask for your bank or security details.”

But my personal favourite this week is the FBI one. The gist of it is, that FBI is warning us “that you are among one of the individuals and organizations who are yet to receive their overdue payment from overseas which includes those of Lottery / Gambling, Contract and Inheritance. Through our Fraud Monitory Unit we have noticed that you have been transacting with some impostors and fraudsters” and that “The Cyber Crime Division of the FBI gathered information from the Internet Fraud Complaint Center (IFCC) on how some people have lost outrageous sums of money to these impostors”, and because those wicked fraudsters are out to get us, we should contact barrister James Henry of the Central Bank of Nigeria directly, with all our banking details, so he can transfer us $5.9 million that we are “owed”. Scammers trying to scam us by warning us of scammers. Cute, isn’t it?

Well, now you know. Don’t fall for their tricks and stay safe online.

Malware that encrypts Android phones using FBI child-abuse warnings to scare victims into paying $300

Security researchers from ESET® have uncovered a new, even more dangerous version of Simplocker – the Android file-encrypting ransomware that was discovered a month ago by ESET.

The new version of the file-encrypting malware, detected by ESET as Android/Simplocker.Icontains some notable improvements. This time it displays the ransom note in English – the previous version was targeting mainly Ukraine and Russia – and also asks for a higher ransom, 300 US Dollars to be exact. In comparison to the previous version, it also encrypts a wider range of file types and is more difficult to uninstall from devices.

Last time we wrote about Android/Simplocker – the first ransomware for Android that actually encrypts user files – we discussed different variants of the malware and various distribution vectors that we’ve observed. What initially appeared as just a proof-of-concept mainly because of Simplocker’s “not-exactly-NSA-grade” crypto implementation has proven to be an actual threat in-the-wild in spite of its weaknesses. Also, the malware has been available for sale on underground forums.

Last week we spotted a variant of the ransomware that featured a few significant improvements.

Simplocker

The first change that meets the eye in Android/Simplocker.I is that the ransom message is now in English rather than Russian. The victim is led to believe that the device was blocked by the FBI after detecting illegal activity – child pornography and so on – typical behavior of police ransomware that we’ve seen many times before. The demanded ransom is now 300 USD and the victim is instructed to pay it by a MoneyPak voucher. Like other previous Android/Simplocker variants, this one also uses the scareware tactic of displaying the camera feed from the device.

From a technical perspective, the file-encrypting functionality remains virtually unchanged, apart from using a different encryption key, but this recent Simplocker variant does contain two additional tricks to make the victim’s life more miserable.

In addition to encrypting documents, images and videos on the device’s SD card, the trojan now also encrypts archive files: ZIP, 7z and RAR. This ‘upgrade’ can have very unpleasant consequences. Many Android file backup tools (which we strongly recommend, by the way) store the backups as archive files. In case the user has become infected with Android/Simplocker.I, these backups will be encrypted as well.

Secondly, the malware now asks to be installed as Device Administrator, which makes it a lot more difficult to remove.

1

As usual, the trojan will use social engineering to trick the user into installing it – in the screenshot above, it’s masquerading as a Flash video player.

Our Android/Simplocker detection statistics until today don’t indicate the threat to be widespread in English-speaking countries.

In case your files have been encrypted as a result of an Android/Simplocker infection, you can use the updated ESET Simplocker Decryptor to restore them. But as always, we recommend focusing on prevention ;) Also, while you should be careful when installing any application on your device, be extra careful when the installed application asks for Device Administrator rights.

 

How to hack someone’s account? Ask them for their password!

ESET Ireland has been following a surge of phishing emails redirecting users to faked banking, PayPal and Microsoft account sites for harvesting login details.

Although a surprisingly large number of people still use passwords like “12345” or “password” for their various accounts, cybercriminals have taken an easier route than trying to hack into peoples’ accounts. “Ask and you shall receive” seems to be their motto, so they send out emails that pretend to be coming from legitimate sites, notify the user of some unusual activity, and ask them to confirm or deny that activity by “signing into the service”. Except that the service in question isn’t actually there, but a faked site instead, which diligently logs all usernames and passwords entered and delivers them to the happy scammers.

In the past weeks, ESET Ireland has received several different emails of the same nature, and here are some examples:

1. Bank of Ireland

An email purporting to come from Bank of Ireland, claiming your account requires and update and providing a fake link “Click here to complete update”. The email has some bad spelling errors which give it away.

Fake Bank of Ireland email

Fake Bank of Ireland email

 

2. iTunes

An email pretending to be from iTunes, thanking you for purchasing “World Of Go” for €9.65 , then adding “If you did not authorize this purchase, please visit the iTunes Payment Cancellation Form within the next 12 hours in order to cancel the payment,” which requires you to “log in” to the fake iTunes site.

Nice of them to respect our privacy, eh?

Nice of them to respect our privacy, eh?

 

3. PayPal

An email looking like a detailed payment receipt, mimicking PayPal, with all the usual PayPal visual clues, claiming you paid $208.00 USD to Agoda Company online hotel booking site, adding “If you haven’t authorized this charge, click the link below to dispute transaction and get full refund – Dispute transaction (Encrypted Link).” The link, of course, isn’t encrypted and simply leads to a PayPal lookalike login harvesting site.

paypal1

Fake link in “Encrypted link”

kkk

“expert-italia.it” address instead of “PayPal

 

4. Microsoft

An email abusing Microsoft’s name, with the subject line “Microsoft account unusual sign-in activity” that claims they detected unusual sign-in activity into your account, supposedly from South Africa, which is meant to make people suspicious, then offering a solution “If you’re not sure this was you, a malicious user might have your password. Please Verify Your Account and we’ll help you take corrective action.” Of course the only action they’ll be taking is signing into your account with the login details you just provided.

Legitimate looking email.

Legitimate looking email.

“yazarlarparlamentosu.org” instead of “Microsoft Corporation”

“yazarlarparlamentosu.org” instead of “Microsoft Corporation”

hhh

Actual Microsoft account log in

 

What should you do?

First of all, stay informed. The scams you know about are less likely to catch you off guard. We regularly keep you updated on our blog here or on ESET’s We Live Security.

Read such mails carefully, checking for clues. If the email had spelling errors or used poor language it is likely faked. A lot of the scammers come from countries where English is not their first language and they give themselves away. Also goes for similar scams as Gaeilge, where they likely used Google translate to try to fool native Irish speakers.

Do not click on links in emails. Even if you do have a Microsoft account and are alarmed by such an email, open your browser and go to Microsoft site directly. Also make sure the website’s address looks correct. In the case of the faked Microsoft one above, the website address read “yazarlarparlamentosu.org”, which is clearly not “Microsoft”

If you suspect you may have fallen for one of these tricks, change your passwords. To be sure, change them in regular intervals anyway.

If the email you received looks like it’s coming from your bank, pick up the phone and ring them instead of just clicking. They’re accustomed to scams like these and will advise you appropriately.

Think before you click and enjoy safer technology!

 

by Urban Schrott, ESET Ireland

Follow

Get every new post delivered to your Inbox.

Join 72 other followers