Jun 5, 2015 2:00:00 PM
An email virus can spread quickly. But knowing some quick tips can help you prevent your computer from becoming infected.
1. Do not open emails that have bad grammar, incomplete sentences or have an anonymous sender address. These are red alerts that should have you thinking twice about clicking any links or opening them.
2. Do not open attachments that are suspicious, unsolicited or are received from an unknown source.Read More
Dec 22, 2014 4:55:00 PM
Trojan.FakeAV has been around for quite a while, however its making another debut. This type of malware tries to convince a user to remove non-existent malware or security risks from their computers by installing bogus software.
Users are offered a link to software from spam emails, blogs/forums that are spammed, malicious banner ads, pirated software, file sharing networks, or even exploited web pages.
Once installed, a constant stream of pop-up warnings appear stating a harmful virus has been detected alerting you to purchase software to clean this up.
Here is what we received via email:Read More
Dec 22, 2014 12:10:54 PM
Nov 20, 2014 1:23:42 PM
Hackers are finding more and more ways to manipulate users into installing malware onto your computer. Before clicking on a link or downloading a file, make sure you review the origin of the link.Read More
Jul 16, 2012 2:17:00 PM
Hey Happy Monday everyone! I'm sure you've heard about the Yahoo security breach (full article listed below). If you have a Yahoo account, I highly recommend that you change your password just to be safe.
Aug 31, 2011 4:47:00 PM
Various Internet security firms report a new Internet worm is spreading in the wild and taking advantage of weak passwords on Windows systems.
Aug 11, 2011 3:49:00 PM
Although this breach, which was discovered back on May 25, could have exposed the names and Social Security numbers of some 75,000 students, faculty and staff, UWM officials told the newspaper that the university has no evidence that information was looked at or used.
Nobody is sure how long the malware was running on the server, but it was shut down once the breach was found. UWM leaders are suggesting someone might have been trying to gain access to the university's computers for a different reason. It is suspected that the software was being used to identify cutting edge research that the school is working on, but that has yet to be confirmed.
"We are a research institution with a significant number of projects under way. It is theorized that this may have been an attempt to look at work being done," Tom Luljak, UWM's vice chancellor for university relations, told the newspaper. He added that the malicious software was installed remotely.
While the forensic investigation states that there is no evidence that the personal information was stolen, the school is still warning students to be vigilant by monitoring their credit history and putting a freeze on their credit report. It is also interesting to note that although most companies that suffer data breaches end up offering one year of free credit monitoring to the victims, the University of Wisconsin says that since there was no evidence the data was stolen, they will not offer the free service.
It’s also good to know that while students may have had their identity stolen, the database contained no “academic information such as student grades,” so at least the attackers won’t be able to identify whether students passed their criminology courses.
For more information on the security breach, UWM has set up this website.
Jul 26, 2011 9:39:00 AM
Social engineers have been using various dirty tricks to fool people for centuries. Social engineering, the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, is as old as crime itself and has been used in many ways for decades.
For the past several years online, social engineers have been trying to fool unsuspecting users into clicking on malicious links and giving up sensitive information by pretending to be old friends or trusted authorities on email and social networks.
And now that mobile devices have taken over our lives, social engineering is an attack method of choice to gain access to a person's smartphone or tablet.
Here are three examples of current cons being used by criminals to get inside your mobile device.
Malicious apps that look like legitimate apps
One example is the case of a popular and legitimate application Android users were purchasing that caused a virtual "steam" to appear on the screen of a smartphone. You could move your finger to scrape the virtual steam off, people love this sort of thing, although it served no real purpose.
But a malicious application that looked exactly like the virtual-steam application was created and many were conned into purchasing that one, instead of the authentic application. From a users perspective it is very hard to distinguish between an app that is legitimate with an app that turns out to be malicious.
What users ended up with was an application with unwanted things behind it. In some cases, the malicious application activated an SMS message from the victim's phone that was sent to request premium services and the user was charged. The attacker, meanwhile, would delete any return SMS messages acknowledging the charges so the victims had no idea they were being billed.
The best advice, don't install applications that come from un-trusted sources.
Malicious mobile apps that come from ads
In some cases, legitimate applications on a smartphone run bad advertisements. If the user clicked on the ad, they are taken to a web site that tricks the victim into thinking their battery is inefficient. The person is then asked to install an application to optimize the battery consumption, which is instead a malicious application.
Our advice is the same as with PC’s, be leery of any advertisement that is asking you to install an application.
Apps that claim to be for "security"
Another new mobile attack vector is a ZeuS malware variant that actually originates with an infected PC. When a user visits a banking site from an infected computer, they are prompted to download an authentication or security component onto their mobile device in order to complete the login process.
The attackers realize that users are using two-factor authentication. In many cases that second factor is implemented as a one-time password sent to the user's phone by the banking provider. Attackers were thinking: 'How can we get access to those credentials?' Their answer is: 'Attack the user's phone.'
The way this ruse works is once the PC is infected, the person logs onto their bank account and is told to download an application onto their phone in order to receive security messages, such as login credentials. But it is actually a malicious application from the same entity that is controlling the user's PC. Now they have access to not only the user's regular banking logon credentials, but also the second authentication factor sent to the victim via SMS. In many cases, people thought they simply were installing security applications, or in some cases, a security certificate.
Mobile devices, pure and simple, are hand-held computers and should be treated as such. The best way to protect yourself is to be cautious of not only the applications you install, but the links you click on in the web browser. If asked to download a file, application or security certificate, be leery and only download from trusted sources.
Jul 11, 2011 3:48:00 PM
Whenever people desperately want something, criminals have always come up with ways to rip people off. It's a practice as old as time.
The Google+ invite frenzy has prompted some devious spammers to send out fake invitations. Sophos, a cyber securities firm, first reported this spam.
Gmail users would receive a Google+ invite that looks like the real thing. Except when you click on the link to the Google+ invite, it leads you to a completely different website, riddled with malware.
This isn't the first time that insane demand for Google products spawned scams. Back when Gmail membership was an exclusive club and a hot item, spammers sent existing Gmail users a notice that Google had just given them 50 extra invites.
All they have to do is fill out a form with their Gmail password.
Apple, was also used as bait. Back before the iPad was released, bogus Facebook pages were set up to ask users to be beta testers; they would get the iPad in advance and then keep it for free.
All these Apple fans had to do was provide their personal information and cell phone number. Their cell phone number was subsequently enrolled in an expensive premium service.
For active Internet users, scams and spams are a fact of life. Abiding by the following guidelines, however, will lessen the pain.
- Don't respond to sweet offers that you didn't pursue or don't know the origin of, whether it's a Google+ invite or a millionaire trying to give away his fortunes.
- Don't ever give out your personal information to email requests from scammers posing as legitimate entities. Legitimate entities will never ask you that; the only time they might prompt you for personal information is when you approach them do something.
- Too good to be true offers do not exist. For example, somebody looking to share the wealth of somebody who has no "next of kin"...does not happen in real life. If you're not sure, don't go for it, especially if you have to provide your personal information or grant access to your computer in exchange for it.