Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Constant Vigilance Needed To Remain Safe Online

Trusteer : 19 August, 2010  (Special Report)
Amit Klein of Trusteer provides useful insight into the world of online threats that are increasingly deploying social engineering tactics to make users drop their guard when they least expect it, exposing sensitive information or diverting to sites containing malware
The recent example of World Cup scams caught many internet users unaware due to targeting weaknesses and vulnerabilities in users rather than software, a tactic likely to be redeployed by cyber criminals in the UK for the forthcoming tax return season, warns Amit Klein, Trusteer's Chief Technical Officer.

The World Cup might be a distant memory but the legacy of the games remains for those who fell foul of the many scams targeted during the tournament. However, the end of the games doesn't doesn't give the green light for letting our guard down. Criminals are already preparing for the next major event from which to hitch a ride and launch an attack in an effort to dupe us into believing their lies. With HMRC having been imitated on many previous occasions the fact that many self-employed people are expecting to pay an income tax instalment this month will not have gone unnoticed by scammers - it's just a waiting game to see what they send out and how many fall victim to their charms.

So, what is it about these attacks that manage to fool so many people and what can we do to protect ourselves?

To kick off, it's worth just recapping the top scams that lull us into scoring an own goal:

1 Top of the list is the plain old phishing attack. Primarily to steal our credentials, we've all been warned about them and smiled smugly as we've deleted the ones from Nigeria telling us we're just a click away from becoming millionaires. Yet for some reason if the scammers manage to strike a chord with the recipient, a case in point is the recent World Cup lottery examples, people will drop their guard and click on the link

2 A fairly new scam doing the rounds is the faked communication from the IT department asking staff "to upgrade" their system with a link harbouring malicious malware waiting to download directly to the 'always does as he's told' employee's device

3 The 'official' phishing attack pertaining to be from a well known bank, government department such as HMRC tax form / refund etc or other authoritative. This type of attack can take a number of formats but all have the same thing in common - they're extremely well executed. Criminals will painstakingly recreate letterheads, legitimate looking email addresses and domain names with the sole purpose of tricking you into believing their legitimacy. What they're really after is your credentials.

4 The Domain Name scam primarily targets business/domain owners. There are two types of attack: 1) to make you buy more domain names than you need for fear of losing them and 2) to make you pay to renew your domain name, effectively transferring it to the scammers, and leaving yourself open to being held ransom over your domain name.

With the criminals never seeming to rest it's impossible to provide a list of attacks that you need to protect yourself from. Lets face it, as soon as we've written it it's out of date as, tomorrow, there'll be a new email or malicious website waiting to steal your data. Instead, here is a checklist for you to follow that will help you stay one step ahead of the criminals and their increasingly sophisticated communications :

1 make sure you are always up to date with the latest operating system, browser and security software. As you'll come to see you need to be cautious of unsuspectingly downloading malware so always use a reputable site, such as : Adobe, Microsoft, etc.

2 when surfing the internet, keep your 'gut instinct' radar tuned in and try to avoid questionable sites. It's worth noting that, even if a site is returned by a search engine - even the reputable ones, you should still exercise caution when visiting them as it is possible for any site to harbour malicious code and its better to be safe than sorry. In fact, a perfectly legitimate site with inadequate protection is perfect prey for a hacker who installs malicious code to steal credentials, often for a short period of time then slips away undetected. Always check the address bar at the top of the screen states https:// before entering any log in details or submitting personal information, especially credit card details. With newer browsers this domain bar will be green for safe sites with [red] warning that the site really shouldn't be trusted.

3 Always question the legitimacy of attachments to emails, even from close friends and family, as they may unwittingly be passing on a virus

4 Exercise caution when downloading software from the internet especially from sites that you're unfamiliar with. It is worth doing a little background on the forums to make sure that the software hasn't been previously discussed as potentially hazardous

5 Be suspicious of emails claiming to be from your bank, IT department, Microsoft or other software vendor etc asking you to execute files unless you are expecting a communication of this nature. If in doubt visit their websites/departments, although not through any embedded links within the communication, and check to see if there have been any reports of these messages as fraudulent

6 By the same token if you receive an email that claims to be from your bank, IT department, Microsoft or other software vendor etc asking you to disclose personal information - even what looks like a legitimate email from IT asking for your password alarm bells should be sounding. None of these organisations will ever ask you to disclose your password

7 As alluded to in tip 5, never click on a link in an unsolicited email especially one that requires you to 'update your details'.

I'm sure, having read this list, there will be some of you that think you'll never fall foul of another scam again, and that's great. There will be others who question why we haven't suggested the use of anti-virus software while the majority of you will probably be thinking that this advice is not foolproof and it's just a matter of time before I slip up and fall foul of a cyber criminal. Our final nugget of gold is this - with malware and phishing attacks increasingly taking place in your browser, that's where your protection should be focussed. Secure browsing technology protects your computer against new, sophisticated attacks that anti-virus and firewalls cannot always cover. For the techies amongst you, these are called zero day vulnerabilities which even the giants of the IT world have been victims of more than once.

Secure browsing technology is available free to download from many banks, including Santander, Coutts, Coventry Building Society, First Direct, HSBC, NatWest, The Royal Bank of Scotland and Ulster Bank or from the Trusteer website free of charge. The lightweight browser security plug-in and security service locks down your browser once you connect to a sensitive website such as your bank. Any malicious software that tries to ride on or inject into the browser is left out of the secured window, and cannot access your sensitive information and transactions. By locking down communication between your browser and your bank, this secure browsing technology prevents any network-based attack from diverting traffic to fraudulent locations. Once you have this software, you can use it to protect any website, not just your banks.

In summary, it's important to realise that Trusteer isn't simply scare mongering. Cyber criminals exist and they are earning considerable amounts of money through feeding on human vulnerabilities. The chain of security involves many components including anti-virus software, browser security tools and ultimately the end user who is increasingly becoming the weak link that is being targeted.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo