Cyber criminals are either looking
to steal sensitive data or bombard you with advertising. Here are some of the
newer ways they use
In the first week of June,
Bengaluru-based make-up artist Dipthi Aashok opened a video link on Facebook,
“What my sex”, that a friend had posted on her timeline. Before she knew it,
the video had been posted on her friends’ timelines. “I was shocked,” says the
37-year-old, “the video didn’t even open and I was getting angry messages from
my friends on what kind of stuff I’d posted on their timeline.”
She didn’t even realize that her
Facebook account had been hacked. Aashok was a victim of phishing.
Phishing and spamming are both
malicious activities. Phishing’s main task is to steal a person’s sensitive
data (such as password, account login authentication, etc.), while spamming is
designed to entice a user to fall for a trap (such as the “Mr XYZ has left you
a will, please share your bank account details” routine) or just bombard you
with offers.
According to software security firm
Symantec Corp’s “Internet Security Threat Report 2014”, India’s growing social
media population provides a ready base for cyber criminals, making it the
second most targeted country in the world for social media scams. “People
voluntarily and unwittingly share enticing videos, stories, pictures and offers
in order to gain access to a sensational video or enter a lottery, without
realizing that these could include links to malicious or affiliate sites,” says
Ritesh Chopra, country manager (India), Norton by Symantec.
“Fake notifications from Facebook
and other social networks, the promise of explicit photographs attached to
messages, Valentine’s Day discounts, news about Ukraine, a health scare, the
spammers try it all to get you to click,” says Altaf Halde, managing director
(South Asia), Kaspersky Lab, a software security group with a presence in 200
countries. Once you do click, the malware enters your computer or phone, and
either steals all your document files, encrypting them, or tries to multiply by
making copies of itself and sending it to all your contacts. According to
Kaspersky Lab’s May report, “IT Threat Evolution Report For Q1 Of 2015”, which
analysed the spam and phishing threats landscape, India ranked among the top 10
spam-recipient countries. The list includes Russia, Uzbekistan, Germany and the
UK.
And with more people accessing Web
services and social media on their phones, cyber criminals are following suit,
to steal or coerce information.
Indian mobile users are still new to
mobile-based transactions. “Most criminal incidents are not reported, hence
awareness is low,” says Pune-based Ajit Hatti, co-founder of Null, a non-profit
community of experts working to enhance information security awareness. “Also,
people trust everything they receive on WhatsApp or email and religiously
forward junk and posts with malicious links to 10 other users to either avoid
bad luck or get a freebie.” The limited size of a phone screen makes it
difficult for you to determine whether the site you’re going to is secure or
real, since the real website address is shortened or hidden.
There’s growing concern within
security circles about attacks on payment systems, be it banks or payment
gateways on websites. “With the rise of more public information about users on
the Internet, cyber criminals are able to craft more sophisticated spear
phishing attacks and social-engineer your profile and things you’re interested
in,” says Ponnurangam Kumaraguru, an assistant professor and founding head of
the Cybersecurity Education and Research Centre at the Indraprastha Institute
of Information Technology in New Delhi.
Constant vigilance is the need of
the hour—here are some new tricks that cyber criminals deploy, and ways to
protect yourself.
Injecting a malicious script in your
browser
In May, researchers from Google and
Stanford University, US, released a report on how spammers have been hijacking
your browser to inject ads, those irritating pop-ups you don’t think twice about.
They flagged 50,870 Chrome extensions as unwanted ad injectors; 38% of them
were malware. “Many of the legitimate sites are hacked and also contain
invisible frames,” says Hatti. “When users visit these sites, the malware
installation is initiated and your system gets infected.”
Stay safe: A genuine website should
have a “https://” before it. If you’ve gone to a site which is not secure (it
will have “http://”, without the “s”), don’t click on anything there. Most
browsers warn you, “This site may harm your computer”. Follow their advice.
Attacking your wearables
Love that new smartwatch or thinking
of buying a connected car? Spammers are increasingly aiming malware at the
Internet of things (IoT) and online devices. “Soon all connected devices will be
victims of such attacks, where devices will be held hostage by hackers rather
than PCs,” says Amit Nath, country manager (India and Saarc), F-Secure Corp., a
Finland-based computer security company. In other words, a hacker could lock
you out of your latest smart car, make your refrigerator or washing machine act
funny, all to extort money from you.
Stay safe: We would say keep your
gadgets disconnected from each other, but that won’t be so much fun. Instead,
make sure you become extra careful about your Internet security, update to the
latest versions of software, and think twice before you click on anything from
anyone.
Blackmailing you
It was only a matter of time before
spammers figured out that they could make money from their tricks. So through rogue
links over social media, on email, through malicious apps, torrents or porn
photographs, they try to install a Trojan program into your computer. “The
program blocks your computer access and demands a ransom from you for
decrypting it,” says Halde. According to a study by F-Secure, the past six
months have seen a ransomware infection in Asia, including India and Hong Kong.
“Ransomware is very profitable because your data is encrypted with a key and
you will have to pay the hackers a large amount, up to $300 (around Rs.18,900) to get the decryption key back to retrieve
it,” says Nath. The trend is already moving from desktops to mobile devices.
Stay safe: Be suspicious of what
you’re clicking on or downloading. If you’ve clicked and the spammer has encrypted
your documents, there’s nothing much you can do , except negotiate to get the
encryption key. And always keep a backup of data.
Emails—genuine or traps?
The line between spam and not-spam
is blurring continuously. You get a genuine email from a friend or colleague
with an “important document” link which is stored on Google Docs or Dropbox,
with their signature at the bottom and no wrong spelling. You click it without
batting an eyelid, adding your login details. But it turns out that your
friend’s account has been compromised and the link takes you to a fake page
without your realizing it. “You put in your username and password and the
scammer has you by the neck,” says Kumaraguru. Since the mail looks genuine,
you don’t question it and your spam filters don’t activate themselves.
Stay safe: Don’t assume that a
genuine email has a genuine link in it. “Before you give any information to the
landing page, check if the domain name is corrupted or if the site has a valid
SSL certificate,” says Halde. If the site is corrupt, it won’t have the SSL
certification or will be “http://” (minus the “s”). SSL is that little lock
icon on the corner of the website which tells you it is secure to browse.
In a shortened link over WhatsApp
Just got a link from your friend on
WhatsApp or a message which offers you a free gadget, funny video, porn or
alarming news? It will most probably be malware. Click it and it will spread to
your friends’ accounts. “Social media is being abused by spammers for the last
few years but, in particular, chat applications like WhatsApp and WeChat have
made it quite easy,” says Hatti. “It has erased the boundary of nations.
Sitting in Russia, I can find Indian phone numbers and check whether the number
is on WhatsApp and push malicious links to you.”
Stay safe: “There is no free
lunch,” says Nath. “When something is free, you yourself are likely the
product. In many cases, be wary of links to free products.”
Pop-ups of anti-virus apps
You visit a popular website and a
new browser window pops up suddenly, warning you: “You have been infected!
Download this anti-virus right now to protect your computer.” Don’t panic and
don’t click download, it could be a malicious advertisement, says Kumaraguru.
Spammers are trying to play on your fears.
Stay safe: Don’t panic and don’t
download anything on to your computer from that advertisement.
Source | Mint – The Wall Street Journal | 22 July 2015
No comments:
Post a Comment