Being Informed Is Being Safe

Home » Being Informed Is Being Safe

Results for "Being Informed Is Being Safe"

5 Tips To Avoid typo squatting, a type of Cyber Squatting This Black Friday

If you are in a habit of buying online or are planning to buy for the first time on this upcoming Black Friday or Cyber Monday, then among other things, you must also watch for Typo Squatters who .

What is Typo Squatting?

Typo squatting, also called URL hijacking, is a form of cyber squatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser.

To save you from this form of Cyber Squatting, follow the following Tips online:

Tip 1: You should always take a second to look at the URL you just typed into your browser and make sure you are where you think you are. Cyber criminals know that people make mistakes while typing. To benefit from such innocent or careless typing mistakes, they register lots of typo-ridden addresses that are very similar to the real word. For example, in order to benefit from the typing mistakes people do while typing amazon, they will register every variation possible. Such as amaazon.com, amazzon. com etc.

Hence always take a second look at what you have typed as the url.

Tip 2: Instead of Typing a full URL into your web browser, just type the name. That's instead of typing amazon.com, just type amazon and press enter. You will find the real thing within the top search results. From there you can visit.

Tip 3: The victims of Typo squatting are NOT the big websites only. ANY WEBSITE which has significant footfalls can be a victim of typo squatting.

Tip 4: Whenever you recieve an email purporting to be from some well known or authentic source, Please make it a habit of checking the sender email and url for Typo Squatting.

Tip 5: Remember that Typo Squatters most often use those spelling variations which at one glance appear to be the normal spelling. For instance, instead of using couponjunction, the typo squatter will use coupunjunction.

Happy buying!

---------

Being Informed Is Being Safe , cyber squatting typo vulnerable , typo squatting safety tips

5 Tips To Avoid Cyber Squatting This Black Friday

Anil Singh Thursday, November 24, 2016

A Fake PayPal App is being sent to Android users in Germany

German Android users are tricked by a well -drafted and convincing email which pretends to be an official email from PayPal app. The email requests the recipient to download a fake PayPal app update. The email, coming from Vietnam, Ukraine, Russia and India, was traced by our researchers. The downloading of the update leads to a Malware which requires Device Administrator privileges and some permissions like Change screen-lock password, lock the screen etc. The most surprising fact here is despite not granting Administrator privilege, the Malware was found to be running in the background, which makes it easy to track phone activity, i.e. track which app is running. The unique feature of this Banking Trojan is that it detects the legitimate PayPal app and puts up a fake UI on top of the real one once the app starts running. It effectively hijacks the PayPal session of the victim and steals his/her credentials.

The installed app uses Paypal icon. No Wonder.

(According to a recent eScan research)

5 Tips to safeguard yourself from Malware on Google Play:

Use a trustworthy antivirus on your Android phone and update it regularly.
Always download apps only from their official website or Google Play Store, after checking or verifying.
Download applications of a reliable app developer. In addition to it, check the user ratings, reviews of the app.
It is always a good practice to read the permissions of the app, which is going to be installed for security.
Whenever Something arrives via email make sure who the sender is. For instance if PayPal will send you an email, the email address will surely have paypal.com in it. Double check the spelling and the TLD (.com, .biz etc.). PayPal uses .com

Open emails only if you are positive about the source.

---------

Android users , Being Informed Is Being Safe , Fake App , Malicious app , PayPal

Double Check Before Installing this Fake PayPal App sent via Email

Anil Singh Wednesday, October 7, 2015

You opting for a Gift Card for your friends and loved ones means Cyber crooks are also trying to con You. Hence it's important to choose a Safe Gift Card

Gift cards have become popular in recent years. the main reason for the popularity of gift cards is that it gives your friends and loved ones an opportunity yo buy things which they really need or like to buy. Not to mention, a gift card is much better than sending real money. That's why it's important to choose a Safe Gift Card. And there are security tips which enable you buy a a Safe Gift Card. But before exploring the security tips for choosing a Safe Gift Card; lets delve into what makes a Safe Gift Card, unsafe. Cyber crooks have gained expertise in exploiting this popular form of gifting through tampering, deception and utter theft. Thus if Gift Cards are bought from a display rack of any store, then the buyer may become a victim of theft.

How a Gift Card Fraud happens?

These days, cyber criminals have found a new way to steal your gift card balance. They simply jot down the card numbers in the store and wait for a few days to call and see how much balance they have on the card. Once the card is activated, they go online and start shopping. According to KOMO TV in Seattle, Wal-Mart shoppers have already been hit with such Gift card scams on several occasions.

However, this doesn't work on all gift cards. While the crooks physically access gift card numbers by snooping the card from its packaging and dumping it back once the number is written down - it's not always easy to hide the visibility of cards' PIN number. Once the covering is scratched away, it cannot be put back. As a result, the packaging itself can reveal that the card has been tampered with. It is better to examine both side of the packaging irrespective of wherever you buy from.

Some Other Gift Card Scams

There are numerous other ways where the users fall victim to Gift Card scams :

Overstating Card Value: It happens when a reseller overstates the values of the cards they are selling. There is a very little scope for the buyers to understand such frauds.

Treacherous Employees: The employees steal Gift Cards from their displays; activate them with store scanners and then go on for shopping sprees. Occasionally, they use the stolen cards to purchase new cards to legalize their stolen merchandise.

Card Pilfers: There are thieves who pretend to be genuine customers swap blank cards (previously stolen) against new cards activated during a sale. Then they pretend to change their minds and ultimately cancel their purchases. The counter clerks remain clueless as they think they got the new cards back and the thieves walk out of the store with the new card in their pocket.

Buy Gift Cards from Wrong Dealers: Stolen cards can end up on auction sites where the unsuspecting bid can get a good deal. The NRF (National Retail Federation) advises consumers to buy gift cards only from a reputable dealer and never through any online auction because what you bid on might be a stolen one.

Manhandle Bar Code: Cyber criminals carefully slit open the packaging of bar code-bearing gift cards and replace the new cards with used ones where there are no funds. After these "empty" cards are sold, the activation of the bar code loads the real card (in thief's possession) with funds and the genuine buyer remains empty-handed.

How to avoid gift card scams? - 7 Security tips from eScan on how to buy a Safe Gift Card

Purchase from Reputed Source: Purchase gift cards only from reputable sources. It is always better to get them directly from the store.

Examine Card before Buying: Gift cards should be examined carefully before buying. Never assume that if a store has gift cards under lock and key, then they are original and their PIN is not yet accessed. There might be signs of tampering.

Purchase Online Gift Cards from Official Portal of the Retailers: Purchase online gift cards from the official website of the retailer where they are intended to be bought. Never buy them from any auction sites even if they look like genuine ones.

Keep the Receipts: Keep your receipt as proof of purchase until the card value gets exhausted. In case any fraud happens, then you can show the receipt to the retailer and claim a replacement of the false card.

Scan the Card: Get your card scanned at the time of purchase to ensure that the gift card you bought is genuine and has the correct balance.

Restrict from giving Extra Information: Always remember that no reputable business can ask you for social security number, bank account information or even date of birth while purchasing a gift card. Asking for such details is absolutely unnecessary and irrelevant. It is advisable to check the authenticity of the retailer immediately.

Lastly, one tip from me. This security tip is an easy way to differentiate between a safe site and an unsafe retail site: https:// . Remember, the moment you're asked to shell out money, a safe site will always transition to https:// (https://, yes with an s)

Gift Cards are convenient and make great gifts. Following these simple tips helps you to be assured that the person, whom you thought of gifting the card, can reap all the benefits from it!

---------

Being Informed Is Being Safe , gift card scam , gift card scams , safe gift card , security tips

7 Security Tips To Choose a Safe Gift Card

Anil Singh Thursday, July 23, 2015

eScan alerts Online Banking Customers of Dyreza which primarily targets your Data. Tips to remain Safe.

eScan, leading Anti-Virus and Content Security Solution providers, warns users about online banking data theft. According to reports, a new banking Trojan named 'Dyreza' is targeting online bankers by stealing their credentials. This malware mainly targets customers of well-known financial institutions using Internet Explorer, Google Chrome and Firefox browsers.

Dyreza or Dyre is delivered through a phishing campaign, says US-CERT. These phishing emails supposedly coming from banking or financial institutions include a malicious Zip or PDF document, which when extracted installs itself on the target system. These malicious PDF attachments take advantage of unpatched versions of Adobe Reader, i.e. it tries to exploit vulnerability in Adobe Reader to get itself installed on the targeted system.

Once the phishing email is received by an online banking customer, it entices him/her to download and extract the Zip file which then begins its destructive and stealing action. By using Dyreza banking malware, attackers can steal credentials used for online services, including banking services. They can bypass secure protection settings using browser hijacking, capture keystrokes, control browser traffic, perform man-in-the-middle attack and also communicate with command and control server.

With the advantage of reading all the encrypted traffic between targeted user's browser and financial institutions' servers, attackers can also try to bypass 2-factor authentication. Moreover, by controlling browser traffic, attackers can re-direct targeted users to the malicious banking site instead of the legitimate banking site with the aim of copying and stealing banking confidential and sensitive data.

US-CERT recommends users to follow basic security steps to safeguard against this malware. Users must configure their email server to block email that contains malicious file attachments that are commonly used to spread threats such as .vbs, .bat, .exe, .pif and .scr files.

Moreover, eScan recommends following preventive measures that will save you from falling prey to such attacks.

Update your system with the latest antivirus software that protects your system from all kinds of Malware attacks.
Enable firewall in your PC to ensure that you are secure on local networks and the Internet.
Identify phishing emails, such mails are filled with countless grammatical errors and are often written in awkward English.
Never respond to emails or messages from unknown sender that has 'undisclosed recipients' in the address line.
Do not click on the link mentioned in the email, if required type it in another browser tab to see what it contains.
If at all you happen to click such a link and see a request for your banking credentials or other details for any kind of verification or updating purpose, do not enter your personal or financial information.
Never provide information related to your credit card, bank account numbers or passwords to any unknown site or a fake site.

---------

Being Informed Is Being Safe , data security , data theft , dyreza , eCommerce , online banking , phishing

Online Banking Customers Beware of Dyreza

Anil Singh Monday, November 10, 2014

Hotel PCs can be infected with Keylogger Malware - ESET Warns Hotel Business Centers and Customers.

ESET, a global anti-virus, internet security and other proactive protection protection releases an alert to hotel business centers on keylogger malware .The keylogger malware steals banking and email passwords of the guests. Cyber criminals install keylogger malware on the computers and steal large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers. According to Help Net Security, The Department of Homeland Security and National Cyber security and Communications Integration Center (NCCIC) , United States issued an advisory to hotel companies on July 10, warning that criminal groups may be targeting hotel business centers with keylogger malware. This is what the NCCIC said in its advisory,

"In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,"

Keylogger malware warning

Despite describing the attacks as "not sophisticated", the attackers' keylogger malware had a high impact, the NCCIC warns:

"The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers."

The warning follows the arrest of suspects in Texas who had used keylogger malware to record the keystrokes of guests, and had successfully stolen details such as bank account passwords and email login credentials at several "major" hotel chains.

Tips for hotel chains to secure PCs in their business centers from Keylogger malware

Create Non-administrator accounts for Guests. So that they have very basic privileges, and don't have the ability to install programs, download, and use external USB storages and CDs.
Help Net Security (HNS) points out that much modern malware can install regardless of whether a user has administrator privileges . Thus it advises hotel guests to refrain from entering sensitive information such as banking passwords whilst on PCs in hotel business centers.
The usual practice of hotel business centers routinely allowing users to plug in USB devices and CDs means that attackers can bypass many security measures.
Security Affairs offers a detailed list of the NCCIC's recommendations for hotel chains - but concludes that the simplest solution is to avoid using any public computer for private affairs such as banking, warning "Cyber Criminals are behind you."
For more details on Keylogger Malwares, Click Here

---------

Being Informed Is Being Safe , eScan , Hotel Business , Keylogger Malware , Personally identifiable information , PII

eScan alerts Hotel business centers on keylogger malware

Anil Singh Friday, July 25, 2014

eScan Launches a unique online tool to identify Heartbleed bug affected websites. eScan Launches a unique online tool to identify Heartbleed bug affected websites. Helps in identifying the vulnerable sites to the users.

Two or three days ago, Intelligent geeky comic xkcd.com rolled out a comic on Heartbleed. This is an ample proof that heartbleed is the , 'the bug', creating nuisance in the cyber world. Something web users need to safeguards themselves from. eScan, Anti-Virus and Content Security Solution , is well aware of threat posed by the Heartbleed bug, that's why it has launched an online tool to identify the latest Heartbleed bug which has been creating chaos in the cyber security landscape. This tool introduced by eScan can be used by IT users to check whether the website they are browsing is affected with the Heartbleed bug or not and can be accessed at www.escanav.com.

What is Heartbleed Bug?

A major new security vulnerability dubbed Heartbleed bug was disclosed on April 7, 2014 with severe implications for the functioning of the entire web. The bug can scrape a server's memory, where sensitive user data is stored, including private data such as usernames, passwords, and has been in existence on the Internet for the past two years. It allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data.

Since a majority of websites are vulnerable to the Heartbleed bug, changing a password will not help much; as the website would have to update their OpenSSL software first in order to mitigate the threat. Simply type the website address that you wish to browse into the box displayed in the tool, and it will let you know whether it is safe. Although, websites such as Facebook, Gmail, Amazon, Yahoo!, Twitter and others are not vulnerable, however numerous other websites/servers are still vulnerable to this.

The Heartbleed bug, basically takes advantage of OpenSSL encryption software, which is in standard use by many websites and while browsing an SSL site, the secured site is designated by the small padlock symbol, however not all web servers have deployed OpenSSL. A new protocol was introduced to the TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation. When messaging back and forth on a secure connection, sometimes computer wants to check the other computer's availability. This cross checking is done by sending a small packet of data, called 'heartbeat'. The Heartbleed bug flaw allows hackers to use a fake packet of data, which tricks the computer into responding with arbitrary data stored in the memory by OpenSSL. The attacks using this flaw are undetectable by current standards and the bug existed under the radar for about two years.

Mr. Govind Ramamurthy, MD and CEO, eScan said,

"Users are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (Transport Layer Security) implementation used to encrypt traffic on the Internet. Hackers are using smart social engineering tricks more and more often on popular social sites, company's site and commercial sites. Hence, our newly launched online tool makes it easy for IT users to enjoy safe internet browsing and have a secured computing experience."

---------

Being Informed Is Being Safe , Bug , Heartbleed , Online Tool

Online Tool to identify Heartbleed bug affected websites

Anil Singh Tuesday, April 15, 2014

Microsoft on Monday issued an emergency security Alert: Hackers have found a way to booby-trap certain common Word file with the extension”.rtf”. Thus Microsoft Word Is Under A Hack Attack.

As of now, Microsoft is aware of attacks, but there’s no fix yet to stop the hackers. It’s working on a way to stop the bug.

How To protect your computer from this .rtf hacker attack:

Do not open a document with the “.rtf” extension until Microsoft says it’s fine to do so.

The hack could work even in “preview” mode. That’s where you don’t actually open the file, but view it in an email instead, such as in Outlook, that lets you preview the attachments.

Microsoft is currently recommending that you block all “.rtf” documents from your computer. It released a free tool which will set that up for you.

The extent of this .rtf hackThreat:

One of the worst kind of threats, which gives the hacker gain control of the person's computer. By this remote access, the hacker can do all kinds of things. For instance, the PC can be made a node in an illegal botnet, which the hacker can use to send spam, spread viruses or committing fraud. This simply means that the hacker will be using the resources of your computer, the storage, processing or the web connection for its own use. To get you an idea of how a bot in an illegal network behaves like, here's a giveaway: A compromised system may appear to be processing something, even when the user is not doing anything.

What is .rtf Extension?

“.rtf” extension is not the default for Microsoft Word, (the default is “.docx” or “.doc”). But this extension is not uncommon to MS Word. RTF stands for “rich text format.” For instance, it’s the default file format used by TextEdit, the free word processing app that comes with a Mac.

How To overcome this .rtf bottleneck?

If you receive a lot of emails with Word documents. And you can't block all .rtf documents; then here's a trick to overcome this bottleneck. Set up your email to be in text mode. You may have some difficulty reading the formatted emails and other written communication; but atleast you'll be safe, until Microsoft contains this bug. ---------

.rtf , Being Informed Is Being Safe , hack attack , MS Word

Do Not Open Documents Named ‘.RTF’ to Save MS Word from Hack Attack !

Anil Singh Thursday, March 27, 2014

The Anti-virus and Content Security Solution Provider, eScan, has announced that its Android-based security solutions are now compatible with S-Browser and Google chrome that comes bundled with Samsung Galaxy S4 and Nexus 7 respectively.

With the addition eScan has become one of the very few security solution companies to provide protection for maximum android platforms, thus allowing the IT users to experience safe and secure browsing.

Why Securing S-Browser and Google Chrome is Important?

Notably, in the earlier days, most users were forced to use the default browser bundled with Android - and hence most security solutions have been implemented with this browser in mind.

However, with the latest crop of expensive devices from Samsung, are heavily promoting its own S-Browser, and Google, which has its Chrome Browser, users have been shifting use to these browsers, in order to get better performance.

eScan, proactively looking at this fast shifting trend, has pioneered the usage of eScan solutions, on these web-browsing platforms.

Why Securing Tablets and smartphones is necessary ?

There are reasons why securing tablets and smartphones is important.

Considering the current internet-based attacks, identity theft and the important information stolen by the cyber criminals, Smartphones and Tablets are at greater risk as similar to computers and laptops.
Moreover, since tablets and smartphones are portable devices, that is since they are carried along; hence these devices are easy to lose and may end up being in wrong hands.

How eScan Android-based security solutions Help ?

eScan Security Solutions for Android - eScan Mobile Security for Android and eScan Tablet Security for Android delivers complete protection for Android-based Tablets and Smartphones from such kinds of threats.
eScan comes with an advanced Anti-Virus that helps eliminate, Application control feature that blocks unnecessary apps, while the Web protection feature offers protection from internet-based attacks and phishing websites.
eScan comes with an intelligent Parental Control feature that helps to keep an eye on and even control online activities of children. That's you can block those websites or webpages which have content unsuitable for minors.
eScan comprises of Anti-Theft feature that ensures complete protection to the device as well as the data stored in it from any unauthorized access, if in case the device is lost or stolen. Additionally, eScan even filters out unwanted Calls and SMSs.

To conclude if you have a latest Samsung mobile device or are using Google Chrome on your smartphone or tablet, then you can opt for eScan Android-based security solutions. ---------

Android security , Being Informed Is Being Safe , Google Chrome , Nexus 7 , S-Browser , Samsung Galaxy S4 , Samsung Smartphones , Samsung Tablets

eScan Compatibility Extended: Samsung S-Browser, Google Chrome Added

Anil Singh Friday, February 28, 2014

Avoid "droid rage": Five tips to recognise what constitutes Droid Rage. So that you keep your Android secure.

Droid rage is an established phrase now. It's used to represent a collection of actions, which take an Android user to the brink of risk or make the Android insecure. If an Android User knows about the Actions he/she must avoid (Android Rage), he/she will keep the Android secure.

ESET a global pioneer in proactive protection for 25-years, have provided five security tips for Android users, so that he/she doesn't "bring the disaster"

5 Tips to Avoid Droid Rage, and Keep your Android Secure:

Do not prefer your Android phone for work.
Encrypt your phone and external SD card by Menu<Settings<Security<Encryption

Do not forget to double-lock

Put PIN codes on individual apps such as Gmail, or Facebook by adding an extra layer of security along with the phone lock

Don't forget where you put your stuff

If your device is lost, use Gmail's PC-based security system to sign the attacker out, under Account Activity on the main Gmail page, then select "Sign out All Other Sessions".
Dropbox is a particular risk, PIN lock it if possible. Do not save passwords in web browser, do not keep email addresses, or banking details in any note-taking app and lock your Google Drive. Educate employees, executives and vendors

Don't fall for text scams

Some trogan-ized apps will post a SMS as Security app to scam you. It might send you on wild chase through rogue websites.

Always have a backup plan

Track your phone and always have a back up by adding the apps like My back up Pro and Super back up.

Hope the 5 Tips above help you avoid DRoid Rage and keep your Android Secure.

---------

Being Informed Is Being Safe

5 Tips to Avoid Droid Rage, and Keep your Android Secure

Anil Singh Tuesday, August 6, 2013

A video is viralling Facebook, with title "OMG 14 year orld drunk girl did this infront of Public". This is a malware, and takes control of your Facebook, browser and PC once your PC gets infected with it.

We noted that if even posts the same video on your Blogger blogs as well.

Screen Capture Image

Hence please don't click on any such video on Facebook. If you click on such a video, you will be asked to install some Adobe Flash plugin named somewhat like "video 7" and your system will be infected.

PS: In case you find your Blogger account compromised, kindly change the Password of the Google Account compromised. Also change the Facebook account password.

Although we do feel that the automated posting on Blogger blogs happened to those blogger accounts, which chose to remember their Google passwords on their browsers.

The Procedure to Remove the infection is difficult and Tricky for those who are not tech savvy. But still we are listing a few steps:

Uninstall the browser you used at the time of infection. Run a Full System antivirus scan of your PC. Followed by scan at boot time.

If you don't want to uninstall the browser, then since the infection came via the web browser -- Chrome, Firefox etc. you are using, hence try doing this:

Try emptying Browser Cache: Settings >> Privacy >> Cache and Stored Cookies

Go to Settings >> Extension >> And look for any extension like "Video 7" and disable it. And then delete it.

Now Go to Facebook and Look for Developers tab on the Left sidebar. Here you will see Applications you created, if you see any application you didn't create, delete it. OR in the Apps in the Left sidebar, look for any app created around the time you installed the said malware. Delete it. If You don't see it there, then go to http://developers.facebook.com/ and Click on Apps. Delete any app you didn't create.

---------

Being Informed Is Being Safe

"OMG 14 year orld drunk girl did this infront of..." malware viraling Facebook

Anil Singh Thursday, July 25, 2013

After CBS and other high profile Twitter profile hacks, Twitter yesterday took time to tell media houses on how to save their profiles from hacking. Although, the chances of profile hacking tends to be much more for high profile Accounts; Still an ordinary Joe can listen to Twitter on how to protect his/her Twitter profiles from hacking. Watch the video below:

What Twitter advised:

1) Take good care of your passwords -- This means not telling your Twitter username to anyone else, includes colleague, friends or family.

2) Choose strong passwords -- Twitter's advice is to choose a password which is easier for you to remember but difficult for the machine. Twitter says that, unlike common perception, special symbols like #, $ etc. don't make a password strong. Passwords with a lot of special characters are difficult to memorize for humans; but easy to crack for machines. Hence the right way to choose a password is to use a word phrase separated by spaces, which is so personal that you can never forget. Such passwords are difficult to get hacked.

3) Be Attentive while granting access to Third Part Applications -- Whenever any their party application tells you to authenticate, suing your Twitter username and password, make sure the authorization page is Twitter's (not some other domain, An example of such an authorization page is Here).

That's it. ---------

Being Informed Is Being Safe , Twitter

Twitter Advice on "How to prevent Profile Hacks"

Anil Singh Wednesday, May 1, 2013

Hacking is a real hard work. So are hackers. Hence if a web user is still using the word 'password' for his/her online banking account; he/she is underestimating both hacking and the hackers.

Interestingly, people do underestimate hackers, hence many are still using 'password' as password.

SplashData has released its list of 2012's worst passwords, and the top three in the list are - 'password, '123456' and '12345678'. These three held the same first three positions in the 2011 Most hacked Passwords List as well. Some passwords which saw an upward climb this year are passwords like, '123123', 'football' and '11111'.

Only God can save such People.

But some others are not safe either. As they are simply appending a number or word to the above three words. For instance, the 2012 List contains passwords like 'password1'.

Some users online are using words that reflect their theism, passion, Good upbringing or favorite Sport. Some examples are -- 'welcome', 'ninja', 'mustang' 'jesus'.

SplashData, CEO Morgan Slain, cautions from choosing such careless passwords; as the experience and consequences of a hacked password can be terrifying. It can be same as Identity Theft.

Tips on How to Choose a Strong Password:

1) Use different passwords for different websites
2) Always Use Special charachters, Numbers and words to your password
3) Mixing Two languages in a password can be a Good Ploy. For instance, instead of going for a password 'John6789money$$'; a password '6749Johnducats$$' is better.
4) Use Both Upper and Lower Case characters in your password.
5) As soon as you see suspicious activity on your Account ,change your Password.
---------

2012 Most Hacked passwords List , Being Informed Is Being Safe , passwords

2012 Most Hacked passwords List

Anil Singh Thursday, October 25, 2012

Mat Honan, A leading technology journalist, who writes for Wired, had his 'entire digital life' hacked in less than an hour -- courtesy "Flaws in Apple and Amazon security".

How such Quick Hacking materialized:

As Apple only requires basic security questions in order to access your Apple ID. From there the hackers were able to delete Mat's Google and Gmail account, stop his iPhone from working and take control of his Twitter page, reports The Daily Mail.

In an article on Wired.com, Honan shared with the world how the hacker, with who he actually spoke to, carried out the attack. After, revealing his modus operandi, the hacker also guided Mat to carry out his very own mock hack. According to Mat, all one needs to get into your iCloud account, is a billing address and the last four digits of a credit card number. Once rendered, Apple will issue a temporary password, and that password grants access to iCloud. The hacker managed to get Mat's credit card number by taking advantage of another security breach on Amazon.

How the Hacker took advantage of Amazon security breach:

He called Amazon and tell them he is the account holder, and want to add a credit card number to the account. All he required was the name on the account, an associated e-mail address, and the billing address.

After that, he called Amazon once again, and tell Amazon that he has lost access to his account. Upon providing a name, billing address, and the new credit card number, which he already had, Amazon allowed him to add a new e-mail address to the account.

---------

Apple Account Hacked , Being Informed Is Being Safe , Gmail , iCloud , iCloud Account Hacked , iPhone , Matt Honan

How Apple, Amazon security flaws, hacked within minutes 'entire digital life' of Mat Honan!

Anil Singh Thursday, August 9, 2012

If your device runs on Google's Android operating system and if you have rooted your Android device (modded your device, means tweaked its software to install even those components and apps, which are not allowed by Android) —then beware of installing some Android apps that may turn their phones or tablets into zombies.

Security vendor Trend Micro said the library file in such apps, detected as ANDROIDOS_BOTPANDA.A, will connect to command-and-control (C&C) servers.

"(W)hen executed, (the library file in the app) renders the infected device as a zombie device that connects to specific command and control (C&C) servers. What is also noteworthy about this file is that it hides its routines in the dynamic library, making it difficult to analyze," said Trend Micro.

In simple, what the Malware does is take control of the device and use it for the purposes earmarked by the malware makers.

Adding further, Trent Micro said,

"This malware also runs specifically on rooted devices, thus it is likely that this may spread through third-party app stores,".

It said ANDROIDOS_BOTPANDA.A is another reason why users should be cautious in downloading apps, specifically those from third-party app stores. Trend Micro said the malicious library "libvadgo" contained in ANDROIDOS_BOTPANDA.A was developed via NDK (a toolset used by would be-Android developers in creating apps) and loaded using Java Native Interface.

Modus Operandi of the Malware:

According to Trend Micro, the malware checks for certain system files and replaces them to avoid detection. It also makes modifications such that the malware can be launched automatically.

What makes the malware dangerous is that it hides its malicious routines in the said dynamic library, making it hard to analyze.

If more Android malware use this technique in the future, delivering analysis and solutions will prove to be challenging for security experts," it warned.

---------

Android Malware , Being Informed Is Being Safe , command-and-control (CandC) servers , rooted Android Devices

New Malware taking control of Android Devices

Anil Singh Saturday, June 23, 2012

Just like the StalkTrak app, which claimed that it let the app user know who is stalking him/her on Twitter, another Phishing Scam is going around that says "Twitter is going to charge". If you receive such a DM, Please don't click on the link. The scam is similar to twitter scams where one says, "Someone is saying really nasty things about you". So if you check your DMs – do not click suspicious links, as you won’t even know if its a Phishing scam. ---------

Being Informed Is Being Safe , Twitter , Twitter Scams

"Twitter is going to charge you" is a Phishing Scam

Anil Singh Sunday, May 20, 2012

According to Security firm Trusteer, a new piece of malware, variant of the Ice IX malware, is tricking Facebook users into handing over their credit card, debit card, and/or social security numbers.

How the malware performs the trick:

The malware tricks the Facebook users by displaying a separate Web form inside a browser pop-up window, which looks similar to Facebook’s design, when the user navigates to the Facebook’s login webpage. A version of this malware asks the Facebook user for Cardholder name, Credit or debit card number, Expiry date, Card identification number, and Address on your monthly statement.

The resemblance of the page to the Facebook’s login page and the claim made on it, makes the user believe that the information is indeed needed for the verification purposes.

Once the user puts in the asked information, the malware forwards the sensitive information to its authors via instant message, so it can be abused as soon as possible.

Please don’t render your credit card, debit card details, and/or social security numbers, if asked to; unless you are sure of the source. Note that, Facebook will never ask for your credit card number, debit card number, social security number, or any other sensitive information on the site or via e-mail.

---------

Being Informed Is Being Safe , Facebook , Ice IX malware

Facebook users Beware! Malware tricks you expose credit cards details

Anil Singh Wednesday, April 4, 2012

71 out of every 100 Businesses Admit Mobile Devices Have Increased Security Incidents

Check Point(R) Software Technologies Ltd., a leading global internet security company, has revealed the results of its new report.

According to the report, in the past two years, the number of personal mobile devices connecting to the corporate network has more than doubled -- Out of these, nearly half of devices storing sensitive data.

Below are the key findings of the Report, titled ‘The Impact of Mobile Devices on Information Security’

1) 71 percent of businesses believe mobile devices have caused an increase in security incidents, citing significant concerns about the loss and privacy of sensitive information stored on employee devices, including corporate email (79%), customer data (47%) and network login credentials (38%). And Smartphones and tablet PCs continue to proliferate in corporate environments.

2) The proliferation of smartphones and tablet PCs resulted in significant business benefits such as increased work efficiency and easy access to resources. In addition, the consumerization of IT is one of the chief concerns for CIOs (Chief Information Officers). On the flipside, the security concerns have resulted in more work for IT Administrators. And the pace, with which the devices are proliferating, overwhelms the IT departments. A trend which is likely to continue to rise in 2012.

3) Rise in Mobile Devices Connecting to the Corporate Network -- Approximately 94 percent of businesses surveyed have an increased number of personal mobile devices connecting to the corporate network,
with 78% of respondents seeing the number of devices more than double in the last two years.

4) Most Common Mobile Devices and their Security Risks -- Apple (30%) and BlackBerry (29%) were the most common types of mobile devices connecting to corporate networks, followed by Android (21%). Nearly half of respondents (43%) also believe Android devices pose a larger security risk to the mobile enterprise.

5) Employee Behavior Impacts Security of Mobile Data -- The majority of businesses believe the lack of security awareness among employees as the greatest factor impacting mobile data -- followed by mobile web
browsing (61%), insecure Wi-Fi connectivity (59%), lost or stolen devices (58%) and malicious mobile application downloads (57%).

6) Correlation between Rise in Mobile Devices and Security Incidents -- Approximately 71% of businesses believe smartphones and tablet PCs have contributed to an increase in the number of security events in
their organizations within the past two years.

7) Many Mobile Devices Store Sensitive Customer and Business Data -- Personal and corporate owned devices often store and access a variety of sensitive information including email (79%), customer data (47%) and login credentials (38%) for internal databases or business applications. ---------

Being Informed Is Being Safe , Tech24hours US

71 out of every 100 Businesses Admit Mobile Devices Have Increased Security Incidents

Anil Singh Wednesday, January 18, 2012

More than half of all spam messages in the world during the third quarter of 2011 (October-December 2011) originated from just six countries. And Indian with 14.8 per cent of such messages topped the pack of six.

Percentage of spam messages contributed by the top six countries (Data: Kaspersky Lab's spam report)

India__________14.8 percent

Indonesia__________10.6 percent

Brazil__________9.65 percent

Peru__________6.65 percent

South Korea__________5.85 percent

Ukraine__________3.7 percent

Rest of the world__________48.75 percent

Note: All of the countries that make up the top 10 sources of spam are situated in South America, Asia and Eastern Europe, informs the report.

What are the reasons?

According to Kaspersky, the primary reason for these countries to feature in top ten list of Spam senders, is that there are numerous users in these countries and they are, for the most part, not very experienced when it comes to IT security; making them a soft target for cybercriminals spreading spam-bots (PC networks controlled by hackers are called Bot networks).

The above reasoning can be understood, when one looks at the percentage of spam contributed to global spam, by all GCC countries (Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and United Arab Emirates). GC countries together accounted for just 1.33 per cent of all global spam, with Saudi Arabia leading the pack. This the report attributes to the low number of users and more vigilance in protecting computers in these countries. ---------

Being Informed Is Being Safe , Online Marketing , Top Spam senders Globally

15 percent of all Spams globally originated from India: Report

Anil Singh Friday, December 30, 2011

A few days ago, I felt sick to my stomach when I opened the following direct message on Twitter from reporter Greg Bensinger, a person I follow who doesn't follow me.

How will you respond, if someone tells you that a third person is saying really bad things about you?

In most cases, in order to satisfy your unhealthy Curiosity, you will try to know what else that person said about you; before even bothering to suspect the intentions of the second person. But, this is human nature.

Scammers, who are known to take advantage of human behavioral shortcomings, are also known to exploit the above pathological curiosity of humans, all the time.

One of the prominent Phishing Scams circulating on Twitter these days does just that.

The scam informs a Twitter user, by way of Direct Message or DM, that “someone on Web is saying really bad things about you or your blog” OR "I saw a real bad blog about you, you seen this? ". The single line message is followed by a link. Arousing the morbid curiosity in the user, the scam makes the user click on the link in the message, reach a Twitter like Page, submit his/her username and password, and thus take control of the user’s Twitter account to send out spam tweets for money.

What is the modus operandi:

It all lies on the link and the page on which the very worried/furious Twitter user reaches.

When the user clicks on the link in the DM, he/she reaches Twitter's homepage asking him/her to log back in. But here is catch here, the page the user lands on, may look like that of Twitter’s, but it’s actually "Twittelr.com." Notice an extra ‘l’ in the name. The resemblance to authentic Twitter page and cleverly placed ‘l’ in the name, keeps the phished user unawares.

Web security firm, Sophos has identified this "real bad blog" OR “Saying Really bad thing about you” DM as a Twitter phishing attack making the rounds.

Precautions:

Although, many will recommend you a good anti-phishing product to save you from that Twitter phishing site; one of the easiest ways to remain protected from such scams, is to use one’s common sense, and press the delete button as soon as something betrays logical thinking.

If you suspect, any weired activity on your Twitter account, immediately change the password and the email linked to the account. Also report to Twitter. ---------

Being Informed Is Being Safe , Twitter , Twitter Phishing Scam

Twitter Phishing Scam exploiting your unhealthy Curiosity

Anil Singh Sunday, October 16, 2011

What’s the annual cost of Global Cybercrimes?

A study by Symantec Corp, the maker of Norton antivirus, estimates the cost of global cybercrimes at $114 billion annually (5,70,000 crore Indian Rupees).

The above estimates covered in the Norton Cybercrime Report 2011 says that 431 million (or 43 crore) adults were victims globally in the past year, with costs of cybercrime surpassing the combined global black market in marijuana, cocaine and heroin.

The report further says that over the past one year, three times more adults have suffered from online crime versus offline crime. But notably, less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year.

About the demography (age group) most likely to become OR are a victim of cyber crimes, the study identifies the men in the 18-31 years age group, who access the Internet from their mobile phone. ---------

Being Informed Is Being Safe , Cost of Cybercrimes Globally in 2010

Cost of Cybercrimes Globally in 2010: Symantec

Anil Singh Wednesday, September 7, 2011

Subscribe to: Posts ( Atom )