Criminals have long known there’s a sucker born every minute. In fact, more than 9 million households have had at least one member who gave up their information to phishers. And in the first half of 2012, these cybercriminals netted over $680 million which may be one of the reasons that McAfee Labs™ saw the average number of phishing sites found each day, increase by 70% between January and September of 2012. They also found 3-1/2 times more phishing URLs than spam URLs for the first time ever. This means spam is losing favor (and flavor) to phishing as cybercriminals are tossing out wide phish nets.

Here’s a graphic that explains how phishing works:

There are no depleted phish stocks in the sea of scamming, so to protect yourself from phishing you should:

• Be suspicious of emails that ask for personal or financial information. Most banks and legitimate businesses will not send you an email asking you to provide this type of information.
• If you suspect that an email or chat message may not be authentic, or you don’t recognize the sender, do not click any links included in the message.
• Check your bank, credit and debit account statements regularly for any unauthorized transactions. If you notice any suspicious or unfamiliar transactions, contact your bank and/or card issuer immediately.
• Make sure to keep your browser and operating system up to date and install any necessary security patches.
• Use comprehensive security software, like McAfee All Access, on all your devices and make sure they include a safe search tool that identifies risky websites in email, chat, social networking sites and search engine results to protect you from phishing.

For more information on how to protect yourself, watch our phishing video:

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

The holidays are just around the corner and amid the hustle and bustle many of us will fire up our devices to go online, order gifts, plan travel and spread Offers cheer. But while we’re getting festive, the cybercriminals are getting ready to take advantage of the influx of your good cheer to spread scams and malware.

With online holiday shopping expected to grow 12.1% in the US alone this year, to as much as $96 billion, and more people than ever using social media and mobile devices to connect, the cybercriminals have a lot of opportunities to spoil our fun. Using multiple devices provides the bad guys with more ways to access your valuable “digital assets,” such as personal information and files, especially if the devices are under-protected.

According to a McAfee global study commissioned by MSI International last year, consumers place an average value of $37,438 on the “digital assets” they own across multiple digital devices, yet more than a third lack protection across all of those devices.

So, as you head online this holiday season stay on guard and stay aware. Get familiar with our “12 Scams of Christmas” to ensure a safe and happy holiday season:

1)    Social media scams—Many of us use social media sites to connect with family, friends, and co-workers over the holidays, and the cybercriminals know that this is a good place to catch you off guard because we’re all “friends,” right? Here are some ways that criminals will use these channels to obtain shopper’s gift money, identity or other personal information:

• Scammers use channels, like Facebook and Twitter, just like email and websites to scam consumers during the holidays. Be careful when liking Fan Pages, clicking on fake alerts from friends’ accounts that have been hacked, taking advantage of raffle’s, ads and deals that you get from “friends,” or installing suspicious “holiday deal” apps that give your private data away.
• Twitter ads and special discounts for popular gifts are especially popular, and utilize blind, shortened links, many of which could easily be malicious. Criminals are getting savvier with authentic-looking social ads and deals that take consumers to legitimate looking websites. In order to take advantage of the deals or contests, they ask them for personal information that can obtain a shopper’s credit card number, email address, phone number or home address.

2) Malicious Mobile Apps—As smartphone users we are app crazy, downloading over 25 billion apps[1] for Android devices alone! But as the popularity of applications have grown, so have the chances that you could download a malicious application designed to steal your information or even send out premium-rate text messages without your knowledge. Consider this: A recent study found that 33%[2] of apps ask for more information than they need, such as access to your contacts or location.

• TIP: So, if you unwrap a new smartphone this holiday season, make sure that you only download applications from official app stores and check other users’ reviews, as well as the app’s permission policies, before downloading. Software, such as McAfee Mobile Security, can also help protect you against dangerous apps.

3) Travel Scams—Many of us travel to visit family and friends over the holidays and begin our journey online looking for deals on airfare, hotels, and rental cars.  But before you book, keep in mind that the scammers are looking to hook you with too-good-to-be-true deals. Phony travel webpages with beautiful pictures and rock-bottom prices are used to get you to hand over your financial details.

• Even when you’re already on the road you need to be careful. For example, the FBI recently warned travelers of a hotel Wi-Fi scam in which a malicious pop-up ad prompts computer users to install a popular software product before connecting to their hotel Wi-Fi.[3] If you agree to the installation, it downloads malware onto your machine.

• TIP: Remember to perform a security software update before traveling, to guard you against the latest scams.

4) Holiday Spam/Phishing— If you’re like most people, you’re probably familiar with spam emails containing questionable offers. But get ready, because soon many of these spam emails will take on holiday themes. Cheap Rolex watches and pharmaceuticals may be advertised as the “perfect gift” for that special someone. McAfee also expects to see an increase is holiday-themed phishing emails that try to trick you into revealing financial or personal details by posing as an offer from a legitimate business.

TIP: Remember never to respond to a spam email, or click on an included link.

5) The new iPad, iPhone 5,  and other hot holiday gift scams—The kind of excitement and buzz surrounding Apple’s new iPad and iPhone 5 is just what cybercrooks dream of when they plot their scams. They will mention must-have holiday gifts in dangerous links, phony contests and phishing emails as a way to grab computer users’ attention. Once they’ve caught your eye, they can try to get you to reveal personal information or click on a dangerous link that could download malware onto your machine.

TIP: Be suspicious of any deal mentioning hot holiday gift items—especially at extremely low prices—and try to verify the offer with the retailer involved.

6) Skype Message Scare—People around the world will use Skype to connect with loved ones this holiday season, but they should be aware of a new Skype message scam that attempts to infect their machine, and even hold their files for ransom.

The threat appears as a Skype instant message with the scam line “Lol is this your new profile pic?”. If you click on the included link, a Trojan downloads onto your hard drive, blasts the dangerous link to all of your contacts, and can even try to extort money from some PC users to regain access to their files.

TIP: Never click on a suspicious link, even if it appears to come on from someone you know.

7) Bogus gift cards—Gift cards are probably the perfect choice for a lot of people on your holiday list, and given their popularity, cybercriminals can’t help but want to get in on the action by offering bogus gift cards online.

TIP: Be wary of buying gift cards from third parties; it’s best to buy from the official retailer. Just imagine how embarrassing it would be to find out that the gift card you gave your mother-in-law was fraudulent!

8) Holiday SMiShing — “SMiSishing” is phishing via text message. Just like with email phishing, the scammer tries to lure you into revealing information or performing an action you normally wouldn’t do by pretending to be a legitimate organization.  Since many of us like to keep a close eye on our bank accounts during the holidays, be wary of SMiShing messages that appear to come from your bank, asking you to verify information or visit a phony webpage.

TIP: Remember that real banks won’t ask you to divulge personal information via text message. If you have any questions about your accounts, you should contact your bank directly.

9) Phony E-tailers–No matter what gift you’re looking for, chances are you can find it quickly and easily online, but you still want to be careful in selecting which site to shop. Phony e-commerce sites, that appear real, try to lure you into typing in your credit card number and other personal details, often by promoting great deals. But, after obtaining your money and information, you never receive the merchandise, and your personal information is put at risk.

• This is exactly what happened to customers of harbourelectronics.com, a copycat site of electronics repair store harborelectronics.net. It turns out that harbourelectronics.com was one of a host of the bogus e-commerce sites coming from the same IP address.

• TIP: That’s why it’s important to shop at trusted and well-known e-commerce sites. If you’re shopping on a site for the first time, check other users’ reviews and verify that the phone number listed on the site is legitimate.

10) Fake charities—This is one of the biggest scams of every holiday season. As we open up our hearts and wallets, the bad guys hope to get in on the giving by sending spam emails advertising fake charities. They may try to fool you into thinking that they are a real charity, such as the Red Cross, with a stolen logo and copycat text, or the charity may be entirely invented. For example, one man ran a bogus charity for the “U.S. Navy Veterans Association” and gathered $2 million from donors over five years![4]

• TIP: If you want to give, it’s always safer to visit the charity’s legitimate website, and do a little research about the charity before you donate.

11) Dangerous e-cards—E-Cards a popular way to send a quick “thank you” or holiday greeting, and there are plenty of free and paid e-card sites out there. And while most e-cards are safe, some are malicious and may contain spyware or viruses that download onto your computer once you click on the link to view the greeting.

• Others ask you to click on an attachment to view the card, and then download a Trojan onto your machine. That’s why you should look for clues that the e-card is legitimate.

• TIP: Make sure that the card comes from a well-known e-card site by checking the domain name of the included link. Also check to see that the sender is someone you actually know, and that there are no misspellings or other clues that the card is a fake.
  

12) Phony classifieds—Online classified sites may be a great place to look for holiday gifts and part-time jobs, but beware of phony offers that asked for too much personal information or ask you to wire funds via Western Union, since these are most likely scams. If you’re going to purchase an item or apply for a job, try to do it in person in a public place.

TIP: When purchasing an item, pay in cash and never agree to pay for an item before receiving it.

 How to Protect Yourself Against Scams During the Holidays, and Year-Round:

1)    Stay suspicious—Be wary of any offer that sounds too good to be true, and always look for telltale signs that an email or website may not be legitimate, such as low resolution images, misspellings, poor grammar, or odd links.

2)    Practice safe surfing—Find out if a website is potentially dangerous before you click on it by using a safe search plug-in such as McAfee SiteAdvisor®. SiteAdvisor uses easy-to-read red, yellow, and green check marks to rate websites when you search for them.

3)    Practice safe shopping—Stick to reputable e-commerce sites and look for a trustmark that indicates that the site has been verified as safe by a trusted third-party, like the McAfee SECURE™ mark. Also, look for a lock symbol and  “https” at the beginning of the web address (as opposed to just “http”) to see if the site uses encryption to protect your data.

4)     Use strong passwords— Make sure your passwords are at least eight characters long and contain a variety of letters, numbers and characters that don’t spell anything. Avoid using the same password for your important accounts, and never share your passwords with anyone.

5)     Be careful when clicking—Don’t click on any links in messages from people you don’t know, and if you come across a shortened URL, use a URL expander to see where the link is directed to before you click.

6)    Use a comprehensive computer security— You need complete protection that includes anti-virus, anti-spyware, anti-spam, and a firewall and make sure it is up to date. Online security and safety protection, such as McAfee All Access, can help protect all of your devices – PCs, Macs, smartphones and tablets – from holiday-related malware, phishing, spyware, and other common and emerging threats.

7)    Educate yourself— Keep up-to-date on the latest scams and tricks cybercriminals use so you can avoid potential attacks. You can find helpful information on the McAfee Blog and the McAfee Advice Center.

But Apple’s not the only one looking to cash in when the iPhone 5 hits the virtual store shelves this month, as fraudsters and Internet pirates across the globe are counting on the latest Apple frenzy to help line their pockets too.

 When there is a major event, like Black Friday, Cyber Money, or a much-anticipated Apple product going on sale, it queues up the bad guys to take advantage of all the excitement.   Online scammers are expected to be out in full force this month in anticipation of deal seekers. Fraudsters will be using the latest iPhone event to send out phishing scams and e-mails with infected links in an effort to extract credit card info and other personal details from unsuspecting consumers.

There are, however,  some  simple tips to avoid getting scammed when going online to look for the new iPhone:

• Go directly to the source. If you receive and e-mail referencing a great deal on the new iPhone, don’t click the links in the e-mail but go directly to Apple’s URL and look for that same promotion.
• Are you up-to date? Make sure you’re security software is updated with the latest patches and upgrades. That is your strongest protection and first line of defense against spyware and viruses.
• Be wary of highly-discounted phones. As the saying goes, if it seems too good to be true, it probably is. iPhones have consistently been among the most sought-after devices since their release. Chances are you won’t be seeing any legitimate “Buy 1, Get 1 Free” offers the first week these phones go on sale.

This morning I received another of those “You have won a lottery!” mails.

This made me realize that cyber criminals will continue to try baiting unsuspecting net users, and so I should periodically remind my readers to how to stay off the Scammers net. So let’s talk about “Phishing” today.

What is Phishing?

According to McAfee Security Tips, “Phishing are scams that attempt to acquire confidential information such as credit card numbers, personal identity data, and passwords by sending out emails that look like they come from real companies or trusted individuals.”

The common phishing mails usually involve communications regarding the winning of a lottery; the imminent closure of bank account; order confirmation; verification of billing information and return of excess payments made to the tax dept.

Usually scammers send the mails to many victims, whose e-mail ids they might have harvested from the net, hoping that at least some will fall prey to their trap and click on a malicious link or open a malicious attachment.

I have provided snapshots of two very common types of phishing mail, courtesy Hoax-slayer:

Ever wondered what scammers do with your information?

• Access your bank account: They harvest your passwords, user names and other details and directly access your account. After that, they can easily transfer funds, conduct transactions etc. They can also change the password and lock you out of your own account
• Use your credit card: Similarly, once they get you to share your credit card details including expiry date and user name, they can carry out transactions and charge it to your account
• Steal your identity: If you have been naïve enough to offer details like PAN number, bank account and credit card details, the scammer will find it very easy to create a profile using your details. Thy can use this profile or sell it to others for various criminal reasons. It will take months or even years to resolve legal issues, clear your name and pay off debts

If you receive a suspicious message that looks like a phishing mail:

1. Delete the mail, without clicking on the links or opening attachments
2. Don’t enter personal or financial information into pop-up windows
3. Type addresses directly into your browser or use your personal bookmarks. Don’t use links in e-mails to access netbanking facilities
4. If in doubt it is better to contact the company or individual directly
5. Don’t wire money to friends supposedly stranded in foreign countries without first confirming with him/her or others
6. Don’t share bank details with any online seller/employer without proper verifications

What if you accidentally get “phished”?

• Change email id and password
• Inform your bank immediately
• Inform all your friends so that the scammer can’t touch them by sending mails from your account
• File a report with the nearest cybercrime cell if your bank details get stolen

How to safeguard yourself against phishing attacks

• Use a comprehensive internet security software that includes advanced ant-phishing software
• Periodically change your passwords/log in id
• Keep spam filter “on” while accessing the net
• Always report spams
• Carry out transactions from secure sites that have the ‘padlock’ symbol, begins with https//: and is certified to be ‘visa secure’

For further details, please visit:

http://www.hoax-slayer.com/citibank-phisher-scam.html

http://www.mcafee.com/us/mcafee-labs/resources/security-tips-13-ways-to-protect-system.aspx

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Cybercriminals rub their hands with glee when they think of the holidays. If you’re like me then you are probably busy making travel plans, shopping for gifts and bargains, updating Facebook and connecting with friends. However, the vast majority of people don’t have security protection for their smartphones or tablets, despite using them heavily during the holiday season.

You’ll need to stay one step ahead of this season’s cyber-scrooges, and make sure you have protection for all of their Internet-enabled devices. Otherwise, you could risk giving the bad guys the biggest gift of all – your own personal and financial information!

McAfee’s 12 Scams of Christmas

1. Mobile Malware:  A recent National Retail Federation (NRF) survey, dated October 19, found that 52.6 percent of U.S. consumers who own a smartphone said they will be using their device for holiday-shopping related activities—whether it’s to research products, redeem coupons, or purchase holiday gifts. Malware targeted at mobile devices is on the rise, and Android smartphones are most at risk. McAfee cites a 76 percent increase in malware targeted at Android devices in the second quarter of 2011 over the first, making it the most targeted smartphone platform.

New malware has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals on Black Friday and Cyber Monday, or just to learn about products they want to buy.

2. Malicious Mobile Applications -These are mobile apps designed to steal information from smartphones, or send out expensive text messages without a user’s consent. Dangerous apps are usually offered for free, and masquerade as fun applications, such as games. For example, last year, 4.6 million Android smartphone users downloaded a suspicious wallpaper app that collected and transmitted user data to a site in China.

3. Phony Facebook Promotions and Contests – Who doesn’t want to win some free prizes or get a great deal around the holidays? Unfortunately, cyberscammers know that these are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information.

A recent scam advertised two free airline tickets, but required participants to fill out multiple surveys requesting personal information.

4. Scareware, or Fake Antivirus software – Scareware is the fake antivirus software that tricks someone into believing that their computer is at risk—or already infected—so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, with an estimated one million victims falling for this scam each day. In October 2010, McAfee reported that scareware represented 23% of all dangerous Internet links, and it has been resurgent in recent months.

5. Holiday Screensavers—Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screensaver that promises to let you “fly with Santa in 3D” is malicious.  Holiday-themed ringtones and e-cards have been known to be malicious too.

6. Mac Malware – Until recently, Mac users felt pretty insulated from online security threats, since most were targeted at PCs. But with the growing popularity of Apple products, for both business and personal use, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee LabsTM, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent month on month.

7. Holiday Phishing Scams – Phishing is the act of tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony email or social media posts. Cyberscammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information. 

• A common holiday phishing scam is a phony notice from UPS, saying you have a package and need to fill out an attached form to get it delivered. The form may ask for personal or financial details that will go straight into the hands of the cyberscammer.
• Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money—and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.
• Smishing –SMS phishing—remains a concern. Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated—and collects the user’s personal information including Social Security number, address, and account details.

8. Online Coupon Scams – An estimated 63 percent of shoppers search for online coupons or deals when they purchase something on the Internet, and recent NRF data (October 19, 2011) shows that consumers are also using their smartphones (17.3 percent) and tablets (21.5 percent) to redeem those coupons. But watch out, because the scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information.

• One popular scam is to lure consumers with the hope of winning a “free” iPad. Consumers click on a “phishing” site, which can result in email spam and possibly dealing with identify theft.
• Consumers are offered an online coupon code and once they agree, are asked to provide personal information, including credit-card details, passwords and other financial data.

9. Mystery Shopper Scams – Mystery shoppers are people who are hired to shop in a store and report back on the customer service.  Sadly, scammers are now using this fun job to try to lure people into revealing personal and financial information.  There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be a mystery shopper, and instructing them to call a number if they are interested.  Once the victim calls, they are asked for their personal information, including credit card and bank account numbers.

10.  Hotel “Wrong Transaction” Malware Emails – Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams in the hopes of getting us to click on dangerous emails. In one recent example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card.  It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.

11.  “It” Gift Scams – Every year there are hot holiday gifts, such as toys and gadgets, that sell out early in the season. When a gift is hot, not only do sellers mark up the price, but scammers will also start advertising these gifts on rogue websites and social networks, even if they don’t have them.  So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse.

12. “I’m away from home” Scammers – Posting information about a vacation on social networking sites could actually be dangerous.  If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide that it may be a good time to rob them.  Furthermore, a quick online search can easily turn up their home address.

“We don’t want consumers to be haunted by the scams of holidays past, present and future,” said Jim Walter, manager at McAfee Labs. “With the increase in malware and other attacks on smartphones, tablets and Macs, users need to stay vigilant and ensure they protect all of their devices, not just their home PC – they can’t afford to leave the door open to cyber-grinches during the busy holiday season.”

How to Protect Yourself
Internet users can protect themselves from cybercrime with the following quick tips from McAfee:

• Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them.
• Be extra vigilant when reviewing and responding to emails.
• Watch out for too-good-to-be-true offers on social networks (like free airline tickets). Never agree to reveal your personal information just to participate in a promotion.
• Don’t accept requests on social networks from people you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home.

Be sure you have active, comprehensive protection for all of your devices. McAfee® All Access is the only product that lets you protect a wide variety of Internet-enabled devices, including PCs, Macs, smartphones, tablets and netbooks, for one low price for individuals and families. To learn more, visit http://home.mcafee.com/store/all-access-security.

Special offer from McAfee
As millions of consumers begin to search and shop online during this holiday season, McAfee understands the importance of being aware of cybercriminals tactics and knowing how to stay protected from identity theft and online fraud. 

From November 9 – 15, McAfee will be offering a complimentary PDF copy of a new book on http://www.facebook.com/mcafee called 99 Things You Wish You Knew Before(r)… Your Identity Was Stolen, authored by identity theft expert Robert Siciliano. The book is available in print, ePub, and PDF and can now be found on Amazon, Amazon Kindle, and the Sony eBook Store and http://www.99-series.com/store.html from $5.99-$14.97.

In the book, Robert proactively organizes, simplifies, and demystifies the entire issue of identity theft and computer fraud into bite size chunks to make consumers, families, employees and small businesses safe and secure. Consumers will learn the difference between Scareware, Ransomware and Spyware; about the types of cybercriminals, such as a Black Hat, Cracker, Script-kiddie and Hacktivist; and how to protect their identity online and in the physical world.

Additional Resources
• Web surfers should visit the McAfee Security Advice Center and Facebook page at www.facebook.com/mcafee for information on the latest threats, and tips on surfing safely.
• VIDEO: A New World of Threats
• VIDEO: History of Malware

The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era.

Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era. And as big companies get better at locking down their software and protecting their data, criminals are targeting the little guy. Ordinary citizens’ every day digital lives are at risk via infected web pages, instant messaging, phishing, Smartphone viruses, text message scams and now hackers are targeting Macs in a big way.

In the past 20 years, e-commerce and social media have taken over. The numbers behind the explosive growth of cybercrime are astounding. In a little over two decades, we’ve gone from less than 500 pieces of malware to over 55 million annually. Cybercrime has evolved from nothing to a multibillion-dollar industry.

In 1995, 8069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands.

In 2000, 56,342 unique pieces of malware were detected, mostly on PCs, but some began spreading to Macs. Then smartphones got the Cabir virus. The “I Love You” worm slithered its way onto millions of PCs, and the MyDoom worm slowed down the entire Internet by 10%, resulting in loses totaling 38 billion dollars.

In 2005, 164,000 unique pieces of malware were detected, including the first virus for Mac OS X and another 83 mobile viruses. 57 million U.S. adults fell for phishing scams via 17,877 different spoof websites. 80% of all email was spam. The Conficker worm, Zeus Trojan, Koobface, Applescript.THT, Storm botnet, and Ikee iPhone virus all made their debuts this year.

By 2010, 54 million unique pieces of malware were spreading to tablets, too. More than 90% of all email was spam. 27% of teens infected their families’ PCs with viruses in 2010. Almost 420,000 phishing sites were discovered. OpinionSpy, Boonana, and MacDefender infected Macs. Hackers commandeered Skype’s instant messaging service to deliver malware. The Gemini and Zitmo Trojans gathered location data and stole financial transaction information.

But if that’s not enough. In 2010, more than three million malicious websites were created, any one of which could infect your computer.

The question is are you protected? Are you using some free download by an unknown company to protect yourself? Or do you have a comprehensive multi layer approach to digital security protecting all your devices?

Check out this video to learn more and the infographic below: The History of Malware

Robert

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

The sophisticated cyber attack was reported to be the lowly unsophisticated phishing email.

Phishing is emerging as sophisticated due to ways in which the phish emails are disguised to look like legitimate communications often from other trusted employees on the inside.

The criminals behind these emails are doing their research on company websites finding key individuals to model and following up their research on Facebook and LinkedIn to make their phish emails more personal.

And while criminals are still targeting “whales” or CEOs of major corporations and their officers, they are using similar attacks on consumers, as well.

McAfee Labs discovered an attack this week with the subject line “Easter Greeting” that was spammed broadly and is currently hitting inboxes around the globe.  The e-mail that depicts a colorful picture of a bunny, chicks, and eggs has the subject line, “Easter Greeting From Alex.”  The clickable text at the bottom of the message reads “Download Animated Greeting Here” which is a booby trapped message that leads directly to malware and puts an infected PC under the control of the attacker who attempts to steal passwords and other personal information. 

Since the threat has already been identified by McAfee Labs, McAfee software will protect customers against it. 

This event is a good reminder for consumers to keep these basic computer safety rules in mind:

Don’t click on links in e-mail messages and be extra suspicious of messages like this Easter Greeting.  If you think it is legitimate, ask the supposed sender by sending a separate e-mail if they sent you a greeting.

Run a full, up-to-date suite of security software.

Ensure your operating system and other applications have the latest patches.

With more than 11 million victims just last year identity theft is a serious concern.  McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself – please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Generally when a credit card is compromised a new number and card is issued making the breach a forgotten inconvenience. However when a Social Security number is breached, the victim can feel the effects for decades. Email addresses fall in the middle because consumers have the ability to change them, but often weigh the pros and cons and keep them for convenience sake.  This is what makes getting phished a higher probability.

McAfee Labs believe scammers will probably wait until they figure out how best to turn their scams into money, and may wait until the news cycle dies down.  That’s why it is important for consumers to stay vigilant for a period of time…really for the entire time you posses a hacked email address.

Here are some tips for consumers to stay safe:

- Consider ditching your compromised address and starting new.

- Be aware that companies will never ask you for credit card information or other personal information in email.  If you are being asked to provide that information, it’s a scam.

- If you are suspicious of an email, go directly to the Web site of the company that purportedly sent it and don’t follow links in the email as those may be fraudulent. Call the company’s number listed on their Web site, not the number in the email as that may be a fake.

- Consider unsubscribing from email communications and re-subscribing using a new email address for commercial communications. That way you know that messages that land in that new inbox are more likely to be genuine as the new address wasn’t part of the breach

- Use the latest security software, including Web security features to protect you from going to malicious Web sites such as phishing sites

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing the Epsilon breach for McAfee on Fox News. (Disclosures)

…Actually please don’t!

Their grey small-print ad declares that calls cost £1.02 per minute and rightly (but pretty much illegibility) claims “this service is not connected with the London2012.com website.” It also says “this information service is provided as is and is without any warranty or guarantee to its accuracy or fitness for any particular purpose.” If that’s true, then why bother?

I have always had an ethical issue with premium-rate information lines profiteering from otherwise free and high-quality information resources. Official information regarding 2012 ticketing is available via  www.london2012.com. It’s a great site and the only one you’ll need and clearly links to the ticketing subsite at www.tickets.london2012.com. The legitimate site even has a page that documents a heap of scams they’ve seen already! Clearly scammers and cybercriminals will continue to use sporting events as a lure to relieve people of their money. Stay informed. Stay updated. Stay safe.

This is what happened to my friends Jim and Mala. The ad itself didn’t raise any suspicions and the apartment was in a good neighborhood and even had a doorman. However, the red flags should have gone up when the “landlord” asked for a wire transfer.  Criminals use wire transfers because they are virtually untraceable and the victim has no recourse to get the funds back. This scam happens so frequently, it actually made the 2010 “Twelve Scams of Christmas”. 

When Jim told me this story, I immediately asked if I could write a blog about their experience. I know from my own experiences over the years, it feels awful to be duped, but it is even worse when it happens to your child. Particularly worse when you think you have communicated clearly to them and think that they should know better. And much, much worse when you are particularly saavy online parents, like Jim and Mala, who routinely talk to your children about being smart online!   

You know what? Criminals are very good at what they do. Jim and Mala’s child is a really smart young adult who has learned over the years to be very careful – and this still happened. So I try to keep this in mind – if criminals weren’t good at what they do, they would have a job just like everybody else.  Sometimes kids have to make a mistake before they learn a valuable lesson.  Sometimes they make mistakes multiple times before they learn.

Mala made an excellent point when she explained “We have constantly had the topic of online good practices as a point of discussion in our household – but the focus of our discussions had been always on cyberbullying, effective use (as in research) etc., and we had glossed over issues of dealing with money transactions online. What this incident “hit us over the head with” is that as our kids became young adults we didn’t expand our focus of concern to issues of identity theft and safe transactional practices (i.e. purchasing goods online) as an essential part of life today for young people. “

So today’s lesson is about interacting with strangers you meet online via forum type sites like Craigslist and safe transacting.  I, for one, have used craigslist many, many times very successfully. However, I have followed certain rules every single time.

1. Never wire money using Western Union! Criminals use wire transfer to separate you you’re your money and them from the crime. When the money is wired, you are giving away any protection you have – don’t do it!
2. Never meet the person alone or in a secluded place. Whether you are going to them or they are coming to you, always meet in a public area or make sure you are not by yourself.
3. Trust your instincts! If something seems off, walk away. If the seller is pressuring you to buy, stop and think before you transact. You should see the item or place in person and be completely happy with the item and the price.
4. Shop with your head! Credit cards purchases are insured and give you some recourse if you are unhappy with a purchase. Use well known online stores or shop in “brick and mortar” shops for the safest transactions.

Stay safe out there!

Tracy