Spammers thrive on consumers’ economic insecurities

By admin | April 9, 2010 | Leave a Comment 

admin

Spam Phishing

Symantec’s April State of Spam and Phishing report highlights close ties between economic developments and malicious activity online

Mining the archives of its Global Intelligence Network, Symantec found the key spam headlines utilised over the course of the recession have closely mirrored the economic situation of its time – keeping spammers busy adapting to the frequently changing financial situation. Examples include:

  • October 2007 : Spammers Feed Off Housing Crisis
  • January 2008 : As Oil Prices Hike, Spammers Strike
  • February 2008 : Rising gas prices lead spammers to bio-fuel
  • June 2008 : Economic Climate Helps Fuel Spam Climate
  • August 2008 : Gas prices and foreclosures remain a focus
  • September 2008 : Job Seekers: Beware of Bogus Recruiting Ads bearing Viruses
  • November 2008: Economic bailout package & FDIC guarantee get the attention of some spammers
  • January 2009: Spammers Use the Recession to Enter Your Inbox
  • March 2009: Economic woes bring good tidings for spammers
  • April 2009: Spammers Rethink Their Mortgage Strategy
  • March 2010: Job offer spam signal an upturn in the economy

    •  

    When we looked at the top ten subject lines containing economic keywords, we can see that spammers tend to have an optimistic view of the economy with job offer spam among their top subject lines for the month. Examples of subject lines to be on the lookout for include ‘Get the Job fast this one’, ‘Finance Manager vacancy’ and ‘FW: Global job vacancy’.

    Monitoring the topics used by spammers offers us a unique insight into the changing concerns of consumers over the course of the recession. Criminals take advantage of peoples’ widespread concerns by exploiting them for financial gain.

    Amanda Grady

    Credit card dumping on the rise

    By Greg Day, EMEA Security CTO for Symantec | April 8, 2010 | Leave a Comment 

    Greg Day, EMEA Security CTO for Symantec

    Card Security

    At Symantec we’ve noted a worrying increase in so-called “credit card dumps” on offer in the criminal underworld over the past year. Dumps, which are copies of the information stored on the magnetic stripe of the original card, are usually obtained via electronic “skimming devices” fitted to the credit card machine or bank teller.

    The devices often take the form of an additional card reader that is placed over the original and records any data that passes through it.

    Skimming devices can be combined with a doctored keypad that is placed over the real one or a small video camera that records the PIN code entered for each card. Newer versions even contain a GSM module that will send the encrypted dumps back to the attacker. Video footage from surveillance cameras has shown that scammers can install the fake keypad and card reader in under five seconds.

    Once the criminals have the information, they have the card number and can clone the credit card. The clones can be almost indistinguishable from authentic cards, often including holograms and embossed gold numbers. If the criminals have recorded the PIN codes, the cards can be used at any ATM to withdraw cash.

    Spotting a skimming device is not easy as the devices are highly sophisticated and usually match the look and feel of the credit card or teller machine.

    People should look out for any attached keypads or strange looking card slots. Often they are fixed point mounted and create a small overlap that just looks a bit odd and wiggles a bit.

    This type of thievery is not confined to the developed economies and travellers should be particularly wary when abroad. For example, thousands of football fans will be travelling to South Africa in a couple of months for the 2010 World Cup. While the country is a developing economy, it has a highly sophisticated and modern banking infrastructure and credit card fraudsters to match it.

    Credit card skimming can happen virtually anywhere so while enjoying what South Africa has to offer over and above the World Cup, it is important for travellers to pay special attention to what happens to with bank or credit cards, wherever they are used.

    For more information on Internet scams relating to the 2010 Soccer World Cup, visit www.2010netthreat.com.

    Candid Wüest, senior threat researcher at Symantec

    Symantec urges business to bolster defences in order to avoid new £500k fines for breaches of Data Protection Act

    By admin | April 6, 2010 | Leave a Comment 

    admin

    As new legislation comes into force today which empowers the Information Commissioner’s Office (ICO) to levy fines on businesses of up to £500,000 for serious breaches of the Data Protection Act (DPA), Symantec has cautioned that fines are avoidable – provided adequate security best practice is adhered to.

    The ICO is aiming to give the data protection act ‘teeth’ and is clearly concerned about several high profile cases where unencrypted, confidential data residing on laptops and USB sticks has been lost and stolen. The impact of the vast majority of these cases could have been easily mitigated or avoided altogether by following security best practice such as protecting data and having clear guidelines in place for how data is used.

    For a data breach to attract a monetary penalty, the ICO must be satisfied that a serious breach is likely to cause “damage or distress” and that it was either “deliberate” or “negligent” and that the organisation “failed to take reasonable steps to prevent it”.

    Symantec advises:

    Develop and enforce a robust security policy which includes:
    -Tight governance regarding use of customer data – it should not physically leave the premises unless absolutely necessary
    - Use advanced encryption appropriately for data that does have to leave the premises
    - Restrict access to customer data only to those staff for whom it is critical
    - Ensure that confidential data cannot be copied on to portable media such as USB sticks or CD’s
    - Monitor information leaving via email and websites for appropriateness

    Protect and manage all PCs, laptops and servers
    -Maintain active, up-to-date antivirus, spyware and firewall protection

    Create strong passwords for all systems and hardware
    - Use at least eight characters with a combination of numbers, letters and punctuation marks and don’t use the same password which is active on other accounts

    Don’t forget non-electronic security
    - Shred any documents that contain identifying information before disposing of them
    - Don’t leave financial documents and sensitive information in an unsecure environment
    - Regular education of employees can help improve awareness of appropriate behaviour

    Mike Jones, Principal Product Marketing Manager at Symantec

    Symantec Unveils Plans for Lunar Data Centre

    By admin | April 1, 2010 | 9 Comments 

    admin

    READING, UK. – April 1, 2010 – Symantec Corp. has today announced the purchase of two acres of land on the Earth’s moon as the build site for its new state-of-the-art ‘Data Centre of the Future’.

    “Symantec has a long history of preventing data from disappearing into black holes. This move is the culmination of a vision to move Symantec from Cyberspace to real space” said Buzz Norton, a spokesperson from Symantec. “This project may be one small step for Symantec, but one giant leap for the next generation of data centres.”

    The new facility will benefit from the latest green technologies for power and cooling, taking advantage of the moon’s lack of air and freezing temperatures to keep the data centre cool and utilising solar light to power the centre. “This data centre will be the greenest (or in moon parlance, the whitest) in the galaxy and will run without an earthly carbon footprint” said a sustainability expert too embarrassed to be named.

    The lunar data centre will benefit from the next generation of security protection since it will be built out of reach of earth-bound elements and threats. It will communicate with earth via secure wireless transmissions. Buzz Norton concludes: “This level of security will totally ‘eclipse’ anything we’ve seen before.”

    Forward-looking Statements: Any forward-looking indication of plans for products are clearly fictional and should be considered a joke. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and obviously will not be implemented in the foreseeable future, if ever, and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.

    Photo by Flickr user penguinbush, licensed under CC BY 2.0.

    « Previous Page