A bit of good news it seems as it appears spammers have failed to capitalise on the worldwide release of the blockbuster movie “Harry Potter and the Half-Blood Prince” on 15 July. Symantec Security Response is detecting very few spam messages on this topic, a hopeful indication that consumers are starting to wise up to the blatant mass mailing techniques of spammers.
The only recent Harry Potter-related spams detected arrived as either Nigerian scams or health-type spam. The lack of spam generated around this globally prolific news topic could potentially mean cybercriminals now recognise that consumers today are savvy enough to no longer fall for their obvious spamming techniques, particularly those driven by large-scale news events. Whilst this heralds a positive step in consumer awareness, cybercriminals will undoubtedly also start to modify their techniques to ensure they are less visible and a lot more covert .
To date, there are two scam messages consumers should be aware of in relation to Harry Potter, as opposed to the huge volume of spam messages created around Michael Jackson’s death. One scam message is disguised as an online lottery winning notification. In this fake and non-existent lottery, the name “Potter” is misspelled as “Porter.” Interestingly, the scammer used J. K. Rowling as the name for the online lottery—Rowling is the author of Harry Potter fantasy novel series.
Below is an example of the scam email along with the headers:
In the health spam examples, the various subject lines use phrases such as “Harry Potter ebook.” The email body is in the form of a legitimate newsletter, but all of the URLs provided lead users to an online pharmacy website.
Here’s to hoping this is the start of the decline in news generated spam!
With summer in full swing, travel plans are on the horizon for many of us!
As much as sunscreen and books are travel necessities, so are laptops and Smartphones – and to get online, people are increasingly taking advantage of wireless (Wi-Fi) networks - at airports, hotels, even while in the air, as more and more planes offer passengers Wi-Fi connections in-flight.
While offering convenience and flexibility, Wi-Fi networks are also easy entry points for crooks looking to steal your money, account information and identity.
Your perfect vacation could be ruined in an instant by cyber-criminals looking to rob you of your personal information. Imagine stepping off the plane, ready to start your vacation, only to realize that between “here” and “there” your bank account has been wiped out and your credit card information stolen.
So here are five easy tips to ensure your vacation doesn’t end in disaster.
1. Pay attention to your surroundings – Remember, if you can read his magazine, the guy sitting next to you on the plane can also read your laptop screen! Just because you’re on vacation, doesn’t mean you’re not still in public
2. Beware of “Evil Twins” – Some Wi-Fi networks can appear to be legitimate, but are NOT. Criminals can create “dummy” networks or Web sites that contain the name of the airline, hotel or airport, but actually will direct your information to their own computer. If you always use the access keys provided by the airline, hotel, or airport, you’ll be protected
3. Always assume your Wi-Fi connections are being eavesdropped on – Never enter sensitive data (bank account information, social security numbers, etc.) when browsing the Web via a Wi-Fi network
4. Set any Bluetooth devices to “hidden”, not “discoverable” – If you do not use the Bluetooth function, turn it off altogether
5. Keep your security software current and active – Remember, mobile PCs are vulnerable to the same viruses, Trojans, and worms as your home computer so make sure your security software protects you on wireless networks, like Norton Internet Security does.
So we all know that Cybercrime is on the increase. Botnets, phishing and driveby downloads are becoming increasingly prevalent for those using the web without protection and without due care and attention. But maybe we missed the obvious dangers – at least according to the BBC.
They report that home computer-related injuries have increased more than sevenfold in the US and in the UK computer-related accidents in the home sharply increased from around 800 in 1995 to more than 1,800 in 1999 and 2,100 in 2002. Most of the incidents seem to involve people – particularly children – tripping over cables or banging their heads on monitors….
Unfortunately there doesn’t seem to be a number given for injuries caused by ‘banging heads on the keyboard’ when you lose that vital document you thought you’d saved, or indeed the danger of falling computers thrown from the window when you discover your PC was corrupted by a virus because you hadn’t applied all the necessary patches and your complete music library has been lost….
So remember, be careful out there – computers can be dangerous things – and not always in the ways you expect!
Police in Florida are looking for ‘Plasma Pat‘ who hangs around outside supermarkets befriending people and offering to buy things for them using his staff discount card. Of course, when they had over the money he makes a swift exit and the customer is left there waiting… and waiting… and waiting.
OK, so this isn’t traditional cyber-fraud, but what would happen if Plasma Pat was borrowing credit cards and PINs in order to ‘buy’ the discounted goods?
Moral of the story… if it sounds too good to be true, it probably is. Don’t hand over your money, let alone a credit card to a stranger who can get you a bargain.
There’s a good article in this months CIO magazine on how to create a successful blog, and while I am in there with some of my thoughts, there are also some other excellent points – which I have made a note of, including from Phil Windleywho has one of the most interesting blogs (it features in my Blogroll).
The article isn’t (as far as I can tell) available on the web yet – so you will have to hunt down a paper copy for now.
So people complained… and the rules were changed. This is all about FaceBook and their change of rules as to who owned the uploaded content – and the change back again to enable people to delete things they have changed their minds about. While this appears to be the answer to our privacy and copyright fears, people should realise that once their information is on the web – it will, most probably, be out there forever… whether they like it or not.
I applaud FaceBook’s openness on their policy but let’s not forget the various search engines that crawl the various sites and then cache the content (even after it’s gone from the original site), or the fact that it is so simple to copy an image and repost it elsewhere.
So, if there are things you would prefer not to put into the public domain – don’t post them on the Internet… not even for a minute… because someone or something will have taken a copy and who knows what will happen to it then – one thing is for sure, it won’t be forgotten or deleted.
(If you haven’t already visited the Internet Archive, then you should… it’s interesting to look back – and also shows what is kept!)
PC security remains one of those issues that everyone in the security community knows is top priority for computer users. But for some members of the public there might be a sneaking suspicion that its more hype than actual threat.
In an effort to disprove this theory I spent some time with the BBC 2 Working Lunch team last week, we lent them an unprotected laptop to go surfing and then we took a look at the results, which you can watch here…
With all the excitement of data leak incidents and secondhand MP3 players you could be forgiven for missing the fact that Data Privacy Day is nearly upon us, and this year it includes North America as well as Europe. What are you supposed to do? Well, I suggest a little thinking and a little talking – about data and how to keep it safe.
Where do you come into contact with sensitive electronic data – at work and at home? What are you doing to ensure their safety? If you have a job, bank account, credit card, pay taxes and do a little shopping on the Internet, then your details will be in around 800 databases… looked after by people like yourself - or at least that is what you hope. So when you copy the information to a CD ROM to put in the post – perhaps ask if the data is encrypted. When you are clearing out your desk, don’t throw away old CD ROMs or USB sticks without checking that they have no sensitive information on them… if they do then dispose of the items properly. If you are replacing your PC at home then think about the data you have stored on it – get a free data eraser from the web and clear down the old machine if you want to resell it, destroy the hard-disk if you don’t. My friend Toby from the EPG likes the Landrover approach – which is certainly one way to put the data out of reach.
Talk to your colleagues but also talk to your parents, spouses, children about why it is important to keep some information private – I’m sure they have read about it, but if it comes from you in a personal manner, along with a couple of examples of what could happen should their information fall into the wrong hands then perhaps they will change the way they behave… and that is what Data Privacy Day is all about – changing our approach to information privacy and protection.
So, security spending is up in response to cybercrime - even in this time of economic downturn. However, it still needs to be targeted. Lost laptops, one of the most common causes can be readily protected using full disk encryption – but that won’t prevent people sending email to the wrong person. A great deal of spending (in IT in general) is done in a knee-jerk reaction to an event. Careful planning and an understanding of the risks and the consequences can focus the budget.
However unless your staff are right behind you – it will be wasted as they will work around any newly imposed security measures. So, first stop should be to create a security awareness and education program – let them know the risks and consequences – ask them what they would do. You might find that some subtle changes in processes will result in a more secure information environment with little to no outlay at all. Of course there will still need to be some outlay – however a holistic view of the problem from all areas will give the best ‘bang for the buck’.
So, now Twitter has been targeted by the hackers and the phishers… are we surprised? No, of course not. Remember phishing is like an arms race and the first to implement an idea will win the battle (but not the war). We had a similar issue at the end of last year with cyber-criminals targeting social networking sites and just as that has gone off the boil, they have moved on to Twitter – that will reduce and then we will be onto the next thing… probably dedicated photo sharing sites, after that, well who knows. One thing is for sure, it will happen – where there are people there is money to be made. The more people, the more money.
It can be tough to spot a rogue URL when it purports to having been sent by a ‘friend’ but we need to continue to be vigilant and raise awareness. So, if you do follow a link and end up at a site that asks you to install something – don’t. If it asks you to confirm your username and password – don’t.
If your organization has a regular security education bulletin that goes out to staff then make sure this is included as one of the latest scams – if you don’t have regular bulletins, then send out a special one to remind people that these scams are doing the rounds and to be careful.
While we often think that social networking sites and other Web 2.0 collaboration tools are used by individuals rather than companies, the truth is that they are often visited while at work and you really don’t want your work systems compromised any more than you would like you home PC to be.