Archive for Internet Security

Facebook AND Google Victims Of Massive Phishing Scam

Details have emerged of a phishing scam which took place from 2013 until 2015, allegedly run by one 48-year-old man who claimed both Google and Facebook as victims to the tune of £77 million.

Who?

The man currently accused of running a criminal scam (that ironically claimed online security advocates and tech giants Google and Facebook as victims) is Lithuanian man Evaldas Rimasauskas. Mr. Rimasauskas is reported to be currently facing charges of wire fraud, money laundering and aggravated identity theft.

How?

It has been reported that Mr. Rimasauskas allegedly posed as an Asia-based (Taiwanese) electronics manufacturing company Quanta Computer and used phishing emails targeted at employees of the two tech giants to dupe them into wiring a total of £77 million into his account over what is believed to be a two-year period.

Phishing emails are a well-known and widely used fraudulent practice, which relies upon human error by sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, or to take other action such as wiring money to the apparent sender.

US Department of Justice (DOJ) reports show that search and social network giants Google and Facebook were likely to have been fooled to such a large degree because the company that Mr. Rimasauskas was allegedly pretending to be from (Quanta) was one which normally conducted multimillion-dollar transactions with them, and also had other tech giants such as Apple as clients.

Recent media reports of the details of the case against Mr. Rimasauskas show that he allegedly used a whole series of forged invoices, contracts and letters that had been made to look as though they had come from Quanta, and were allegedly falsely executed and signed by executives and agents of Facebook and Google.

Common

KPMG figures show that the value of (reported) fraud committed in the UK last year exceeded £1.1bn, which is part of a 55% year-on-year rise, and can be attributed to the huge growth of cybercrime.

The now all-too-common ways in which companies are duped include the hacking of company executives’ email accounts to send emails asking employees to send / wire money. Many attackers use time sensitive requests at close-of-business hours (to make if difficult for victims to check and verify), and take advantage of periods of uncertainty for staff e.g. during mergers.

Detected

It has been reported that Google eventually detected the scam and alerted the authorities. Although news of a large-scale fraud made the news earlier this year, Google and Facebook were not named as victims at the time. Both Google and Facebook are reported to have recouped the losses incurred by the fraud.

What Does This Mean For Your Business?

You could be forgiven for thinking that if Google and Facebook can fall victim to online scammers to such a degree, what chance do the rest of us have? It is important to remember, however, that phishing scams and CEO frauds of this kind rely upon human error to work. Educating and training all staff to be able to spot possible fraudulent tactics, and encouraging and empowering them to question and refer any suspicious activity can help to protect your business. Having clear systems for staff to follow, including carefully verifying new payment requests before authorising them, and continuously promoting online vigilance can be well worth the effort.

Google Glass Released in the UK

Google Glass has gone on sale in the UK, with “creative” consumers and developers alike capable of getting their hands on the android-based technology if they’re willing to part with £1000. The UK release has led to further concerns regarding the privacy aspects of Glass.

images (5)

Google Glass’ privacy debate is still open for discussion, especially as there is little way of knowing exactly when someone might be taking a picture of you, or when your personal details might be stolen through the built-in camera, such as when you’re putting in a PIN of some sorts.

Also, there’s still confusion surrounding the legal implications of Google Glass, which has led to Google telling the first users of the product to maintain the same level of courtesy and standards they would when taking a picture with a camera or mobile phone.

Interestingly, in a poll connected to the privacy concerns of Google Glass in the US, 72% of Americans felt that there was a cause for concern when it came to feeling awkward or concerned about their privacy.

However, Google have stressed that Glass is still a prototype and that its valuation reflects the fact that it is meant for developers rather than consumers, so we could see changes to its privacy settings in the future.

This also means that the commercial value of the product will be significantly less than the £1000 you have to pay in the UK at this time.

World Cup 2014 Marred By Online Security Threats From Protesters

With the World Cup underway, you would have thought that a nation blessed by a huge football tradition would welcome hosting such a tournament. Unfortunately, the tournament has been overshadowed by protests from activists who are unhappy with the expenses put towards the tournament in comparison to basic salary and healthcare. Intriguingly, one of the many ways activists have looked to protest is by hacking official websites.

Protesto_20_de_junho_de_2013_em_Natal

Back in February, activists stated that they had the capabilities to hack official sites and subsequently disrupt the tournaments progression online. One of the activists, known as Che Commodre, said in February that “The attacks will be directed against official websites and those of companies sponsoring the cup. It’s fast, damaging and relatively simple to carry out”.

Thankfully, the activists ruled out the possibility of targeting the Brazilian population, stating that official websites were their primary target. With the World Cup having kicked off last night, it certainly wouldn’t be surprising to learn that hackers were putting their plans into action over the last 48 hours.

One of the biggest concerns for the Brazilian population is how easy the hacking process could be, with another activist stating that the procedures would be “nothing out of this world as security remains very low”.

If you’re interested in learning more about our online protection services here at Pronetic for your online business, get in touch with us today.

Ransomware posing a new threat to Android users

Ransomware, an evil type of Malware that looks to take your money through forceful and threatening means of negotiation, has returned to the forefront of security threats this week after it was found that Android users were at risk from ‘Koler’ ransomware.

android-327791_640

People who were unfortunate enough to experience ransomware in the past will know just how frustrating it can be. Victims are threatened by fake legal authorities, encouraging them to part with their cash in order to rid the troublesome malware from their device.  What makes it a particularly devious form of malware is the way in which attacks its victims should you refuse to pay. You will be either:

A) Locked out of the device permanently unless you pay, although they leave data alone and treat it as a ‘hostage’.

B) Encrypt your data so that you can’t use it, meaning you have access to your device but can’t actually do anything with it from there!

Usually, ransomware gains access to your computer through undercover online interaction, taking the form of a seemingly harmless software or application update. Should you install Koler on your android device, you could be at risk.

What is good to know is that the vast majority of apps are aware of Koler and will prevent it from being installed. A few tips for you to follow include avoiding apps you find in embedded adverts and making sure you have effective online security for your device. Most malware originates from illegal content but spreads throughout the internet easily over time.

A final piece of advice regarding this potential threat would be to consider backing up your android files using a cloud system, as Android doesn’t make it easy for you to back up your files.

Useful Password Management Tools For Your Business

We’ve all had to go through the struggle of forgetting our passwords at some point in our lives, but for a thriving business with all kinds of login details affiliated to social media sites and programs across the internet, it can really damage the productivity of a working day.

SafeWalletLogo

Thankfully, various iOS-based applications specifically designed for password management are available in the App Store today, providing iOS users with useful organisation methods that combat the irritating prospect of forgetting your password and keep your online business secure.

It’s important for passwords to remain secure and this is what separates the good password management tools from the great ones. Here are three password management applications we feel your business can’t do without:

1Password

1Password is a really useful password management tool that gives you a wide range of useful features for a reasonable £17.99 in the App Store, whilst it’s also available on other separate operating systems. You can group your individual passwords together to create a well organised categorical system, whilst it can also create highly complex passwords for you to use.

mSecure

mSecure uses an encryption tool to ensure that a password remains secure at all times, whilst it doesn’t save any of your passwords away in the application itself, giving you an extra level of much needed security. You’ll receive automatic backup reminders every now and then and a useful password generator. One of its best features is its custom layout that lets you store all kinds of important data, from key codes and bank account data to safe combinations.

iCloud Keychain

iCloud Keychain is an incredibly useful tool that uses the secure iCloud storage system to maintain important data for you or your business, including credit card details, logins, networks and so on. It works across a number of different platforms and encrypts your important data so that you can access it from the iCloud whenever you need to. You’ll get a free 5GB account on installation, with room for expansion should you feel it necessary.

 

 

 

Ubisoft’s ‘Watch Dogs’ Pinpoints The Threat Of Poor Online Security

Ubisoft’s upcoming blockbuster ‘Watch Dogs’ is a game that focuses a lot on the general failings of the online world as it is today, with some of the basics of online security still being ignored by internet users across the world.

watchy dogs

The ability to hack and gain access to various government security protocols is pivotal should the protagonist succeed, whilst you might also find it necessary to distribute your affiliated crimeware across an entire society by accessing smartphones, tablets, pocket security devices and so on.

Many video games have looked to reinforce the bridge between the virtual world and reality, though few will have managed to succeed in similar style to that of Watch Dogs. It’s focus on digital security flaws and online hacking capabilities makes it a game that reflects the general attitude of society today.

With hacking becoming an all-too-familiar occurrence should vulnerable internet users fail to strengthen their online security, the market for internet security tools has grown and is slowly becoming an essential investment, from domestic users to corporate businesses and government officials.

Ubisoft probably aren’t intending for their latest project to act as an example to those who don’t make internet security a priority, although it’s likely that the general idea of someone from across the road being able to access your personal data, passwords etc. has enough of the fear-factor to persuade us to take action.

 

Microsoft Fix Internet Explorer Bug For All Operating Systems…Including Windows XP

Windows XP was hit with its first major threat since Microsoft stopped providing security updates earlier this week. The security flaw was present on Internet Explorer and gave any potential hackers the opportunity to take control of the user’s computer. You simply had to follow a bad link before you were targeted, which could easily occur in a domestic environment and equally pose a threat to online businesses.

Internet_Explorer_7_and_8_logo

For people who use the updated version of Windows, the issue could simply be resolved by having automatic security updates turned on. However, we all expected Windows XP users to suffer greatly from the bug, so much so that it could finally drive the last remaining users away from the operating system.

However, the patch released by Microsoft isn’t the only step they’ve taken to get rid of the problematic bug. Interestingly, they’ve also dealt with the issue in Windows XP users, meaning that people who still rely on the aging operating system can live to fight another day.

The patch was released yesterday, so anyone who hasn’t got hold of it yet can head directly to Microsoft support. Alternatively, you may have already had automatic security updates turned on, in which case you don’t have to worry.

Dustin Childs of Microsoft Trustworthy Computing was quoted on cnet as saying “We have made the decision to issue a security update for Windows XP”, although he did stress that Microsoft doesn’t support Windows XP anymore and they still encourage people to switch to a newer operating system as soon as possible.

Why You Should Prioritise Window XP Over Heartbleed

In the last couple of weeks we’ve covered both Heartbleed and Windows XP stopping their security updates and they are both pretty serious issues that need addressing.

Heartbleed-Patch-Needed

However, Heartbleed has managed to achieve a substantial amount of media attention at just the wrong time, with people prioritising the issue and ignoring the fact that Windows XP is still widely being used.

Ultimately, it seems quite surprising that news channels and other media outlets would brand Heartbleed as such an important vulnerability when Windows XP could pose much more of a threat.

The problem is that Heartbleed’s consequences became apparent instantaneously, with the words “credit cards” and “passwords” making front page news.

On the other hand, April 8th brought about little visible changes in the operations of Windows XP despite security updates disappearing.

It’s clear that, without visible threats, people are prepared to take risks. They might have spent the entire weekend backing up files preparing for Heartbleed but completely forgot that all of this was happening on their Windows XP PC.

The crux of this post is that Heartbleed mustn’t act as a cloak that covers up the true threat of continually using Windows XP. Hackers are far more likely to be preparing for future flaws in Windows XP than wasting their time with a glitch in OpenSSL.

The longer you decide to stick with Windows XP, the bigger the risk. It’s something that can’t be changed and won’t get better, so make this your top priority if you’re worried about online security!

 

Heartbleed – What Is It and What Should You Do?

Chances are you’ve been made aware of the threat posed by a rather troublesome online bug titled “Heartbleed”. Before you start rushing frantically about the office wondering if you need to sort out your antivirus settings or possibly even protect your bank account details, here’s where Google and other major online companies are at so far with regards to this worrying development.

download (2)

Heartbleed came to light a couple of weeks back after OpenSSL (a piece of software that deals with security purposes throughout the web) was compromised through one of its built-in features, known widely as heartbeat. Heartbeat exchanges data between website and PC to give your computer assurance that the site is active. Whilst the feature should only ever send back the same amount of data as it receives, hackers have found a way of requesting increased amounts of data that could potentially include passwords, cookies, logins and other personal information.

It’s understood that just under 20% of internet servers have the heart bleed bug, which is a scary amount despite the fact that this figure had been inflated in the past to as much as 60% of all servers. Whilst OpenSSL has since been patched, it’s important that you do change your passwords for the services that have been affected. Google was affected but has since been fixed, though you should still look to change your passwords as soon as possible.

Don’t panic. The chances of hackers getting hold of your personal information through heart bleed are incredibly small, so all you have to do is take the necessary precautions and keep up to date with what’s going on.

Windows XP Security Updates Stopping From Today

Today is the last day we’ll be seeing support arriving for Windows XP, with the final security patch arriving to the operating system in the early hours of the morning. It’s a significant day for those who have decided to stick with XP until the very end, and there are plenty of them.

a_windows_xp_wallpaper_by_tharunnamboothiri-d4djhvn

It’s believed that nearly 20% of PC’s on a global scale are still operating Windows XP. This is a huge amount considering Microsoft released their warning about security updates many months beforehand, giving individuals and businesses plenty of time to make the change.

Ultimately, anyone who continues to use Windows XP will have to cope with the higher threat of online attacks, viruses and malware. There’s no doubt that some people will hold on to XP despite the lack of security, so it might be interesting to see just how damaging a decision that could turn out to be.

It’s always important to receive regular security updates to enhance online security for businesses and homes alike, despite the fact Windows XP has aged incredibly well. It might be quite surprising for some to learn that flaws can still be found in XP’s system despite its longevity. Unfortunately, hackers can always find new ways of gaining access to bugs that crop up, and it’s the defence against this type of attack that will no longer be provided.