Are Scam Downloads Getting Harder to Spot?

Are Scam Downloads Getting Harder to Spot?

Scam Alert

Malwarebytes have revealed the latest strategy’s that are being used by scammers, which has worryingly shown that the scams are getting harder to stop.

You might have decided you need a new antivirus program from a trustworthy company like AVG, Malwarebytes, Norton or McAfee. It downloads without any problems, you accept the terms and conditions and the familiar installer starts, all seems to be going fine until half way through the installation when you get an error message that advises you to ring a phone number. You could easily think this is the antivirus helpline.

But you would be wrong! In fact this is the latest trick used by scammers to steal your money. The software is fake and if you call the number in the error message, you will get through to an Indian call center where they will tell you your computer is crawling with viruses and that they will clean if for a fee. Of course this is a lie.

This type of scam is easy to fall for, but what is worse is that fraudsters are starting to hack genuine security programs so that you pay them instead of the software company. Malwarebytes have detected criminals doing this. Senior security researcher Jerome segura, said: “A few weeks ago we documented a US-based company using our software against our Terms and Conditions. They were charging four times the price and worst of all the license keys were all pirated.”

Its not difficult for criminals to build fake programs that mimic legal ones. Egemen Tas, Comodo’s Vice President of Engineering said that Scammers don’t need to create a fake antivirus from scratch, instead they can “simply take a genuine AV product, modify it and distribute it”.

So how can you protect yourself? You should only download programs from the developers’ official site, or from a reputable site like CNet, TechSpot, or FileHippo. You also need to be cautious when using the Windows Store on Windows 8, as it was recently reported by technology site How to Geek as being filled with fake software.

Malwarebytes, which highlighted these scams on its blog, says that a fake version of genuine software will be flagged by Windows before you download it with the following message: ‘The publisher could not be verified’ or ‘driver have been altered’. These warnings mean the download has not been digitally signed by the programs developer, most reputable software should all be signed. You should click Cancel, not Run, and leave the box ‘Always ask before opening this file’’ ticked.

So despite the increasing deviousness of the scammers you can still shield yourself from their attack, Thankfully, it’s not impossible to spot them, but its definitely getting harder. So stay alert and above all keep safe from these scammers!!!!!

Share Button

Five million Gmail users that had their passwords leaked?

Five million Gmail users that had their passwords leaked?

Gmail Hacked

What happened?

Google have admitted that up to five million Gmail passwords and address have been leaked online, but they are denying this was a direct attack on the company its self.

The leaked list of login details were leaked on a Russian forum, the Gmail address along with passwords were supposedly posted together. Google have said that most of the passwords were out-dated or incorrect and the list could have been made from an attack on another site were Gmail address were uses as logins. Google did reset the passwords for all affected accounts just to be on the safe side.

Google have said on their online Security Blog that “One of the unfortunate realities of the internet today is a phenomenon know in security circles as ‘credential dumps’ (the posting of usernames and passwords on the web).

“We are always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several list claiming to contain Google and other Internet providers credentials.”

“We found that less than 2% of the usernames and passwords combination would have worked, our automated anti-hijacking system would have blocked most of the login attempts.”

So how does this affect you?

If you were one of the unlucky ones that did have your Address and password on the list, Google have already rest your password, so there is no need to worry. If you used the same password for other sites you might want to change it, this is especially important for your email account: because if someone can access your email account they can use that to reset all other login details, so please always make sure you have a good strong password for your Gmail or any other emaill accounts you use.

Google have advised users to protect themselves and their password they should use their two-step verification

Google have advised users to protect themselves and their password they should use their two-step verification

Google have also advised that all useres should turn on the two-step authentication system, this will add an extra layer of security by sending a one time code to your mobile number when you access the account from a new device. Its worth setting up for the extra protection. If you want to check and see if your address was leacked please go to isleaked.

What do I think?

These sorts of incidents are a big reminder that cybercriminals are actively targeting all of us. Modern web services like Gmail do their best to try and protect us; all of us should use Google’s extra security and make it as hard as possible for the criminals.

I think it’s a good thing that Google has taken the time to explain the incident in great detail as this has helped to take some of the hysteria out off the incident, and helps to show “hacks” are not always as bad as they are claimed to be.

Share Button

Will You Be Hacked Again Buying On eBay?

Will You Be Hacked Again Buying On eBay?

Hackers have been exploiting an old vulnerability in eBay that allows them to steal your passwords if you click on their fake listing.

eBay Hacked

There has been yet another eBay hack exposed, just four months after criminals had stolen millions of passwords, which forced everyone that has an eBay account to change their passwords.

In the newest wave of attacks, criminals are creating fake listings that will show up in search results. Clicking on one of these fake listing will redirect you to a fake eBay sign in page that will then ask for your user ID and password. If you did enter your details, you would effectively be handing them over your account, they can then try to buy items using your PayPal account, or even log in to your email account (as its shown in your eBay account details), were they can then look for sensitive information.

Unlike other types of phishing scams, these fake listings will look authentic – they will not have any spelling mistakes or badly worded phrases, they are that good they can fool the most cautious shoppers, these bogus listing can be anywhere on eBay.

According to the BBC, the first fake listing, was reported to be selling a digital camera, this was then reported to eBay back in February. Early in September there was yet another fake listing but this time for an iPhone. The BBC said this particular fake listing was still on eBay’s site 12 hours after it was reported and was only taken off when the BBC contacted eBay themselves, but leaving the listing live for so long was a huge mistake by eBay.

The BBC has done an investigation that uncovered 64 fake listings over a 15-day period in September, the listings were over a wide range of goods and not just limited to electrical goods. Kaspersky’s senior security researcher David Emm, thinks this is just the tip of the iceberg. He went on to say “Its certainly possible that there may be more, Even if there aren’t, there is no way of knowing just how many eBay customers have clicked the links and been redirected”.

The worrying thing is the listings don’t simply contain a malicious link in the product description; this would be a relatively straightforward type of attack. Instead, the hackers have somehow managed to tweak eBay’s code so they can infiltrate the search results; this exposes a deep security flaw in the sites security.
eBay has yet to comment on the BBC’s claims of finding at least 64 malicious listings, A spokesmen for eBay did confirm the fake iPhone listing and said it was taken down as soon as they were aware of it.

So what can you do to say safe?

Most reputable antivirus programs will come with a good anti-phishing tool, which should help identify fake eBay pages, but you should check to see if your anti-virus has this.

Avast antivirus analyst Jirl Sejtko also warns users to be “suspicious if a site requests you to log in or wants you to provide any personal details when you would not normally do so”. In the eBay attacks, by clicking on the listing it would then take you to a fake sign-in page, eBay would never normally ask you to sign in at that point. Most shopping sites will only want you to login when you purchase something.

The message from the experts is always defend your self-using good security software and always look out for anything odd. eBay’s security should be more sophisticated which would prevent this kind of attack. If hackers do mange to sneak past eBay’s security they need to react a lot faster, doing this would help its damaged reputation to recover.

Video Showing Fake eBay Login Request

Share Button