As spamming becomes more sophisticated, netizens need to be more careful.
* Recently, tens of thousands of Hotmail, Gmail and Yahoo email accounts were hacked. Their passwords were stolen and posted online. This resulted in a marked increase in the number of spam emails
* Over 13 per cent of all results on search engines like Google lead to malicious links
* Close to 90 per cent of emails contain a malicious link
As the above statistics indicate, every time we go online, there’s clearly some form of a threat. Social networking sites, like Facebook and Twitter, have become magnets for online spammers and scammers. We have also seen a steady increase in attacks that take advantage of topical issues to lure recipients into opening attachments in emails or clicking on malicious links, or both.
Despite all the sophistication of security software, intervention of ISPs (Internet Service Providers) and government agencies, spam volumes continue to rise.
More From This Section
Worse, according to experts, there’s no ‘perfect’ solution for protecting consumer data and identities online. More and more attackers are going in for direct attacks on the end user, attempting to trick them into downloading malware or divulging sensitive information.
Here’s what you need to watch out for:
Social networking
With cyber thieves taking to such sites in a big way, attacks on social networking sites are set to rise even further. This is bad news, given the number of incidents that have occurred already.
Take the case of Neha, who is on Facebook and loves going through other users’ profiles. When she saw the ‘Who is checking your profile’ application on Facebook, she was more than excited at the prospect of identifying who all were following her profile. However, little did she know that the application would create havoc for not only her but also for her ‘friends’.
This latest scam hit Facebook users after a rogue application, which comes in many variants of ‘Who is checking your profile?’, improved its technique beyond that employed in previous attacks.
“Rather than spreading a single app that Facebook can easily block, it tricks users into propagating the exploit by creating a brand new Facebook application that hands over the controls to the bad guys,” says a Websense blog. In other words, the malware replicates at the users’ expense.
So, what should users like Neha do in such a situation? “The important thing for Facebook users to remember is that clicking the ‘Allow’ button for such apps gives such applications the proverbial ‘keys to the kingdom’. Do not add any applications that you do not trust,” advises the blog.
One way you can assess an application’s reputation is by clicking on the application name ‘without authorising the application’. Look at the reviews of the application to see what other users are saying about it.
The other case in point is Twitter. Along with Twitter’s phenomenal success, there also has been widespread adaptation of abbreviated URL services like bit.ly and tinyurl.com. These services now appear in all sorts of communications, making it easier than ever to mask the URLs that users are asked to click.
This trick, according to security software vendor McAfee, is the perfect way to direct users to websites that they would normally be wary of.
‘Malvertising’
Beware of advertisements that urge you to go to a site and install free software. For instance, those “Your PC is infected! Click here to install our antivirus (AV) software NOW!” ads. These false advertisements are placed on trusted, reputable and well-trafficked sites.
In a high-profile incident last year, visitors to the New York Times website saw a pop-up box warning them of a virus that directed them to an offer for an AV software, which was actually a rogue one. This attack was served up through an advertisement purchased by someone posing as a national advertiser.
Browsing and web applications
Nearly 30 million netizens from India visit the search engine Google every month. Realising the opportunity in the number and faith people have in such sites, hackers have started to compromise search engine results to make their links appear higher than legitimate results.
As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious websites.
“The blended nature of today’s threats, combined with compromised legitimate sites, takes full advantage of an increased perception of trust when using search engines and interacting with friends or acquaintances online,” notes Websense Chief Technology Officer Dan Hubbard. There may be a trust issue in search results among consumers, unless the search providers change the way they document and present links.
The rise in online applications, such as Google’s new Chrome online-based operating system, are also seen as potential areas for malware writers.
Emails
From spam to phishing, the email has been a constant source of security threats. Security experts point out that 86.8 per cent of all emails are spam. It is also a fact that, most of the time, hackers lure users into clicking on an attachment or a link.
A recent example was that of the Facebook Password reset. The email, said Websense, claimed that the recipient’s Facebook password had been reset for security reasons and that the recipient should open the attachment to find the new password. Nobody should ever need to open an attachment to get a new password. Yet, these attacks often succeed.
Experts also point out that people give their information to phishing sites 45 per cent of the time.
Email is still the favoured route for phishing (fraudulent methods to acquire sensitive information like passwords, username and credit card details).
How does one stay safe from email scams? Well, for one, do not open any mail that has come from an unknown address. In case, you have gone ahead and clicked it, then do not open attachments (most of the attachments have viruses). Since you would be accessing email from a PC, you ideally need to have a good security solution installed.
However, after PCs, mobile phones have become the next platform to be hit by security problems. Hackers are using a combination of voice over internet protocol (VoIP), SMSes and internet to fool and redirect users into dialling a phone number to collect critical information for financial gains. This phenomenon is called ‘Vishing’ (voice phishing). Enrique Salem, the president and CEO of leading security solutions provider Symantec, feels that with mobile handsets becoming the primary device of accessing information, security threats on handsets will be the next big issue.