RSS Alerts

Share

More services

Related Links

  • Webroot
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Advice for safer access to Facebook, Twitter, and other social networking sites
    As many readers of Infosecurity may have noticed, Web 2.0-driven social networking sites like Facebook and Twitter have become attractive targets for phishing and scamming attacks as online criminals follow the latest internet trends that are attracting the most users.
  • ITsec vendors rally to support Safer Internet Day
    Microsoft and several IT security firms have rallied to support the EU-sponsored Safer Internet Day, which is being backed by pledges from 17 social networking and web 2.0 portals.
  • Surge in hacked websites pushing trojans
    Webroot claims there has been a surge in the number of websites that have been hacked to push trojan infections on to their unsuspecting visitors.
  • Get Safe Online says that rogue apps are running up big bills on mobiles
    The Get Safe Online (GSO) security agency says it has noticed a trend by mobile malware to run up large bills on users smartphones through the use of premium rate text numbers.
  • A Rotting Security Apple?
    Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come

Top 5 Stories

News

Safer Internet Day – watch out for fake updates says Webroot

09 February 2010

Today, as you may have noticed, is Safer Internet Day, when vendors in the IT security world will almost certainly be appearing on the radio and TV explaining how to surf the net more securely. But, says Webroot, one of those vendors, users should watch – especially today – for fake updates to their security software.

According to Andrew Brandt, lead threat research analyst with Webroot, fake updates are a growing problem on the internet. Fake security alerts, he says, pop up when you least expect them, and phishing web pages are more cleverly designed than ever to steal your passwords.

The answer, he said, is quite simple: You have to think before you act, and make sure you understand the consequences of whatever you do, write, post, or click online.

In a blog posting made last night, Brandt said: "Once you develop your Internet spidey senses, you'll be able to spot something that's out of place, or weird, or just dodgy before it catches you out."

"Despite the increasingly clever tricks criminals employ, they still have to lie and cheat in order to steal. What follows are a few easy ways you can catch them out in their lie before it's too late."

Learn distrust

Brandt argues that what most criminals want is money, and cyber criminals get it by stealing information, then either selling or using that stolen information – commonly known as data theft in the IT security industry.

But, he says, it's not as easy as it used to be for cybercrminals to simply break in to people's computers. As computers become increasingly hardened against attack, he notes that internet criminals have turned their attention to the weakest links in a user's security armour.

"So criminals instead try to lure their victims to visit a web page, like an anglerfish, by offering the victim something he or she wants. When the victim visits the website, the criminal springs the trap", he said.

"If the trap is to convince you to give up a username and password, it's called phishing. If the trap is designed to infect your computer with dangerous trojan horse software or viruses, it's called an exploit. If the exploit forces your browser to get a trojan horse, without you doing anything other than clicking a link, it's called a drive-by download", he added.

According to the Webroot researcher, if a URL to something looks suspiciously like a trap, users should  search for the words in the link using one of the major search engines.

Don't fall for the common tricks

Brandt says you can also usually tell when a page is a phishing site, simply by looking at the address bar in your browser.

Web addresses, he adds, can contain any number of words, but the most important part of the address is the domain name, the word that appears immediately before that appears to the left of the domain name is extraneous.

Protect yourself

There are a few other things you can do to make sure you don't end up a victim, says the security researcher.

User should update their computer and its programs, including security applications. If you use a Windows computer, then the Windows update website will make sure the operating system is protected.

Make sure you've updated Adobe Flash, Adobe Acrobat Reader, your web browser, and whatever instant messaging or chat programs you use.

"And if you use any kind of antivirus software, make sure it updates itself at least daily, and set it up to scan your computer periodically."

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012