According to Trend Micro, its October analysis shows that there are several new zero-day vulnerability exploits, a number of new emerging threats, and increasingly powerful variants of old malware families.
The IT security vendor says that the year may be drawing to a close, but the threat landscape is definitely not showing any sign of slowing down.
The research shows that the UK ranks top amongst western European countries for sending malicious spam. Almost one in ten (9.77%) spam messages sent by the top ten spam sending countries were sent from the UK.
The research shows that a quarter of all scams detected that were created by cybercriminals in October were commercial/advertising spam in nature. This type of spam, says Trend, has been offering special incentives for quick and easy weight-loss products and programmes.
Another hot area in the online classified ads were 'business opportunities', with work at home schemes, such as making arts and crafts or stuffing envelopes being replaced by offers to "use your home PC to make fast money in your spare time."
In fact, says the report, job-related spam came in third at 10% of all spam messages sent.
Commenting on the figures, Tony Neate, managing director of Get Safe Online's UK operation, said that it is vital the industry makes people aware of the threats and how to deal with them, to ensure they continue to use the internet safely and confidently.
"It's about education and making people aware that, yes, these dangers are real, but armed with the right knowledge, we can all continue to enjoy using the internet securely", he said.
Neate's comments were echoed by Rik Ferguson, Trend's senior security advisor, who said that the research shows that despite media reports about the rise in other online threats, traditional spam techniques are still favoured by cybercriminals.
"Consumers continue to fall prey to these types of scams and that's why they continue to be popular. My advice would be, if it looks too good to be true, it probably is", he said.
Trend Micro outlined a short tip sheet on basic measures consumers can take to protect themselves from falling victims to cybercrime.
- Always question the legitimacy of email content, particularly attachments and web links, even from close friends and family, as they may unwittingly be passing on a virus.
- Be suspicious of emails claiming to be from your bank, IT department, Microsoft or other software vendor asking you to execute files unless you are expecting a communication of this nature. If in doubt, visit the supposed sender's website/department, although not through any embedded links within the communication. Then check to see if there have been any reports of fraudulent messages or any information confirming the content of the mail you received.
- Likewise, if you receive an email that claims to be from your bank, IT department, Microsoft or another software vendor asking you to disclose personal information - even what looks like a legitimate email from the IT department asking for your password - your internal alarm bells should be sounding. None of these organisations will ever ask you to disclose any personal information.
- Make sure you are always up to date with the latest operating system, browser, application updates and security software. You'll need to be cautious of unsuspectingly downloading malware, so always use the manufacturer's official sites.
- Exercise caution when downloading software from the internet, especially from sites that you're unfamiliar with. It is worth doing a little background research using search engines and forums to make sure that the software hasn't been previously discussed as potentially hazardous.
- Finally, keep your scam radar tuned in. When surfing the internet try to avoid questionable sites. When reading emails, if there’s obvious spelling mistakes in an otherwise credible-looking message, then it should no longer be considered entirely credible. If a website is returned by a search engine - even the reputable ones, you should still exercise caution when visiting them, as it is possible for any site to harbour malicious code.
In fact, says Trend, a perfectly legitimate site with inadequate protection is perfect prey for a hacker who installs malicious code to invisibly compromise the unwary, often for a short period of time, and then slips away undetected.
Always check that the address bar at the top of the screen shows an SSL connection (https://) before entering any log in details or submitting personal information, especially credit card details. With newer browsers this domain bar will be green for safe sites or red to warn that the site really should not be trusted, but at the same time be aware that even scammers can set up a `secure' website so all the other tips still apply, even on an SSL site.