malware-virus

Emotet malware being presented to people this Christmas, through Greta Thunberg themed Phishing emails

A global spam email scheme has been discovered which is using Swedish environmental activist Greta Thunberg themed emails to lure users.

Spam consists of a single message that attempts to deliver the well-known malware Emotet

Emotet was discovered back in 2014 as a banking Trojan aimed at stealing financial data. It has now  gone through several iterations and has emerged as one of the most destructive malware aimed at the financial domain.

A recent research discovered this widespread campaign using Greta Thunberg’s name to lure users into downloading Emotet malware.

The email consists of the subject line “Support Greta Thunberg” which invites the recipient to join the protest against the government raising concern against the threat of climate change.

Details regarding the fake protest are included in a file attached to the email. When opened, the file will install Emotet malware onto the recipient’s device.

Image showing an example how the phishing email may look like
Image showing an example how the phishing email may look like

Users should be able to view the malware file in the outdated .doc format for Microsoft Word. The email itself contains multiple spelling and grammatical errors, something anyone would not anticipate from the newly crowned Time Person of the Year 2019.

This campaign is targeting people around the globe with the most targeted victims in Japan, Germany, Italy, UAE, Australia, and the UK. Recipients are also told to forward and promote the malicious email to their good wishers, meaning the campaign has rapidly spread across the world.

This malicious campaign suggests that attackers don’t hesitate to use the face of even famous entities with good intentions. They tend to exploit the factor of public awareness and interest cleverly.

Better to be prepared for such attacks before hand. Train your organizations, friends, family because humans are the last line of defence after a phish bypasses the other technologies. Checkout our Phishing simulation and training solution PhishGrid.

To know more about How to identify a phishing email, read some useful insight here.

55525735-min (4)

Online fraud : Bulwark Your Online Payments From Phishers

Development in the world of Internet has gained a lot of popularity, primarily due to the ease of use and widespread support of supporting technologies. There is no denying to the fact that to some extent the hassle-free living of the people these days is due to the most advanced technological era. Online payments have eased the lives of a common man, such as standing in long queues for money withdrawal is no longer required. But at the same time, the crimes associated with the advent of these technologies have also surged. With an increase in online opportunities, there is an increase in the online fraud types and various other fraudulent techniques done by the fraudsters.

What is online payment?

The Internet is quickly becoming the first stop for people for buying products and services which has further given rise to numerous payment systems over the internet.

Online payment is defined as a transfer of an electronic value of payment from payer to the payee through some kinds of electronic mechanism and generally, the content of this exchange is made through some form of digital financial instruments such as credit card numbers, electronic checks and digital cash. Transactions in remote payment cases in which the consumer and merchant are not interacting face-to-face are also defined as CNP transactions.

This list consists of top frauds that occured in 2018.

According to the USA Department of Justice (DOJ), e-fraud is defined as “a fraud scheme that uses one or more components of the Internet – such as chat rooms, e-mails, message boards, or web sites – to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to the financial institution or to other connected with the scheme”

Common assumptions and reality regarding online payments

Although many people believe that online payments are easy, past records state that many times online payments call for fraud. On one hand, the introduction of online payments or CNP transactions makes it much more attractive and useful for both consumers and businesses. On the other hand, since the authentication of card or cardholder is not possible physically, the possibility of frauds is higher.

In order to understand how online payments are more likely to make a person fall in a trap of fraudsters, let us understand one of the most common online fraud types that occur – Phishing. It won’t be wrong to say that online payment has become a new phishing scammer’s target.

It has been estimated that each year online payment fraud causes loss to billions of dollars. Payment fraud is a serious assault that causes billion dollars loss every year. Furthermore, fraudsters use recently developed techniques and methods for obtaining cardholder’s personal and financial information. Research states that Fraudsters often use stolen account information to reach other accounts.

Phishing is one of the most common techniques used by fraudsters to obtain confidential information of the user and they do this by posing themselves as a trusted authority.  It is a way to collect banking details and other sensitive information through emails that contain attachments or hyperlinks. Therefore it is important to understand what phishing emails are.

The fraudsters send an email in such a way that it appears to be a mail from an authorized organization. Whenever an individual click on an attachment or a hyperlink present in the email, it causes the system to get infected by malware. As a result, whenever a user makes an online transaction, the malware gets activated and steals all the personal information including credit card numbers and pin number. This makes it easy for the fraudsters to carry out any financial transaction. The spammers use professional-looking emails that include logos, graphics, and many other elements. On the other hand, the content of such emails is written in such a way that it confuses, upsets or excites the recipient. As the user many a time doesn’t have an idea about what is phishing emails, it gets easier for the phishers to trick the user.

A phishing attack is not only associated with authentic-looking emails, but it can also be associated with fraudulent web pages. Phishers design web pages visually similar to real web pages in order to spoof readers. These spoofed web pages also include a graphical user interface in order to lure the users to enter their personal information such as username, password, credit card details, and much other sensitive information.

The entire process of online transaction begins with the consumers providing their sensitive personal information which is transmitted over various unsecured networks. Many times, the payment systems are not secure enough to protect and prevent the personal information of an individual from attack or attempts from the fraudsters.

Conclusion

Therefore, it can be concluded that although online payments have made the lives of people much easier, it is not completely safe. A little lack of attention can make your online transactions unsecured and therefore it is important to understand various online fraud types.

TIKAJ’s Security services will help secure your online transactions.

Don’t let new tactics get you phished!

Online fraud : Darker side of online payment services

Shopping has never been so much fun until online services invaded our lives. Of course, shopping seems so easy and convenient when we can do it online from anywhere, anytime. Moreover, the generation today is so dynamically growing that they demand comfort at every step of their lives, and so, online shopping services have been the best means to shop saving a lot of time and effort. Rendering online services is certainly a great way to deal with a number of things. Moreover, it simplifies a number of tasks in day to day life. You needn’t run out from place to place searching for the right goods or services, which you can simply look for online while sitting comfortably at your home. But have you ever wondered there might be certain corners of these online services which you aren’t aware of? They might seem to be convenient and highly efficient but are you sure that each site you visit follows a safe and secure payment procedure? Of course not. These days, there is a pool of online marketers who initially look forward to benefiting themselves by pulling you in fake deals or trapping their customers into unethical payment procedures. This is where the concern centers in. Let’s get into this matter to know more about its consequences.

Certainly, many of those individuals who prefer shopping online or rendering any online service uses online payment facilities to make their payments smoother. Many of the sites available today offer a highly secure payment gateway. Did you know how phishing scammers target these online payment securities to break into your privacy or to steal your sensitive information? Moreover, such scammers, these days target the online payment facilitators as their best means to benefit their unethical needs. Online payments scam is a bitter reality of the internet age we live in today and the rates are only set to increase with the increased digital adoption in India. An ACI Worldwide conducted 2016 consumers study places India at the fifth position regarding the bank card fraud rates standing behind Mexico, Brazil, United States and Australia. This is how such frauds are gradually rising with the increasing use of online payment facilities as the phishing scammers target them to fetch out the utmost benefits unethically.

As they say, the foremost weapon against any problem is education and awareness. So, it’s important to understand the payment frauds and online fraud prevention that take place and their consequences. The most common types of online fraud occur via phishing, data theft and chargeback or friendly fraud. When we come across phishing, it is the process of accessing one’s personal information through fraudulent e-mails or websites that claim to be legitimate. The information gathered this way can include usernames, passwords, credit card number or bank account numbers. The most commonly used method for phishing is to redirect an online user through an email or SMS to an official website where they are asked to update their personal information. You are thereby tricked into revealing personal information that you would ideally not reveal to anyone else. Phishing can also occur via other electronic means such as SMS, instant messaging and on email. You can be redirected to make a payment on a website that looks legitimate, but initially is created with an aim to capture your card details so that they can be used later. According to this reports, India is the third-most targeted country for phishing scams. This is how gradually the online payment facilities are turning out to be the ultimate target of phishing scammers benefiting themselves by scamming online shoppers through fraudulent payment techniques or capturing the operating payment gateways and linking them unethically to their own payment gateways to commit fraud.

With the rising number of e-commerce users and online transactions, it is important that we are all aware of the mandatory security protocols for e-commerce websites so that we can avoid fraudulent situations. Data security on an online payment system begins the moment a user visits the site. The TLS Certificate indicates the users that the data transmitted between the web server and their browser is safe or not. An easy way to check if the e-commerce websites you frequently visit are SSL certified is to look at the URL and see if it uses ‘Http://’ or ‘https://’ protocols. The additional‘s’ signifies a secure e-payment system. You can also look for the padlock icon at the beginning of the URL. The modern web browsers are now following the opposite paradigm to make their web surfing safe by marking HTTP sites as “insecure”. The PCI Security Standards Council is a worldwide organization that promotes systematic rules for managing cardholder’s confidential data for all e-commerce websites and online payment gateways. The Payment Card Industry Data Security Standards (PCI-DSS) is in effect with a set of policies that govern how cardholder’s sensitive data should be handled and it also promotes online fraud prevention. For an e-commerce website or an online payment system to be PCI-DSS compliant, they have to follow certain directives such as maintaining a secure network to process transactions, ensuring all data is encrypted during transmission, keeping the infrastructure secure, restricting information access and so on. Also, credit card tokenization helps e-commerce websites improve security, as it eliminates the need for storing credit card data and reduces security breaches. Apart from these crucial protocols, most of the e-commerce websites and payment gateways have their own fraud and risk prevention systems assisting you in securing your transactions.

Conclusion

Obviously, online payment facilitators have eased a lot of tasks in life, though it’s necessary to sustain a secure gateway to enjoy the ultimate security benefits of such online transactions. It’s good for a customer to execute an online payment saving a lot of time and efforts along with enjoying other online benefits, though one needs to be aware of these suspicious corners of online payments to secure their transactions and prevent falling in traps of scamming online.

To know more about Online frauds, Phishing. TIKAJ provides great Anti Phishing services & Anti Phishing solutions.

Print

Importance of Strong passwords in Today’s world !

Passwords are the first line of defense against unauthorized devices or accounts entry. You may be open to hackers frequently using the same credentials or using ‘weak’ passwords. Strong passwords are essential to avoid unauthorized access to your online services and computers.A study conducted by BitDefender found that 75% of users also use their Facebook email addresses.

Importance of strong password

  • Protect your website from hackers.
  • Reduce the risk of targeting the web through malware and botnets.

Following are the ways of guessing a password

Brute Force Attack-  An attacker uses automated software to infer the answer to your username and password. The algorithm attempts any possible combination of characters and will first attempt the most widely used passwords, so poor or common passwords can be relatively simple.

Dictionary- A hacker can run a given ‘ list ‘ against your passwords with this hacking tool. This dictionary also contains the most popular variations of passwords, which allows breaking into weakly secured accounts relatively easy and fast.

Keyloggers- A keylogger is a software that hides in the memory of your machine and starts running. This records every keystroke you type and generates a file that is sent to the hacker afterwards. It can be modified so that it can not be shown in the the Windows Task Manager making it difficult to spot.

Social Engineering- Social Engineering is becoming a common password acquisition form. Through their social media accounts, social engineering takes advantage of the people’s trust. Connecting people to share their passwords is a common technique used, and it is often quite effective, unexpectedly.

Instructions for the creation of strong passwords

  • Contain 15 characters or more.
  • Do not include any character patterns.
  • Use nothing, which can be seen on social media pages.
  • Change your password periodically (about every 90 days).
  • The password should not be a dictionary word, company name, user name or pet name.
  • Use a combination of letters, numbers and special characters in lower case and upper case.
  • It is advised that the generated password should not be the same as the previous set password.
  • Use password manager to keep your all strong passwords at one place.