A recent online scam which promises viewers to download the recent “Twilight – New Moon” movie is found to install malware in PCs.

The entire process of this scam is as follows…

• Viewers are lured with the text websites, chat rooms and blogs that read: “Watch New Moon Full Movie.” Comment posts with related keywords are also used simultaneously to attract more search engines.
• Search results for the movie then link users to stolen images from the movie itself, convincing the fan that the movie is only one click away.
• When they click on the “movie player” they are told to install a “streamviewer”.
• The streamviewer, however, installs malware on the user’s computer.

Don’t get enticed by such scams to get downloads without verifying if the sources are genuine or not. It can turn up to be more hectic not only in terms of cost but also in terms of toil and time. And the entire accountability will fall upon none other than you.

Courtesy: PCTools.com

People must take appropriate steps to prevent themselves from phishing by slightly modifying their browsing habits and taking correct initiatives. When asked to reveal any personal and sensitive information which may include the account details or any password, wisdom calls for contacting the company from which the email apparently originates to check that the email is legitimate. Alternatively, the address of the website which the user knows to be legitimate can be typed in the address bar rather than trusting any hyperlinks within the suspected message.

Nearly all websites contain information that is not available directly to the phishers. It may be noted that PayPal for example, always addresses the users by their user names and not by any generic names such as “Dear PayPal Customer”. This information can be used as a means of identifying whether the website is real or fake. Some financial institutions may use the account numbers of their customers as a means to authenticate the messages. But according to a recent study the customers typically do not distinguish between the first few digits and the last few digits of an account number which is a significant problem, since the first few digits are all same for most financial institutions. People’s suspicion can be aroused if they do not find any specific personal information in their messages. Yet again, phishing attempts in early 2006 included personal information that made it unsure to assume that if a message carries personal information then it is safe. Furthermore, according to recent research, people hardly pay attention to the fact that personal information is present and hence the presence of this personal information does not bring down the success rate of phishing attacks.

The Anti-Phishing Working Group predicts that the conventional phishing attacks would become obsolete in the future due to the awareness among the people against phishing. They predict that pharming and other forms of malware will become useful in stealing information.

It would be a courteous act for everyone to educate the people about safe practices and avoid dangerous ones. However, as a misfortune, even well known players are known to incite users to hazardous behavior for example, by requesting their users to reveal their passwords for third party services such as email thus aggravating the menace.

However, we need to update our plugins as soon as a new version is available. Updates of these plugins will not only cover new features of the plugin, but also will address some vulnerability to security threats during browsing. Many people ignore it as it takes little time (a matter of no more than 2 minutes) for the plugin to update and restart the browser. This increases their risk to security threats online like malware, viruses, botnets, etc.

How to check if your plugin is up-to-date? Just click here or copy paste this URL in your browser https://www-trunk.stage.mozilla.com/en-US/plugincheck/.

The window that opens will let you know the status of your plugin.

• Green indicates that your plugin is up-to-date.
• Yellow indicates outdated but without known vulnerabilities.
• Red indicates that the plugin is known to have security holes and is outdated.
• Don’t worry about the Grey colored plugin.

Update your plugin frequently for safe and better browsing.

]]> http://cyber-smarty.com/2009/10/how-safe-are-you-browsing-with-firefox/feed/ 0 http://cyber-smarty.com/2009/09/phishing-types-and-precautions/ http://cyber-smarty.com/2009/09/phishing-types-and-precautions/#comments Fri, 11 Sep 2009 06:43:23 +0000 cyber-geek http://cyber-smarty.com/?p=58 The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication is known as Phishing.

Types of Phishing

Phishing is usually carried out by email or instant messaging and it often directs users to enter details at a fake website, which is similar to the legitimate one. Since the fake website is similar to the original one, it requires tremendous skill to determine whether a website is fake or not.

1. Misspelled URLs: Phishers use some sort of deceptive techniques, which design a link in an e-mail (and the spoofed website it leads to) apparently belong to the spoofed organization by using misspelled URLs or of sub-domains. Sometimes the phishers make the anchor text for a link appear to be valid, whereas the link actually goes to the phishers site.
2. Whaling: Phishing attacks directed specifically at senior executives and other high profile targets within businesses is known as Whaling.
3. Image Phishing: Phishers have also used images instead of text to make it difficult for anti phishing filters.
4. Cross site scripting: An attacker can even exploit flaws in the original website’s script against the victim making it even more difficult to detect since everything from the web address to the security certificates seem to be original. This technique is known as cross site scripting.
5. Phone Phishing is the case where in a customer gets a call asking him to call back to discuss his problems while accessing his bank accounts. The person then is trapped into giving his sensitive information such as credit card information and the like.

Measures to counter phishing

People need to change their browsing habits when it comes to phishing. For example, when asked to reveal their sensitive information they should directly contact the company to make sure the mail is genuine and shouldn’t fall prey to mails that address them as “Dear Customer”. Paypal, for instance makes it a point to address the users by their usernames.

One of the major flaws of the user is the Click-through syndrome where he treats any pop-ups as a case of misconfiguration and proceeds with his work without heeding to the warning of the computer.

Related Links:
Unified communications

Fans searching for ‘Yuvaraj Singh wallpapers’, ‘Yuvraj Singh downloads’, ‘Yuvraj Singh photos’, or ‘Aishwarya Rai wallpapers’, ‘Aishwarya Rai videos’, and ‘Aishwariya Rai screen savers’ have a one in five chance of landing at a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

Spammers and malware authors are cashing on the search terms for latest celebrity news and download to lure people to open their malicious websites.

The other celebrities in the list are M. S. Dhoni, Namitha, Shriya Saran, Harbhajan Singh, Sania Mirza, Asin, Bipasha Basu and Shahid Kapoor.