March Madness Online Scams and Security Risks

March 15, 2012   Zone Alarm Blog

Every year, a fervor comes across the land as college basketball takes center stage during March Madness. Fans eager to get a seat at the Final Four games fight for tickets. Gamblers place their bets. And everyone is checking scores, whether in a cubicle or at a bus stop. It’s an exciting time of year, with some high stakes for everyone—including cybercriminals. With so much March Madness on the mind and bet money exchanging hands, scammers are eager to get a piece of the pie. Find out how to spot their tricks, and enjoy the season safely.

Getting Burned by a Hot Ticket

Super fans are eager to get to the games to see all the action in person. But tickets for these games are hot property, especially as various schools progress through the tournament. Unfortunately, fraudulent “ticket sellers” will try to bilk customers out of their hard-earned cash through any number of ploys, including pop-up ads, email offers, fake online brokers, or by placing false online classifieds on sites like Craigslist.

If you’re trying to buy a ticket to a March Madness game, or any major event, only go through legitimate ticket brokers (you can search the Better Business Bureau database to find one). Also be wary of any enticing offers you get via email or popups. If it seems too good to be true, it probably is (and may actually be a scam to get your passwords, deploy malware, or steal financial info). And when you are purchasing tickets and processing payment, verify that you are on a secure site (the URL will start with https://).

Checking the Scores Like a Pro

When a major event or news item breaks, cybercriminals know most people log online to read more about it. During March Madness, the compulsive checking of scores, brackets, and fantasy teams brings plenty of opportunities for SEO poisoning. This is a technique where hackers create malicious websites that harbor malware. They then manipulate search rankings so that these are the sites that pop up first when you search for a certain key word or phrase. When you click on these links, your computer becomes infected, giving cybercriminals access to your personal info and the ability to deploy viruses or activate your computer as a zombie drone in a botnet.

Avoid falling victim to this trick by only checking scores on legitimate sites, such as the National Collegiate Athletic Association site (www.ncaa.com). You should also manually type the URL directly into your browser. (Some phishing emails may encourage you to “click here” on a link for latest scores, but misdirect you to an infected site).

Making a Safe Bet

Betting is a huge business during March Madness—an estimated $12 billion was wagered last year. Many of these bets are placed online, making it a major cash cow for hackers. Gullible gamblers may be suckered into giving credit card information to fraudulent betting websites promising unusually high returns, after which hackers can make off with your financial info, drain your accounts, or open lines of credit in your name.

Online gambling isn’t technically legal in the U.S., so it’s best to avoid risking losing your bet—and your financial reputation. Only gamble by placing bets in casinos, or in the office bracket.

Read More

Teens and Hacking: The Consequences of Cybercrime

March 06, 2012   Zone Alarm Blog

Media portrayals of cybercrimes have often made them seem alluring. From the ‘90s cult film Hackers to Lisbeth Salander, the hacking heroine of The Girl With a Dragon Tattoo series, cybercrime appears to be glamorous and exciting in popular culture. And while most adults know these crimes are far from thrilling, impressionable teens may not be able to distinguish between Hollywood fun and harsh reality. And with the proliferation of technology and new youth-centric forms of online offenses surfacing, teens today may knowingly or unknowingly be participating in cybercrimes.

The Real Danger of Teen Cybercrime

Beyond the glitz and glam of blockbuster films, there are plenty of headlines detailing the doings of real-life teen hackers. Unfortunately, these stories often do not bode well for the perpetrators. Teen hacker Jonathan James, at just 16, was famously the first teen sent to prison after he hacked into the computers of NASA’s Defense Threat Reduction Agency in 2000. And just last month, a 19-year-old Saudi who posted thousands of credit card numbers of Israeli citizens, an act considered cyberterrorism, was identified and will be prosecuted by the Israeli government.

And though these high-profile crimes may seem few and far between, many teenagers dabble in cybercrime, whether they know it or not. Breaching website’s security, cyberbullying, or illegally downloading software are crimes that can have serious consequences, and are only growing.

In a survey of 4,800 high school students at an American Psychological Association conference, 38% said they copied software without permission, 18% went into someone’s computer or website without permission, 16% took material, and 13% changed a computer system, file program, or website without permission.

Unfortunately, even more teens are victims of these types of crimes. A 2011 Associated Press/MTV poll found that 3 out of 10 teens reported being impersonated or monitored online. Of those who had been hacked, 66% said at some point they’ve changed their password in response to digital abuse, 46% have altered their email address, screen name, or phone number, and 25% have deleted a social networking profile.

The collateral damage of teens’ hacking exploits can have serious consequences. In addition to the financial cost (a 17-year-old in Albuquerque was fined $2,900 for illegally downloading the movie Hurt Locker in 2011), social reputations can be damaged. As the disturbing trend of sexting (the sharing of illicit images or conversations via mobile devices) gains popularity, those who disseminate and share such images can be prosecuted for possession of child pornography, meaning your teen could end up a registered sex offender for the rest of their lives. Even more disturbing, the publicized suicides of teen victims of cyberbullying reveal the highest cost of this type of online crime.

As a parent, preventing this behavior is paramount for both your teen and yourself.

Address Concerns With Your Teen

Experts suggest engaging in open dialogue with teens about the appropriate use of the Internet, and discussing the very serious consequences of any illegal online activity.

More and more technologies are providing useful monitoring and protection tools for parents that block access to inappropriate websites, access to pornographic sites, and allow parents to easily monitor their teens’ social networking activities.

If your teen does appear to have an interest in hacking or computer security, funnel their energy into more positive activities. The government is already aware that today’s young hackers are tomorrow’s security experts, and has sponsored the Cyber Challenge initiative, featuring competitions for high school and college student hackers to find the best and brightest.

Read More

PC Software Piracy and Security Concerns

February 14, 2012   Zone Alarm Blog

With the recent Internet-wide protests of PIPA and SOPA legislation making headlines, the issue of online piracy has sparked a controversial debate. In addition to the morality issue of pirating software, consumers should be aware of the many risks — including security risks — involved in this practice.

Software piracy is a widespread problem. In the U.S. in 2010, 20 percent of software was pirated, according to the Business Software Alliance, an organization aimed at stopping copyright infringement of software. What types of programs are consumers pirating? The Software & Information Industry Association says the software most likely to be pirated includes programs like Adobe Acrobat, Adobe PhotoShop, Intuit Turbo-Tax, and Adobe DreamWeaver, among others. The 2010 value of this illegal software was nearly $59 billion, costing the software industry plenty of money. But not so advertised is the potential cost to those who illegally download.

Though pirating may seem like a cheap and easy alternative to purchasing licensed software, there are more risks from pirating than many realize. In addition to the legal and financial ramifications (the BSA says those found guilty of using or creating pirated software can be fined up to $250,000 or face a maximum prison sentence of seven years), consumers also risk their computer security.

Pirated software is unsafe. Unlicensed software that harbors particularly dangerous viruses and malware is often distributed by cybercriminals hoping to gain access to your information. For example, an illegal copy of a word-processing program might contain spyware that can send your credit-card information to a hacker. Or you could pirate a copy of a spreadsheet program and unknowingly activate your computer as a botnet drone. In addition, the keygens (key generators) that often come with illegal software or can be downloaded separately to activate the program are also commonly infected with malware.

Pirated programs also often cause computer-wide problems, corrupting files and disrupting function. Even worse, many of the pirated security software programs are actually decoys that cause the very problems they claim to protect against.

Using legally licensed software is the only way to properly protect your programs and computer. Developers frequently update their software, often releasing patches that protect their programs from the latest malware and keep the latest versions running smoothly. If you are using pirated software, your program and computer will remain vulnerable. Remember, too, that you might find yourself struggling to master your new software without the help of customer service that is only provided for legitimate versions.

Pirating software poses major legal, financial, and security risks to any user, and therefore should be avoided. But you should also consider the larger economic impacts. Though it may seems like a way for you to personally save money in the short-term, according to the SBA, if law enforcement agencies could reduce the amount of pirated software by 10 percent during the next four years, it would create 32,000 new jobs and generate $41 billion in economic growth — much needed in our current climate.

Read More

2011 Year in Review: Online Security Highlights & Lowlights

December 29, 2011   Zone Alarm Blog

2011 was a big year in terms of online security. From well-publicized data breaches of major companies to the takedown of giant botnets, cybercrime made many headlines. And though hackers came up with more innovative ways to steal information and wreak havoc on the Web, the spotlight on online security vulnerabilities prompted both officials and average users to be more vigilant. Here, we recount the major online security highlights and lowlights of the year.

Rustock Botnet Takedown (March 2011)

Rustock, the Russian botnet that was the main source of global spam, was effectively crippled after law enforcement and Microsoft collaborated to seize control of servers and cripple the network. Officials were able to work quietly under the radar to make the takedown a surprise to the hackers behind it, paving the way for future collaborative efforts.

Epsilon Gets Scammed (April 2011)

The largest distributor of permission-based email in the world, marketing company Epsilon (utilized by big name companies like JP Morgan Chase and Capital One) was compromised when an attack on its servers accessed millions of consumer email addresses and other information shared by the company’s high-profile clients. Potential damage estimates totaled up to $4 billion.

Sony PlayStation Network (April/June 2011)

In possibly the most notorious breach of the year, more than 75 million Sony customers had their info stolen, including addresses and passwords, when hackers compromised the Sony PlayStation Network in April. The network was subsequently put offline for 40 days, and Sony estimated the damage would cost $170 million. Worse, just when they thought the coast was clear, two months later hacker group LutzSec claimed responsibility for an attack on Sony Online Entertainment group, resulting in the theft of another 25 million customers’ info. Though various suspects have been arrested, the company is still rebounding from the damage.

CitiGroup Is Targeted (May 2011)

Nearly 1 percent of CitiGroup’s North American customers had their financial information compromised when hackers infiltrated the bank’s system, stealing info from 200,000 members, including names, account numbers, and email addresses. The breach left many concerned about online security regulation for banks and financial institutions.

Anonymous Declares War On Cartels, Then Retreats (October/November 2011)

After a member of hacktivist group Anonymous was kidnapped, Anonymous warned Mexico’s Zetas drug cartel that if the cartel didn’t free a kidnapped member of the group, the group would release an alleged 25,000 Mexican government emails containing the names of Zetas members and associates. However, when the kidnapped member was subsequently released, the group announced it would not publish the information.

Malware Infects Androids (October/November 2011)

Smartphones (and mobile apps) continued to be vulnerable to malware exploitation, particularly Android phones, which have an open platform. This year the problem only grew. According to the Juniper’s Global Threat Center, Android saw a 472-percent increase in mobile malware from July to November 2011. Consumers are advised to be careful when downloading mobile apps.

Operation Ghost Click Nabs Botnet Masterminds (November 2011)

After several years and cooperation between international agencies, the FBI arrested six Estonian hackers charged with creating a powerful botnet that infected around 4 million computers in more than 100 countries, including 500,000 infections in the U.S. The botnet affected more than just average users’ computers; it affected “computers belonging to individuals, businesses, and government agencies such as NASA,” according to the FBI.

Read More

The Real Danger in 2012: Online Threats

December 19, 2011   Zone Alarm Blog

Though the general public may be worried about Mayan predictions and the end of days in 2012, the real threats to fear next year aren’t those predicted in books and movies. It’s online attacks you should be worried about. From your smartphone to your Facebook profile, cybercriminals have one New Year’s resolution: to gain access to your information. And in the next year, they’ll be using sophisticated techniques and targeting new technologies more than ever before. Read on to find out what our experts have predicted the bad guys will be up to in 2012 and what you can do to protect yourself.

Malware Will Evolve

Just like regular criminals, cybercriminals are constantly coming up with new ways to access your computer using worms, viruses, spyware, scareware, ransomware, and other types of malware. Hackers have evolved from classic techniques like phishing (using spam links) to stealth rootkits (software that can steal passwords) to SEO poisoning (manipulating search-engine rankings to get users to click on an infected web page). All these techniques allow cybercriminals to steal your information for profit, identity theft, or financial fraud. And in 2012, they will be using new forms and blending different types of malware to create multi-level attacks.

Stay Safe: Set your operating system’s Internet security settings to medium or high, and always deploy the latest security patches from your security suite. Create strong passwords for all accounts, only connect to secure networks, and beware of popups or links encouraging you to download a program (to see a video, for instance).

Mobile Phones Will Be Targets

As smartphones proliferate and mobile apps are now used by millions, hackers are eager to get their hands on the data (including communications, photos, passwords, or financial information) stored and exchanged daily. Whether by creating malicious apps that secretly steal information or deploying other malware, cybercriminals will be actively targeting your smartphones (both Androids and iPhones). This is a legitimate threat, considering that a hacker can infiltrate your phone, steal data, upload a Trojan horse, and set up the phone to secretly record you in less than three seconds. Experts predict the types of malware for mobile devices to double in the next year.

Stay Safe: Use a pincode to lock your phone when you’re not using it. Adjust your settings to make sure your phone is only accessing Wi-Fi networks you trust. Be very careful when buying and downloading apps — though reputable vendors Apple and Android will likely institute stricter screening processes, it is still up to you to buy carefully. Always read any app agreements or requests to access information. If you’re an Android user who wants to root your phone (modifying it to allow for actions that are usually restricted), know that the more access you have, the more access hackers can have, so avoid apps that request root access. And always monitor your phone bill for suspicious charges or activity.

Social Engineering Will Evolve

A hacker’s most powerful tool is you. Most schemes use social engineering to manipulate a user into downloading or clicking on a link to install malware. But as Internet users become more savvy, and therefore less likely to open an attachment from a “Nigerian prince,” hackers will come up with more ways to trick you. Especially now that certain marketing companies track your online behaviors (and sell to undisclosed third-parties), your online behavior can — and will — be used against you. For example, a hacker will know you won’t click on a scam link for snow tires because you live in Los Angeles. Instead, they might send you an infected attachment pretending to be from your boss.

Stay Safe: Think twice before clicking on  any attachments or links. When visiting any website, always type it directly into your browser (don’t click a link or copy/paste code that may be malicious) — and don’t click on popups or suspicious ads that encourage you to.

Botnets Will Grow

Botnets, the large networks comprised of zombie computers mobilized to commit cybercrime, will continue to increase in 2012. Though botnets have garnered the attention of law enforcement, which has taken down a few of these malicious networks, botnets are too lucrative for the criminals to give up. Instead, the masterminds behind these networks will be working overtime on more sophisticated and blended forms of malware to infect your computer and turn it into a botnet drone without your knowledge.

Stay Safe: At a minimum, make sure you have  a two-way firewall and anti-virus software (and update your operating system)\. Also make sure your plug-ins are up-to-date (these are programs like Quicktime or Adobe Flash Player), as these software components can also be exploited by hackers.

Social Media Will Be Exploited

As social media continues to dominate the online landscape, hackers will continue to infiltrate social networks. The recent Facebook spam attack is evidence that this problem is not new — and not going away. Because sites like Facebook and Twitter are social platforms, hackers rely on social engineering to trick users through tools like socialbots, which mimic human interactions (by posting status updates and requesting friends), for example. These malicious programs are used to steal information, communicate with and spread each other, and even spread propaganda to damage reputations (a legitimate concern with next year’s presidential election).

Stay Safe: Only accept friend requests or follow people you know. Monitor your own profile and your friends’ for any suspicious activity — out-of-character posts or unusual links can indicate someone’s been hacked. Don’t post personal or financial information online, and always make sure you’re accessing your social media sites over a secure network (the URL will start with https://).

Read More