Are you ready for Safe Cyber Monday?

As you will be endlessly waiting for Cyber Monday to shop more and save your money cyber-criminals will also waiting anxiously for this day to take out fist full of money from your pocket. eScan warns its readers and users to stay safe on this occasion and take necessary actions to experience safe surfing and shopping.

Cyber Monday

1. Make your system secure: Make sure your software installed in your system including Web browsers is up to date. In addition to it, make use of antivirus software (eScan), which will protect your system from all kinds of Malware attacks.

2. Restrain from using public Wi-Fi: Avoid using public computers and Wi-Fi connections for shopping and entering your personal information.

3. Research about seller and the product:  Make use of search engines to know about the product by thoroughly searching with the exact name of the deal. In addition to it, read the reviews before jumping to conclusion.

4. Look out for Https website only: Many shopping websites use SSL to encrypt information and a padlock icon. Proceed with online shopping only if you see https connection.

5. Give pop-ups a taste of its own: Cyber-criminals make use of pop-ups to offer fake coupons, discounts, special offers and products. In addition to it, they re-direct victim’s current browser page to a compromised website.

6. Beware of suspicious links in Social Media: Cyber-crooks are making extensive use of social media to post luring deals by making use of fake or compromised Facebook accounts. eScan strictly warns its users to avoid clicking on such links or posting such links.

7. Avoid new apps: With rapid rise of mobile e-commerce apps, the users need to be extremely cautious while installing the app.  eScan has wide range of products for Mobile Security for both Android and iOS.

8. Don’t shell out extra personal information:  Apply brakes on a websites, which ask you to enter sensitive information such as Social Security numbers, password security questions.

9. Maintain records: It is always a good practice to print or save the records of goods purchased online until you receive it. This will be handy when you didn’t receive the item or if the good is damaged or needs to be returned or exchanged. Also watch out for text messages which confirm your product delivery and then ask you for some personal information.

10. Never click links having attachments on Cyber Monday discount emails: These are nothing but phishing scams which lure victims to enter sensitive information.

Posted in eScan 11, eScan 14, Security | Tagged , , , , , | Leave a comment

Grandparents Beware: Scammers now targeting you

Let us give you a brief of a telephonic conversation that involved my grandfather. He received a call day after yesterday from a cyber-criminal. Here are the call excerpts:

Caller: Hello grandfather.

Victim: Hi.

Caller:  Hope you recognize my voice.

Victim: Is it Thomas?

Caller: Yes… Your oldest grandchild.

Victim: Oh! You? What’s the matter?

Caller: Not really. I am in Singapore with my friends to spend my summer vacation and on my way I was involved in car accident.

Victim: How are you now?

Caller: I am better.

Victim: How are your friends and the car?

Caller: They are doing well. The cops arrested us as I exceeded my intake of medicine I was using for viral infection recovery. Unfortunately I failed the breath analyzer test and I had to stay at cop’s cell throughout the night. I am calling you from police station booth now. Can you please bail me out?

Victim: Why didn’t you inform your dad?

Caller: You know what kind of rapport I share with him. I request you to not to inform my mother as she gets tensed very easily.

Victim: How much do you need?

Caller:  $500.

Victim: Sorry I cannot as I will be needing money for your grandmother’s treatment.

Caller:  Please grandpa, I want to leave this place. I am feeling tortured.

Victim: Sorry my child.

Caller: hangs up the phone.

Fortunately my grandfather was aware that I was in town only and had spoken to him few hours ago.

Man on mobile phone

Suggestions from eScan

Apparently it seems that it is a normal conversation though it can be a nasty cyber trap. Cyber-crooks always try to indulge in something unique every now and then. Following are the suggestions given by eScan to safeguard from above scam:

  • Verify the caller’s identity.
  • Think twice before doing any transaction.
  • Find out the call whether it is legitimate just by calling their respective parents.
  • Never respond to emails or calls from suspicious sources, which demand money.
Posted in Security | Tagged , , | Leave a comment

Debit Card Fraud: Stay Alert

Debit card fraud happens when cyber criminals get illegal possession of the victim’s card number and PIN, to do unauthorized transactions. There are numerous ways to obtain his/ her information, from deceitful employees to hackers gaining access of the data unlawfully from a retailer’s unsecure computer. Once the money gets debited from the account after the fraudulent transaction, it can take the victim go through unexpected formalities to clear up the mess and restore the money to the account.

How to Detect Debit Card Fraud?
It doesn’t require any special skill to detect debit card fraud. The simplest way to spot problems early is to sign up for online banking. The user can check A/C balance and transactions happening daily. If there is any unfamiliar transaction, the victim needs to call the bank instantly. It is always safer to keep a record of the receipts of debit card transactions so that they can be compared later on against the online transactions.
Alternatively, the users can keep tabs on all the transactions via phone banking. At least, the monthly bank statements should be reviewed minutely and the account balance should be checked regularly. However, these procedures can take much longer time to detect fraud.

Some Easy Ways to Protect Yourself
It might not be possible to have any control over hackers and other thieves, but there are several ways it can be controlled to avoid becoming a victim.
Get banking alerts: Signing up for banking alerts is very important in the current scenario. The bank can contact the victim by email or text message if any suspicious activity happens on the account like any withdrawal exceeding an amount specified or any change of address.
Go paperless: Signing up for paperless bank statements can eradicate the possibility of having sensitive bank account information stolen from the mailbox. Shredding existing bank statements and debit card receipts using a diamond-cut shredder when you’re done with them will greatly reduce the possibility of having bank account information stolen from your trash.
Alertness during debit card purchases: Alertness during debit card transaction is highly recommended for any and every user.
Stick to bank ATMs: Bank ATMs are supposed to have better security (video cameras) than ATMs at convenience stores, restaurants and other places. Also, using bank ATMs after-hours should be avoided consciously.
Destroy old debit cards: This is also a wise idea to avoid frauds. However, many banks now offer ‘Chip and Pin’ cards. Once the user gets a new debit card and does the first transaction, the bank ensures that the activation of the old debit card gets terminated automatically and keeps the user safe from any banking frauds.
Don’t keep all your money in one place: This might not seem to be a very wise way out apparently though it can be good for the users’ financial needs. If the account is compromised by any means, the user can at least meet his/ her financial obligations till the time the issue gets resolved. It is also advisable to link the emergency savings account to other accounts.
Change your PIN regularly: Cyber criminals have become sophisticated now. The habit of changing the ATM PIN every month is a simple and reliable option. Most of the banks have this provision, thus the users need not face any kind of hassle.
Never put your PIN in your phone: Forgetful people sometimes save the PIN in their mobiles which is not advisable at all. The thieves go after the phones to grab the information stored in the phone. If they come to know of such sensitive information, then there are high chances of identity theft.
Beware of phishing scams: While checking e-mails, the user should always check the source/ sender of the e-mail. E-mails from suspicious/ unknown source should be aborted immediately.
Secure your computer: Using recommended anti-virus and anti-spyware software like eScan can secure the computer, laptop or any other device from malware attacks. Keeping it updated regularly can almost eliminate the chances of getting compromised.
Using protected network: While doing financial transactions online, the user should be alert that it is not happening in a public place or in an unsecured network. Using a protected network which the user is aware of, can keep all kinds of fraudulent activities at bay.

What to do if it happens to you?
If anyone’s debit card information is compromised, the bank should be contacted immediately to minimize the extent of loss the culprit could do. The follow up has to be made with a detailed letter stating the complete details of the bank employee with whom the details of the fraudulent transactions have been discussed. The bank should be asked to waive any NSF fees that might incur because of the fraud and to restore the withdrawn funds to the account.
If the bank is not co-operating, then the user can contact any legitimate consumer advocacy group though it depends on the type of bank involved. They need to be informed and explained about the fraud so that necessary steps can be taken. The reschedule of the payments can give a shy of relief to the victim. All the precautionary measures mentioned above will help safeguard the account and minimize chances of becoming a victim of Debit Card fraud.

Posted in eScan 11 | Tagged , , , , , | Leave a comment

Ashley Madison Scams on the Rise

More than a million were registered in an online Adultery hook-up website Ashley Madison before it was hacked and of-late it continues to attract new members daily. eScan research team in a startling investigation found that cyber-criminals are using various means of extortion techniques, fake promises and emails mentioning about the infidelity website.

How Does Email Look Like?

Unlike typical extortion emails, Ashley Madison spam email doesn’t have broken English. The cyber-criminal proclaimed that he had personal information belonging to the recipient and demanded a bitcoin as a payment, which would prohibit him from sharing the information with recipient’s Facebook friends. The main objective of using Bitcoin was that it preserves recipient’s identity.

In another spam email campaign we came across a scenario where the email-recipients are lured to join a collective lawsuit against Avid Life Media (parental company of Ashley Madison) with the help of a link. When the link is opened the recipient gets a story of an unknown man who is scared of his Ashley Madison account getting public. This story is quite convincing and convinces the user to fall into the donation trap. At this point of time it opens a word-document mentioning about the story.  With the rise of Ransomware in the recent times, our researchers have every reason to believe that this Ashley Madison scam might also strategically take the same path in near future.

Ashley Madison hacking incident is a classic example of Privacy Breach and now the registered users are apparently going to have a bigger problem of Identity Theft. Along with information like names, addresses and the type of extramarital arrangements, the hack also exposed information on 9,693,860 credit and debit card transactions conducted on the site. The criminals might clone Ashley Madison user’s debit and credit cards to commit fraud or identity theft campaign. Hackers have also downloaded sensitive information such as names, email addresses of users, photos, financial data and message history. Detailed study of the privacy policy of the websites can also help the user asses about the security.

What can the users do?

Here are some tips provided by eScan to its readers:

1 Be extremely cautious of posting information in social networking website. Once posted, it is no longer private.

2 Customize privacy settings – This gives the option of sharing something with specific people or protecting it from specific people.

3 Avoid sharing personal information such as usernames, passwords, bank account numbers etc. with nobody.

4 Make use of strong passwords as mentioned here .

5 Personal Information Number (PIN) is one of the easiest targets for cyber-criminal. Make sure your PIN number doesn’t have birthdays, birth-years, consecutive numbers, repeated numbers etc.

6 Avoid clicking or shortened or unknown suspicious links as they may lead to installation of Malware or Spyware in your computer.

7 Avoid giving authorization to wary games and apps, which tend to access your private information.

8 Update your antivirus software (eScan) on regular basis, which will protect your system from all kinds of Malware attacks.

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , , | 2 Comments