Good Day Humboldt County!
Today we’re going on a walk down Technology Road. It’s not a smooth road despite the many benefits associated with computers and smart phones.
The fact is, you better be on guard when you take that walk with either technology, because there’s dangers ahead. To make your journey safer I advise reading these two articles to see what challenges you’re facing right now, and further on down the road.
Information is power, and being informed is the key to staying on a safe path. Thanks for stopping by, and I hope you never have to deal with a computer or smart phone virus.
The best way to protect yourself from an online financial scam is to diligently check your bank accounts. At least, until now.
Israeli-based Security firm Trusteer has found an elaborate new computer virus that not only helps fraudsters steal money from bank accounts -- it also covers its tracks. Think of a crime plot involving a spy who plans to break into a high-security building and begins by swapping out security camera video so guards don't notice anything is amiss. Known as a surveillance camera hack, the technique has been used in dozens of movies.
A new version of the widely prevalent SpyEye Trojan horse works much the same way, only it swaps out banking Web pages rather than video, preventing account holders from noticing that their money is gone.
The Trojan horse employs a powerful two-step process to commit the electronic crime. First, the virus lies in wait until a customer with an infected computer visits an online banking site, steals their login credentials and tricks the victim into divulging additional personal information such as debit card information. Then, after the stolen card number is used for a fraudulent purchase, the virus intercepts any further visits to the victim's banking site and scrubs transaction records clean of any fraud.
That prevents -- or at least delays -- consumers from discovering fraud and reporting it to the bank, buying the fraudster critical extra time to complete the crime.
Victim account holders who check their balance at an ATM -- or even at a second uninfected computer -- would be able to spot the fraudulent transactions. The virus doesn’t impact bank systems, merely the characters that are displayed within the infected system's Web browser. That means paper statements would reveal the fraud, too.
Of course, consumers who rely on paper statements could be a full 30 days behind when it comes to spotting fraudulent transactions.While Klein is worried about the "post transaction" attack, he said consumers who have vulnerable Web browsers are bound to be victims of one fraudster or another. "My take is that if your computer is infected with financial malware, it's game over anyway," he said. "My takeaway is you need to prevent getting infected with financial malware in the first place."
Security experts predict 2012 will be a breakthrough year for cyber-attacks on smartphones. There are now enough of these mobile computers in use to make them an inviting target.
“Shopping and mobile banking are things that are going to leave a trail and contain lots of goodies that criminals can go after,” says Rachel Ratcliff Womack with the digital security firm Stroz Friedberg.
In addition to all of your personal information, you probably have business email and contacts on your phone. “It brings those two worlds together in a very convenient package for criminals to target,” Womack says. Not only are they loaded with all sorts of personal information a crook would like to steal, most smartphones are also completely unprotected.
The subject of malicious cell phone attacks has been greatly hyped the last few years. But during 2011 it became clear that this is a real threat that must be taken seriously. “We are only at the beginning of the wave,” says James Lyne, director of technology strategies at Sophos, an international firm that specializes in online security for businesses. “We’ve definitely got to start worrying about security on mobile devices.”
But people don’t seem to have the same security concerns with their smartphones that they do with their PCs. “The problem is that users may view these devices as eminently secure, when in reality they are just waiting to receive more attention from cyber-criminals,” Lyne says.
All smartphones can have security vulnerabilities, but right now most mobile malware is aimed at Android devices. That’s because Android powers more devices and it’s an open platform, which makes it’s easier for the bad guys to distribute their malicious software.
In a new report, Lookout Mobile Security estimates that Android users lost more than a million dollars to cyber-thieves last year. The company says the annual risk of encountering malware on an Android device is now 4 percent, up from 1 percent at the beginning of 2011. “In 2012, we expect to see the mobile malware business turn profitable,” says Kevin Mahaffey, Lookout’s chief technology officer. “What took 15 years on the PC platform has only taken the mobile ecosystem two years.”
What are the threats?
Mobile malware can do all sorts of things. It can spy on you, run up your wireless bill or steal your personal information.
“The things they are doing on PCs, they’re also doing on smartphones — and even more,” says Gary Davis with McAfee Labs.
- There are banking Trojans that will intercept financial transactions with your bank and then use that information to drain your bank account.
- Other malware can send text messages to premium SMS services without your knowledge. You wind up with a huge bill at the end of the month for text messages your phone sent.
- Spyware can harvest information about the places you go and when. It can also record phone conversations and forward them to the attacker.
- Quick Response codes (those black-and-white squares starting to show up in all sorts of ads) can also pose a security risk. Internet security company Kaspersky Lab recently reported that it found QR codes can link to malicious text messages or websites. And of course, you can always click on a malicious link yourself or be tricked into giving out your personal information via a phishing scam directed to your cell phone.
What can you do to protect yourself?
The first security software for smartphones is now available and more will soon hit the market. McAfee is working on a product that analyzes the “permissions” an app wants from your device and warns of possible threats. For example, a flashlight app doesn’t need to look at your location or your phone book. If the security software found a flashlight app asking for access to that information, it would flag it.
But do you really need security software for your mobile devices? “We don’t think that people have to install yet another program for security on their phones, at least not now,” says Paul Reynolds, electronics editor at Consumer Reports. “Probably the biggest security threat is losing your phone.”
Security expert Lyne agrees. He says mobile security today is about the basics: have a decent password, use encryption and make sure your device is patched — running the latest versions of both apps and the phone operating system.
But he says in the next year to 18 months, you probably will need to seriously consider security software, especially if you use your smartphone for shopping or banking. You also need to be careful about the apps you install. Think before you download. Check reviews. Be skeptical. “Stick with the major apps and the major app stores,” advises Rachel Ratcliff Womack. If you go to Amazon or the iTunes store, your chances of getting malware are relatively low, but still possible. You run a greater risk at the Android Market.
Time to walk on down the road…