Categories
Cybercrimes Internet security Malware Phishing Trojans Virus Worms

Why Cybercrimes Are Spreading Like Forest Fire?

Cybercrimes are becoming the new normal. Everyday you wake up to almost a new case of scam, fraud, theft and what not? No, this should not be the new normal! If someones asks me what can we do about it, the answer is, “Educate yourself about cybercrimes as much as you can”. Because by the means of education you can fight back against these crimes and criminals.

One of the most important questions to be raised is, “why there is a hike in the rate of cybercrimes”? the root of the problem will give you the solution. If we work on this principle then it can be a step forward in flattening this crime curve. What kind of cybercrimes are rising and why is the main concern of this article. Let’s begin with the first concern, I.e. the types of cybercrimes rising this year.

cybercrime-spreding-like-forest-fire

Cybercrimes:

Criminal activities targeting or using computers by using a computer network or networked device is termed as a cybercrime. Most of the cybercrimes are committed by the hackers with the intention of stealing money from net users. But some of the cybercrimes are carried by individuals or even organizations.

The main aim of cybercrime is to steal personal information of users, commit crimes and extort money from them. Sometimes the aim can also be other than that like fulfilling any political or personal agenda. A lot of hackers use advanced techniques and are technically skilled. Such crimes are mostly organized.

There are different types of cybercrimes you must have heard about, mentioned here:

  • Identity theft : People using internet for cash transactions and banking services are under the target of cyber attackers. Hackers get unauthorized access to your system and steal important information about you like bank account details, credit and debit card numbers etc. And transfer money from your account or buy things online in the victim’s name. By stealing your identity such criminals can cause you financial loss.

  • Hacking : Hacking is one of the most common cybercrimes committed by hackers for accessing into the system of their victim and steal their credentials and sensitive information by using a variety f softwares. Government systems are usually targeted by the hackers so that they can gain notoriety.

  • Illegal selling on dark web : When hackers steal your information they can sell it to third party on dark web. Besides victim’s information other illegal things like drugs, weapons etc are sold here and the transaction takes place via cryptocurrency. Millions of users around the world are selling and buying illegal stuff on dark web.

  • Computer vandalism : In order to disrupt businesses computer vandalism is used where attackers damage computers and their data. Malicious programs are designed for performing harmful tasks like extracting login information, erasing hard drives and more.

Reason behind increased cybercrime:

  • Doing their research : Nowadays cybercriminals have become smart as they are doing research about their potential targets. They try to gain as much information as possible about the victim. Publicly available data from social media is a big help for them.

  • Cybercrimes can be operated from anywhere : Thanks to the easily accessible internet, cybercrimes can be operated from almost anywhere. To operate without any difficulty criminals are working in countries with limited digital crime laws or only lax enforcement standards. It’s a comfort zone for any criminal to work in a place with lower risk of being caught.

  • Art of being patient and persistent : Thinking that all the attackers are impatient when it comes to scamming people is not true in every case. Now that they have grown smarter they have learned the art of being patient and persistent. They know that having patience can be beneficial to them. Data breaches can take weeks to be discovered and that time is used by the attackers to spread malware to maximum users and stealing their data without being caught. Persistent criminals start by gathering information from social media platforms and then use it for extracting important information.

  • Evolving scams : Scams are evolving with the scammers at an alarming rate. They know old schemes won’t work on most of the users so they have evolved their techniques. Touch screens have become really popular amongst the present population. Scammers came with the plan to created digitalized dust particles or hair follicles. They appear on your phone/computer/laptop screen, you swipe it and in that moment a malware is installed on your system.

  • Targeting maximum people at a time : Because of email facility targeting bulk of people at a time isn’t a big task for scammers. Nowadays everyone is receiving mails with attachments looking from any legitimate organization. All you have to do is click open the attachment and your system is infected. Sending mails is an easy option is cheap and you can send it in bulk at a times
Categories
Malware Phishing Trojans Virus Worms

How Are Computer Virus, Trojans And Worms Different From Each Other?

Malware spread is rising rapidly and our computer security is at stake. Different types of malware are used by hackers to hack into our system and commit cyber crimes. Nowadays we all are getting news of identity frauds, phishing scams and what not. Many people don’t even know what has attacked their system so they can’t deal with it. Knowing about different types of malware is a necessary step, considering the present scenario.

How-Are-Computer-Virus-Trojans-And-Worms-Different-From-Each-Other

How many of you know the difference between a computer virus and trojan? Or between a trojan and worm? Or even between the three of them? If you want to know about it then you can find it in this article. In this article we will read about the difference between virus, worms and trojans and how such infections spread.

Starting with the basic definitions, we can say that:

  • Virus is a type of computer program or malicious software that connects itself to computer program or some other software and harms it.
  • Trojan is a type of malware that captures important information about a computer network or system.
  • Worms are the type of malware that replicates itself which eventually slows down the computer system.

Replication :

  • Virus replicates itself.
  • Trojans horse doesn’t replicate itself.
  • While worms have the ability to replicate itself.

Control :

  • Viruses are not controlled by remote.
  • Trojans can be controlled by remote.
  • Just like Trojans, Worms can also be controlled by remotes.

Spread :

  • Viruses spread at a moderate rate.
  • Worms have a faster spreading rate when compared to virus and Trojans.
  • Spreading rate of Trojan horse is slower than worms as well as virus.

Objective :

  • The main objective or aim of virus is to modify any information.
  • Trojan horse works with the objective of stealing information.
  • Worms as the name suggests has the objective of eating the system resources.

Execution :

  • Executable files are used to execute viruses.
  • To execute Trojan horses a programs that interprets as utility software is used.
  • The vulnerabilities of weaknesses of a system execute worms.

Spread of virus, worms and trojan horses:

How does these infections spread? By knowing this you can prevent your system from getting infected and your privacy from being breached.

Worms :

  • Most of the infections that attack your system are because of internet. There are links infected to website hidden in the HTML of website and because of that whenever that page loads infection is triggered.
  • Email attachments often carry worms and whenever someone opens that link the infection starts to spread.
  • Downloads and FTP servers can also contribute in spreading worms to your system. It starts by infecting individual FTP files or downloaded files. But if it goes undetected the harms caused by it can spread to the server and all outbound FTP transmissions.
  • Instant messaging apps can spread infection through desktop and mobile messaging apps generally as external links that includes native messaging apps like Facebook messenger, Whatsapp and more.
  • Worms can spread through P2P file sharing networks and by any other shared device or files like a network server or USB stick.

Trojan horses :

  • If anyone has access to your system then they can easily copy trojan horse to your hard disk or a hacker can also create a trojan that mimics a program unique to your system only.
  • If someone send you an email attachment infected with trojan horse, it is likely to infect your system whenever that attachment is opened. Hackers try to make that email attachment look as legit as possible so that the user gets tricked into opening it.
  • Sometimes people who cannot find your email address can send you trojan horse through online chat box or instant messaging because it is a relatively easy way of infecting someone’s system. Hackers befriend the potential victim, lure them by sending a file that catches their attention and when the victim opens it the trojan horse is triggered.
  • You can find trojans on websites providing free software like shareware programs. On such websites trojan horse write can get anonymity and a chance of attacking as many people as they want. Website operators don’t go through every file posted which result in trojan horse slipping through the checking process unnoticed sometimes.

Virus :

  • Promotional mails are there in everyone’s mail box. Such mails comes with virus containing attachments but looks like from a legit website. So users generally open those attachments and their system gets infected.
  • Many websites like dating, gaming entertainment or adult automatically install virus and other malware into your system.
  • Hard drives containing infected disks are responsible for virus attacks and infections. Virus programs can get activated when you attach the hard drive to your computer and restart it and your data gets compromised.
Categories
Phishing

The Pandemic Phishing

Just when you thought pandemic has slowed things down, the hackers and scammers came out of their shells a little bit more. People are getting scammed in the name of Covid-19. it looks like the number of Covid-19 cases and phishing cases are increasing day by day. Even if the number of infected people are decreasing, the scammed people aren’t.

To spread the phishing scams hackers are taking advantage of health scares. Infected links and attachments are being sent through mails, messages and social media posts. Being aware about these scams has become way too necessary. This Covid-19 phishing scam, like any other scams, can be really harmful so it’s better that you go and find a sure solution for it.

It is very obvious that if someone sends you a mail about Covid-19 or anything else associated with it in a pandemic then you’ll open it. That’s how these phishing scams are running and we, being unaware about it are suffering. The attackers will send you e-mails claiming to be from a legitimate organization containing information about the Corona Virus. It is very easy to infect your system with such mails, links and attachments without even letting you know. What do we do about it then? Let’s see that in this article.

Dealing With COVID-19 Phishing Scam:

The first thing is to spot a Covid-19 phishing mail. Here’s how you can do it:

  1. Health advice mails: Hackers know it very well that people are looking for reliable health advice to protect themself against corona. So they are sending you emails in the name of health advice claiming to be from a reliable source. The mail may provide links stating it to be the “Safety guidelines for beating this pandemic”. if you click on that link it will lead to the download of malware.
  2. CDC Alerts: Cybercriminals will send you an email claiming it to be from the U.S. Centers for Disease Control. It may claim to have a link showing lists of infected people in your neighborhood or the safety hazards that you need to follow for being safe. They will lead you to some fake page or may hang your system which means your system has been infected.
  3. Workplace policy emails: Employees from different organizations and workplaces are being targeted by hackers and sending them emails that claim to be from their workplace. These links and attachments will again lead you to the path of malware download.
phishing-scam

You should know how to recognize, avoid, and protect yourselves from such phishing emails the minute you see them and here are some ways to do that:

  • I’ll be very clear with the fact that no Legitimate Government Agency will ever ask you for your personal information like Social security number or any login information. They don’t need it. So if any email claiming to be from a legit government agency is asking you such a question then it is a red flag. Completely avoid such mails, don’t open them or the links and attachment contained in that mail.
  • The urgency or emails asking you for an immediate response can be a phishing mail. You don’t have to react on it. Hacker’s main goal is to achieve your personal information as soon as possible so that they can scam you at that very instant. Delete that mail as soon as you receive it.
  • You should also look for generic greetings. One characteristic feature of phishing emails is that they won’t use your name. Instead, they will address you like “Dear Sir or Madam”. It’s your cue to go and delete the mail, else you can get scammed.
  • Always, I repeat, always check for any type of error in your mails. It can be anything like grammatical errors, spelling mistakes, errors in punctuation. Any mail containing such mistakes is a phishing mail for sure. Look closely and save yourself from getting scammed.
  • To protect yourselves from phishing emails you can secure your system with security software. Set it to update automatically so that it can deal with all the online threats and attacks non its own.
  • Multi-factor authentication is one good way to protect your system from any cyberattack. All you have to do is to add two or more credentials to log in to your account. It can be of two types:
    • Scan of your fingerprint, your face, or retina, basically something that you are.
    • Code you got through text or any authentication app, basically, something you have or you got.
  • Backing up your data is a very important step if your system somehow gets hack. You can make a copy of a; your data and keep it safe in a hard drive or cloud storage.

Categories
Phishing

Consent phishing- What all you need to know

There used to be a time when giving your credentials was a basic necessity for hacking into someone else’s system. But nowadays giving your personal information is not very important for being hacked. How? The answer is really simple, Consent phishing. What is Consent phishing? How does it work? What should you know about it? Let me just mention all this here.

What is Consent Phishing?

Consent phishing is a type of application based threat that you should keep an eye on. It is the same like phishing and it is something you may not know about fully but one thing you need to know is that it is an actually dangerous threat! Consent phishing basically works by tricking users into granting access to a malicious app to get the personal information of the user. The hacker/attacker will seek permission for an attacker-controlled application for accessing the valuable data instead of stealing the user’s passwords.

Even Microsoft has warned about Consent phishing. In such type of attacks, the user sees a pop-up from an app asking for extensive permissions. Then the consent screen shows all the permissions that the app will receive and people accept all the terms and conditions thinking that the app is trustworthy. As soon as the user accepts the conditions, the attackers will get access to their mails, forwarding rules, files, profile, notes, contacts, and other sensitive pieces of information.

consent-phishing

This is how Microsoft explained what happens in Consent phishing:

  1. The attacker registers an application with an OAuth 2.0 provider like Azure
  2. In order to make the app look more trustworthy attackers tend to use names of popular products that are used in the same ecosystem.
  3. By using techniques like email phishing, or compromising some non-malicious websites, the attackers get a link in front of the user.
  4. After the user clicks that link and authentic consent is shown asking malicious apps permission to data.
  5. When a user accepts the conditions, it grants the app permission to access the personal data.
  6. Then the app gets an authorization code that acts as an access token and even as a refresh token too.
  7. This access token will now be used to make API calls on behalf of the user.

Dealing with Consent Phishing

Consent phishing is dangerous, for sure. But you can’t say there isn’t a way to protect yourself from it. Here are some steps that can help you to deal with this consent phishing.

  • Educating people about how permissions and consent framework works:
  1. People should educate their employees how permissions and consent work within their platform. They should understand the permissions and data an app is asking for.
  2. Ensuring that administrators know how to manage and evaluate consent requests.
  3. In order to ensure that apps being used access only the data which is required and sticks to the principle of least privilege there should be consented permissions and audit apps.
  • Educating your organization about consent phishing techniques:
  1. One of the most common features of any bogus website would be wrong spelling and grammar. So you should always do a spell and grammar check before downloading anything from it. If you want it suspicious the check the grammar and spellings thoroughly.
  2. Another trick played by the attackers is the use of fake app names domain names and URLs. They use app names that make them look like from any genuine app or company. Because of this, they can trick you into giving consent to a malicious app. So you must always check the app name, domain name and URLs before giving consent.
  3. Employees should always read their emails thoroughly and almost every phishing mail comes with a link. But don’t always trust what you see. The link may say “Go To Office 365 account” but as soon as the user clicks the link it takes you to some bogus page that may look very familiar to the original Microsoft page. Before clicking on the link the user must see the pop-up that displays the link’s real location. If the link and pop-up address doesn’t match it means that is a phishing link./mail.
  • Promoting and allowing access to the apps you trust:
  1. Allow users to only consent to the specific applications you trust so that you can configure app consent policies. It is possible when the apps you are using are made developed by your organization or from some verified publisher.
  2. Use of publisher verified applications should be promoted. By using publisher verified applications it is easier for admins and end-users to understand the authenticity of app developers.

In this ever-changing world of technology even the attackers are coming up with some advanced and subtle techniques. To protect your system or PC you have to with PC Cleaner or PC Security tools. And by these techniques, you can prevent yourself from being tricked into this phishing trap.

Categories
Phishing

Phishing- How to prevent it?

If you are familiar with the term Phishing then you may also know that earlier phishing techniques were pretty common. You may have seen or heard about bogus websites that look really similar to the original ones. It is a well-known fact that hackers are always trying to steal your information for their own benefits. This article will talk about phishing and how there are different types of it.

What is Phishing?

The most irritating thing about Phishing is that, that we know how it may happen but we still can’t do anything about it. Sometime people just fall into this Phishing scam and don’t know what to do.

Now what actually is phishing is the matter of concern. Phishing can be defined as a cyber crime that takes place by targeting people through emails, texts etc. Where they (hackers) pose as some legitimate institution and lure people in providing them their personal information such as passwords, credit cards and bank details.

Once the hackers get this information they can hack into your systems or take money out of your account in no time and not even giving you time to react. Here are some of the common features of phishing.

  1. First of all, they are too good to be true. They look so eye catching and have statements that will surely catch public attention. This can be about winning any lavished prize, money or a trip, anything that lures people. It is a red flag! Do not click on such links.
  2. Receiving any unexpected mail can also be a sign of phishing. There can be attachments on that mail carrying payloads such as ransomware or any other type of virus. So don’t open such kind of attachments.
  3. One of the most common features of phishing can be hyperlinks. Whenever you click on such links, which you should not, it redirects you to some page that will look familiar to the original one. You have to look closely and find flaws if you find that page suspicious.
  4. If you sense urgency then it means hackers are trying to trick you. One of the most common characters of phishing includes this. They may tell you that this sale ends in a minute or offer is valid for just a few minutes. You may get mails stating them. The best thing you should do is to avoid them.
  5. Sometimes you can get suspicious emails or messages from unknown or even known people. If you find it suspicious then you don’t have to open it. You aren’t obliged to do it even if that suspicious mail is from someone you know.
phishing-prevention

Types of Phishing

Nowadays hackers have found different ways to scam us and some of the most common phishing methods are mentioned below.

  • Email phishing: It is one of the most common phishing techniques you can see. As the name indicates the phishing attacks are sent by mail. The hacker will register a fake domain that highly resembles the original organization. The fake domain name can contain character substitution like writing “m” and “rn”. Consent phishing is also there which is basically works by tricking users into granting access to a malicious app to get the personal information of the user
  • Spear phishing: This is one type of sophisticated phishing that involves the use of emails. Here malicious emails are sent to a specific person. This type of phishing is possible only when the hacker/attacker has all the information about the victim like their name, email address, place of employment, job profile, and specific information regarding that too.
  • Smishing and vishing: Smishing and vishing involve two steps. Smishing means sending malicious texts (just like email) to a person and vishing means having a telephonic conversation. A very common example of this technique is getting fake calls from a fraud investigator and them telling us how our bank account has been breached. They then ask for our card details for identity verification to move our money into a secure account. Once they get the details, they (the attacker) transfer our money into theirs.
  • Whaling: Whaling attacks target someone like a senior executive of a company, with a bit more subtle way. It is actually very obvious that attackers can’t fool the executives by these malicious links, emails, or text messages. They are very much aware of it already. Here bogus tax returns are used to trick them and are a common type of whaling. This trick is used by the attackers as it involves following useful information like name, address, bank account details and social security numbers.
  • Angler phishing: Social media has come up with new techniques to trick users like fake URLs, duplicated websites, tweets, posts, and many other things as well. By using these techniques attackers can make people download malware (unknowingly) or give personal information. This trick is really common and effective for attackers because almost everyone uses social media on a daily basis.

So this article concluded some basic information about phishing and its types. You can see and know if someone is or will ever try to phish you. The bottom line here is only you can save yourself from being phished by knowing these common do’s and dont’s.