Top tips to avoid getting more than you bargained for this Christmas...
Number one: The 'bargain' store scam
How it works: One of the major attractions about purchasing things online is that there are often bargains to be had. While looking for a good deal, we may be tempted by low prices and forget to look at who we're purchasing from. Cyber-criminals are all too aware of this and create fake online shops to harvest credit card details and use them for their own gain. Products are often offered at much lower prices than on the high street, however, no parcel will be sent. Your credit card may be charged anyway and the card details sold on the black market.
Tempting as some offers can be, unfortunately the old adage is often true, if they sound too good to be true they probably are.
Tip for consumers: If you are shopping on an unfamiliar site then check that there is a landline phone number and postal address for you to contact the retailer if there's a problem. Check the payment connection is secure by looking for the padlock symbol and ensuring there is an https in the address bar (the 's' stands for secure). Only give your payment card details over a secure connection, and never by e-mail. Remember that EU Law protects you against fraudulent use of your payment card in EU transactions: credit cards give you extra protection.
Tip for businesses: The lines between work and play have blurred, and a happy employee is seen as a key to success. Many people can make good use of their time by Christmas shopping during their lunch hour, and using their work address to make parcel deliveries easier. Not having to battle with the lunchtime or weekend rush makes for a less stressed and more productive workforce.
Companies don't need to limit the amount of access employees have to the Web - they need to deal with the threats more effectively. By setting realistic Web usage policies, your staff will be encouraged to shop safely online during lunch break or out of office hours. Security solutions that categorise new sites and dynamic content in real-time, and proactively discover security risks, are designed to enable safe and productive use of the Internet.
Number two: The fancy dress disguise
How it works: In the run-up to Christmas, many people will send e-cards to friends and associates or a link to an amusing video clip. Unfortunately these can sometimes contain hidden malicious extras, or the e-mail may be a phishing scam in fancy dress. Embedded beneath the jolly Father Christmas images can hide malicious URLs containing links to malware or exploit code. This technique is continually evolving to increase the success rate, with new attacks becoming more sophisticated in terms of the imagery and lures utilised.
Tip for consumers: We all enjoy visiting popular video Web sites to view the latest joke or programme clip. These user-generated sites by their very nature are constantly being updated, which makes it difficult for traditional malware protection to keep you safe. Installing real-time analysis software can help to mitigate this risk, but you should always maintain a healthy suspicion of video content.
If you receive an e-greeting from 'a friend', 'a colleague' or 'a family member', look carefully at the originating e-mail address, and see if the e-mail is personalised to you - people who actually know you tend to know your name! Perhaps double check with the 'sender' that they really did send you the e-mail. If the e-mail links to a URL, look at the address to see where they are re-directing you to before you click the link. Does the address look different to where the card claims to be from? If any doubt exists about the origin of the mail, you should delete it immediately.
Tip for businesses: Blended threats (spam e-mails with embedded URLs) are on the increase and on average 85.6% of all unwanted e-mails contain links to spam sites and/or malicious Web sites.
A security solution that integrates Web security and e-mail security should be able to identify links in an e-mail and trace them back to malicious sites or content. Based on this accurate identification, solutions should be able to act in real-time to block the e-mail and any other attempts to access that Web site, view content, or transmit data to that destination.
Number three: The drive-by
How it works: This is one of the most dangerous types of attacks as no user interaction is required for infection to happen. Simply browsing an infected Christmas-themed Web site or news site could allow code to be executed that exploits vulnerabilities in software installed on that machine. Malicious applications could be secretly installed while you're browsing for a go-go pet hamster or playing an amusing penguin racing game.
Tip for consumers: Many of the most basic scams rely on already identified vulnerabilities in users' software, browsers or third-party plug-in. Where users don't download patches and updates, they leave themselves open to attacks from cyber-criminals, who aim to either take control of the machine or steal data. Where available, you should always download the most recent updates and patches to protect from these kinds of attacks.
Tip for businesses: It is no longer just porn or gambling sites that host malcode, it's news, travel and shopping sites too. In fact, 77% of Web sites with malicious code are actually legitimate sites that have been compromised.
Reputation-based monitoring is no longer an effective method of protection. Your security solution should be able to understand Web sites, Web content, applications, and malware beyond reputation alone, considering usage and Internet context for a real-time risk assessment. Only with this level of understanding can threats be blocked accurately and in real-time. Even if a well-known and trusted site with a good reputation were compromised, the threat would be prevented.
Number four: Unwanted gifts from Anti
How it works: Social engineering is the name given to the art of tricking a user into performing an action. Rogue anti-virus software is an example of a social engineering technique seen a lot by Websense Security Labs. When browsing, you might see a pop-up explaining your computer may be infected and offering to perform a free anti-virus scan. Don't be fooled, there is no scan; instead they will simply claim to have found a virus on your machine. You're not really infected, but this may encourage you to download or even pay for their (fake) anti-virus software, which is actually malicious software. Now the hackers have your credit card details and control of your computer.
Tip for consumers: Search engine results are often 'poisoned' to lead to malicious software disguised as anti-virus software. When you search for popular Christmas-related terms, search engine optimisation (SEO) poisoning pushes infected URLs to the top of the search results, to increase the likelihood of you clicking through to the rogue AV Web site. Exercise caution when downloading software or accessing Web sites, keep your guard up. The best guard you have against this attack - your grey matter. If you realise you may have fallen for a scam, contact the appropriate authorities.
Tips for businesses: Look for a secure Web gateway solution that provides advanced analytics - including rules, signatures, heuristics and application behaviours - to detect and block proxy avoidance, hacking sites, adult content, botnets, keyloggers, phishing attacks, spyware, and many other types of unsafe content. Independent testing confirms that the Websense Web Security Gateway leads the secure Web gateway market and exceeds analyst criteria for malware protection, data loss prevention, Web 2.0 threat detection, accuracy and effectiveness.
Number five: The Christmas jigsaw puzzle
How it works: The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines. Benign code is embedded in a Web page. When a user visits the page, a small JavaScript routine will slowly request more code from other Web servers a few innocuous bytes at a time. The bytes are stored until all the information has been transferred then the exploit is triggered.
It's a bit like sending a jigsaw one piece at a time. It's not until all the pieces are collected and put together that the whole nasty picture becomes clear. By this time - the bad guy is already in and can now go on to disable your anti-virus and take over the computer.
Tip for consumers: The attack, which works on all the major browsers, is not a browser vulnerability - it merely takes advantage of the way browsers work. Disabling JavaScript would prevent the attack; however, that's not a realistic answer for most Web users since it would break the functionality of almost all the top 50 Web sites that require JavaScript to be enabled.
Tips for businesses: The entire process - from data being transferred over the network to triggering JavaScript - can slip under the radar because no malicious content touches the file system. It's done completely in memory, and content is transferred in such tiny fragments that anti-virus engines don't have enough context to match any signatures. The answer lies in solutions, which scan active content; it is important not only to look at static content that has been put on disk, but also to be able to detect changes inside of the browser.
* Sources: Interactive Media in Retail Group and eBay
Share