Android picture and video kidnapping malware found

smartphones2-700x400Security expert Robert Lipovsky, of the antivirus firm Eset, has located a Trojan called Simple Shocker. This dangerous malware blocks infected users’ mobile devices, cyphering their pictures, documents and other contents and requesting money to perform a system restore.

So far, the main victims have been in Eastern Europe, in countries such as Ukraine, where users are being asked an amount equivalent to 21 USD to unlock their devices, something that would occur 24 hours after the transaction has been completed.

Source: Alta Densidad

Safety recommendations for using credit and debit cards

credit_cardA recent study conducted in Venezuela about the tendencies regarding credit and debit cards fraud after the inclusion of electronic chips, showed a 60.53% decrease of such crimes for credit cards, while for debit cards it showed was a decrease of 61.30%.

Said study conducted to 1,547 Venezuelan users of both credit and debit cards, determined that in the year 2009, 36% of users had cards that were cloned, while in 2010 said percentage decreased to 22.3%; in the year 2012 it decreased to 7.40%.

Even though this type of fraud has decreased, there have been reports regarding such crimes due to the lack of caution or care from users. It is important to be cautious and to bring attention to the security in order to prevent becoming a victim of criminals. Applying any of the preventive measures expressed below, can save your finances from being taken away by delinquents. Many of those measures are more related to common sense, others are warnings to be considered when making a transaction, whether at ATMs, restaurants or commercial shops.

Some the foregoing measures are as follows:

Be careful with your pin code

  • Cover the keyboard when typing the numbers.
  • Never let anyone know your pin code.
  • Do not write or record your pin code in your cell phone or in pieces of paper thrown inside your bag.
  • Change your pin code periodically.
  • Any time you get a new card, sign it at the moment of reception, check frequently that the card actually belongs to you (sometimes cards are switched in some stores).
  • Never use the same pin code for different products like savings and checking accounts, credit cards, or means of transaction such as audio, Internet, and ATMs.
  • Never loose sight of your credit card
  • Never give your card to strangers.
  • Never allow your card to be slid through devices different than the ones set for such purpose like ATMs and points of sales.
  • Always check that your card is slid in front of you and only one time (do not loose sight of it, especially in bars and restaurants).
  • Always cancel your card in case of theft, loss or if it has been retained by an ATM.

Use a safe network for Internet transactions

  • Do not use your card’s data through public networks (Internet cafes).
  • Always type your bank’s web site address.
  • Always search for the safe log out in the official web sites of your bank.

At the ATMs

  • Use ATMs that you are familiar with or use ATMs located under very good lighting and safe places.
  • Take a good look of the surroundings of the ATM and do not use it if you notice people that might look suspicious.
  • Do not open your wallet or purse while waiting on the ATM’s queue.
  • Be ready with your card at hand when approaching the ATM.
  • Check if there are any strange objects in the openings or keyboard of the ATM.
  • Avoid being helped by strangers.
  • Do not follow the instructions located next to the ATM that order you to type your card’s pin code more than once.
  • Follow only the instructions that appear on the ATM’s screen.
  • Do not type your pin code until requested by the ATM.
  • If you think the ATM does not work, press the ‘Cancel’ key, take your card, and find another one.
  • Never force your card in the card slot of the ATM.
  • If your card gets stuck, is retained, gets lost or someone cuts you out at the ATM, report it immediately to your bank or to the police.
  • Always make sure that you have completed the transactions by pressing the CANCEL key before leaving the ATM.
  • Do not rush while doing the transactions and put your card and cash carefully inside your wallet or purse before leaving the ATM.
  • Always wait until the ATM indicates that the transaction has been completed.
  • Check your account balance, as well as statements often, and report any discrepancies immediately to the bank.

At the bank office

  • Identify all the workers of the bank.
  • Deliver you money only at the cashier’s window.
  • If you notice anything irregular inside the bank, let one of the workers duly identified know immediately.
  • If you withdraw cash, avoid counting it in front of other people and put it on a safe place.

After leaving the bank or ATM

  • Avoid walking long distances by foot or window shopping for a long time or speak in the street.
  • If you have to make transactions with large sums of money, ask someone you trust to go with you. However, always use the electronic banking platforms.

On Internet

  • Make your personal transactions using personal equipment. Do not use Internet cafes, system halls or public sites.
  • Always type the name of your banking institution directly on your browser (www.nameofthebank’swebpage.com).
  • Never log in through a link written on an email, even though the email comes from someone you know. Do not believe any messages that suggests you to log into your account or to give card information. This is known as ‘phishing’, an illegal and fraudulent practice in which the delinquents design web pages similar to the ones of the banking institutions in order to steal your pin codes and then steal the money in the account.
  • Any time that you access a web page to make a transaction regarding your account, check that the web address shown on the upper side of the page starts with “https://” instead of “http://”, and that the browser shows the symbol of a locked lock on the lower side of the page.
  • Avoid using templates included in emails requesting your financial information.

Prevent theft or identity theft

  • Always check the state of your accounts to identify any potential balance in red.
  • Report the loss or theft of your identification documents to the police.
  • Do not deliver personal or commercial information through phone surveys or other means.

Keys for Internet shopping with minimum risks

comprasShopping through the Internet is more and more frequent. It is also more comfortable and it can save a lot of money to the buyer, but it can also generate frauds, frustrations and scams.

Commercial transactions through the Web comprise a growing number of items and are becoming a very frequent option among shoppers. At the same time, many stores and businesses now offer their products and catalogues “online”.

According to a study made by IBM in 2011 among 28,000 consumers of 15 countries, 86% of consumers would like to use Internet, their TVs and mobile phones to shop while eight out of ten people believe that the social networks will allow time saving when shopping.

Said analysis have made it clear that the percentage of consumers that want to use the technologies to either shop or perform research about products and services is growing, at least six points since the last time the study was performed in 2010.

Such increase in the interest people have in e-commerce have been verified among consumers with ages ranging from 15 and 60+, which have participated in said studies.

However, with the growing demand for products and transaction volumes through the Internet, there is also a growth in the risks consumers are exposed when buying, if they don’t take the right security measures.

According to Javier Echaleku, founder and director of the e-commerce consulting firm Kuombo, located in California, U.S.A., consumers are very intelligent and analyze the different options available in order to buy where information, security and customer service allow for a safe and profitable experience.

However, to buy safely, Echaleku advises not to buy on Web sites that don’t offer tranquility, in which the buyer is not treated as deserved or in which they are not able to explicitly get warranties offered by the seller, such as returns or trial periods. Besides, according to this expert, there should always be clear how much the client will pay for the product’ shipping and handling directly to his/her home or business. Also, there should be a phone number easily identifiable in order to keep up –to-date with regards to the status of the product and the seals guaranteeing a safe transaction.

The Norton Club from Symantec (a company specialized on Web security) suggests that the consumer should learn about the reputation virtual stores have (just like you do with physical stores) before making an order or payment transaction.

It is also recommended to read the terms and conditions of agreements, print and store them; pay special attention to the return policy of the store and the fees for replacement when returns are made.

Google’s “black list”

google-logoSmall businesses are suffering the increase in cybercrime, but a hacked website may carry even bigger consequences if Google tags it as “infected”.

The giant search engine constantly scans 60 billion URLs looking for malware and phishing codes. If a commercial website is considered suspicious, companies can wave their clients goodbye until the problem gets solved.

“If Google blacklists an infected website, you’re basically off the Internet until the website is fixed,” said Peter Jensen, CEO at StopTheHacker.com.

Google estimates it tags and quarantines about 10,000 websites per day (they don’t use the term ‘black list’). They don’t only scan Google’s search results and ads, but also tags suspicious URLs written on browsers. The search engine Bing, operated by Microsoft, treats infected sites similarly.

Being blacklisted can quickly decimate a small business’ reputation and sales.

“Businesses say they’re not at fault and shouldn’t be penalized. Google wants to keep the Internet safe for its users,” said Jensen, whose firm is contacted 20 to 30 times a day by blacklisted businesses.

What is Double Authentication?

Digital key in pixeled keyholeAlso known as “two-step verification” or “sign-in approval,” double authentication is a system designed to provide an extra layer of protection. It helps neutralize attacks aimed at obtaining the victim’s username and password.

Although a password is safer when it is formed by at least ten alpha-numerical characters, an attacker’s chance to obtain it is quite high considering malware codes that hack information directly, and in phishing it is users themselves who, under manipulation, hand over this information. Lastly, many servers containing users’ sensitive information are vulnerable.

Double authentication significantly mitigates the risks of such attacks using a code generated on users’ mobile phones. In accounts implementing this technology, users will have to enter not only their Access credentials (first authentication factor), but also a second factor that in most cases involves a random access code valid for each session received via smartphone or security token. The advantage of this system lies in the fact that if a cybercriminal manages to obtain the username and password, he/she will not be able to access the victim’s account without the second code or authentication factor.

Learning more about this technique and implementing it is quite useful considering that, according to a survey developed by ESET in April of 2013, 64.2% of Latin American users don’t know what double authentication is.

ESET Latin America’s Double Authentication Guide can be found at http://www.welivesecurity.com/wp-content/uploads/2014/01/guia-autenticacion-eset.pdf.

What are cookies?

internet-cookies-640x384Cookies are files used by web servers to store, recover and use information about their visitors. This way, when users return to a website they’ve visited before, the site keeps certain information about the users, such as name, password, and products or services the user showed interest in, etc. The file (cookie) is downloaded into our computer’s hard drive with the website’s browsing information.

Over the past few months, internet users may have noticed that most websites have posted cookie warnings, informing them that the website they’re visiting uses them to “improve browsing experience,” advising that if you decide to continue browsing, you imply authorization, and leaving the option to provide express consent by clicking an “I Accept” button.

But the truth is that most, not to say all websites, install cookies before users express their consent. The information about cookies is usually developed under the general website use conditions, a marginal or even hidden place rarely accessed by users when browsing a website mostly due to an absolute lack of interest.

However, users can avoid cookie downloads by disabling them in their browser options.

Real cost of cyber attacks in 2013

hacker-hackeo-computadora-robo-informacionUsually, the most costly cyber crimes are caused by service denial attacks, malicious employees and network-based attacks. Together, these types of attacks represent over 55% of the annual cyber-crime costs per organization.

Cyber theft is still the costliest of these crimes, while business interruption is in second place. Account loss represents 43% of annual external costs, 41% more than in 2012. Business interruption or loss of productivity represents 36% of external costs, up from 18% in 2012.

Recovery and detection processes are the costliest internal activities. These represented 49% in 2012, mainly involving disbursements and labor costs.

The cost of cyber crimes varies depending on the size of the company, although small companies are the ones spending more significant amounts per capita.

Financial, service, defense, energy and utility companies record much higher costs due to cyber crimes than retail, hospitality and consumption companies.