La Piazza Blog - PANDA SECURITY SUPPORT

Posted by Nerea Bezares, 29th October, 2009

Computer fraud is an everyday issue. We are becoming accustomed to hearing on the news about criminal groups that clone credit cards, hack mail accounts, bank accounts, etc.                                                                                                                                                                               

Most of these scams are carried out withour the user’s knowledge. The process is transparent until the scam is complete. However, in the case of phishing, users knowingly send their bank details to an email address (or website), and therefore have an active role in the scam.
 
Despite the best efforts of banks to warn users about these risks, victims still fall into the same traps. Today however, I would like to talk about another scam we have encountered on the Internet. It’s a traditional scam adapted to use a combination of new technologies to defraud users.
 
Ever heard of the pigeon drop scam before? Basically, it involves convincing a victim or ‘pigeon’ to give up a sum of money in order to obtain a larger sum of money. The result however is that the scammers end up with all the money.

There are many variations, but typically, the victim is presented with the chance by one of the scammers -who will often appear to be extremely naïve or stupid- to get a large sum of money (or valuable object) in exchange for a much smaller amount. A stranger (in reality, one of the scammers) will invariably appear, encouraging the victim to seize this ‘opportunity’. The victim hands over his money in exchange for the bag or envelope containing his sudden windfall, which, as the bag has been switched, turns out to be strips of newspaper or other worthless material. By this time the scammers have made off with the victim’s money, and the ‘pigeon’ will rarely report the crime through guilt or shame.
 
As innovation is all the rage among the criminal fraternity, we now have a technological version of this traditional scam. A user receives an email explaining how easy it is to become a hacker and get hold of a list of credit card numbers which can then be used to buy things online, transfer money out of people’s accounts, etc.

To access the list, the user simply has to forward his own credit card details to the sender of the email, who is –needless to say- the real hacker. The hacker will then be able to use the credit card for whatever he wants. The scammed user will not know how to explain it to the authorities, as on the one hand, he has given out his details voluntarily, and on the other, he did so to steal from other users.
 
What do you think about this scam? Do you think those who attempt to scam others deserve what they get?

We remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

Posted by Sean-Paul Correll, October 21,  2009
     
Banking Trojans are one of the most prevalent Malware species in the threat landscape today.  Malware authors aim to keep infections live and undetected long enough so that they can get what they are really after: money.

Financial motivations lead malware developers to craft the stealthiest banking Trojans to steal personal and financial data for further exploitation on the black market.  Day after day innocent victims are hacked with the end result being an emptied out bank account.

This video demonstrates how dangerous and stealthy banking Trojans can be and why we must continue to raise awareness on the issue.

Make sure your Panda Security–antivirus  solution is up-to-date, we’ll take care of protecting you while you use your bank online.
As you can see, the criminal mind is quite creative, but you can avoid falling victim by paying attention and implementing the necessary security measures.

Would you like us to mention any other information that can help people avoid these crimes? Why not tell us about it?

If you still have a banking trojan problem, we remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

e-Knowledge Department

Posted by Blanca Carton September 17, 2009

Although the Internet is a great source for job offers and other opportunities, it is also frequently exploited by hackers to defraud users quickly and anonymously.

A typical example of this comes in the form of junk mail –or spam- that will no doubt have reached your mailbox at some time. This junk mail offers many things:

• Easy money for taking part in a competition by dialing a premium-rate number.
• Information from your bank, promising a gift or asking for your login details (or credit card number and password).
• Job offers promising incredible salaries… asking you to dial a number or send your CV together with a certain amount of money (supposedly to cover administrative costs).
• Tax returns… claiming they need the user’s credit card number and password to complete the transaction.

Remember:

1. No company/bank would ever request your account number and password by email/phone. This data is confidential. 
2. Follow the safe online purchase/payment procedure we have outlined before Some Safe Online Shopping Tips.
3. Never be rushed into a decision. If you have any doubts, contact your consumer advice office.
4. Keep your antivirus up-to-date. This will help you prevent spam.

Tell us about your experience.

Blanca Carton

Posted by Leyre August 19, 2009

The first thing you must do in order to protect your computer and data is to create a safe password, especially in these days, with the prominence of social networks. People tend to use easy-to-remember passwords, but this is a risk, as hackers can then easily access your confidential information. It is common sense, or would you leave the door of your car unlocked just because it is easier to open it? You wouldn´t, right? Same happens with password safety. Here go a  few useful tips.

DONT´s when creating a password

1. Never use passwords that can be found in a dictionary. They can be cracked with clever - and even not-so-clever - password hacking programs.
2. Never use password containing less than 8-characters long. The shorter the password is, the easier it gets to guess it.
3. Never place numbers after the password if the password Word can be found in a dictionary. It is best to insert numbers and special characters in between a word or replace some of the letters by special characters, for example,  Charles – Ch@rlE$
   This is a little safer.
4. Your cat’s name is not unique. Leave it alone Ditto your name, your birthday, your mum’s maiden name or your birthday.

DO´s when creating  a strong password

1. If you want to have a password which is easy to remember but hard to guess, memorize a sentence. Then, use the initial of each of the words of the sentence as the password. Then add a final point or a special character  (!, @, #, $, %, ^, &, *) at the end, followed by two numbers and a capital letter.For example: April is the month of rain - ( Aitmor@05 )
2. Always use a password that is between 8-14 characters, minimum 8.
3. Combine capital and lower case letters in your password.
4. And if you do need to write it down, try not to do it on a piece of paper entitled “Internet Banking Passwords”
5. Change your password every 30 days.
6. Make sure the user name and password are different

For more information, check out PandaLab´s blog post on Social networking, Passwords and privacy and watch the following video to quickly review the most important tips!!

What do you think about this article? Do you want to share your experiences with us? We would love to hear from you!!

Posted by Blanca, 07 August, 2009

Internet is an exceptional tool, it makes several tasks easier. However, being used for business and communication increases the possibilities of fraud.

Occasionally, online fraud scams are reported. To carry out online scams, hackers send an email passing themselves off as a bank. The email is used as bait, and readers are told their accounts must be checked, their information must be updated or that they must restore their password or PIN.  On accessing the message, they are redirected to a fake website, and on entering their details the information is sent to hackers, who from then on have access to the accounts.

This type of crime is called Phishing. If hackers obtains the victim’s password they will have access to the victim’s account and can wipe it out. Worse still, they can steal the victim’s identity.

These e-mails appear to come from a legitimate company, usually a financial institution or credit card issuer (though many like to use eBay and PayPal), urging you to take immediate action so your account is not deactiviated.

To increase the chance that they can trick you, they’ll even use the company’s logo, colors, and standard disclosure text. The e-mail will usually contain a link that takes you to a fake site made to look like the company’s legitimate web site.

Obvious clues that an e-mail is a phishing scam include:

• Misspellings and poor grammar. 
• Web site does not have “https://” in the address bar at the top. Legitimate companies employ secure socket layers (SSL) technology to encrypt your personal data. 
• Urgent tone or call to action. Phishing e-mails will allude to dire consequences like, “your account will be deactivated if you do not respond within 24 hours…” in the text. 
• Requests for personal information like social security number, account numbers, credit card information.

Email phishing is the most common form of phishing used by hackers nowadays. However, they also carry out phone phishing by calling people at home or at work. We recommend you to be very careful on answering questions, especially when talking to people who claim to work in the bank you have your savings in.

Remember that no responsible bank or financial institution requests personal and/or sensitive customer data via email or phone.

How to prevent becoming a victim of Phishing.

1. Be wary of unsolicited phone calls, visits or emails requesting personal or confidential information. 
2. Do not send personal or financial information via the Internet, unless you know the recipient.
3. Download program applications and updates directly from the provider’s website.
4. Pay attention to the website’s address. Some malicious websites are identical to the legitimate one, but use different addresses (i.e. www.paypal.Inc.com), when the original address is www.paypal.com.
5. Install your Panda Security antivirus, firewall, browser and e-mail filters and keep them up-to-date to reduce phishing traffic and spam.
6. Frequently check your accounts to make sure there are no inexplicable transactions. 
7. If you think an account or credit card has been compromised, immediately contact your bank and close the corresponding account.

Remember that one of the ways of fighting against fraud is to not becoming a victim; if, as an Internet user you learn to prevent falling victim to hackers, they will have to find benefits elsewhere.

How about you? Have you ever known anybody who has experienced Phishing attacks? Any other useful tips to prevent it? We are all ears!!