La Piazza Blog - PANDA SECURITY SUPPORT

Posted by Blanca Carton October 13, 2009

Twitter, Facebook and MySpace are highly popular social networks. Unfortunately, there are always hackers who try to exploit the success of these networks for financial gain. Such is the case of Twitter, which has become an easy target for hackers to distribute spam.

How can you protect against spam in Twitter?

• Disable the “followback auto” option. This way, you will be able to choose the people you want to follow.
• Do not access all the links you receive. Make sure you know who you are following. 
• Follow the spam profile in Twitter: http://twitter.com/spam. You can find good tips here. For example, according to a recent post,  “If you gave your login and password info to TwitViewer, we strongly suggest you change your password now. Thank you!”
• Install a complete security solution on the computer, preferably with an antivirus, firewall and phishing filter module.

If you follow these tips you will be protected against spam.

What type of spam could I have received?

The most common types are:

• Trending Subjects Spam: This spam searches for popular subjects (e.g. Michael Jackson’s new movie, store discounts, etc.) to publish similar tweets with malicious URLs.
• Tweet spam: This type of message comes from one user following another. Consequently, all the attached followers can see the tweet.
• Direct Message: This direct message comes from a follower. Therefore only the recipient can see it.

Don’t forget to follow us in Twitter @PandaTechSup and visit us at our New Tech Support Forum !!

Blanca Carton -  eknowledge Department

Posted by Blanca, 07 August, 2009

Internet is an exceptional tool, it makes several tasks easier. However, being used for business and communication increases the possibilities of fraud.

Occasionally, online fraud scams are reported. To carry out online scams, hackers send an email passing themselves off as a bank. The email is used as bait, and readers are told their accounts must be checked, their information must be updated or that they must restore their password or PIN.  On accessing the message, they are redirected to a fake website, and on entering their details the information is sent to hackers, who from then on have access to the accounts.

This type of crime is called Phishing. If hackers obtains the victim’s password they will have access to the victim’s account and can wipe it out. Worse still, they can steal the victim’s identity.

These e-mails appear to come from a legitimate company, usually a financial institution or credit card issuer (though many like to use eBay and PayPal), urging you to take immediate action so your account is not deactiviated.

To increase the chance that they can trick you, they’ll even use the company’s logo, colors, and standard disclosure text. The e-mail will usually contain a link that takes you to a fake site made to look like the company’s legitimate web site.

Obvious clues that an e-mail is a phishing scam include:

• Misspellings and poor grammar. 
• Web site does not have “https://” in the address bar at the top. Legitimate companies employ secure socket layers (SSL) technology to encrypt your personal data. 
• Urgent tone or call to action. Phishing e-mails will allude to dire consequences like, “your account will be deactivated if you do not respond within 24 hours…” in the text. 
• Requests for personal information like social security number, account numbers, credit card information.

Email phishing is the most common form of phishing used by hackers nowadays. However, they also carry out phone phishing by calling people at home or at work. We recommend you to be very careful on answering questions, especially when talking to people who claim to work in the bank you have your savings in.

Remember that no responsible bank or financial institution requests personal and/or sensitive customer data via email or phone.

How to prevent becoming a victim of Phishing.

1. Be wary of unsolicited phone calls, visits or emails requesting personal or confidential information. 
2. Do not send personal or financial information via the Internet, unless you know the recipient.
3. Download program applications and updates directly from the provider’s website.
4. Pay attention to the website’s address. Some malicious websites are identical to the legitimate one, but use different addresses (i.e. www.paypal.Inc.com), when the original address is www.paypal.com.
5. Install your Panda Security antivirus, firewall, browser and e-mail filters and keep them up-to-date to reduce phishing traffic and spam.
6. Frequently check your accounts to make sure there are no inexplicable transactions. 
7. If you think an account or credit card has been compromised, immediately contact your bank and close the corresponding account.

Remember that one of the ways of fighting against fraud is to not becoming a victim; if, as an Internet user you learn to prevent falling victim to hackers, they will have to find benefits elsewhere.

How about you? Have you ever known anybody who has experienced Phishing attacks? Any other useful tips to prevent it? We are all ears!!