Cybercriminals exploiting user inexperience
Noteworthy threats in October 2011 included the return of a rogue web browser, a phony hacking tool for Gmail account password recovery and malware disguised as advertisements on Yahoo and Bing.
“The threats uncovered in October again demonstrate how cybercriminals prey on users’ inexperience and carelessness,” said Christopher Boyd, senior threat researcher at GFI Software.
“They count on users being too excited by an exclusive offer or too trusting of online advertisements to do their due diligence. Whether users are downloading software or inputting personal information online, they should always do everything they can to verify that they are visiting a legitimate website and not a well-crafted forgery,” he added.
In a continuing series of threats first noted by GFI in September, rogue advertisements were discovered among Bing and Yahoo search results.
Searches for Adobe Flash produced ads posing as official Adobe download pages. A cursory examination of the website URL would have alerted users that they had been redirected to a third-party webpage.
Meanwhile, fraudulent programs like the Gmail password recovery tool take advantage of users who do not diligently research solutions to their computer issues. Gmail account holders trying to recover their passwords are tricked into installing a Trojan and paying a fee. A simple web search uncovers a safe and official recovery method offered by Google for free.
GFI Labs also spotted several phishing and 419 scams last month, including a secret shopper con; the Facebook appearance of the “world’s richest man” promising to give away his fortune; a fraudulent security message from the Royal Bank of Canada; and a Twitter direct message sent to hijack users’ accounts.
As the holiday season approaches, GFI urges online shoppers to be extra cautious when browsing and shopping online. Cyber Monday shopping grows in popularity each year, making bargain hunters a likely target for new malware and phishing campaigns as they browse the web at work and at home.
In addition to remaining vigilant while online, users should protect themselves further by making sure that their antivirus software is always up to date.