24 June, 2016
Spyware is a general term for the malicious programs aimed at gathering information from a computer system without the consent of the user. They record keystrokes or monitor user’s internet activity to collect sensitive data such as usernames, email addresses, passwords, credit card numbers etc. The data is then transmitted to the hackers who may use it to initiate various online attacks. Spyware may infect a computer system through a malicious email attachment, visiting a spam website or in the form of a drive-by-download.
Listed below are some useful tips to protect against spyware:
Install anti-spyware software
The most critical step in protecting your computer system is to install a reliable anti-spyware software. Most anti-virus programs may detect and remove malware, but they may not be able to identify the diverse variants of spyware. Make sure you update it regularly and configure it to check for the latest versions available. Enable a complete scan of your computer’s hard drives on a regular basis to detect any spyware program that may have discreetly infected the system. It will add an additional layer of protection.
Be cautious while surfing the web
You should not click on unknown URLs or visit malicious websites. The browser plugins included in the anti-spyware software should be enabled to protect against infections. Software should be downloaded only from reliable sources after carefully researching about its reviews and information that it may access on your computer.
Keep operating system updated
An updated operating system will make your computer less vulnerable to the online threats. Software vendors often release the security patches to fix any flaws that may be exploited by the cybercriminals. Enable automatic updates so that your computer automatically scans and downloads the latest software versions periodically.
Do not click on ads or pop-ups
Flash advertizements and pop-ups are common ways through which spyware is downloaded into a computer. To avoid this, make sure you do not click on or enter any confidential information in these windows. It is possible that the hacker may be tracking the way you respond to these ads or tracing the data you enter. If you want to close an unwanted ad or pop-up, click on the ‘X’ icon instead of the ‘close’ link within the window.
Centex Technologies is a leading IT firm providing complete online security solutions to the business firms in Central Texas. For more information, you can call at (855) 375 – 9654.
June 9, 2016
Spear phishing is a form of cyber-attack targeted towards an individual or organization to obtain confidential information. It is a social engineering technique that involves sending a spoofed email, which appears or claims to be from a legitimate source, asking the user to visit a website or click on a link. Though often intended to steal data that can be further used to initiate an attack, cyber criminals may also use spear phishing to install malware on the victim’s computer system.
Key Characteristics Of A Spear Phishing Attack
- Multi-Course Threat: Spear phishing uses a combination of spam emails, zero day application vulnerabilities, spoofed website URLs and add-on downloads to circumvent detection by the security software.
- Leverages Unknown Software Vulnerabilities: In a spear phishing attack, the hackers tend to exploit the unknown security loopholes in the users’ browsers, applications and plug-ins.
- Lacks Spam Characteristics: The cybercriminals usually send personalized emails to the target users, hence making them different from the prevalent high-volume security attacks. Therefore, the anti-virus and anti-spyware programs are less likely to perceive these emails as a threat.
How Does Spear Phishing Work?
In order to launch a spear phishing attack, the hacker first needs to gain some insights about the target user so that a personalized email can be crafted. The information is often accessed through the user’s social media profiles and posts. After this, they send a well-crafted email to a user, often claiming to be from a bank or other authorized entity, provoking the user to take an action. These may involve:
- Clicking on a link that redirect to a fake website asking the user to enter his user ID, password, bank account number, social security number etc.
- Downloading attachments, usually PDFs, Office documents, zip folders or executable files, which install malware on the users’ computer.
The content shared in a spear phishing email is highly customized to compel the users about the authenticity of its sender and increase the likelihood of exploitation.
Tips To Protect Against Spear Phishing Scams
- Make sure you do not provide any personal information in an email. Most companies/ financial institutions do not ask for such details in an email.
- Never click on links embedded in an email. Instead, type the URL manually in your browser’s address bar.
- Keep your security software, browsers and applications updated to the latest version. An obsolete program is more likely to be targeted by the cybercriminals.
Centex Technologies provides complete IT support to the businesses in Central Texas. For more information, feel free to call us at (855) 375 – 9654.
May 26, 2016
Identity theft has always been a major concern for the internet users. Cybercriminals constantly attempt to breach the personal information, such as user names, passwords, social security numbers, bank account details etc. to carry out various online scams. They may also make unauthorized purchases on the victim’s credit card and breach into email account to send out spam mails or initiate phishing attacks.
The following security measures can be implemented to protect yourself against identity theft:
- Be Aware Of What You Share: You must be cautious about the information you share through your social media profile. Make sure you do not post your address, contact details, social security number, date of birth etc. as these can be easily used by the hackers to steal your personal information. Configure the privacy settings at the highest level to safeguard your account.
- Create Strong Passwords: Maintaining password security across all your online accounts is critical to protect them from being hacked. Create strong and hard-to-crack passwords comprising a combination of uppercase/lowercase alphabets, numbers as well as symbols. Use a different password for each account and update it frequently.
- Protect Your Mobile Device: There are many apps that allow you to conduct banking transactions, shop, pay taxes or track your finances online. Make sure you download the app or software only from a credible source. Check its ratings and reviews before downloading as well as confirm what information it may access on your mobile. Also, block the installation of apps from unknown sources on the device.
- Watch Out For Phishing Scams: You should never trust emails that claim to be from an authentic source and ask you to click on a link or provide your personal information, such as address, account number, credit card details etc. Do not reply to such emails or download any attachment contained in it. Instead, you can directly contact the concerned company to know about the legitimacy of the email.
- Use Security Software: Key loggers, backdoors as well as other malicious programs can allow the hackers to gain access to your computer and steal information. These programs may infect your computer through email attachments, drive-by downloads or clicking on a malicious advertizement. After this, the hacker may attempt to steal information by session hijacking, accessing files and documents or recording keystrokes to breach the password.
For more information and prevention tips for identity theft, contact Centex Technologies at (855) 375 – 9654.
May 20, 2016
Cybersquatting can be defined as an illegal registration, use or trade of a domain name with the intent of making monetary profits from website visits. In most cases, the cyber squatter may sell the domain to the rightful company at a certain price. However, he may also attempt to divert users from the legitimate website to infect their device with malware.
Types Of Cybersquatting
- Creative Extortion: This form of cybersquatting capitalizes on the adjournment or ignorance of the business owner to register a domain name. The cybercriminal may get hold of the domain and sell it back to the owner at a higher price.
- Typosquatting: In this case, the cyber squatter creates a URL based on the common typographical errors made by the users. For instance, www.abcd.com may be registered as www.abxd.com, owing to the proximity of the keys ‘c’ and ‘x’ on the keyboard. Whenever a user misspells the URL, he gets directed to the fake website.
- Dropcatcher: This involves purchasing a domain name immediately after it has expired, without giving its owner the time to re-register. By acquiring the domain name, cyber squatters may greatly benefit from the huge traffic that would otherwise have been received by the genuine website.
- Defamatory Cybersquatting: Some cyber squatters may purchase a domain name and publish defamatory comments about a trademark owner. This compels the owner to purchase the domain at a higher price to protect his reputation and credibility.
Tips To Protect Against Cybersquatting
- Make sure you register your company’s domain name and logo as early as possible. Also, renew it in a timely manner. Many cyber squatters have specialized software to scan registry services and acquire the domain name right when it expires.
- Get a domain name registered even if you have not set up your business yet. Cyber squatters usually buy domains in bulk, so you should acquire all potential URLs that you may want for your business.
- Build up as many variations of your domain name as possible to prevent typosquatting. All these additional domains should be redirected to your primary website. Register all the typographical errors that users may make while entering the URL. If your URL has more than one word, register it with hyphen between them. You should also consider registering multiple extensions for your domain name, including ‘.com’, ‘.org’, ‘.net’ etc.
Centex Technologies provides comprehensive cyber security solutions to the business firms in Central Texas. For more information, you can call us at (855) 375 – 9654.