In internet, the online business may affect by two types of attacks. One is direct attack to your Organization and another type is Mass shotgun style of attacks that are designed to infect any users. In these direct attack is the most dangerous method to attack your businesses. It uses advanced technique includes zero-day exploit or a new piece of malware to gain permission through a backdoor onto the user’s machine.
M86 Security has listed five safety measures against the internet scams.
1. Reanalyze your current security
To protect your businesses against scams, re-examine the security products used in your business. Ask your present vendors hard questions about accurately how they identify and block these threats. The best method must have a solid base of reactive controls in antivirus and URL scanning with proactive technologies such as real-time code analysis. Test the products and make sure that the vendors are investing in threat examine.
2. Stay up to date
Scammers commonly target the old version web browsers or applications. So keep web browsers, add-ons/extensions and desktop applications as updated versions.
3. Educate users about security awareness
Internet usage is the main part of a security. So give the knowledge about the internet security. Give examples of social networking scams and tell how easily the computer get affected and force them to maintain applications up to date. Alert everyone from clicking on any email links.
4. Utilize browser add-ons or extensions for an extra layer of security
Use the NoScript extension for Mozilla Firefox to limit the execution of JavaScript code.
Use Mozilla Firefox NoScript Extension to limit the execution of JavaScript code. There are many free tools such as M86 SecureBrowsing to analyze links in the Search engine results and web pages for any malicious code. It also analyzes shortened URL’s in Twitter.
5. Secure your Social Networking site accounts.
Set the Privacy settings in your social networking site accounts. Configure privacy settings corrected, because incorrect configuration may lead the scammers to access your accounts easily.
The Better Business Bureau (BBB) ranks the top 10 scams in 2011. In that top 10 scams, first one is common, email scam that can steal password and other personal information and the nine other scams are,
- Job scam: This type of scam is mainly target to the unemployed persons who seeking for job. Many e-mails, websites and online forms are actually phishing scam that steal your identity and many will ask you to fill out credit-card information.
- Sweepstakes and lottery scam: It will send you a mail to claim a won amount or a big prize, but in order to do this you should pay a small amount of money. Recently this type of scam like this “Facebook founder Mark Zuckerberg promising a $1 million prize”.
- Social media/online-dating scam: This will mainly focus on your social media sites that will search your personal data. It will send you a message on social network like your friend sending. If you open means it leads to download a worm that logs into your social media account and search your personal information.
- Home-improvement scam: It will knock on your door and provide a deal on services. They will identify a serious problem and say they can repair it for lower cost. The BBB told that this is the most evil of these scammers show up after a natural disaster
- Check-cashing scam: A purchaser gives you a check for extra than they buy and asks you to deposit it into your bank account and then send them the difference via Western Union. After several days, the bank links you to tell you the check is no good.
- Phishing scam: This scam is mainly designed to steal your personal information. It will send you a mail to claim your money. The e-mail claims a transaction and asks you to click on a link.
- Identity-theft scam: Some hotels are warning about a scam in which guest may get a call in middle of night from the desk clerk to verify your credit card. Beware, it isn’t from desk clerk.
- Financial scam: Some companies offer help with mortgages or balance due relief with names and sites similar to valid ones. To enter this they will ask for front fees.
- Sales scam: This type of scam is come as “Internet auction” that will tell to customers to bid a following items with $1. If you enter this you will lose your money.
Google, Facebook, Yahoo!, Microsoft and eleven others outfits announced that they had formed a new group to fight with phishing, a way of fooling email and net users into giving sensitive information, including credit card numbers. The alliance named as DMARC(Domain-based Message Authentication, Reporting and Conformance)
The worst thing in the internet is phishing. Adam Dawes, a Google product manager and DMARC representative told that the best way to protect user is to make sure the email never reaches the spam folder at all.
Phishing is a simple trick. The scammer spoofs the information in the email message so it actually looks like it came from a genuine sender. There’s a technique to point out where the message really came from, but it can be hard for the average Joe to spot.
Dawes told that the phishing messages are often caught by an email client’s spam filters. But even as they check out their spam folders and open a message and they give a PayPal details before they know it, someone has phished their credit card number. The DMARC idea is to get the email companies functioning behind the scenes to prevent phishing emails from ever receiving your inbox or spam folder.
About 18 months ago, PayPal began working directly with Google and Yahoo to set standards for Gmail and Yahoo! Mail that would prevent bogus PayPal messages from hitting a user’s inbox.
Adkins, a Facebook messaging engineer told the DMARC protocols are based on existing technologies, including the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). Both are ordinary mail security protocols. In these SPF verifies the email’s senders IP address and DKIM vets the structure of the email’s content..
DMARC is only the cross-industry effort to fight phishing. A global non-profit called The Anti-Phishing Working Group encourages businesses to share the latest information about phishing tactics and techniques.
PayPal’s McDowell reiterates that the goal of DMARC at least for the moment is to defend legitimate domains, not to address what’s sometimes called “typo-phishing,” where scammers use something that looks like a common domain but is actually a slightly different spelling.
He told that Domain based phishing cannot happen when both parties deploy DMARC.
Attorney General Mike DeWine, Columbus said that Sweepstakes scams cost Ohioans about $2 million in 2011. His office’s consumer security branch logged nearly 1,500 complaints about sweepstakes and prizes scams in 2011. He told that his consumer protection division is seeking stronger tools to go after people and companies conducting those types of scams and other fraud against consumers. Lisa Hackley a spokeswoman for the attorney general’s office said that would give more powers to Dewine’s office to take the action against scammers involved in internet theft. The proposed legislation will provide the power of attorney general to inquire for phone and Internet activity records, as well as online payment information in suspected Internet fraud cases. DeWine’s office has said that scammers frequently use websites like eBay and Craigslist to cheat people. American Civil Liberties Union of Ohio Executive Director Chris Link has said that such actions make it easier for law enforcement to access personal information. Hackley said that this bill also create additional penalties for telecommunications fraud against the elderly and disabled persons. DeWine’s office also works with law enforcement around the state to increase prosecutions of those who perform scams on Ohioans. DeWine said that sweepstakes or prizes made up the eighth most common complaint of the top 10 complaints in consumer protection section,2011
Microsoft has warned, if you see a page claiming to allow you to sign up for a Halo 4 ignore that page because it’s a fake and it is meant only for revealing your Xbox Live password.Of course, we obviously know that it’s a scam because no beta version of ‘Halo 4’ has ever been announced or mentioned by Microsoft.
There probably will be a beta at some point this year, possibly in the summer, but Microsoft’s usual procedure is to include access alongside some other prominent game of the time. They haven’t got much lined up so far this year but the Halo previously has come with beta version as ODST and the Gears Of War 3 in Epic Games’ Bulletstorm.
Of course Microsoft has had quite a bit of practice warning about Phishing scams, and it’s still blaming the information of Xbox Live being ‘hacked’ solely on the occurrence. Phishing works by criminals sending emails contains web link that looks like official page(pretending to be from a bank is a common scam) and then trying to trick you into entering usernames, passwords and other personal details into fake websites. Although many Xbox Live users insist they’ve not been victims to such scams there remains no evidence that the service, or Xbox.com, has been hacked in the traditional intellect.
