How to Avoid Unwanted Software and Protect your Gmail Account in an Increasing Threatscape
According to recent reports, the number of cyber attacks is on the up and up, the forecasted amount of spam for 2009 is in the 95% area, and with all the recent layoffs numerous IT experts are expected to go rogue, meaning they will turn to using crimeware and possibly sell corporate data. With the number of online threats on the rise (even for Macs) I thought it a good idea to present you a few ways that crapware (unwanted software) manages to find its way on your machine; I also thought it a good idea to present you with a few tips and pointers on how to protect your Gmail account.
With the financial crisis that is going on at the moment, it is no wonder that companies are trimming their expenses and consequently letting quite a few IT workers go. What will these people do when they find themselves penniless? According to PricewaterhouseCoopers and Finjan, company that specializes in real-time secure web gateway solutions, these people will of course turn to using their IT skills in order to earn a living, just that they will not exactly do it in a legit manner. They will instead launch phishing attacks (and try to get hold of your confidential credit card data) and they will sell financial and intellectual info to the highest bidder (thanks to their privileged access to corporate systems).
Senior Manager of Forensic Services with PricewaterhouseCoopers explains: “There are certain types of fraud where an understanding of technology would make it easier to circumvent controls and IT staff have the knowledge to do that. There was a range of very well-documented frauds that took place during the recession in the early 1990s and it does not take a great deal of insight to realize we will see an increase at a time like this.”
To make things worse, it seems that quite a large portion of cyber attacks in 2008 have originated from legitimate domains. According to Cisco, company that specializes in network management, the percentage of threats that originate from legitimate web domains has increased by 90% compared to 2007.
With this information fresh in our minds, let us now check out a few methods that you could employ in order to protect your Gmail account and keep those phishers at bay. Phishing attempts are getting more and more elaborate and you could easily be fooled into thinking the email originates from your bank, a legitimate service provider, or online store.
The first and golden rule of mail protection is not to click on any suspicious looking link. If the email message contains a link to some web site you do not recognize or trust, do not click it (it is very easy for a phishers to disguise a link and claim it will take you to your Yahoo account for example, just to lure you to a phishing site and get your login data).
The second rule of keeping safe online is to use a web browser that has a phishing protection feature (like Firefox 3.0.5, not Firefox 2.0.0.19). You could also try Opera 9.63 or even Google Chrome. Internet Explorer works too, but at the moment using this browser poses a serious security risk.
The third rule is to always be vigilant, especially when coming across offers that seem too good to be true, because most of the times they are scams (which will be confirmed when you are asked to provide confidential data about yourself or your credit card). Never, and I cannot stress this enough, give anyone your PIN number – you will not believe how many phishing attempts ask you for your PIN and how many people fall for it just because they are promised some sort of incentive.
Here are some additional rules. Always sign out of your Gmail account when you are done with it, do not simply close the browser window; disable Forwarding and POP/IMAP; check to see if there are any filters that you did not set up and if there are, delete them; make sure to pick a strong password.
Moving on to unwanted software (or crapware as it is affectionately called), here are the most common means employed to sneak it onto your machine:
- Updating your software, which not only updates said software but also modifies your browser and music player.
- Toolbars that come bundled with all sorts of unwanted applications.
- Fake virus warnings that lead gullible users into installing crapware onto their machines (Macs too).
- Fake codec notifications which lead to installing crapware and even malware onto your machine.
With the financial crisis that is going on at the moment, it is no wonder that companies are trimming their expenses and consequently letting quite a few IT workers go. What will these people do when they find themselves penniless? According to PricewaterhouseCoopers and Finjan, company that specializes in real-time secure web gateway solutions, these people will of course turn to using their IT skills in order to earn a living, just that they will not exactly do it in a legit manner. They will instead launch phishing attacks (and try to get hold of your confidential credit card data) and they will sell financial and intellectual info to the highest bidder (thanks to their privileged access to corporate systems).
Senior Manager of Forensic Services with PricewaterhouseCoopers explains: “There are certain types of fraud where an understanding of technology would make it easier to circumvent controls and IT staff have the knowledge to do that. There was a range of very well-documented frauds that took place during the recession in the early 1990s and it does not take a great deal of insight to realize we will see an increase at a time like this.”
To make things worse, it seems that quite a large portion of cyber attacks in 2008 have originated from legitimate domains. According to Cisco, company that specializes in network management, the percentage of threats that originate from legitimate web domains has increased by 90% compared to 2007.
With this information fresh in our minds, let us now check out a few methods that you could employ in order to protect your Gmail account and keep those phishers at bay. Phishing attempts are getting more and more elaborate and you could easily be fooled into thinking the email originates from your bank, a legitimate service provider, or online store.
The first and golden rule of mail protection is not to click on any suspicious looking link. If the email message contains a link to some web site you do not recognize or trust, do not click it (it is very easy for a phishers to disguise a link and claim it will take you to your Yahoo account for example, just to lure you to a phishing site and get your login data).
The second rule of keeping safe online is to use a web browser that has a phishing protection feature (like Firefox 3.0.5, not Firefox 2.0.0.19). You could also try Opera 9.63 or even Google Chrome. Internet Explorer works too, but at the moment using this browser poses a serious security risk.
The third rule is to always be vigilant, especially when coming across offers that seem too good to be true, because most of the times they are scams (which will be confirmed when you are asked to provide confidential data about yourself or your credit card). Never, and I cannot stress this enough, give anyone your PIN number – you will not believe how many phishing attempts ask you for your PIN and how many people fall for it just because they are promised some sort of incentive.
Here are some additional rules. Always sign out of your Gmail account when you are done with it, do not simply close the browser window; disable Forwarding and POP/IMAP; check to see if there are any filters that you did not set up and if there are, delete them; make sure to pick a strong password.
Moving on to unwanted software (or crapware as it is affectionately called), here are the most common means employed to sneak it onto your machine:
- Updating your software, which not only updates said software but also modifies your browser and music player.
- Toolbars that come bundled with all sorts of unwanted applications.
- Fake virus warnings that lead gullible users into installing crapware onto their machines (Macs too).
- Fake codec notifications which lead to installing crapware and even malware onto your machine.
