Phishing attacks aren’t limited to residential banking information anymore. Online Payment services and Crytographic Security Sites have quickly become the newest targets. In fact, the “Anti Phishing Working Group”, better known as the APWG has seen the second highest number of reported phishing attacks in 2nd Quarter of 2014. This is only superseded by the 3rd quarter of 2013, producing in excess of 180,000 attacks.
In actuality, the number of phishing attacks reported in the first 6 months of 2014 was up 90.6% over the same period the year before.
Not only did the number of incidents increase, but also the frequency of attacks for certain demographics. Alternate payment services were one of the demographics that received an increase in phishing attacks. These included Paylife, Perfect Money, and Payoneer to name a few.
In addition to the alternative online financial sector being hit, bitcoin users also saw an increased frequency in phishing with respect to their accounts.
One area that also saw growth, as well as, continues to see growth is the online retail/service sector. This area’s phishing growth rose from 11.5% to 16.5%. This sector is particularly hot, because the phishing sites collect credit card numbers and other useful information from unsuspecting users.
In short, phishing will continue to be a hot trend in months to come, generating more deceitful ways of getting your information.
As always, the best defense is a strong offence.
Keep your antivirus up-to-date, resist opening emails from financial companies, and not can they be phishing sites, but they may also contain viruses that can infect your computer, and above all, make sure your Microsoft Updates are routinely installed and up-to-date.
Rogue Antivirus products have been around for years, and it seemed like they were getting more and more prevalent. However, during the beginning of 2014, infection rates from Rogue AnvtiVirus products reached all time lows.
Unfortunately, everything happens in cycles. Rogue Antivirus programs are no exception. Enter the newest player: Defru_rogue_AV. This “little nasty” modifies the Windows HOSTS file, essentially redirecting web traffic to a malicious website that contains the Fake AV warning. This redirection only happens if the user tries to connect to any 1 of 300+ websites listed in the newly altered HOSTS file.
Users are then duped into believing that their system is infected, and only by paying $4.75 for a license of Windows Security will your system be cleaned. Such is not the case, as those who end up paying the hefty $4.75 charge get rerouted to the same website, asking for the $4.75 again.
However, unlike Cryptolocker, this virus doesn’t do any damage, and is fairly easy to remove. It can be removed by performing a few simple steps.
- Remove the "w1ndows_<4characters>" registry entry from the Windows Registry located at "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".
- Delete the corresponding "w1ndows_<4characters>.exe" file from the %appdata% directory.
- Remove the added entries from the HOSTS file.
Alternatively, any Antivirus program will have the ability to remove the virus as well.