Avoiding Phishing
Phishing is defined as the practice of using fraudulent e-mails and fake duplications of legitimate websites to extract financial data from computer users for purposes of identity theft.
Imagine one morning waking up and doing your daily routines, you check your email and see that an email from your bank, EBay, Amazons etc. stating your accounts have a zero balance, then it gave you a link to click. You enter your username/password and all of you’re the information looks correct and logout to continue your day. Later that day you attempt to purchase an item using your debit card and the transaction is decline. You log into your online account to verify the information displayed earlier that day and now your account is cleaned out. You go back to that email click on the link, the site is no longer accessible, and there is no way to track them.
The Phishing fraud operated by the “Phisherman” creating a false duplicate websites of a legitimate financial organization that is well known. It may look like the real thing but it is a clone. They follow up the process by send out a mass email to hundreds of users stating there is a problem with their account. The unsuspected user enters all of the vital information; the site collects the information as well as passes it on to the real server for access. The fictitious site never stays up for long just for a few hours so the “Phisherman” can hook as many phish as they can, then they’re gone like it was never there, that’s why there so hard to track.
There many ways to avoid this:
1. Do not access your account through the email or pop-up.
2. View all email in plain text if possible.
3. Contact the organization using a telephone number.
4. Report the email to your financial institute.
5. Type the web address or use a bookmark for your online banking.
6. Avoid visiting site with expire certificates.
7. Delete the phishing email.
For more information on Phishing, visit these sites below:
Carrier IQ: What You Should Know by Lookout Mobile Security
What is Carrier IQ?
Carrier IQ is diagnostic software that comes pre-installed on some mobile devices. Mobile network operators use information gathered on your location and call activity to improve network coverage and reduce instances of dropped calls. Recently there has been a large amount of press coverage over the perceived privacy and security violations posed by Carrier IQ software. At Lookout, it is our belief that much of this coverage has been overstated. While there are a number of real privacy issues at play, based on our understanding Carrier IQ is not malware nor has malicious intent. We do believe that companies big and small should always take a transparent approach when it comes to data they are collecting from people.
To find out whether you have Carrier IQ installed on your Android device, download our free Carrier IQ Detector App from the Android Market.
What information is or isn’t collected?
Based on credible reports, it appears that Carrier IQ has the ability to report the following information:
- The sequence of dialer buttons to determine phone call destination
- GPS location information, in some situations
- The URLs visited from your mobile browser
From our current understanding, CarrierIQ does not appear to have the ability to record SMS messages, email content, or the contents of web pages you’ve visited. In addition, Carrier IQ cannot record arbitrary keystrokes (or buttons you press) from your mobile device.
Why is Carrier IQ getting so much attention?
The biggest issue for most users is that they do not know whether they have Carrier IQ on their mobile device. In addition, there is no clear opt-out path available for those users who do have Carrier IQ installed and would prefer not to have it on their device. To find out if you have Carrier IQ on your Android device, download the Carrier IQ Detector app.
Can I remove Carrier IQ from my phone?
Because Carrier IQ software is deeply integrated with the built-in firmware on the mobile device, users would have to get special device privileges (also known as ‘root’ privileges) in order to remove it. Side effects of this process have the potential to put users at further risk of malware infection, while making devices ineligible to receive firmware updates in the future. If you are sure you know what you are doing and would like to remove Carrier IQ software from your phone, there are a number of guides available online.
How do I know if I have Carrier IQ on my phone?
Lookout has recently released Carrier IQ Detector, a free Android application that can quickly determine whether or not you have Carrier IQ software on your mobile device. Download it Now.
Source: Lookout Mobile Security Blog
Webcast: Advanced Persistent Defense
Threats are constant and evolving. In this security landscape, organizations need to be proficient in both defense AND offense in order to protect themselves. Often we may understand the techniques that our adversaries are using, but somehow still fail to prepare our organizations and people for the attacks. As such, it is time for defenders to become persistent and proactive in trying to exploit their organizational assets, rather than simply waiting until their next audit.
In this Webcast Marcus Carey will discuss various techniques deployed by the current adversaries, and how to simulate those activities with Metasploit. He will also explore the countermeasures available to deterring, detecting, and responding to attacks on your network.
Date: December 7, 2011
Time: 2pm EST
Speaker:
Marcus J. Carey – Security Researcher & Community Manager
Marcus has over 17 years experience in information assurance experience working in the DoD as well as Federal and State Government organizations. Marcus has been a avid user of the Metasploit Framework for over five years. One of his focuses at Rapid7 is to show people that Metasploit is not just for penetration testers.
SANS Security East 2012 is coming up soon with new courses!
SANS comes to New Orleans, January 17-26. Start the year off right with our top-rated instructors and outstanding course offerings.
SANS Security East 2012 includes two brand new courses:
Security 524: Cloud Security Fundamentals
Two day course uses a variety of vendor and cloud services in the class, and exposes students to everything from architecture considerations to policy and contract review. SEC524 prepares people for the CCSK (Certificate of Cloud Security Knowledge) and covers a lot of ground including hands-on exercises working with virtual machines.
Link to SEC524 at SANS Security East 2012: http://www.sans.org/info/92934
Security 579: Virtualization and Private Cloud Security
Six day course that takes on the security challenges faced with the rapid movement towards implementing virtualized servers. SEC579 covers architecture and security design, how to design a foundational risk assessment program, and how things change when we move to a cloud environment.
Link to SEC579 at SANS Security East 2012: http://www.sans.org/info/92939
If you have any questions about these courses, feel free to contact Dave Shackleford, SEC524 & SEC579 author and instructor, dshackleford@sans.org.
***** Save $150 off your course by using discount code: Refer_SecOrb *****
Another new course offering will be taught at SANS Security East 2012.
Security 571: Mobile Device Security – Kevin Johnson, SANS Senior Instructor
This course is designed to teach students about the threats organizations are exposed to via the mobile devices on which they depend. This two-day hands-on class uses lecture, labs and real world experiences to educate the students about mobile security within the enterprise.
Link to SEC571 at SANS Security East 2012:
http://www.sans.org/info/92944
For complete details regarding SANS Security East 2012:
http://www.sans.org/info/92949
***** Save $150 off your course by using discount code: Refer_SecOrb *****
SANS Security East 2012, New Orleans, LA
SANS is the most trusted and by far the largest source for information security training in the world. They offer training through several delivery methods – live & virtual conferences, mentors, online, and onsite.
Join SANS in 2012 for your training and save $150.00 with the use of our discount code Refer_SecOrb
SANS Security East 2012, New Orleans, LA, will kick off the new year for live training.
SANS Security East 2012 includes two brand new courses:
Security 524: Cloud Security Fundamentals
Two day course uses a variety of vendor and cloud services in the class, and exposes students to everything from architecture considerations to policy and contract review. SEC524 prepares people for the CCSK(Certificate of Cloud Security Knowledge) and covers a lot of ground including hands-on exercises working with virtual machines.
Link to SEC524 at SANS Security East 2012:
http://www.sans.org/security-east-2012/description.php?tid=4996
Security 579: Virtualization and Private Cloud Security
Six day course that takes on the security challenges faced with the rapid movement towards implementing virtualized servers. SEC579 covers architecture and security design, how to design a foundational risk assessment program, and how do things change when we move to a cloud environment.
Link to SEC579 at SANS Security East 2012:
http://www.sans.org/security-east-2012/description.php?tid=5041
SANS Security East 2012 (New Orleans) – January 17-26
http://www.sans.org/security-east-2012
Other upcoming live training events in early 2012:
SANS Monterey 2012 – January 30-February 4
http://www.sans.org/monterey-2012
SANS Phoenix 2012 – February 13-18
http://www.sans.org/phoenix-2012
SANS 2012 (Orlando) – March 23-30
http://www.sans.org/sans-2012
Free Wireless Access Can Be a Security Problem
Free wireless hotspots is a huge security and privacy threat since hackers have the tools to really make life difficult. Check out the video below.
Connecting to a random WiFi hotspot is much like strolling into a bar in a strange part of town. Most likely you’ll have a good time, but it could ruin your day. It’s wise to assume that all hotspots harbor predators, and take appropriate precautions.
Source: http://cybercoyote.org/classes/wifi/hotspots.shtml
Laptop road warriors beware: Wi-Fi hot spots that let you hop onto the Internet anywhere you travel leave you wide open to hackers.
Source: http://www.usatoday.com/tech/wireless/2007-08-06-wifi-hot-spots_N.htm
