A new spin on fake Adobe Flash updates, watch for phony digital mining apps and protection against support scams
Welcome to Cyber Security Today. It’s Wednesday October 17th. To hear the podcast, click on the arrow below:
I’ve warned about your computer being hijacked by attackers and used to secretly mine cryptocurrency for their benefit. Security vendor Palo Alto Networks has found a new way this is being done: By using an update to Adobe Flash to secretly implant the cryptocurrency mining software on your computer. No kidding: It really does update Flash, but it also installs bad software. Adobe Flash for running multimedia has long been used by criminals as a lure to downloading malware, and it regularly needs security updates. This latest scam is another version of the trick. The safest way to update Flash is to go to the Adobe web site and find the update page. If you’re using good anti-malware or anti-virus software it should detect phony Flash updates. But remember, when installing anything you download it should verify the publisher in a popup message. If it says the publisher is unknown, say No to the installation.
Sometimes people are willing to use their computers for crypto mining and willingly download mining apps. That, too, can be risky. This week security vendor Fortinet drew attention to suspicious apps in the Google Play Store claiming they can be used to mine Ripple, Cardano, and Tether digital currencies. That’s a lie: You can’t mine those currencies. What the apps really do is push ads to your smart phone or tablet, which could be malicious. Before downloading a mining app, look for reviews to make sure it’s legit.
Tech support scams are another common way hackers get you. For example, they phone and claim to be Microsoft and have found a security problem on your computer. Or they make a fake error message pop up when you visit a web site to trick you into calling a support number. As part of Cyber Security Awareness Month, this week Microsoft released numbers on the problem. Sixty-seven per cent of Canadians surveyed have received a phony tech support pitch. As many as three per cent of them fell for it and lost money.
Here’s how to protect yourself:
–Be wary of any unsolicited pop-up message on your device; don’t click on it and don’t call the number.
–Microsoft will never call you out of the blue
–Never give control of your computer to a third-party unless you can confirm that it is a legitimate representative of a computer support team of whom you are already a customer.
Finally, are you an online subscriber to Western Union, Shopify, Yelp, Tinder or Imgur? Then you should consider changing your password. That’s because a security rating site called vpnMentor discovered a bug in a third party application that these and other companies use. Perhaps as many as 600 million people around the world subscribe to these sites and could be affected by the vulnerability.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.