Site icon IT World Canada

Cyber Security Today: Sept. 17, 2018 – A browser con, an ad scam and lack of password control

Cyber Security Today - podcast feature

A Google Chrome browser con, watch for online ad scams and a lack of password control.

 

Are you a Google Chrome user and having trouble with the browser? You may be the victim of a tech support scam. It works like this: You go to a web site you think is legitimate. When you click on the X on the top right of the screen to get out of the site you can’t close the page. Instead you get a message allegedly from Microsoft warning of a virus alert and asking you to call a number, which is supposedly Microsoft Windows Support. What’s happened, says Malwarebytes, is malware has turned your mouse cursor against you. It’s the latest in a long series of tech support cons. If you have a good antivirus or anti-malware software, it should alert if you go to an infected web site. If you do suffer this problem, ignore the plea to call tech support, which is a scam to get your to buy something and surrender your credit card number. Rather than try to click your way out of it, turn off your computer.

There’s lots of ways to trick people into downloading malware through email and text messages. Another way is through online advertising. That came to mind with the sentencing of a man last week in the U.S. to 33 months in prison for conspiracy to commit wire fraud. The scam he was involved in placed anti-virus ads on the web site of a Minnesota newspaper in 2010 warning their computers had been infected. It was urged they click on the ad to buy and download security software, which, of course, was malware, to clear the problem. Sometimes criminals will impersonate legitimate companies to get an ad placed on web sites., Remember, just because an ad is on a respectable web site doesn’t mean it’s security should be taken for granted. Creating a sense of urgency is one of the tricks of a con artist.

Last week I told you the hack of the British Airways web site was likely caused by a bad guy inserting some malicious code on the site, allowing criminals to copy customer data as they filled in forms. Another victim of this technique has been discovered, a website called Feedify. That company was warned and apparently removed the code – only to see someone re-insert it again. Sounds like a criminal has access to the web site’s administrator’s password. If so, that doesn’t speak well about their security. Attention executives: Tighten up password control!

Finally, business and IT leaders should remember October is Cyber Security Awareness Month. Often organizations time security training programs around that month. It’s two weeks away. If you need ideas and resources for a campaign, go to the web sites of Public Safety Canada, the U.S. Department of Homeland Security, the Center for Internet Security and search for cyber security awareness month. While some web sites can check the legitimacy of online ads, others can’t.

Exit mobile version