rediff.com
News APP

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  gplay

Rediff.com  » Business » Surfing the Net? Beware of security threats

Surfing the Net? Beware of security threats

Last updated on: March 8, 2010 11:25 IST

Image: Increase in cyber attacks.
Priyanka Joshi & Shivani Shinde in Mumbai
  • Recently, tens of thousands of Hotmail, Gmail and Yahoo email accounts were hacked. Their passwords were stolen and posted online. This resulted in a marked increase in the number of spam emails
  • Over 13 per cent of all results on search engines like Google lead to malicious links
  • Close to 90 per cent of emails contain a malicious link

As the above statistics indicate, every time we go online, there's clearly some form of a threat. Social networking sites, like Facebook and Twitter, have become magnets for online spammers and scammers.

We have also seen a steady increase in attacks that take advantage of topical issues to lure recipients into opening attachments in emails or ...

Surfing the Net? Beware of security threats

Image: Attacks on social networking sites to rise.
Social networking

With cyber thieves taking to such sites in a big way, attacks on social networking sites are set to rise even further. This is bad news, given the number of incidents that have occurred already.

Take the case of Neha, who is on Facebook and loves going through other users' profiles. When she saw the 'Who is checking your profile' application on Facebook, she was more than excited at the prospect of identifying who all were following her profile. However, little did she know that the application would create havoc for not only her but also for her 'friends'.

This latest scam hit Facebook users after a rogue application, which comes in many variants of 'Who is checking your profile?', improved its technique beyond that employed in previous attacks.

Surfing the Net? Beware of security threats

Image: Beware of malware.
"Rather than spreading a single app that Facebook can easily block, it tricks users into propagating the exploit by creating a brand new Facebook application that hands over the controls to the bad guys," says a Websense blog. In other words, the malware replicates at the users' expense.

So, what should users like Neha do in such a situation? "The important thing for Facebook users to remember is that clicking the 'Allow' button for such apps gives such applications the proverbial 'keys to the kingdom'. Do not add any applications that you do not trust," advises the blog.

One way you can assess an application's reputation is by clicking on the application name 'without authorising the application'. Look at the reviews of the application to see what other users are saying about it.

The other case in point is Twitter. Along with Twitter's phenomenal success, there also has been widespread adaptation of abbreviated URL services like bit.ly and tinyurl.com. These services now appear in all sorts of communications, making it easier than ever to mask the URLs that users are asked to click.

This trick, according to security software vendor McAfee, is the perfect way to direct users to websites that they would normally be wary of.

Surfing the Net? Beware of security threats

Image: False advertisements can hit you.

'Malvertising'

Beware of advertisements that urge you to go to a site and install free software. For instance, those "Your PC is infected! to an offer for an AV software, which was actually a rogue one. This attack was served up through an advertisement purchased by someone posing as a national advertiser.

Browsing and web applications

Nearly 30 million netizens from India visit the search engine Google every month. Realising the opportunity in the number and faith people have in such sites, hackers have started to compromise search engine results to make their links appear higher than legitimate results.

As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious websites.

"The blended nature of today's threats, combined with compromised legitimate sites, takes full advantage of an increased perception of trust when using search engines and interacting with friends or acquaintances online," notes Websense Chief Technology Officer Dan Hubbard. There may be a trust issue in search results among consumers, unless the search providers change the way they document and present links.

Surfing the Net? Beware of security threats

Image: Email, a constant source of security threats.

The rise in online applications, such as Google's new Chrome online-based operating system, are also seen as potential areas for malware writers.

Emails

From spam to phishing, the email has been a constant source of security threats. Security experts point out that 86.8 per cent of all emails are spam. It is also a fact that, most of the time, hackers lure users into clicking on an attachment or a link.

A recent example was that of the Facebook Password reset. The email, said Websense, claimed that the recipient's Facebook password had been reset for security reasons and that the recipient should open the attachment to find the new password. Nobody should ever need to open an attachment to get a new password. Yet, these attacks often succeed.

Experts also point out that people give their information to phishing sites 45 per cent of the time.

Email is still the favoured route for phishing (fraudulent methods to acquire sensitive information like passwords, username and credit card details).

Surfing the Net? Beware of security threats

Image: Hackers get innovative.
How does one stay safe from email scams? Well, for one, do not open any mail that has come from an unknown address. In case, you have gone ahead and clicked it, then do not open attachments (most of the attachments have viruses). Since you would be accessing email from a PC, you ideally need to have a good security solution installed.

However, after PCs, mobile phones have become the next platform to be hit by security problems. Hackers are using a combination of voice over internet protocol (VoIP), SMSes and internet to fool and redirect users into dialling a phone number to collect critical information for financial gains.

This phenomenon is called 'Vishing' (voice phishing). Enrique Salem, the president and CEO of leading security solutions provider Symantec, feels that with mobile handsets becoming the primary device of accessing information, security threats on handsets will be the next big issue.

Source: source