Just in time for Halloween, the latest phishing scam, called “scareware” is yet another horrifying technique used by hackers to steal personal information and spread viruses online. Recently, hackers exploited companies like Google, Twitter and the New York Times as part of a massive scareware blitz on consumers. Better Business Bureau is offering advice to consumers on how to protect their computer and personal information from the threat of scareware.
“Scareware attacks are cropping up everywhere and are effective because they prey on fear,” said Lynda Pasacreta, BBB President and CEO. “The first thing you think is that my system is compromised, but in reality, there are practical steps computer users can take to protect themselves.”
This past fall, visitors to the New York Time’s Web site suddenly received a pop up window — which looked like a message from their own computer — warning that their computer had been infected with a virus. The user was then told to visit a Web site to purchase and download anti-virus software that would fix the problem. The supposed antivirus software actually installed even more viruses and malware onto the computer — and the user’s credit card number was now in the hands of hackers.
According to the New York Times, the pop up was generated by an unauthorized ad. The New York Times later learned it had sold ad space to hackers posing as Vonage. Click Forensics is reporting it was the work of Ukrainian cybercrooks.
The same scenario on the New York Times Web site is playing out all over the Internet. According to Computer World Magazine, hackers are not only using pop up ads, they are also “poisoning Google search results.” Hackers monitor the news and hot topics online — such as the death of Patrick Swayze and the US Open — and through search engine optimization techniques are able to ensure that their Web sites are the top results. Victims who click on the fake search results receive a scareware pop up.
Microsoft has been warning the public that scareware attacks are severely on the rise and now the company is fighting back. The company filed lawsuits against five companies, accusing them of being the source of scareware attacks.
Following are steps computer users can take to protect their computer from a scareware attack:
Never let your guard down. A scareware attack can happen on trusted news sites like the New York Times, in search engines results from Google, and even now on Twitter.
Protect your computer. Install updates to your operating system, purchase antivirus software from a name you trust and keep that software up to date. Also make sure that all security patches and updates are installed for your Web browser and programs like Adobe Flash Player.
Take immediate action during an attack. If you receive a scareware pop up window, experts recommend forcing the window to close through your task manager. To do this, hold down ctrl, alt, and delete at the same time, open your task manager, find the browser in the list of running programs and click “end task.” Finally, run an antivirus scan with legitimate, trusted software.
If you clicked on the pop up and actually purchased the software, the prognosis is not good. The Washington Post offers advice on their Security Fix blog, but for the not-so-computer-savvy, you might need to call in a professional.
Exampels of Online Threats
Rogue anti-virus scammers use search engine optimization techniques to ensure that their Web sites are among Google’s top results. Thanks to BBB Hawaii for sharing some examples of bogus security threats:
Clicking on a malicious search result produces a very authentic-looking warning that the computer is infected and then launches a fake anti-virus scan. Attempts to stop the scareware attack by clicking to cancel or closing the window results in more pop-up windows with even more menacing warnings. Eventually, users are prompted to install a program that almost certainly contains viruses or other harmful files.