The method that makes this type of fraud possible is a commercial Internet marketing arrangement known as “Cost per Action” (CPA) sometimes also called “Cost per Acquisition”, which pays an advertiser for each action they can get someone to complete – sometimes the action is just capturing an email address (for a competition entry, for example), or sometimes it might be as complex as an online marketing survey that takes 15 minutes to complete.

A cyber criminal can sign up to an advertising network (usually with false details, but just enough to collect a payment) and then copy and digitally alter promotional and competition offers to make them seem much more enticing – for example, changing a $100 prize, to a $10,000 prize – ensuring they get a much better response to the legitimate offer (and hence able to scam more people).

Fortunately, cyber criminals tend not to be very smart, and so there are plenty of things you can look for:

What to look for?

• Firstly, one of the most obvious tell-tale signs are often mismatched buttons, or images. For example, in the Starbucks example screen shown above, notice how the “Continue” button is a slightly different colour green, and how it is a different size?  These might be small things to the untrained eye, but once you know what to look for it is easy.
• Being directed to multiple offers or surveys, one after another in quick succession is a sure sign that you’re being lead down “scammer’s lane”. Cyber crooks tend to be quite greedy, so it is common for them to chain them together to see how many they can get you, the “sucker”, to fill out – and remember for each one you are completing, they are getting paid!
• The URL in your browser address bar can provide you with some idea of the legitimacy of the offer or survey form.  The most obvious sign is an IP Address instead of a domain name, for example, http://n.n.n.n/ (where the n’s are numbers).
• Lastly, these types of fraudulent offers and promotions are sometimes presented in conjunction with other viral campaigns. For example, if you try to click on a video and then you get a popup asking to enter the competition first, or complete a survey – this is a sure sign you are being scammed into providing the “action” that is going to put money in the scammer’s pocket and waste your time.

So, next time you get asked to enter a competition or complete an online survey, think twice… and stay safe out there.

Seen an example of a fraudulent offer or competition? Connect with us and join our conversation on Facebook and Twitter. We’d love to hear about it! 

As much as we all fear this happening to us, the truth is, it’s not the only example of financial cybercrime. Some hackers won’t empty bank accounts straight away, but rather organise small transactions here and there – adding up to a lot of stolen money over a long period of time.

See, we tend to notice when a large amount of money goes missing from our accounts (although thankfully, it’s usually shopping that’s to blame, not cybercriminals!). But a lot of us aren’t quite as vigilant about double-checking small transactions on credit cards and bank accounts. Things like grocery shopping, iTunes or Amazon purchases, phone credit, petrol… we don’t always keep an eye on the minor transactions that we make throughout our day.

Cybercriminals can mimic these small transactions, drawing money out of an account bit by bit via transfers or payments. The longer this goes on, the more difficult it can be to prove the theft to when the account holder finally realises what’s going on.

Don’t get too worried, though. The best way to prevent this kind of cybercrime affecting you is to just keep an eye on your bank and credit card statements (you can even do this with online banking – just log in and have a look at the latest transactions on your accounts). Look for anything that doesn’t seem quite right, like:

• Doubled-up transactions
• Payments to names or companies you don’t recognise
• Activity on days that you know you didn’t use your account

If you’re keeping an eye on your accounts as well as using software like AVG Internet Security (which has a firewall and identity protection for secure internet transactions), you’ll be well placed to keep your accounts safe and secure.

You should also take comfort in the news that the technology protecting your accounts is improving. We were excited to read about Continuous Transaction Monitoring (CTM), a new analysis tool that is helping financial institutions find and stop suspicious account activity in real-time (this is the sort of reason that your bank sometimes knows about your account being compromised before you do).

We know how important it is to keep your bank accounts secure. You don’t have to do too much to give yourself strong protection, though. Just make sure you have great security software, bank with reputable institutions, and regularly look through your transactions and bank statements. Just being vigilant will help you stay one step ahead of the cybercriminals – and the team here at AVG (AU/NZ) are happy to help you any way we can. Until next time, stay safe online!

Want to keep up-to-date with the latest internet security tips and articles? Just join our Facebook page or follow us on Twitter. We regularly post the most helpful articles we can find to help you learn more about internet safety. Come and say hi, we’d love to hear from you!

A few years ago, when early news broke about Michael Jackson’s untimely demise, the Internet was swarming with interested people all over the globe wanting an update. I browsed several websites on that same day, and when I visited my local SkyNews site I was immediately presented with the words “Service Unavailable”. What had happened? Why was this very large and very popular news provider seemingly off-the-air?

The answer was simply that they had become overwhelmed with requests from too many people, too quickly – and their networks and web server equipment couldn’t handle the load. And, to be fair, it wasn’t just SkyNews that day – you don’t have to look far to see examples of other very large international sites that were also affected.

So, what has this got to do with a Distributed Denial of Service (otherwise called “DDoS”) attack? Well, this is the perfect example of an unintentional DDoS attack; when hundreds of thousands of computers try to access a single network that doesn’t have a link with enough capacity, the network will inevitably become clogged and grind to a halt. This is exactly what happened the day Michael Jackson died – millions of people suddenly tried to access news websites to get more information in a very short period of time.

The Internet is a fickle place, it consists of inter-connected networks, joined with pipes of varying capacities, and these have been largely constructed and implemented based on normal day-to-day usage patterns. And this makes sense, because it just isn’t worth paying the extra money for extra capacity, when there’s no demand for it – and it isn’t every day that a pop star dies!

However, there is of course a much more sinister type of DDoS attack – the very deliberate and intentional one. These can be perpetrated in a few ways, and traditionally have involved the bad guys summoning networks of many infected computers (in a “botnet”) that can all be signalled to visit a single network or website in a very short period of time – just the same way millions of real users wanted to find out about Michael Jackson, but in this case it’s the “bots” (infected computers) doing all the work.

In recent times, with the escalation of Hacktivism and other such activities, a new technique of staging a deliberate DDoS attack has been observed. It involves using browser based scripts embedded on web pages (usually on compromised websites, but sometimes hosted legitimately to further a ’cause’) to access particular target networks or websites. The disturbing part of this trend has been, in some cases, to trick innocent web surfers into participating in deliberate DDoS attacks. Using an Internet Security solution with web content scanning technology (like AVG LinkScanner) is the best way you can avoid this.

Is your network or website vulnerable to a DDoS attack (intentional or otherwise)?  The answer is ‘yes’ – more than likely.  Should you be worried about it? Probably not. It partly is just a fact of life, but if you do become an intentional DDoS attack target there certainly can be things that you or your Internet Provider can do – and in the example of SkyNews, their computers were at least responding with “Service Unavailable”, which might not be much, but it’s better than nothing at all!

So, until another pop superstar dies, stay safe out there.

But while love may conquer all, it can’t always vanquish cybercrime. We’ve seen first-hand the damage that can be done on the Internet at this time of year, and it’s enough to just break your heart.

To help you have a flawless Valentine’s Day, here are a few tips for avoiding some of the biggest mistakes around this time of year…

Be careful when ordering gifts and flowers

Are you thinking of sending flowers to someone this Valentine’s Day? Sure, they say it’s the thought that counts… but if you choose a dodgy florist, the thought might be all you have to show for it!

Stay safe when ordering your flowers and gifts online:

• Online florists – be careful! When you look for florists on Google, many of the first results are not real flower shops, but online middle-men who arrange your flower delivery in exchange for a hefty cut of your up-front payment. Sometimes, this means your intended will receive a sub-standard product and service for the dollars you forked out. A couple of wilting blooms probably won’t make the impression you’d hoped…

• Be wary of fake shop listings. It’s not particularly difficult for a cybercriminal to set up a fake website and phone number. One of our friends found a florist listed on the Internet, called up and placed an order, handing over her credit card details in the process. The flowers were never delivered, and when she called to complain, the number had been disconnected. Nothing says “romance” like cancelling your credit cards.

So how can you avoid the heartbreak of getting scammed?

Ideally, order your flowers and gifts from a business that you trust. If you’re not sure who to use, ask people you know for recommendations. Even if you’re looking to have flowers delivered somewhere far away, a local florist will still be able to help you – most are part of large networks and can confidently recommend interstate or overseas services without putting your information at risk.

Don’t be fooled by a pretty website – make sure that the florist has an ABN and a legitimate contact number. Google them and look for any review sites (if lots of people have had a poor experience with a company, you won’t have to look far to find their feedback). If you aren’t convinced the company is legitimate, play it safe and take your business elsewhere.

E-Card Hoax Emails

These have been around for a while, but they seem to be making a bit of a comeback at the moment. Basically, they are fraudulent emails masquerading as e-cards sent from friends or admirers, but contain links to malicious sites that can install malware on your PC.

It can be difficult to spot a fake e-card email, especially those that claim to be from an anonymous admirer. However, don’t open the email (and definitely don’t click any links) until you’ve done the following:

• Google the email address or domain name that sent the email. If the email is from a legitimate company, you’ll be able to see their website and details.

• If the email names the friend who supposedly sent you the e-card, contact them directly and ask whether they actually did. Some viruses can send out these fake emails to everyone in an infected computer’s address book.

• Make sure you have up-to-date security software installed, such as AVG Internet Security 2012, so that your computer is protected against new and old threats.

• If you’re not convinced that the email is the real deal, just don’t open it. No animated GIF of hugging monkeys is worth the drama of having your computer compromised.

Just make sure you keep your online safety in mind, and with any luck your February 14 plans will go off without a hitch! All of us at AVG (AU/NZ) hope you have a lovely Valentine’s Day!

Tuesday February 7, 2012 is Safer Internet Day in Australia. Unfortunately, today’s significance will escape a large portion of the Australian (and New Zealand) population – whilst most of the community appear more or less comfortable living parts of their lives online, the figures from AVG’s most recent Community Powered Threat Report show that cyber-crime is only on the rise.

Having a robust Internet Security suite is essential, but AVG (AU/NZ) realises that software is only part of the solution. We reinvest a significant portion of our annual revenue into community education, so today’s Safer Internet Day theme – ‘Connecting generations and educating each other’ - slots right into our wider message. The older (or as I prefer to say, ‘more experienced’) generations, especially parents, have a responsibility to educate themselves and their children on safe and responsible online behaviour.

Children are reaching Digital Maturity as young as 11

We know through the latest AVG Digital Diaries research that most kids graduate to mainstream digital social networks as early as 11 years old, despite the fact that sites like Facebook require members to be at least 13. The naivety of youth creates a fertile landscape for cyber criminals and online predators to find new ways into a family’s digital life – couple this with the fact that less than 1 in 10 parents are willing to credit their child with having more Internet savvy than them and you have what is becoming a very serious disconnect between two vastly different digital generations.

Our message is clear, if you are a parent, chances are that today’s pre-teens are better informed about the online world than you imagine. The majority of 10-13 year olds have their own computer, almost half in the privacy of their own bedroom. Gone are the days of the moon-landing when the family would gather together in front of the cathode ray tube for information. The younger generations’ digital maturity allow them access to an enormous body of information and situations that they may not have the social maturity to process.

As a parent, we react to these sorts of challenges in different ways. How can parents promote positive values in a digital culture where things move faster and change is the new norm? Our research shows that having a sense of your particular parenting style and an understanding of other parenting styles is key to reducing conflict and building a safe online framework for your children.

What is your parenting style?

Engaged: Engaged adults are enthusiastic and spend time with kids learning about their online world and sharing strategies, stories and resources. The advantage of this style is that kids can naturally absorb and learn social and critical thinking skills from adults. With this style, there is likely to be less conflict and better communication.

Restrictive: Restrictive parents establish and enforce rules about digital toys and tools. Restrictions around what kids are able to access and how they communicate with others is a necessary part of raising a child. Too much of this style, however, can encourage children to be sneaky and desire that which is labelled as forbidden. There may be more hostility and power struggles if the rules are unreasonable and negative parent reactions are frequent. On the other hand, most parents value the existence and enforcements of rules and kids need them as well.

Hands Off: Hands off parents have few rules and restrictions and let their kids do what they want most of the time. This style of parenting may include watching television or playing video games as a family, but teaching safety or social skills often goes unspoken. Hands off parents may underestimate the influence that media has on a child and family.

Middle Ground: Middle ground parents are flexible depending on a child’s age, temperament, and circumstances. This approach requires parents to be attentive to their child’s needs, and to reflect upon their own reactions and blind spots.
Reasonable rules are set and restrictions enforced as needed.

Think about your style and how it is working for your family. If you can, work towards finding a combination of styles which suits your family’s dynamic. If your child is having trouble in school, or seems irritable after being online or playing video games, it may be time to shift your style and become more involved. You have the right to limit how much time and how your child spends time online. You have a responsibility to teach your child how to navigate this complex technology landscape. Some children have the technical skills of an adult, but they don’t have the maturity or life skills you have. And remember – any narrative that you can build around safety, trust and respect is often as important as actually using Internet safety software.

Most of your employees will go online without stopping to think about web server software sitting on remote DataCentres, or the inherent insecurities of the operating systems that drive the plethora of cloud-based applications on their desktop or mobile device. Unless they’re in your IT department, why would they?

Everyone wants an Internet that “just works” and not everyone wants to know how its underlying mechanics operate. In a utopian society this would work just fine, but unfortunately the seedier side of society also sees business opportunity on the web. When a virus works its way into your business, or the CFO falls prey to a phishing or social engineering scam, the cold reality of web and IT security breaches start to kick in. If your employees go online without adequate protection or a correct mindset they are throwing the dice on the company’s behalf.

Does this stuff really happen?

Unfortunately, yes. AVG’s recent SMB Market Landscape Report found that almost 20% of SMBs in the US and UK alone have experienced an IT security breach in some form. This represents over 1 million companies, and with the globalising effect of the Internet, Australian businesses are equally vulnerable.

Knowing the risk does not necessarily make the challenge any easier, however. The threats to SMB are the same as those faced by multinational businesses, but the inbalance lies in the fact that big business is in the position to dedicate resources to focus solely on IT security whereas SMBs often aren’t.

And, when a vulnerability is exploited, both business models need to devote an equally proportionate amount of time and resources to patching the hole. The effect can be even greater for SMB – a breach that costs a big corporation a tiny portion of its annual revenue can bring a small to medium sized business to its knees. SMBs do not have the size and scope to balance the checkbook from other departmental pools or silos. Think of it as getting hit by a semi-trailer rumbling down the Hume Highway rather than by a lycra-clad cyclist out on their morning ride.

The good news is that the help out there. As malware and cyber crime has evolved over the years, so too have resources dedicated to SMB-level IT security. Tools such as the AVG Internet Security Business Edition are designed specifically with small to medium sized business in mind, so much so that as many as 1 in 4 SMBs use AVG. We can work around the fundamental constraints of the small business to provide peace of mind at a fraction of the hassle of some of our competitors.

We also appreciate that IT security should be based around more than just size. You need something which is relevant to your company. Your company may be made up many elements, but its people, its technology and its operational structure have the greatest impact upon what type of security risks it will most commonly expose itself to. AVG takes care of its key competencies (SMB specific IT security) to allow companies to concentrate on their own central market proposition and unique selling points (USPs). Keep growing, keep trading and stay safe.

Probably because it’s easy! Don’t risk it though – it is important to remember that passwords are the first form of a basic online defence, and they provide a simple and easy to use key to a great deal of personal information. Without a strong password, users are placing themselves at enormous risk of fraud and identity theft.

So, let’s get back to basics! The following clip, by AVG (AU/NZ)’s Security Advisor, Michael McKinnon, shares the golden rules of passwords, what the anatomy of a good password looks like and some simple tricks for using different passwords for different accounts.

See if your current password meets the suggested criteria!

The slides from this presentation can also be found on Slideshare.

In addition to following Michael’s described tips, we suggest logging on to shouldichangemypassword.com - this handy website advises if a particular password has been compromised (and should be changed), by using a number of databases that have been released by hackers to the public.

A time of business re-orchestration…

Looking ahead at 2012, what initiatives will you take to ensure that your business achieves more? What new business drives will you undertake and how will you orchestrate and manage your business processes to maximise profits? Specifically, how will you approach your IT security protection in the new social media connected web 2.0 landscape to keep your data and application assets safe?

The most important aspect of setting resolutions and goals is the need to keep them realistic and achievable. Start your new year security planning methodically without a feeling of unnecessary panic.

Inventory

A good starting point for an average SMB might perhaps be to carry out an inventory of current computers and mobile devices. Once you know how much equipment you’re going to need to protect, it’s easier to quantify and start tackling the task ahead of you.

Protect

In the post Christmas period or ‘holiday’ season many employees will come to into work with new ‘devices’ they may have received as gifts. Old Mrs Gabelhauser might know how to Skype her long lost German sister on her iPad 2 between organising the payrolls, but does she know the first thing about mobile security? From tablet computers to smartphones to pocket video recorders and so on, these units all represent a data security risk if they are connected to your business IT system.

The New Year might be a good time to declare a ‘Device Amnesty’ and ask all employees to list the mobile devices that they intend to use at work.

Plan

Any new year is a time of uncertainty; nobody quite knows what the next 12-months have in store. With this in mind, it is the perfect period to lay down a security policy for your firm to adhere to.

Whether this document is a simple one-pager or needs a binder and a front cover to hold it together, it doesn’t matter. As a famous footwear company may once have said, just do it – write it, follow it, update and revise it, but above all, enforce it.

Ensure that your firm’s forward-looking business plan embraces and includes IT security protection commensurate with the needs of your online and digital activities.

Put your firm’s data safety sensitivities on the table and analyse where your risks are most likely to exist. Then and only then, deploy protection software appropriate to your company’s position as an electronically connected business. AVG has a full range of centrally managed business solutions designed to keep your employees and business data safe online.

Grow!

Lastly, we at AVG (AU/NZ) would like to wish all our business customers a safe, secure and prosperous New Year. Happy 2012 everyone!

We think it has. Alarmingly, AVG’s own SMB Market Landscape report found that almost three quarters of small to medium sized businesses do NOT agree that the use of mobile phones in business represents a threat to IT security. Take into account IT analysts Forrester’s finding that mobile development is a top initiative for nearly all enterprises, and you have a fertile breeding ground for a new family of SMB security threats. More than 50% of enterprises are most interested in using mobile applications or mobile optimised web sites to reach out to their customers – so why do we choose to ignore the obvious threat?

Don’t be Naive!

Cyber criminals aren’t stupid. They operate on the same risk/reward basis as the rest of us, and they tend to go for the low hanging fruit first. Those pesky Mac OS X users who flaunt their preferred operating system as more secure than Windows are wrong – there is a greater volume of malware threats aimed at machines running Windows because Microsoft dominates the marketplace. We invite all users to watch threats written for systems such as Mac OS X and Linux continue to rise in proportion to their share of the desktop/laptop landscape (with a good Mac linkscanning solution such as AVG LinkScanner®, of course).

The same paradigm holds true for the mobile device boom. According to fresh data from Gartner, smartphone sales to end users in the third quarter of 2011 are up a whopping 42% on the third quarter of 2011. Devices using the open source Android™ operating system claimed the lion share, with over 60 million units sold equating to 52.5% of the smartphone market.

So it doesn’t take a genius to conclude that it’s unlikely to take long for mobile malware to go Industrial. If mobile devices provide a route to users’ personal information, intellectual property and business data, and if the device is powerful and connective enough to afford access to this data, then malware developers will be continue to be drawn to them in greater numbers.

Manage the Risk

The first thing you can do as a business owner or IT professional is be aware of the problem and plan your mobile device strategy accordingly. Here are some things you can start working on immediately:

Ensure all devices with access to your network are password protected

This includes access to your Wi-Fi network, work email and business data (client, supplier, internal etc).  Enforce this as a company policy – this is not plug and play computing!

Ensure all devices with access to your network are fully patched and up to date

If a mobile device has access to your network, you should treat it like a PC – if it’s out of date, it’s insecure. Ensure that smartphones used to access your data are not “jailbroken” or “rooted” – kernel manipulation of the device can circumvent the unit’s security settings.

Mandate wherever possible the use of a good mobile security system

AVG can help – AVG Mobilation is widely used and trusted by small business and individuals within the Android™ community.

Put together a mobile device policy document

Spell out your security requirements and permissible mobile usage to your employees. Once again, we can help – our AVG Online Security Audit is designed to assist you with this process. The audit will ask how employees use company and personal equipment and produce a personalised report, identifying where problems lie and recommending actions.

Are we placing some sort of blind faith in mobile computing devices today? AVG suggests strongly that the answer to this question is yes. Whether this is because we still think of smartphones as “phones” or status symbols rather than computers, whether it is because we still consider the traditional desktop PC as the most likely place to see a virus, or whether it is because we simply haven’t stopped to think about it yet – the reality is that mobile threats are here, they are real and they can be extremely damaging.

At this risk of sounding like a road safety traffic accident commercial, please don’t become yet another statistic. Help us wake up our collective business and consumer consciousness to this issue today.

And, with more and more people switching to smartphones and tablets for personal and business use, AVG (AU/NZ) would like to highlight the dangers of losing track of a mobile device – although the device itself can be expensive, the potential for your personal and business data to be stolen is huge (and far more damaging).

That’s why AVG has recently carried out our Lost In Transit study, in an effort to educate our community on when and how the average person loses a device that could potentially contain vital personal or business data.

The results were alarming, and bore out my own experience. Whereas users of laptops (64%) and tablets are likely to password protect their device, an amazing 61% of US respondents who had lost a smartphone answered that their lost device was NOT password protected. Given the increasingly digital nature of our daily lives, these people were effectively trusting the new owner of their device with their email, social profiles, application information, bank details and more.

Add the fact that 42% of smartphone users in all surveyed countries had lost a device in the last 12 months and you create a potential goldmine of financial and personal information available to potential criminals. A professional phone thief will have no trouble finding online buyers interested in your data.

You should be particularly mindful this Christmas – the data shows that a disproportionate number of mobile devices are lost or stolen during holiday periods. In the UK, 36% of phone losses or thefts occur during the holidays, while in the US 34% of lost or stolen laptops go missing during the same period.

So, when your partner or family member finally buys into the festive spirit and gets around to buying you that iPhone 4s or Galaxy Nexus, AVG (AU/NZ) strongly recommends that you making adding a password or PIN unlock code the first thing you do (even BEFORE bragging about your shiny new toy on your facebook account).

Fortunately, we can help. Although AVG can’t prevent Joe Blogs from breaking into your car, we can and do protect the mobile device itself. AVG Mobilation can be set to locate your phone if you lose it, or even display a message on the device’s screen offering a personalised plea for its return (including a reward for the Grinches among us).

And, if you aren’t able to locate it in this way, AVG Mobilation can remotely lock and wipe the device, thereby protecting data sensitive to you, your business, or your business’ clients. Think of it as AVG’s built in self-destruct button!

Prevention is better than a cure though, so here’s some tips to keeping your smartphone or mobile device safe:

1. Protect your device with a password or PIN code

Your data is valuable to online criminals – NEVER assume identity theft will never happen to you

2. Ensure you have a trusted and effective security application installed

AVG Mobilation is used on millions of devices worldwide

3. Keep track of your device!

Create a safe place for your device, and making using it a habit

4. Check the cab before you leave it after your Christmas party this year

Inebriated pockets aren’t as deep as sober ones

The Lost In Transit survey was conducted for AVG Technologies by Research Now and questioned 5,620 adults in 11 countries across the globe. These were USA, UK, Italy, France, Germany, Spain, Canada, Czech Republic, Japan, Australia and New Zealand. Full survey results can be found here. For more information on AVG or AVG Mobilation, visit our Website.