It's the start of a new year, and companies with malicious intents are stepping up their efforts to cause harm online.
Social network use and mobile app downloads for smartphones rose sharply in 2010, and cybercriminals were quick to follow with schemes aimed at stealing sensitive information -- and ultimately money -- from unsuspecting users.
* Shortened URLs disguise threats
Twitter users last week noticed tweets posted to their accounts containing only a shortened URL using Google's URL shortener goo.gl. If users click on the link they will be taken to a page and asked to install -- and, of course, pay for -- a fake antivirus called "Security Shield."
"We advise everyone against following suspicious goo.gl links on Twitter," wrote Graham Cluley, a Sophos security analyst. "If you've seen goo.gl links that you haven't posted on your Twitter account, you should change your Twitter password immediately and run an antivirus scan of your computer."
URL shorteners can be a handy and legitimate way to include links without using a long string of characters and are used frequently on sites such as Twitter that limit messages to 140 characters.
Each minute, 3,000 URLs are shortened, according to McAfee Labs, a security software provider, and these services will be a significant target for cyber criminals in 2011. Because social media sites are already rife with cybercriminals, these links are going to be used for spam, scamming and other malicious purposes, said the company.
What you can do: Preview a shortened URL before clicking on it by hovering over it with your cursor. Most often, a small window will be displayed, showing the full web address for the linked page. If not, skip it.
It's always a good idea to preview a link whether it has been shortened, appears as highlighted text on a Web page or is contained in an e-mail.
Cybercriminals certainly have not given up on the old-fashioned e-mail strategy, so if you receive an e-mail that contains only a link, even if it appears to be from someone you know, it's best to delete it and follow up with the sender. Chances are his e-mail account has been compromised.
* Where there's an app, there's a risk
Trapster, a free mobile application for sharing and finding "speed traps," has alerted its 10 million users that their accounts may have been compromised in a recent security breach and have advised all users to immediately change their login and password. In this case, users had to rely on the app developer to alert them to a problem.
What's in it for the Trapster hackers? Access to passwords that could be used to gain financial information from other sites in cases where people use the same login credentials for multiple sites.
Mobile is expected to be a huge target in 2011 as more consumers and businesses use smartphones, according to McAfee.
But the threat is not limited to phones. If "there's an app for that" there is a potential threat for "that" as well.
Time is critical. If you receive a message from an apps company that your account has been compromised and you've used the same password on other sites that contain sensitive financial data or a stored credit card, change those first and then go back to change app access.
* Threats come closer with NFC
And 2011 may bring another opportunity for thieves, compliments of mobile devices: The next generation of iPads and iPhones are rumored to feature Near-Field Communication capability, a technology that can beam and receive information at a distance of up to 4 inches.
Customers would be able to swipe a device on a terminal to withdraw money directly from their bank accounts to pay for purchases.
Android 2.3 phones already have this capability, but Apple may encourage nationwide adoption by heavily subsidizing a compatible terminal, or even giving it away to retailers, according to Richard Doherty, director of consulting firm Envisioneering Group, who cited engineers working on the Apple project in a Bloomberg report.
"We've seen NFC devices before in various implementations, the most obvious one is at fast-food chains where you merely tap your electronic-enabled credit card and, voila, instant purchase and payment," said Jamz Yaneza, senior threat analyst at Trend Micro. "We've seen devices that allow nearby criminals to sniff, read and clone radio frequency identification tags used on these cards."
Certainly there are easier ways to steal credit card information, but discussions about the implementation and standards used by NFC applications and associated point-of-sale terminals must focus on security issues to reduce what will become an attractive target to thieves, he said.
Ogden-based TopTenREVIEWS.com guides consumers by comparing products in the world of technology, including electronics, software and Web services. Have a question for TopTenREVIEWS? E-mail Leslie Meredith at lesliemeredith@technewsdaily.com.
Comments