Information Security Warnings (Continued)!
Information as of 07/01/11
Rogue rootkit requires reinstall - A rogue rootkit malware dubbed "Popureb" that overwrites a PC's master boot record (MBR) has been detected by Microsoft. Attackers often use rootkits to hide password-stealing bank trojans. This new variant of Popureb hides on the MBR and goes undetected by Windows or security software. If infected with the trojan, users will have to reinstall the operating system to get rid of it. Computerworld has the details.
Weekly patches and updates...
Microsoft releases SP1 for Office 2010
Apple fixes dozens of vulnerabilities in OS X
Google patches 7 bugs in Chrome browser
Information as of 06/24/11
ZeuS spoofs the Feds - In an effort to gain access to the finances of small and midsize businesses, fraudsters are sending out spoofed emails that appear to be sent from the Federal Reserve or the IRS. The emails are targeting personnel responsible for an organization's finances with claims that a wire transfer was not properly processed or that a federal tax payment was cancelled by their bank. SC Magazine has more details. We recommend you should get more informed of this threat, and know how to identify malicious emails.
Weekly patches and updates...
Firefox 5 fixes security and improves browsing
Adobe Flash Player Update
Information as of 02/11/11
Weekly patch news and updates...
Information as of 01/14/11
PayPal phishers casting for cash - The bigger the fish, the greater the chance of getting hooked. Boasting a user base of 87.2 million worldwise users, PayPal has a large pool of accounts available to thieves phishing for personal information. Security software vendor Sophos has alerted users of the popular payment processor about a new email-based phishing campaign designed to steal login and password details for their payment accounts. The email attempts to lure the users into filling out an attached form after advising the users their accounts have been "temporarily limited" and they need to complete the form to restore their accounts. eSecurity Planet has the details.
Not the real thing - When sweepstakes, lotteries and email surveys promising cash rewards for answers to a quick poll sound too good to be true, it's because they are. A legitimate-looking email from "Coca-Cola Company" is making its rounds in cyberspace promising email recipients $150 for their participation in a survey. Users who click on the link to take part in the survey are directed to a page requesting personal data, including their credit card information, driver's license number and mother's maiden name. The results of the fake survey are provided to data thieves while the email recipient is left high and dry. SecurityNews has the story.
.edu, .gov or .fake? - Are your teenagers or colleagues shopping for higher education online at Harvard, MIT or Stanford? Their search may direct them to a fake online store selling everything from software to pharmaceuticals at discounted prices. Security firm Zscaler discovered that portions of websites belonging to some of the nation's top universities and some government sites have been hijacked to redirect users to more than 75 different rogue online retailers. Read more at Security News Daily.
Perfect day for patches and predators - Patch Tuesday has become the day for IT professionals and consumers to prepare for the latest updates and patches from software vendors. Tuesdays between 10:00 a.m. and 11:00 a.m. (PT) is also the most active time of the week for online predators and intrusion-related traffic in the United States, reports security solutions provider SonicWALL. Read about other threat-related trends at Help Net Security.
Information as of 01/12/11
FDIC reports fraudulent emails being sent to consumers - E-mails fraudulently claiming to be from the FDIC are attempting to get recipients to click on a link, which may ask them to provide sensitive personal information. These e-mails falsely indicate that FDIC deposit insurance is suspended until the requested customer information is provided. To learn more, click here.
Mobile Users Most Likely To Visit Phishing Sites - New research finds eight times more iPhone users going to phishing sites than BlackBerry users. Dark Reading has more.
Information as of 12/31/10
Mobile trojan warning - A mobile trojan dubbed Geinimi has been identified by mobile security firm Lookout. The Android trojan displays botnet-like qualities and is capable of taking a significant amount of personal data and sending it to remote servers. So far infected programs have only been found in Chinese app stores. Get the details at CNET News.
New year: new attacks - Email targeted scams are down while attacks against instant messaging services, social networking sites and smartphones are predicted to increase in 2011 according to McAfee's annual "Threat Predictions" report. Get a preview of some of the types of threats highlighted in the report at CNN Tech.
Critical IE bug unpatched - Microsoft has confirmed reports of an unpatched bug in all versions of Internet Explorer (IE). Carlene Chmaj, a spokeswoman for the Microsoft Security Response Center, downplayed the threat posed by the exploit when it announced that the company would issue a patch but that it did not meet the criteria for an out-of-band release. Microsoft is suggesting users use the Enhanced Mitigation Experience Toolkit (EMET) utility to bolster the browser's protection until a patch is made available. Get the details at Networkworld.
Information as of 11/01/10
Banks tricked by private botnet - There's a new banking trojan in town. Likely to have been downplayed as a possible variant of the popular ZeuS and SpyEye trojans, "Feodo" began making its stealth entrance in the malware community in August. While it has similarities to its famous counterparts, security researchers believe this malware is not a toolkit and is actually in the hands of a single criminal group. Even more scary is the discovery that Feodo is targeting more than a dozen major banks and popular websites like Amazon and Google while flying under the radar of almost all AV software. Find out what attributes make this threat one to keep an eye on at Help Net Security.
When Jekyll meets Hyde - The exploration of a split personality (one being good and the other evil) was vividly portrayed in the famous novel about Dr. Jekyll and Mr. Hyde. What happens when you combine two evils to become one? Malware developers are hoping to create a superior e-banking threat with their merger of the infamous ZeuS with the up-and-coming SpyEye Trojan. Krebs on Security reports on the merger and claims being boasted by the new creator.
Halloween tweets not so sweet - Cyber trick or "tweeting" is on the rise. GFI Software reports an increase in the number of trojans spreading online this month compared to last October. These malware attacks arrive at your PC disguised as Halloween tweets on social media sites, greeting cards and party invites with Halloween-themed attachments, and malicious website links resulting from holiday searches. Three of the top ten threats identified on the list have been around since last year. Help Net Security has the warnings.
Frightful future for mobile banking - Mobile devices have come a long way from making a phone call within your limited calling area to the now vast and far-reaching capabilities of reaching out and touching anyone anywhere. Add to that the ability to perform myriad transactions – including mobile banking. Technological advances are often followed by predators lurking in the dark waiting to strike. Read about the tricks cyber criminals have been up to in Horror Stories of Mobile Money Fraud at StorefrontBacktalk.
Reeling 'em in - Your receive an email that looks and sounds like it came from a legitimate source, a retailer you do business with often, or maybe even your bank. Trusting the content to be safe, you click on the email attachment or link and are prompted to access, unaware that your browser is directed to a malicious site where malware is downloaded to steal log-in information for your bank accounts. These spear-phishing attacks are on the rise, with more than 77 attacks a day occurring within the past month. In one case the attack spoofed an organization's senior IT security executive to target 70 employees by fraudulently requesting action with a "critical update" that was actually a malicious attachment. See how this can happen to you at Network World.
Leave the light off for identity thieves - More than 11 million consumers fell victim to identity theft in 2009, with an average loss of $4,840. With every trick they can use to collect your personal information, identity thieves drain accounts, open credit cards and create financial mayhem at a high cost to consumers. Shredding personal or financial paperwork is one of the most basic precautions against ID theft. Get tips on how to protect yourself at NewsFactor.
Social engineering lives on - Phishing, skimming, spoofing and hacking are popular methods being used by fraudsters today. But the age-old art of social engineering remains a very real, ever- present, increasing threat. At the recent Defcon 18 conference, this was proven in a contest where participants targeted major companies. The results were alarming. Get the details at Infosec Island. The full report is available at Social-Engineer.Org.
Two trojans tricking techies - If you are still running any pre-Vista operating systems, beware of a Firefox trojan that is targeting older systems. Security firm Trend Micro has reported a vulnerability in both Firefox 3.5 and 3.6 that causes a "drive-by download" and runs a malicious file without the user's knowledge. It then connects to a remote server, which cyber criminals can use to send commands to the affected system. Read more about this threat at ITworld and make sure you follow through with Firefox's patch listed in our weekly patch updates below. And, if there are any Macs in your network, Macintosh's security site, SecureMac, is warning Mac OS X users about a new trojan being distributed through social networking sites and email. The trojan.osx.boonana appears as a link to a video in messages on Facebook and other social networking sites as well as email, tricking users into clicking on the link with the text "Is this you in this video?" Once the link is accessed, the trojan runs a Java applet that downloads other files to the infected PC, including an installer, which launches automatically. Get the details and the link to SecureMac's free removal tool for your systems running OS X at PC World.
This week's patch treats -
Infosec Island: Microsoft Patch Disclosure Summary - October 2010
Computerworld: Mozilla patches Firefox zero day bug in 48 hours
Techworld: Google patches 11 vulnerabilities in Chrome
Krebs on Security: Critical fixes for Shockwave
Emerging Qakbot Exploit Is Ruffling Some Feathers - Fast- spreading attack spreads like a worm, stings like a Trojan, RSA researchers say. You can find more information at Dark Reading.
Information as of 10/27/10
ZeuS 'investing' in Schwab - Recent arrests of more than 100 members of a ZeuS crimeware gang haven't stopped rival cyber criminals from using the malicious botnet to branch out. Lucrative Charles Schwab investment accounts have been targeted by the trojan via faked LinkedIn messages that direct investors to malicious sites. Then the ZeuS trojan silently captures their log-in credentials. Experts believe the criminals used fake LinkedIn messages because they expected a high correlation between LinkedIn membership and investment account ownership. PC World has the story.
ZeuS not down for the count - Not to be shown up or outdone by the rising number of bank trojan competitors, ZeuS developers are fighting back with beefed up variants of the malicious malware. Cyber crooks are now using the LICAT file infector, injected into the Explorer.exe process, to randomly download ZeuS and other malware from a variety of sources. Help Net Security has the details.
A bankers resource to educate customers and stop losses - Cyber criminals targeting bank customers is nothing new. However, the techniques and tools are getting much more sophisticated and the FBI has issued a fraud advisory to businesses. This document goes into some detail and provides good information for small and medium sized businesses to use to educate their staff.
How to protect against Firesheep attacks - Experts suggest defensive measures to ward off Firefox add-on's hijacking of Facebook, Twitter sessions via Wi-Fi. Computerworld has more.
Emerging Qakbot Exploit Is Ruffling Some Feathers - Fast- spreading attack spreads like a worm, stings like a Trojan. Dark Reading provides more insight.
Information as of 10/22/10
Bugat, and SpyEye, and Carberp! Oh my! - Diversifying their attack tools, cyber criminals are moving on to less well known and harder to detect malware. These threats also target online banking. Bank Systems & Technology reports that three large U.S. banks have been hit with the Carberp Trojan and others will likely be targeted. On another front, an upgraded version of an already existing trojan, Bugat, has emerged. Similar in functionality to its financial malware cousin ZeuS, the Bugat Trojan targets IE and Firefox browsers and harvests data during online banking sessions. Bugat was the malware of choice in a recent LinkedIn phishing attack to steal personal details from the users of the social network site. Techworld has more on these newest threats.
You thought 2010 was challenging... - Looking ahead, the good guys have their work cut out for them in 2011. Large-scale botnet attacks will increase while physical systems and mobile devices will be targeted by cyber criminals next year, according to the Georgia Tech Information Security Center's (GTISC) Emerging Cyber Threats Report for 2011, delivered at GTISC's annual Security Summit. "Traditional cyber security has been largely reactive in nature," said Mustaque Ahamad, director of GTISC. "Our goal is to remain at the forefront of security research and collaborate with our partners so that we may begin to develop solutions to impending cyber concerns at an early stage before they become widespread sources of harm." NewsFactor has more on what we can expect in 2011. You can download GTISC's full report at CyberThreatReport2011.
Stop. Think. Connect. - In recognition of October's Cyber Security Awareness Month, the Department of Homeland Security has launched a campaign to educate and empower Americans to take charge of their safety and security online. "Stop. Think. Connect." is a collaboration between government agencies, industry leaders and special-interest groups, including the Online Consumer Security and Safety Messaging Convention and the Anti-Phishing Working Group, to promote responsible use of the internet and awareness of fraud, identity theft and cyber predators. Details and a link to the White House blog post by the Administration's cybersecurity coordinator is at InformationWeek.
Phishing for passwords - A phishing trojan has been discovered in Mozilla's Firefox browser that forces the browser to save user passwords. Discovered by security company Webroot, the Trojan- PWS- Nslog malware gets around user preferences that direct Firefox not to remember their passwords, and using the passwords it extracts, creates a new user account on the infected computer. The web domain intended to receive the stolen data passed on by the trojan has already been shut down but code inside the malware leads to a Facebook page for an Iran-based hacker who provides a free keylogger creator tool. If you have systems using Firefox, find out what you should do to protect them from this threat at Techworld.
Record-breaking week for patches - In a record- breaking week for security patches, hundreds of security threats have been addressed. Is this an aberration or a sign of things to come? Only time will tell.
InfoWorld: Microsoft releases biggest-ever security update
Krebs on Security: Java update clobbers 29 security flaws
US-CERT: Oracle releases critical patch for October 2010
CNET: Opera delivers fixes in security, usability
ComputerWorld: RIM patches another flaw in BlackBerry Enterprise Server
PCWorld: Adobe rewrites PDF Reader for security
NewsFactor: Loads of security patches haunt IT administrators
New Zeus Attack Preys On Quarterly Federal Taxpayers - Massive spam campaign poses as alerts that electronic federal tax payments have failed, then infects and sends victims to the legitimate Treasury Department website for filing quarterly taxes. Find out more from Dark Reading.
FBI Warns Of 'Corporate Account Takeover' Scams - Cybercriminals are targeting the financial accounts of small and midsize businesses (SMBs), fraudulently transferring money directly from their accounts, the FBI warned yesterday. Find out more from Dark Reading.
Information as of 10/01/10
One for the good guys - ATM skimming has become a lucrative business for carders who install fraudulent devices on machines that are accessed by unsuspecting customers. But ATM users are catching on to the thieves' modus operandi. A video released by the European ATM Security team shows how some discerning customers prevented their PINs from being captured by shielding the keypad as they typed in the numbers. Wired has the video and tips for beating carders at their own game.
Fraud ring busted - In another one for the good guys, nineteen individuals connected to a multi-million dollar fraud ring have been arrested by United Kingdom authorities. Stealing almost $10 million over a three month period from individuals and businesses in the UK and the United States, these sophisticated thieves enlisted the help of the ZeuS Trojan and money mules to access bank accounts and initiate unauthorized transfers. Members of this group are believed to be connected to a larger organization responsible for a number of e- banking heists. KrebsonSecurity has the story.
ZeuS #1: ZeuS infection linked to LinkedIn - In a massive spam attack, faked LinkedIn connection requests accounted for 24 percent of all spam sent within 15 minutes on Monday of this week. Clicking on the fake request directed users to a page displaying a "please wait" message and then redirected them to Google. In a mere four seconds, the user's PC is infected with ZeuS, which embeds itself in the victim's web browser and captures personal data, such as banking credentials. PCWorld's Dan Tynan blogs about his firsthand experience with this attack at PCWorld. Check out Cisco's security alert issued on this and other threats that surfaced this week. Then share these with others to make them aware of the scams that can open up your back door to data thieves.
ZeuS #2: ZeuS has gone mobile - Aimed at defeating two-factor authentication many banks use to confirm online transfers of funds, a newly discovered variant of ZeuS is targeting mobile phones and tricking users into giving up their cell phone numbers and models. The mobile malware, SymbOS/Zitmo (ZeuS in the mobile), is designed to intercept text messages sent to online banking customers and install a backdoor giving hackers control of the phone. Help Net Security has details on how the malware targets victims and what mobile phone users can watch out for.
You're Always Just Two Clicks Away From Malware - A new study has found that users visiting the top 1,000 websites are typically no more than two clicks away from malicious content. Dark Reading has more.
Information as of 09/14/10
$1 million stolen with virus - The University of Virginia may be the latest victim, and one of the largest, to suffer an internet banking theft. Early reports indicate that UVA's comptroller's computer was infected with a password stealing virus. A single transfer of $996,000 was wired to China. You can read more on this at SCMagazine. After reading this, you have to ask yourself if this could happen at your bank, and how you would deal with the customer.
$600K internet banking theft - Thieves first stole the logon credentials for the internet banking account of the Catholic Diocese of Des Moines, Iowa. Then, from a Friday to Monday, they stole $600,000 from that account until Bankers Trust of Des Moines alerted the Diocese of the suspicious transfers. Money mules that were hired under a "work at home" scam were unknowingly moving funds out of the U.S., under the belief that some of it was distributions to victims of the Catholic Church sex abuse scandals. This article has information from one money mule, including his income from the scam, and screenshots of his transactions with the main culprit. You'll find it all at KrebsonSecurity.
Hungry virus - What do you get when you have a hungry lunch crowd, a virus that isn't yet detected by antivirus programs, a computer at a restaurant that is infected with this virus, and lots and lots of debit cards? You have stolen money, thieves getting rich and the Secret Service investigating the business and its computers. This was the recipe recently at a restaurant in Memphis, TN and there may be more cities involved. For more on this read Tech World.
PC security to the next level - If you want to take your web surfing security seriously, this article may help take it to the next level. You make sure that patches are applied regularly, antivirus is running and the file definitions are kept up-to-date, so what is next? Here are six things that can be done to improve security, from Computerworld.
More Safe Surfing - Following the same thought, here are ten steps for safer web surfing from Help Net Security.
Can you bank on cyber insurance? - Brian Krebs has posted a second article on commercial customers' taking advantage of insurance available for losses to cyber theft. While we believe banks can learn from the experiences of peer banks and customers' perspectives, recommending insurance to commercial customers must be done in a well thought-out way or you'll risk discrediting your security measures. Read the article at KrebsonSecurity.
More Zeus News - One of the current threats is the new threat from ZeuS. It now pops up an enrollment screen into a "Verified by Visa" or "MasterCard SecureCode Security" program. Your could believe you're doing the right thing by clicking on the links and registering your cards, but you would be registering with a cyberthief. Read about this latest threat at CSO.
Information as of 09/13/10
Cybercrime hits 2/3 of internet users - Symantec commissioned a survey that looked at more than 7,000 internet users in 14 countries. They found that two-thirds of internet users have been victims of cybercrime in one form or another. Internet users interviewed felt not only anger, but guilt. You'll find more on this topic in CSO.
Video Report Claims 75% of Americans Hit by Cybercrime - A recent video report expands on a report that 75 percent of Americans fall victim to cybercrime. WNCT has more information on the cost of the crime and the time it takes to resolve problems.
New threats - We know many users have a small set of common logon credentials that are used in numerous places. This may be one reason hackers are after Google account information, not to mention the account itself. There is an increase in fake update requests purporting to come from Google, designed to steal credentials. You can read the details at Help Net Security.
A Trojan detected for Android Smartphones - Several weeks ago there was a trojan detected for Android smartphones. More information is coming out now. It seems that users who thought a little pornography wouldn't hurt might end up paying a price. In this case SMS messages were being sent in the background - at a cost of $6 each. Help Net Security has this story too.
Security Application for Android - On a positive note, Arxan Technologies released EnsureIT, a security application for Android devices. Dark Reading has details.
Auto-update on steroids - Secunia has recognized that antivirus and security programs need to be updated regularly. But updating programs and applying patches are not automatic for most users and that leaves a weak link in the security chain. Secunia has a new and improved program to do just that. If your computers are on auto mode for most updates and you don't do a lot of patch testing in advance of installation, it may be worth reading about. Automating patch application may save you money in the long run. Read Computerworld to see if it will work for you.
Security gaps in the news - A bug in Adobe Reader version 9.3.4 is being exploited. Adobe is warning users that an attacker can take over a system by exploiting the vulnerability. At this time they say there is nothing they can do at Adobe. Users, beware. For the details read eWeek. There are a couple steps you can take to improve security on this issue. KrebsonSecurity has more information.
Internet Explorer Vulnerability Identified - Internet Explorer 8 also has a possible security vulnerability. Microsoft is investigating reports of problems involving CSS cross-origin theft that can force users to send Twitter posts. eWeek has more on this problem, as well.
Apple Quicktime Bug - Apple QuickTime has a flaw that was revealed last week and is now being exploited. You can read which versions are affected and how at SCMagazine.< /p>
Patches after Labor Day - Several patches were released this week. Some are more critical to you, but all are important. Mozilla provided Firefox users with 15 patches, of which 11 are rated Critical.
Apple patched the Safari browser. Apple and Mozilla are working faster than others to resolve DLL hijacking threats. Network World has more information. Apple also updated the operating system for its iPhone and other iOS devices. In addition to providing some new features, the update is intended to patch 24 vulnerabilities.
Google has released Chrome 6, which includes 14 security patches for a variety of vulnerabilities.
Looking ahead, Microsoft announced that its September Patch Tuesday will offer nine security bulletins, four of which are rated critical and affect Windows and Office.
Information as of 08/27/10
Zeus is spreading - Both Symantec and McAfee have noted there is an increase in spam, especially with attachments carrying the Zeus trojan. Zeus has been growing, and $1 million was stolen from bank accounts in the U.K. through Zeus. This is a dangerous trojan and you need to be aware of it so it can be avoided. One way this is spreading now is by notices of dead celebrities. Stay away, far away. Read more at Network World.
Social Engineering 101 - This is the article you can use to train staff or to help create your own training materials to combat social engineering. When the UPS man has a dolly loaded with boxes, what do you do when you're leaving the building and he is going in? You hold the door for him; maybe open the locked door too. How do you know it was really a UPS delivery? Read how large companies were social engineered, and take steps so this won't happen to your business. Read the details at CNET.
MS Security Essentials - bogus warning - There are many users of Microsoft's Security Essentials (MSE) program. It is used to protect their computers from a virus, trojan and other threats. But what should a user do when their program detects a trojan and identifies this on their screen? Today, they have to first verify that it is a valid warning from their actual program. There is a new pop-up that is selling fake antivirus solutions under a MSE disguise and installing malware. Read about this at Help Net Security.
How long should a password be - "Back in the day" having a password that was eight characters long was considered a strong password. But as technology has evolved, so has the computing power that is used to break these passwords. It is now recommended that passwords be 12 to 16 characters long. Read more on why this is the case and then evaluate your current password policy for adequacy, at Network World.
Cyberscams target Bieber fans - Scammers and malware distributors are nothing if not opportunistic, so if you (or your customers) have teens or tweens at home going crazy over anything related to pop phenom Justin Bieber, make sure they know about safe Internet search practices. According to Help Net Security, Beiber mania is just the latest in a long series of "events" scammers use to deploy malware.
Adobe Reader updated - If your users have Adobe Reader installed, you'll need to deploy Adobe's "out of band" security update, released Thursday, 8/19. The patch is in response to a critical vulnerability publicized at this month's Black Hat security conference. According to an article in Computerworld, you can still expect Adobe's regularly scheduled quarterly update on October 12.
Information as of 06/25/10
A new threat - There may be a new threat developing. While many savvy netizens know that .exe and .zip files can be threats, what is the harm in clicking on a .html file? The threat could be very real, and it's being used in increasing numbers of attacks. Users can't afford to drop their guard. Read this article, then decide when you need to add this threat to your training regimen for employees and customers. Help Net Security has the details.
Popular News Brings Threats - As news events hit the Internet, don't forget to remind all your users that popular news can bring threats with it—with invitations to open this link, watch this video, etc. World Cup soccer is one of the latest events to be used. SC Magazine has more.
Digitally Signed Malware? - New reports indicate that more digitally signed malware is being sent. Digitally signed software is usually considered trustworthy but anti-virus vendor F-Secure recommends thinking otherwise. Read more at The H Security.
Malware updates can be s-l-o-w - "Keep your virus definitions up to date" is a common mantra for computing safety. But when you think about it, someone's machine has to be infected before the various vendors can update their files and get them distributed to users. You just hope your machine isn't one that gets infected while that initial window is open. How long is the delay? This article gives you the results of some recent analysis and you may be surprised at how long it can take for the window to close. Read it in The Register.
Apple Mac and Mozilla Firefox updates - Apple snuck in an anti-malware update when it recently updated the Mac OS X operating system. Computerworld has more for our Mac users. Firefox was also updated, according to eWeek. Nine bugs were patched, crash protection was added, and more.
Information as of 06/18/10
Real-Life Social Engineering - Social engineering attacks are becoming so commonplace that it has become a little easier to educate users about identifying phishing e-mails and websites because they are seeing the attacks firsthand on a more regular basis. What they often don't realize is the damage that can be done, or how similar attacks might come at them, through their personal lives. Find out more at Dark Reading.
Community-Based Antivirus Immunet Protect 2.0 Launched Today - Immunet Protect provides a layer of cloud-based protection that can be used alone or on top of existing security software. Find out more at Dark Reading.
Malware Hidden in Windows Mobile Applications - Threats to mobile devices are real and exist today. A report in eWeek says Windows Mobile devices are infected with malware now.
Notice from the IRS - The ZeuS trojan is designed to steal logon credentials for Internet banking. An old spoofing attack re-tooled for ZeuS delivery has had some success. When you receive an email with a subject line "Notice of Underreported Income" from the "IRS" even if you are confident in the information you filed for taxes this year, you may have some doubts. Those doubts can cause fear leading to opening dangerous attachments or visiting a destructive website. It may be time to rethink about email security after reading this KrebsonSecurity article.
Watch out for World Cup Emails - Many cyberthreats your customers face are based on real events. The World Cup starts today and soccer fans need to be reminded about protecting their own goals. Read more on these "current events" threats at InfoWorld, and alert your customers.
Patches were Pitched - Both Microsoft and Apple were pitching patches at users this week. Microsoft repaired 34 vulnerabilities that included bugs in Excel and Internet Explorer. Apple had 48 bugs fixed in Safari which operates on both the Mac OS X and Windows operating systems. More details on both company's patches are at SCMagazine here and here.
Adobe Patches - Adobe has been preparing a patch that should be available as you read this Friday morning, designed to mitigate a zero-day vulnerability. Be sure to review the problem and implement this fix as needed. eWeek has more information.
3.7B phishing attempts - CPP, a UK life assistance company, estimates 3.7 billion phishing emails were sent in the last year. The intent of this massive number of messages is often to get confidential information. How many do you believe were intended to get banking information? The answer may surprise you, especially if you translate the percentage into a real number of attempts. Phishing attempts are made because a small percentage are successful, and that costs you money. Read more on the phishing study in Network World.
Rogue Facebook App - A rogue Facebook app is proving to be a threat to both productivity and data security, as hundreds of thousands of Facebook fans are lured in by a bogus video claiming to show a teacher beating a young teen. Warn your staff and customers about this threat, after reading this Network World article.
AV testing gets a standard - Which anti-virus product's claims should you believe? Test methods have been so varied that even third-party reviews of AV solutions have left a lot to be desired, making many decisions on AV products less informed and more like a roll of the dice. New guidelines for security product testing recently adopted by an industry coalition may inspire more confidence in the testing process. Learn about the Anti- Malware Testing Standards Organization (AMTSO) and the new guidelines at Computerworld.
XP Help Center flaw exploited - Last week a Google researcher exposed a flaw in the Microsoft Help & Support Center on Windows XP machines that exposed those PCs to remote takeovers. This week, security firm Sophos reports that the bug is being exploited. For more background and a link to an effective workaround preventive measure, read KrebsonSecurity.
Information as of 06/04/10
Lessons learned - infected home PCs - As you read this article, consider two perspectives. First, there's the bank customer who was securely banking from a Mac laptop, but on one occasion decided he'd log into Internet banking with his home PC. That PC was used by his family and was not maintained as securely as his laptop. The PC was infected and $100,000 was stolen from the customer's business. Next, consider the implications of that incident for your business staff. What work might they take home and then copy back to their office PCs? What restrictions do you have in place to prevent the transfer of infections from home PCs that are often not maintained as well as those at work? Read more on this story at KrebsonSecurity.
Windows XP SP2 retirement looms - Estimates are that half of the business users with Windows XP are still running with Service Pack 2. If your system is running well on SP2, why try to fix something that isn't broken? You should fix it by installing Service Pack 3 because in just a few months XP with SP2 will be retired and you won't receive security updates. Get the details in this Computerworld article.
Mac spyware being installed - Intego is a company that writes security and privacy applications for the Macintosh. They report that there is spyware included with downloads of legitimate software from some normally respected sites. The spyware they are getting is similar to a Windows program that has been around for about two years now. You can read the details and see a list of potentially affected downloads at TechWorld.
Poor PIN protection on iPhone - iPhone users who have locked their phones with a four-digit PIN code and believe they are secure need to read this article. With the right software, despite the phone being locked with a PIN, the contents of an iPhone can be viewed easily. Read the details at ZDNet.
"Forget" those public WiFi sites - If you make occasional use of open WiFi networks with your iPhone (the free "attwifi" connections at Starbucks come to mind), it's a good idea to set your phone up to forget the networks' names when you're finished with the sessions. Allowing your phone to store common WiFi network names can mean that your phone will automatically connect with any network with the same name, giving cyber snoops access to data on your device. Although the advice in this KrebsonSecurity article is aimed primarily at iPhone users, it's good information for anyone using the occasional insecure public WiFi connection via smartphone or any other mobile device.
Information as of 05/26/10
Beware “Tabnapping” – a new kind of Phishing scam - User Interface specialist and creative lead on Mozilla’s Firefox browser Aza Raskin has outlined a brand new variant on “phishing” attacks which he has christened “Tabnapping”. Find out more from Scam Detectives.
Information as of 05/20/10
Antivirus Software is a Waste of Money - You need an antivirus program on your computer. But that doesn't mean you need to pay for it. Find out more at MoneyTalksNews.< /span>
Information as of 05/19/10
USB Worm, Customized Targeted Attacks Dominate First Quarter - McAfee report shows increase in targeted attacks. Click here for more information.
Information as of 05/14/10
Serious flaw in Apple Safari browser could leave Windows machines vulnerable - There is a vulnerability problem for Safari users on Windows machines. Read about that threat in eWeek.
Information as of 05/12/10
Trojan Pretends To Be Window 7 'Compatibility Checker'- Malware about to begin "massive spreading," researchers say A Trojan horse masquerading as a tool that helps users get ready for Windows 7 is on the loose and about to become widespread, a security firm said. Click here for more details.
Red Condor Warns Of 'Adobe Security Update' Malware Campaign - Email campaign uses sophisticated social engineering in attempt to fool recipients. Click here for details.
Can a Hacker Guess Your Passwords? - Strong passwords are the first line of defense against identity theft. Find out more from Iolo.
Information as of 05/11/10
Security Myths - You can read about some security myths, like nobody wants to hack into a cell phone, or Firefox is more secure than Internet Explorer. What is truth and what is myth? Find out here.
"Quickswapping" explained - Have you wondered how some of the credit and debit card numbers that are stolen are converted to cash? This article explains what security vendor F-Secure calls "quickswapping." It is one method of using the credit and debit card information in conjunction with auction sites to provide deals that are too good to be true. While the buyer isn't ripped off, your customer, and you, are. eWeek has the story.
(Un)Safe government sites - There are some sites that you visit and trust. If the site says you need an application installed, you should trust it, right? Not always. Security vendor AVG says that three websites associated with the U.S. Bureau of Engraving and Printing were infected and distributing malware. CSO has more on this story.
Information as of 05/4/10
New IM Worm Spreading Fast - Aggressive new variant of an older worm circulating around Yahoo Messenger lets attacker take over a victim's machine. For more information, click here!
Fake antivirus software a growing problem - Google recently conducted a 13-month study which included 240 million web pages and revealed that fake antivirus programs are on the rise. In fact, 15 percent of the malicious software programs on the web are these fake antivirus programs. You can read more on how they are marketed, and hosted, at TechWorld.
Conficker still a problem - While it may not have been bright on your radar screen, the Conficker worm is still a problem, according to Microsoft. They released their semi-annual Microsoft Security Intelligence Report and it shows the Conficker worm on nearly 25 percent of enterprise Windows computers. You can read more on this current threat as well as the others topping the list at NetworkWorld.
Information as of 04/23/10
McAfee update chaos - If you had any of the Windows XP machines affected by this week's faulty McAfee antivirus update, you are probably scrambling like others crippled by a glitch in a virus definition file that quarantined svchost.exe, a major Windows system file. McAfee has posted solutions in a blog post. Read details and find a link to the McAfee blog entry in PCWorld.< /p>
Scammers Embrace McAfee Fiasco - Of course the McAfee quandary has prompted the usual suspects to create new "scareware" threats and to poison search engine results, leading frantic PC users to websites loaded with malware. CIO has details.
Zeus after Firefox users - If you've been reading Tech Talk in the last few months you've seen time and again how dangerous the Zeus trojan is. It infects a user's computer and steals logon credentials for Internet banking. A new version of Zeus has been identified and for the first time it is targeting Firefox users. Read more on this threat at TechWorld.
Information as of 04/16/10
New email scams - As Tax Day 2010 came and went, there was a noted increase in tax scams to worry about. Unlike Tax Day, which has now passed, the scams are expected to continue. People take the IRS seriously and may be less likely to delete what would otherwise be seen as a suspicious message. The phishers are looking for personal and banking information. They want new identities, and money. Put your customers and employees on guard. Read more at The Emergency Email & Wireless Network.
Warning: You have committed a copyright violation - According to F-Secure there is a new scam surrounding illegal downloading. Supposedly copyrights have already been violated and the user sees a recurring warning that they need to pay a $400 fine as a pre-trial settlement. Giving up bank account numbers will lead to an even greater loss. Read about this in PCWorld.
Visiting Songlyrics.com could give you The Java bug - This was reported by a Google researcher who published information about it. Within five days a website that provides song lyrics was infected and sending users to a Russian attack server. TechWorld has these details.
How many AV programs should you run? - We've long heard the message that a user can run numerous ad-aware type programs at one time but that only one anti-virus program should be used. The programs could compete with one another, use resources and slow down the machine. But there is a new product available—Immunet Protect—from a company that argues you can and should run two anti- virus programs. Decide for yourself after reading about this product at KrebsonSecurity.
What is hiding in your archived files? - Only recently have researchers found that there were ways to hide malicious software in archival-formatted documents, such as ".zip" and ".rar" files, without detection. Tomislav Pericin, founder of the commercial software protection project RLPack, demonstrated how worms such as Conficker could be added to archived files. Updated anti-virus programs should be looking for this vulnerability now. Have you updated your AV program? Read more at CIO.
100 patches to keep you busy - This week we saw Microsoft's regularly scheduled Patch Tuesday bring us updates for our systems and programs. Oracle and Adobe also added to the patch heap. Microsoft addressed 25 vulnerabilities of which five were rated as Critical. Adobe was plugging 15 holes with its updates, each of which could allow a hacker to remotely execute code on an infected PC. Oracle's patches numbered more than Micosoft's and Adobe's combined, bringing the total update count to nearly 100. Read more on the week's avalanche of patches at TechWorld.
Apple patches software too - Apple wasn't going to be left out of patch Tuesday. It also made patches available this week for OS X. SCMagazine has more on this.
Information as of 04/13/10
Malicious Facebook ad redirects to fake antivirus software - A malicious advertisement has been found within an application for Facebook that redirected users to fake antivirus software, according to a security researcher. Go to Infoworld for more information.
Information as of 04/09/10
Another Facebook scam - Another scam propagating on Facebook claims that Best Buy is offering $1,000 gift cards to the first 20,000 Facebook users who become Best Buy fans. Do the math— would Best Buy spend $20,000,000 to get 20,000 fans? No. NetworkWorld has more on this hi-tech scam.
Malware mania - Is it possible that a malicious program can be installed on your computer, concealing itself from an anti-virus program meant to scan for it? Certainly. This article explores that possibility and provides you with the information you need to run a second program, safely, to avoid conflict but protect your data and the integrity of your network. Read more on this story at The Washington Post.
Information as of 04/05/10
Red Condor Warns Of Fake eBay Security Alert - Red Condor today issued a warning of a new blended email threat that appears to be a security alert from the leading online marketplace, eBay. Click here to find out more.
You are being sued - Suppose that someone in your business is violating copyright laws. Perhaps there are employees who are copying and pasting articles and sending them to others, using old tech and doing this with a copier, or perhaps posting articles online they found interesting. Then someone gets an email from a law firm that claims the recipient (or the business) has been sued. That email may have an attachment or a link to a website, either of which may be malicious. US-CERT is warning users to watch out for this scam.
Watch out for IRS emails - A seasonal scam to watch for starts with a phony email that appears to be from the IRS. It is, after all, tax time. A link in the email installs Zeus, a major data- stealing trojan that is costing business customers so much money (in scams like the one in this week's first story). Zeus is very good at stealing banking logon credentials. SCMagazine has more about the IRS scam.
Facebook friends and enemies - Posting on Facebook that you'll be away from home may invite unwanted guests -- burglars. That is what happened to Keri McMullen when she posted that she was going to a concert. But she turned the tables by going back to Facebook and posting images of the thieves from her survellance camera, and there was a match. Social networking can be a dangerous game. For more on Keri's story read the News and Tribune.com and for more on social networking implications for your bank, check out our ad for Cary Pry's webinar, just to your right.
Information as of 03/26/10
Facebook Email Warning - You should be aware of the recent rash of emailed malware targeted at Facebook users. A "utility" to reset their Facebook password linked in the fraudulent messages, is actually a trojan (Bredolab). Gary Warner, director of research at the University of Alabama at Birmingham, said his staff has identified 17 variants of the trojan. Read more on this threat at eWeek.
Information as of 03/19/10
Department of Homeland Security News - US-CERT reports there are spam messages circulating that claim to be from the Department of Homeland Security but include attachments or links that can infect a machine with the ZeuS trojan or other malware. Click here for more information.
Information as of 03/16/10
FDIC Consumer News - The FDIC has issued guidance for Online Banking, Bill Paying and Shopping. It is called 10 Ways to Protect Your Money. For more information, click here!
Information as of 03/05/10
U.S. Census Bureau 2010 Census Campaign Warning - The 2010 federal census is in full bloom. Questionnaires are on the way to every known household in the country. However, US-CERT has already posted an alert reminding its subscribers of the likelihood that scammers will seize the opportunity to send emails claiming to be from the Census Bureau soliciting confidential information or laced with links to malware infections. The Bureau has clearly stated that it will not use the Internet for its 2010 collection of census data. For further information, read the short US-CERT bulletin.
Enterprise Security Tips on a Small-Business Budget - Whether your business is a big fish or a small-fry home office, you can get hacked just the same, and the stakes are higher than a few canceled credit cards. Here are a few tips to protect your users and your networks--steps that even enterprise-class security specialists may slip up on. Click here for more information.
Information as of 02/08/10
VISA Card Scam - An email purporting to be from VISA is circulating about fradulent transactions at an ATM in Algeria. It requests that you click on the link to complete a VISA card holder form. This is another phishing scam and should be deleted. If you have questions about your account or your card, please call the Bank. Neither the Bank, nor our partner (First Data) would email you regarding your ATM/debit card.
Information as of 01/15/10
Identity Theft Prevention Tips - Along with the breaking of some bad habits, now is the time to take on some new habits to protect you against identity theft. Click here for the The Identity Theft Resource Centers® (ITRC) top resolutions you can make in 2010.
Spam alert - Given the history of spikes in spam attacks following large-scale human tragedy, we should not be surprised that the FBI has posted a warning about inevitable attempts by spammers and other fraudsters to capitalize on Tuesday's horrific earthquake in Haiti. To read the FBI's alert, click here.
Mobile (in) security - Malicious apps for Android phones may have already stolen banking logon credentials. The Google app store may have been unknowingly offering some malicious apps for the smartphones. The apps have been removed from the store, but some financial institutions have posted warnings already. A hacker could produce and offer an app, without the financial institution's knowledge. Southern Missouri Bank does not use any applications associated with its Mobile Banking. You only need to be able to browse the web with your phone. Visit Online Banking/Mobile Banking on the menu on the left for more information. To read more on this at suspicious application, click here.
Protect your smartphone - Wondering what threatens your smartphone and what you can do about it now? Read this CNet News article.
Credit/debit card fraud - The Atlanta office of the U.S. Secret Service is providing some helpful information in this article. It focuses on skimming, one of the most significant problems users face and the fact that online monitoring is a good way to catch the problem. Click here to read more.
Information as of 01/08/10
One-third of businesses don't have anti-virus software - A recent Symantec study reveals that one-third of businesses in the U.S. do not have anti-virus software installed. ABA and the FBI recommend that small businesses get AV software and use a dedicated PC for online banking. More on this story is in the New York Times. Southern Missouri Bank highly recommends all My Internet Banking users have anti-virus and anti-spyware protection. Click on the above link to find out how to obtain free anti-virus software.
Information as of 12/07/09
New Ransomware Variant - Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message). According CA researcher Zarestel Ferrer, the ransomware file is bundled with a program called uFast Download Manager. Once a machine is infected, a message is posted in Russian, demanding a ransom under the guise of activating the uFast Download Manager application. CA is offering an activation code generator for this particular ransomware variant.
H1N1 trojan - You can ignore that e-mail that looks like it comes from the U.S. Centers for Disease Control and Prevention about creating a profile for an H1N1 vaccination program. It's a malware scam, according to security provider AppRiver. The fake alert informs recipients that as part of a "State Vaccination H1N1 Program" they need to create a profile on the CDC Web site. The link in the e-mail goes to a fake CDC page where the visitor is assigned a temporary ID and a link to a vaccination profile that is actually an an executable file containing a copy of the Kryptik Trojan targeting Windows, according to an AppRiver blog. Once installed, "this Trojan will create a security-free gateway on your system and will proceed to download and install additional malware without your authorization," the post warns. "It also enables a remote hacker to take complete control of your computer. This malware can log your typed keystrokes and send confidential personal and financial data (including banking information, credit card numbers, and website passwords) to a remote hacker."
Information as of 11/20/09
Verizon Spam could infect your computer - Verizon cell phone customers need to be alert. SonicWall, an antivirus company, reports detecting 200,000 email messages per hour with a trojan attached. The messages report that the addressees are over their Verizon Wireless usage limits and they need to install a "balance checker" program, conveniently linked in the email. That link, of course, leads to the trojan payload. Click here for details.
Windows 7 bugged already - Microsoft has confirmed that a zero-day bug exists in Windows 7, but says users can protect themselves by blocking two ports with their firewalls. The Server Message Block protocol has a vulnerability that will allow a denial of service, but won't allow a computer to be taken over or have software installed. Click here for details.
Information as of 11/12/09
Phishing Alert from NACHA - Random individuals and/or companies may have received a falsified e-mail with the subject title “Rejected ACH Transaction.” This e-mail appears to be from NACHA – The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e- mail includes a link which redirects the individual to a fake web page which appears like the NACHA website and contains a link which is almost certainly an executable virus with malware. Click here for details.
LoroBot ransomware a new threat - An unsuspecting user's machine is infected with the LoroBot, which encrypts a variety of file types including images, sound, PDFs and assorted Microsoft Office files, holding them ransom. The user is told the decryption code requires a $100 payment, to be completed by sending a "premium SMS" to a designated number. The target of the scam must send a text message with a cell phone, and is billed for the message at the $100 premium rate. Read more about this scam, including what the anti-virus companies are doing about it.
Information as of 10/29/09
FDIC Warns of Fraudalent Work-at Home Scams - The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions of an increase in schemes to recruit individuals to receive and transmit unauthorized electronic funds transfers (EFTs) from deposit accounts to individuals overseas. These funds transfer agents, often referred to as "money mules," are typically solicited on the Internet by criminals who have gained unauthorized access to the online deposit account of a business or consumer. In a typical scenario, the criminal will originate unauthorized EFTs from a victim's account to a money mule's deposit account. The money mule is then instructed to quickly withdraw the funds and wire them overseas after deducting a "commission". For more information, click here.
Information as of 10/26/09
E-mail Claiming to Be From the FDIC - The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC. The subject line of the e-mail states: “check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, "You have received this message because you are a holder of a FDIC- insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.” This e-mail and associated Web site are fraudulent. For more information, click here.
Check washing - Check washing is a simple, low tech way to alter a check you have written. The idea is to remove the ink while maintaining the overall appearance of the check and its preprinted items. Once the "Washing" has been accomplished, the payee and/or amount may be altered. Often times, the amount remains the same while only the payee is changed. This allows for it to pass by unnoticed when balancing your bank statement. Tips for minimizing your risk of check washing include: Do not put outgoing bills in an unattended or unlocked mailbox; Minimize the number of checks you write (use online bill pay); Use a gel ink pen (preferrably black) so the ink will permeate the fibers of the check; Do not leave blank spaces on the payee or amount lines; If you receive cancelled checks, shred them; Review your bank statements immediately; When possible, have your new checks delivered to your bank. For more information, click here.
Information as of 10/07/09
3 scam emails purport to be from the FBI - The FBI has issued an alert to warn the public about phishing emails that purport to be from the the agency. There are three variations -- one claims to contain "Intelligence Bulletin No. 267"; another purports to be from the Department of Homeland Security and the FBI Counterterrorism Division; and the third claims to contain an FBI intelligence bulletin from the Weapons of Mass Destruction Directorate. KOCO, Oklahoma City, was among the media outlets covering the schemes. Watch its report, "FBI Warns of Email Fraud,". Access the October 5, 2009 Alert from the FBI about the phishing messages.
Scammers target social networking - October 1, the FBI posted a warning on its site about techniques used by fraudsters on social networking sites. In view of the fact that recent news reports have indicated that 17% of all recent Internet traffic involved social networking sites, such as Facebook and Twitter, it's no surprise that cybercriminals see them as an attractive conduit for their swindles. A video report from the Today Show at MSNBC.com demonstrates how logon credentials can be stolen in real time. The segment also describes how scammers abuse human emotions after hacking email and social networking accounts. In a revival of a scam seen in recent years, the accounts are used to send requests for emergency money to an alleged victim's relatives and friends, who are led to believe assistance is required immediately.
("Help! I'm in [insert name of a foreign country] and [describe calamity, such as my wallet was stolen] and I need any of my friends who are reading this and able to help to please [describe method of sending funds].)
Of course, any money sent is diverted into the scammer's hands. The video clip does a great job of driving home how clever and dangerous these scams are.
URLZone, a new threat - Trojan horse programs are not a new threat but there is a new version of one that is particularly good at what it does -- taking money from your bank. URLZone infects your customer's computer, accesses the customer's internet banking account and takes money. Here's the really scary part: it rewrites the statement pages so your customer doesn't see that the funds have been taken. It also doesn't empty the account, so the red flags are raised later, after the thieves are long gone. This Trojan also recognizes computers run by investigators and law enforcement and replies to queries with bogus information about the program to throw off an investigation. More can be read on this in CIO.
Email users targeted with new attacks - Data thieves have mounted a massive phishing attack on web-based email accounts. Hotmail, Gmail, Yahoo and AOL users all appear to be at risk. Logon credentials from 20,000 users have been published on the web. The total number of other users whose logon credentials have been compromised is not yet known, but because those are the most popular Web-based email accounts, it could be huge. TechWorld.com explains how webmail users are likely to have been duped into giving up user names and passwords.
What has this got to do with us? - It is estimated that the average Internet user has at least twenty unique websites requiring logon credentials. Power users often have more. To reduce the burden of remembering multiple passwords and user names, many individuals will adopt a "universal identity" -- using the same login and password on as many sites as possible. Convenient? Yes, but highly unwise. If a user name/password combination gets compromised at one venue, thieves will try to use it at other sites to see what else it might unlock. If any of your online banking customers use the same password for Internet banking as for Gmail, Facebook and other websites, their accounts could be a risk.
Information as of 9/29/09
Census Bureau Scam - A scam email that poses as a survey from the U.S. Census Bureau is being used to collect personal and sensitive information. If you receive a questionable email, do not submit personal data. The Census Bureau will not request personal information from the public via email, such as PIN codes, passwords, Social Security numbers, credit-card numbers or other financial account information.
Always make sure to follow best security practices and always consider why a person or business needs personal information about you before you provide it.
Source: Perimeter eSecurity
IRS Phishing Fraud - Consumers and businesses are receiving emails purportedly from the IRS indicating the recipient has unreported or underreported income. Of course the recipient is instructed to click on a link to view their tax statement. You can be sure that the IRS will not initially contact you by e-mail, and that this is another scam.
Live-Chat Phishing Fraud - A new online scam surfaced earlier this month. Online fraudsters have reportedly created a phishing site that appears to be a popular US financial institution (not Southern Missouri Bank). When users access the fraud site, a chat window appears asking for log-in credentials and other personal identifiers such as account number , e-mail addresses, name, phone number, etc. The live-chat box claims the bank's fraud department is validating the account holder's identity in order to assist them. It has been dubbed "chat-in-the-middle" scam and it is being hosted on a fast flux network that criminals pay to use that hosts malicious Web sites and other tools for online crimes.
Clampi Trojan Virus - Cyber criminals have created a highly sophisticated Trojan virus that steals online banking log-in details from infected computers. The Clampi virus, which is spreading rapidly across hundreds of thousands of computers in Britain and the United States, infects computers when users visit websites that host a malicious code.
Heading Off Hackers:
- Do not click on suspicious links to unknown sites within e-mails, instant messages or social networking sites
- Be cautious about doing business with unknown e-commerce sites and always use a credit card, not a debit card
- Install a comprehensive security solution and keep it up-to-date
- Use a security solution that offers browser protection and a website rating service Browser protection will block questionable downloads from getting on to your computer, and website rating services can warn you if a site is infected
- Secure your wi-fi connection with a strong password to ensure that others cannot connect to your network and access data stored on your computer
Any user whose system has been infected by Clampi should immediately change any and all passwords used on that system for any websites, but particularly financial credentials
Text Messaging Scam - Another Southwest Missouri Bank has reported that area residents are receiving text messages indicating an issue with the recipient's debit/credit card. The message directs them to call an 800, 866 or an 877 number. If called, an automated response asks for the credit/debit card number and other personal information to be entered.
If you receive one of these personal text messages, please call us first to verify the authenticity of the message; but keep in mind that our credit/debit card system does not have text messaging capability. If you set up an eAlert message request to go to your phone through My Internet Banking, it will not ask you to call a number. It will just provide the information you requested. Our number is 417-859-1292 or 417-859-5592.
For More Information regarding Information Security, please click here!