Banking fraud is here to stay

Internet users are contributing to banking and financial fraud by falling victims to cyber-scams designed to steal cash, says a cyber security expert.

While credit card fraud has declined in SA by 28,6%, according to the South African Banking Risk Information Centre (Sabric), debit card fraud increased 8,3% to the year ended 2015.

The organisation also reported that Card Not Present (CNP) fraud increased by 12,6% to account for 75% of losses relating to South African issued credit cards.

“The problem is not that the cyber-criminals are stealing our information, but rather that we are giving it to them,” says Tjaart van der Walt, chief executive of Truteq Group.

“We click on the links in the phishing emails and we install the ‘free’ apps on our mobile phones. This mechanism to get your banking information is more about social engineering than hacking in the old sense,” he adds.

Trojan attacks
Security firm Kaspersky Lab recently reported that cyber-criminals have turned to Trojans designed to steal financial information and install malicious software on both PCs and smartphones.

“Almost every detected threat in South Africa is an advertising Trojan that can use root rights on the phone,” Roman Unuchek, senior malware analyst at Kaspersky Lab USA recently told Fin24.
Van der Walt says the divergent interests of communication and financial security between mobile phone operators and banks has left a security gap.

“Using mobile technology to secure financial transactions was not part of the specifications or the intended purpose. Three decades later, mobile telephony has turned out to be indispensable to our way of life and there is now a mobile phone in almost every pocket,” he says.
Banks typically use a one-time PIN (OTP) sent to a customer’s cell phone to secure online transactions. However, mobile operators do not want to expose themselves to additional risk.

“In the delivery of a one-time pin, a mobile network operator has very little (in all likelihood no) legal or financial risk. The terms and conditions of use limit their liability and case law exists to reinforce this position. In fact, a mobile network operator will not want to be associated with the authentication of financial transactions at all,” Van der Walt says.

The fact that many banks send the verification to the same mobile number to conduct the transaction may leave customers vulnerable if a cybercriminal has compromised the device.

SIM-swap fraud
“Using the same mobile phone to make a transaction and to verify it [financial transactions], wipes out the benefit of the two-factor authentication. Fraudsters only have to compromise you once in order to break into your bank account and clean it out,” says Van der Walt.

The problem is magnified when customers enact a SIM-swap – or if criminals conduct a fraudulent SIM-swap.

“The identification process followed by a mobile network operator’s call centre agent to verify your identity for the purposes of a SIM swap or network port is as simple as possible. Their interest is to keep us talking and if we cannot make a call, then we cannot talk and consume credit,” says Van der Walt.

“The banks, on the other hand, need the verification process to be as rigorous as possible in order to comply with anti-money laundering and counter-terrorism laws,” he adds.
Van der Walt argued that about 1% of mobile subscribers conduct a SIM swap per month, implying a change in about 870 000 numbers in SA.
While not all mobile subscribers are banking customers, Van der Walt says number porting could place a strain in banks’ ability to keep track of customers.
“Even if a bank had the access to see if a user has ported or not, blocking a transaction purely on the basis of the user changing networks will drive hundreds of thousands of irate customers to their call centres,” he says.
By Duncan Alfreds for Fin24

In a piece of advice that seemingly contradicts everything else we’ve ever heard, GCHQ has recommended you should change your password less often.

According to the spy agency’s cybersecurity arm, forcing people to change their passwords regularly is ineffectual, because they are likely to choose a new password that is very similar to the old one.

They are also more likely to write the new password down, for fear of forgetting it. This increases the risk of the password falling into the wrong hands.

“Attackers can exploit this weakness,” says the Communications-Electronics Security Group (CESG). “The new password may have been used elsewhere, and attackers can exploit this too.”

Instead of forcing a changed password at regular intervals, it recommends organisations provide users with information on when their account was last activated.

GCHQ says sticking to the same password for a long time – unless it’s something like ABC123 – is a good idea.

The news comes as a new study into online privacy reveals that one in three Brits secretly know their partner’s passwords .

The survey by money-saving website VoucherCodesPro has revealed the UK’s attitude to trusting loved ones with our passwords .

It discovered that almost three quarters of us have looked through social media messages on someone else’s account without their permission.

The team responsible for the study polled 2,211 UK adults between 18 and 45 who have been in their current relationship for at least two years.

Initially respondents were asked if their partner let them access their social media channels when they wanted to; 51% of respondents stated they did. Respondents were then asked if their partner had let them know their password for social media channels, 21% stated they had.

Following straight on from this, all respondents were then asked if they knew their partner’s password without them being aware of this – with 34% stated they did.

Researchers asked these participants how it was they found their partners password out, 59% stated they ‘guessed’ it, 37% said they ‘keyboard watched’ and the remaining 4% asked their partner’s friends.

As to what those sneaky snoopers got up to once they’d accessed their partner’s accounts – the researchers provided a list:

  • Looked through social media messages – 74%
  • Looked through the photo gallery – 59%
  • Looked through emails – 54%
  • Looked through browser history – 46%
  • Looked through bank statements – 39%

George Charles, spokesperson for www.VoucherCodesPro.co.uk , made the following comments regarding the study:

“Being open with your partner is incredibly important and snooping at their social media channels or any private documentation just isn’t the way to achieve a healthy relationship,” said George Charles, a spokesperson for VoucherCodesPro.

“Knowing your partner’s password without their knowledge will only lead to trouble. It suggests you are looking for something and if you look hard enough, you will always find something to convince you that your fear is real.”

By Jeff Parsons for www.mirror.co.uk

WhatsApp is popular in South Africa, which has resulted in it gaining the attention of fraudsters and scammers.

Criminals try to take advantage of the platform’s popularity by looking to make a quick buck off unsuspecting victims.

Some of the biggest scams reported on the messaging platform in South Africa and around the world are described below.

WhatsApp users in South Africa should keep their eyes open for fraudsters who use these tricks.

WhatsApp OTP favourites scam

A new scam doing the rounds in SA involves a scammer tricking you into believing he is someone on your contact list whose number has changed.

In reality, the scammer has gained access to a contact list which contains your number.

Once he believes he has you hooked, he tells you an SMS is being sent to your phone that contains a number – which you must forward to him so he can add you to his favourites.

This is a one-time PIN, which is meant to protect your accounts from fraudsters. Never send these PINs to anyone in a text message.

WhatsApp malware link-sharing scam

Another scam doing the rounds promises discounts from popular restaurants or stores.

To redeem the offer, it asks you to share the promotion to 10 contacts – which appears in your chats as a “Look [link]”.

BT has warned that clicking the link will install malware on your device, which can be used to steal your identity or access your banking details.

WhatsApp “Ultra-Light WiFi” scam

A variant of this scam doing the rounds, according to Hoax Slayer, promises a new WhatsApp feature – Ultra-Light WiFi – in return for sharing a link 10 times.

When you click on the link your are tricked into providing your personal information via a survey website. In some cases the Web site will infect your phone with malware.

WhatsApp subscription competition

A WhatsApp “competition” is doing the rounds, where users receive a message which links to a Facebook page.

Navigating to this page lets you spin a prize wheel, which promises a prize, such as a new smartphone. Spinning the wheel takes you to a new page, where to claim your prize you have to share your result 10 times.

Clicking the continue link after sharing your result takes you to a new page where you are told your prize has been reserved.

To claim the prize, you have to enter your cellphone number and click a “Yes, I want” button.

This takes you to a new screen which informs you an SMS will be sent to your phone, and you are instructed to reply “Yes” to this SMS.

Doing so opts you into a R7-per-day subscription service.

WhatsApp subscription link-sharing scam

Another con doing the rounds involves using the names and logos of well-known brands.

In the example below, you are promised a Spar shopping voucher in return for completing a survey and sharing it with 10 contacts.

According to reports, once you have completed the survey, you have been signed up for a R7-per-day SMS service.

WhatsApp “add-on upgrade” SMS

This SMS campaign can cost WhatsApp users R210 per month, and involves users clicking on a link that initiates a daily deduction.

An SMS that reads: “You have not updated to the latest WhatsApp add-ons. Click here now [URL]. (Free MSG) 31655 optout dial 0110621424”, is sent to smartphone users.

Clicking on the link in the SMS takes users to a screen which asks them to “Update your wall 4 WhatsApp”.

The fine print below a green “Continue” button shows that the message is for a subscription to a social network called Buddiechat, which costs R7 per day.

WhatsApp pop-up update scam

A pop-up window posing as a WhatsApp update can infect a device with malware if clicked on.

Users are advised to only update the messaging app through official channels, such as your smartphone platform’s app store.

The pop-up asks users to download an update, or install a new version of WhatsApp while they are browsing the Internet .

The pop-ups are not linked to WhatsApp in any way and are created by malware pushers.

Wangiri fraud

WhatsApp Wangiri fraud is where local WhatsApp users are urged to call international numbers.

Wangiri is a type of phone fraud where the perpetrator dials random numbers and then hangs up after one ring. Victims call back, and are charged premium rates.

The WhatsApp-based version of Wangiri fraud sees local users receive a WhatsApp message with a contact attachment.

The number in the contact is different to the number the message originated from. Calling this number back could cost you a lot of money.

Source: www.mybroadband.co.za

Online shopping is a convenient way to find, compare, and purchase items in South Africa.

However, as security breaches increase and attacks grow more sophisticated, buyers need to take greater care with their personal and banking information.

Besides standard security precautions such as keeping your operating system, anti-virus, and browser up-to-date, you should also keep the following security tips in mind.

Watch out for scam specials
If you get a promotional e-mail from a retailer, even one you are familiar with, never click on a link – ever.

That’s the advice from Adam Levin, author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves.

Levin said two problems could occur:

The destination the link points to could contain malware used to steal your passwords.

You could be directed to a clone site that looks like the retailer’s, which is used to harvest your identity and credit card details.
Levin said shoppers must go directly to a shop’s URL and avoid following links from promotional messages.


Read reviews
Before using a store for the first time, Levin said buyers must read independent reviews to ensure the site is reputable.


Check the security certificate
Shoppers should always check an online store’s security certificate.

This can be done by clicking the lock icon next to the site’s URL in the address bar.

You can also take this a step further and test a site’s Transport Layer Security (TLS) using a tool such as the Qualys SSL Labs server tester.
Using public Wi-Fi or computers
While TLS helps protect against the dangers of unsecure networks such as public Wi-Fi, it is best to avoid shopping over public connections.

Similarly, users don’t know what software might be watching their activity on a public computer, so it is best not to use one when shopping online.
Re-using passwords
Another security mistake is using the same password on two or more Web sites.

This is to guard against an attacker only needing to get hold of a single password to get into multiple websites where you have registered accounts.
Saving billing information
If someone gets their hands on your password for an online shopping site and you have saved your credit card information, they might be able to buy items with your money.

Sites which save card and CVV numbers are prime examples.

Digital voucher codes or gift cards are a popular purchase among attackers in this instance.
Source: www.mybroadband.co.za

Consumers should treat any offer of an above market return on their investment with suspicion, regardless of whether it is promised in cash, interest, income or capital gains, warns Justus van Pletzen, CEO of the Financial Intermediaries Association of Southern Africa (FIA).

FIA would like to warn consumers against “wasting their money on so-called ‘get rich quick’ schemes”.

“Wealth is generated through hard work and smart investing and there is no way that you will turn a few hundred rand into a fortune over a few months – those who try soon find themselves out of pocket,” says Van Pletzen.

He says the SA Reserve Bank (Sarb) is investigating more illegal deposit taking scams than ever before.

The common feature of a “get rich quick” scheme is a promise of an unrealistic return while the common emotions driving a consumer’s decision to participate in such schemes include desperation, greed and the fear of missing out.

The perfect Ponzi scheme must do two more things: It must be able to demonstrate that the unrealistic return is being achieved and it must have a clever explanation as to how the scheme generates so much more return than mainstream asset managers or banks.

“One of the saddest things about local scams is that they often lure in the old and vulnerable who are desperate to supplement declining retirement incomes due to the current low interest rate environment,” says Van Pletzen.

He provides six red flags that may signal a Ponzi or pyramid scam:

Abnormally high returns
Steer clear of investment schemes that offer abnormally high returns – and treat the phrase “guaranteed return” with a measure of suspicion too.
Consumers usually understand the concept of higher risk for higher returns as this is a fundamental principle of investing. But consumers do not understand that the returns being offered by Ponzi or Pyramid scheme crooks are way off the charts.
For example, South African investors can expect around 7.0% a year in cash (low risk) or 15% a year in the stock market (high risk) over five years. You should be highly suspicious of any product or opportunity that promises a return that is higher than the country’s top asset managers can generate.
Remember that no return is ever “guaranteed” in the world of investments and that even the most modest of investments carry some risk. The guaranteed products offered by large and respected financial institutions are based on solid actuarial models and involve a complex trade-off between risk and reward.

Vague business models
Steer clear of investment schemes that are based on vague business or investment models.
Before you invest you should make sure that you understand how the returns are generated.
You should never fall for claims from the Ponzi crooks that the investment or business model is “confidential” or “too complex” for you to understand. The bottom line is that if you do not understand the product you should not invest.

More participants
Avoid investment schemes that rely on you bringing in more participants in order to generate a return.
This is a classic trait of both Pyramid and Ponzi schemes, with the former requiring you to bring in additional participants to qualify for any return.
Legitimate investment tools do not require you to bring in more participants. It is also common knowledge that new participants to a scheme will eventually dry up, resulting in a total collapse or implosion of the scheme.

Undue pressure
Steer clear of investment schemes that place you under undue pressure to invest.
If you are being pressured to make the initial investment – or are frequently encouraged to increase the size of your investment – then beware.

Complex foreign exchange
Take care when considering offshore investments that rely on complex foreign exchange transactions and shifting money across borders.
All of the warning signs given above are compounded when the opportunity requires your cash to be taken offshore into banks that are outside of the South African regulator’s reach.

Too good to be true
If it is too good to be true, it usually is.
Any investment with a high rate of return that is says to be “guaranteed” should be treated with suspicion – if it looks too good to be true, it usually is.

“People who plan carefully for their financial futures are less likely to fall victim to a Ponzi or Pyramid scheme, because they have more realistic return expectations and a better understanding of how the savings and investments industry works,” says Van Pletzen.

“The desperation that lures many older persons into ‘get rich quick’ schemes can be avoided by saving sensibly throughout you working years and reaching retirement with enough to support yourself through retirement.”
In his view the best protection when making an investment is to transact with a reputable financial institution with assistance from a licensed financial adviser, financial planner or insurance broker.

“In this way you can transact in confidence because both the financial services provider and adviser must be registered with or licensed by the Financial Services Board (FSB) and subject to the many rules and regulations put in place specifically to protect consumers,” he says.

A Kaspersky Lab Global Research & Analysis Team (GReAT) expert has conducted real field research at one private clinic in an attempt to explore its security weaknesses and how to address them. Vulnerabilities were found in medical devices that opened a door for cybercriminals to access the personal data of patients, as well as their physical well-being.

A modern clinic is a complicated system. It has sophisticated medical devices that comprise fully functional computers with an operating system and applications installed on them. Doctors rely on computers, and all information is stored in a digital format. In addition, all healthcare technologies are connected to the Internet. So, it comes as no surprise that both medical devices and hospital IT infrastructure have previously been targeted by hackers. The most recent examples of such incidents are ransomware attacks against hospitals in the US and Canada. But a massive malicious attack is only one way in which criminals could exploit the IT infrastructure of a modern hospital.

Clinics store personal information about their patients. They also own and use very expensive, hard to fix and replace equipment, which makes them a potentially valuable target for extortion and data theft.
The outcome of a successful cyberattack against a medical organisation could differ in detail but will always be dangerous.

It could involve the following:
• The felonious use of personal patient data: the resale of information to third parties or demanding the clinic pay a ransom to get back sensitive information about patients;
• The intentional falsification of patient results or diagnoses;
• Medical equipment damage may cause both physical damage to patients and huge financial losses to a clinic;
• Negative impact on the reputation of a clinic.

Exposure to the Internet

The first thing that a Kaspersky Lab expert decided to explore, while conducting this research, was to understand how many medical devices around the globe are now connected to the Internet. Modern medical devices are fully-functional computers with an operating system and most of these have a communication channel to the Internet. By hacking them, criminals could interfere with their functionality.

A quick look over the Shodan search engine for Internet-connected devices showed hundreds of devices – from MRI scanners, to cardiology equipment, radioactive medical equipment and other related devices are registered there. This discovery leads to worrisome conclusions – some of these devices still work on old operational systems such as Windows XP, with unpatched vulnerabilities, and some even use default passwords that can be easily found in public manuals.
Using these vulnerabilities criminals could access a device interface and potentially affect the way it works.

Inside the clinic’s local network

The above mentioned scenario was one of the ways in which cybercriminals could get access to the clinic’s critical infrastructure. But the most obvious and logical way is to try to attack its local network. During the research a vulnerability was found in the clinic’s Wi-Fi connection. Through a weak communications protocol access to the local network was gained.

Exploring the local clinic’s network, the Kaspersky Lab expert found some medical equipment that was previously found on Shodan. This time however, to get access to the equipment one didn’t need any password at all – because the local network was a trusted network for medical equipment applications and users. This is how a cybercriminal can gain access to a medical device.

Further exploring the network, the Kaspersky Lab expert discovered a new vulnerability in a medical device application. A command shell was implemented in the user’s interface that could give cybercriminals access to personal patient information, including their clinical history and information about medical analysis, as well as their addresses and ID details. Moreover, through this vulnerability the whole device controlled with this application could be compromised. For example, among these devices could be MRI scanners, cardiology equipment, radioactive and surgical equipment. Firstly, criminals could alter the way the device works and cause physical damage to the patients. Secondly, criminals could damage the device itself at immense cost to the hospital.

“Clinics are no longer only doctors and medical equipment, but IT services too. The work of a clinic’s internal security services affects the safety of patient data and the functionality of its devices. Medical software and equipment engineers put a lot of effort into creating a useful medical device that will save and protect human life, but they sometimes completely forget about protecting it from unauthorised external access. When it comes to new technologies, safety issues should be addressed at the first stage of the research and development (R&D) process. IT security companies could help at this stage to address safety issues,” mentions Sergey Lozhkin, senior researcher at Kaspersky Lab’s GReAT.

Kaspersky Lab experts recommend implementing the following measures to protect clinics from unauthorised access:
• Use strong passwords to protect all external connection points;
• Update IT security policies, develop on time patch management and vulnerability assessments;
• Protect medical equipment applications in the local network with passwords in case of an unauthorised access to the trusted area;
• Protect infrastructure from threats like malware and hacking attacks with a reliable security solution;
• Backup critical information regularly and keep a backup copy offline.

Kaspersky Lab experts have detected a new Trojan targeting Android devices that can be compared to Windows-based malware in terms of its complexity. Triada is stealthy, modular, persistent and written by very professional cybercriminals. Devices running the 4.4.4. and earlier versions of the Android OS are at greatest risk.

According to the recent Kaspersky Lab research on Mobile Virusology, nearly half of the top 20 Trojans in 2015 were malicious programmes with the ability to gain super-user access rights. Super-user privileges give cybercriminals the rights to install applications on the phone without the user’s knowledge.

This type of malware propagates through applications that users download/install from untrusted sources. These apps can sometimes be found in the official Google Play app store, masquerading as a game or entertainment application. They can also be installed during an update of existing popular applications and, are occasionally pre-installed on the mobile device. Those at greatest risk include devices running 4.4.4. and earlier versions of the Android OS.

There are 11 known mobile Trojan families that use root privileges. Three of them – Ztorg, Gorpo and Leech – act in cooperation with each other. Devices infected with these Trojans usually organise themselves into a network, creating a sort of advertising botnet that threat actors can use to install different kinds of adware.

Shortly after rooting on the device, the above-mentioned Trojans download and install a backdoor. This then downloads and activates two modules that have the ability to download, install and launch applications.

The application loader and its installation modules refer to different types of Trojans, but all of them have been added to our antivirus databases under a common name – Triada.

A distinguishing feature of this malware is the use of Zygote – the parent of the application process on an Android device – that contains system libraries and frameworks used by every application installed on the device. In other words, it’s a demon whose purpose is to launch Android applications. This is a standard app process that works for every newly installed application. It means that as soon as the Trojan gets into the system, it becomes part of the app process and will be pre-installed into any application launching on the device and can even change the logic of the application’s operations.

This is the first time technology like this has been seen in the wild.

The stealth capabilities of this malware are very advanced. After getting into the user’s device Triada implements in nearly every working process and continues to exist in the short-term memory. This makes it almost impossible to detect and delete using antimalware solutions. Triada operates silently, meaning that all malicious activities are hidden both from the user and from other applications.

The complexity of the Triada Trojan’s functionality proves the fact that very professional cybercriminals, with a deep understanding of the targeted mobile platform, are behind this malware.

The Triada Trojan can modify outgoing SMS messages sent by other applications. This is now a major functionality of the malware. When a user is making in-app purchases via SMS for Android games, fraudsters are likely to modify the outgoing SMS so that they receive the money instead of the game developers.

“The Triada of Ztrog, Gorpo and Leech marks a new stage in the evolution of Android-based threats. They are the first widespread malware with the potential to escalate their privileges on most devices. The majority of users attacked by the Trojans were located in Russia, India and Ukraine as well as APAC countries. It is hard to underestimate the threat of a malicious application gaining root access to a device. Their main threat, as the example of Triada shows, is in the fact that they provide access to the device for much more advanced and dangerous malicious applications. They also have a well-thought-out architecture developed by cybercriminals who have deep knowledge of the target mobile platform,” says Nikita Buchka, junior malware analyst, Kaspersky Lab.

As it is nearly impossible to uninstall this malware from a device, users face two options to get rid of it. The first is to “root” their device and delete the malicious applications manually. The second option is to jailbreak the Android system on the device.

Kaspersky Lab products detect Triada Trojan components as: Trojan-Downloader.AndroidOS.Triada.a; Trojan-SMS.AndroidOS.Triada.a; Trojan-Banker.AndroidOS.Triada.a; Backdoor.AndroidOS.Triada.

Can you shop online safely?

In our modern society, shopping and the Internet go together like bacon and eggs. After all, why leave home when you could be eating said food items and shopping simultaneously? To this end, shopping online is one of the most convenient things that modern technology has brought to us.

What makes online shopping so attractive is that it is convenient and it is instant. But is it secure? Yes and no. Remember, online security is only as good as the amount of effort expended and the systems put in place by the merchant to ensure you enjoy a secure experience.

“In recent years, shopping online has become much more convenient via mobile payment solutions,” states Gregory Anderson, country manager at Trend Micro South Africa. “However it’s important to note that when you are dashing through multiple sites on the Web from the comfort of your armchair, your accounts and financial transactions could be compromised by countless prying eyes. Due to the nature of e-commerce and the thousands of options for online shops, it can sometimes be hard to tell if you’re dealing with a legitimate merchant or a bogus one.”

According to Anderson, shopping online bears the same perils as shopping in store. You as an individual can’t rely on the merchant to shoulder all the risk; you need to become just as savvy as you would be if you were shopping in modern-day Hillbrow. What’s more, while we are all keen to secure our credit card information, online shopping doesn’t just pose a threat to your credit details but to your general privacy too.

Now that data breaches and incidents of hacking and identity theft are becoming more common, online shoppers should protect themselves against likely attacks that could threaten their privacy. There are a number of different methods that can be used to invade a user’s privacy and, sooner or later, an unaware user is bound to run into threats such as phishing, online scams, spam, Internet fraud and malicious URLs.
Here are a few general tips on how to secure and maintain your privacy and security when shopping online:

• Double-check URLs – if you hadn’t already bookmarked your favorite shopping site’s payment page and still rely on typing in names, always double check the URL. Cybercriminals can easily replace payment pages and apps with fake ones. One way to tell if a site is secure is by checking the security lock indicator (HTTPS instead of HTTP). HTTPS is more secure.

• Use an official online shopping app – if you’re an avid mobile shopper, make sure to use the official online shopping app and avoid third-party apps for secure transactions.

• Always use strong and secure passwords – attackers can easily hack online accounts, including banking and social media accounts. Since these accounts contain sensitive and personal details, it’s important that you use unique hard-to-crack passwords across all devices and change them regularly.

• Use a secure network – if you’re using a mobile device to pay, make sure that you are using the official payment app, and that you’re accessing a secure and private network.

• Think before you click – being scammed online could translate to an eventual invasion of your privacy. Before you click on unverified posts, messages or ads, think twice and stay away from suspicious-looking offers. They’re most likely used as bait to lead you to phishing sites. Check with official sites rather than relying on social media posts.

“Shopping online can be safe. But just be alert and be aware. Web threats are no longer limited to malware and scams. Attackers know that the more you perform any online activities, the more you increase the risk of revealing information about yourself – especially when you’re looking to make a purchase. Searching for items alone could lead you from one Web site to another, which increases the chance of stumbling upon a malicious one.

“So set yourself a small regime of ensuring the above each time you enter a new site. If you can do that, you will almost be assured of shopping securely and with the peace of mind you crave,” Anderson concludes.

A new ransomware “super bug”, codenamed “Locky”, is on the lose. There have been 500 000 sessions of the virus crossing the globe in the last few weeks – and now it has arrived in South Africa.

Anti-virus coverage for this type of malware is very poor – only four out of 54 service providers detected it.

It is believed that there are 4 000 infections an hour now – 100 000 infections a day.

A hospital group in the US has had to shut its doors after the fee to purchase its own files was set at $3,6-million – to be paid in untraceable Bitcoin.

There are 499 000 other cases of Locky reported so far. The virus is spread via infected Word documents.

A click on the attachment and the unfortunate victims, unable to mitigate this threat, are given a ransom demand for their files.

And a subsequent visit to the referenced Locky payment portal site reveal multiple options for victims to pay – including payment plans.

How to stay Locky-free:

• Never download freeware or files from untrusted sources as it might be infected.
• Always scan removable devices before using them.
• Regularly scan your PC to detect .locky File Extension Ransomware as well as other related threats.
• Always keep Windows Operating System updated.
• Browser’s security settings should be activated and set to medium level.
• Avoid installation of ActiveX controls as it is somewhat prone to .locky File Extension Ransomware.
• Never install potentially unwanted program on your PC.
• Always carefully read “License and Agreement” before installing any freeware.
• Turn on firewall and other security settings for better PC protection.
• Do not click on suspicious links while surfing web.
• Avoid getting carried away by unrealistic deals and offers as it can be a trick used by .locky File Extension Ransomware.
• Never respond to unknown mails and messages.

More than 720 litres of liquid methamphetamine have been seized in Australia – believed to be one of largest drug finds in the country’s history. The £620-million (A$1,26-billion) stash was smuggled from China and had been hidden in bottles of glue and inside gel bra inserts.

Police estimate it could have been used to create 500kg of high-grade crystal meth, which equates to about 3,6-million doses.

Some 190 litres of the drug was hidden in boxes of bra pads.

Four suspects from Hong Kong have been charged in Sydney over the import, and face a potential life sentence if convicted. They will appear in court next month.

Michael Keenan, Australia’s justice minister, described the seizure as “a devastating blow for the organised criminal gangs that peddle in ice (crystal meth)”.

The arrests followed a joint operation between the Australian Federal Police and the Chinese Narcotics Control Commission.

Source: www.news.sky.com
Picture: Sky News

         

           

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top