Avoiding Email Scams with 10 Easy Tips

Recently I have been asked about a couple of suspicious email messages, which were both of course not legitimate messages but scams in which the sender, a truly bad guy was “phishing” in order to steal money from the receiver.

Every day countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing. So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are a number of things that you can look for.

1: The message contains a mismatched URL

One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs (or website addresses). Often the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is more then likely fraudulent or malicious.

2: URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the very telling. For example, the domain name info.brienposey.com would be a child domain of brienposey.com because brienposey.com appears at the end of the full domain name (on the right-hand side). Conversely, brienposey.com.maliciousdomain.com would clearly not have originated from brienposey.com because the reference to brienposey.com is on the left side of the domain name.

I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

I have found that sadly this often works because most people trust companies like “Microsoft” and “Apple” so when long standing names like this are used people often let their guard down. The lesson here is to never let your guard down when it comes to email messages.

3: The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably did not come from a major corporation’s legal department.

4: The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank does not need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

5: The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

6: You didn’t initiate the action

Just yesterday I received an email message informing me I had won the lottery! The only problem is that I have never-ever bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

7: You’re asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

8: The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam. Let me give you an example.

Just recently a workmate received an official looking email that was allegedly from a co-worker. The email went on to ask for our “account number” and “routing number”. Although it appeared to be an email from one staffer to another staffer the email originated from a hidden domain and as I mentioned in Tip #3 the spelling and grammar was poor.

Also – As I mentioned in Tip #4 – legitimate companies will not ask for sensitive information by email and you – of course should never-ever send this type of information via email.

9: The message appears to be from a government agency

Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they will send messages claiming to have come from a law enforcement agency like the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.

I can’t tell you how government agencies work outside the United States. But here, government agencies do not normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email. However, law enforcement agencies follow certain protocols. They do not engage in email-based extortion.

10: Something just doesn’t look right

In Las Vegas, casino security teams are taught to look for anything that JDLRjust doesn’t look right, as they call it. The idea is that if something looks off, there’s probably a good reason why. This same principle also applies to email messages. If you receive a message that seems suspicious, it is usually in your best interest to avoid acting on the message.

The War Against Bloatware

When you buy a new Windows PC, you expect it to be clean and lean, starting up fast and speeding through your work as quickly as you need it to.

The truth is, most Windows PCs start off slower than they should be, clogged with unnecessary preloaded software. Known as bloatware this software comes in many different forms. While most bloatware is not dangerous it can slow down your system and take up space on your hard drive.

How much does bloatware actually slow down your PC? It’s hard to say, but there are some indications that it can have a considerable effect. Microsoft sells a line of what it calls Signature PCs, computers that are free of third-party software. For example the Surface Pro 3 I am using to write this article is one of them. According to the product page, on average, the Signature PCs start up 104% faster, shut down 35% faster and have 28 minutes more battery life than the same laptops with bloatware. These are truly impressive figures.

In this article we will discuss the most common types of bloatware you’ll encounter, how to uninstall it and how to buy bloatware-free PCs.

Why Bloatware Me Man?

Why do PC vendors put additional software on new machines in the first place? Sometimes it’s simply in order to offer tools that will add functionality to their systems. But most often, it’s because including third-party applications are an additional source of revenue.

Generally, on Windows machines, you encounter two kinds of preinstalled software: The applications that run on the more old-fashioned desktop interface and apps that run on the touch-oriented tablet mode. I find the latter to be less intrusive because they’re visible as tiles — so it doesn’t take a lot of deep digging to find and uninstall them. Desktop applications that have been preinstalled can be a lot harder to find, especially for less techie users, who may not even realize they have unwanted software until it activates and pops up on their screen.

Within those two categories, there are a number of different types.

Trialware

Trialware is software that you get to use for free for a certain amount of time, but that you have to pay for if you want to use it after that — for, say, 30 days or six months. Among the most common kind of trialware is security software made by companies such as McAfee and Norton.

An advantage to this type of software is that it’s up-front — in fact, it has to be, because the software company wants you to use it and then, hopefully, buy it. In fact, It’s not uncommon for PC makers to publicize the trialware that comes with their computers, assuming that many people will consider that a benefit. Another advantage is that this type of add-on is usually easily uninstalled.

Utilities & Apps

Manufacturers frequently include their own software on PCs they sell. For example, Lenovo often includes its Lenovo Solution Center, a maintenance application that does things such as checking your hardware for problems, and making sure you update software.

PC vendors often also pre-install full versions of specialized third-party software. For example, Cyberlink Media Suite, a common add-on, has a set of tools for creating videos, editing photos, playing DVDs and other media, burning media and more. Cyberlink also makes the PowerDVD software that you’ll sometimes find on Dell PCs. Nero, a tool for burning CDs and DVDs, is another popular one.

In some instances you can uninstall the software, and in other instances you can’t. Whether you consider such add-ons to be a bonus or needless bloat depends on how likely you are to use them. Note that in many cases, these utilities duplicate functionality that’s already present in the Windows OS.

Adware

Finally, there’s adware, a particularly nasty form of bloatware that exists solely to pump ads to the user, either via websites or via popups that come up directly on your computer screen. Adware can do worse than irritate you and/or slow your PC down — it can spy on you as well, or expose your system to other dangers.


PART 2


Uninstalling Bloatware

So what to do about bloatware on your PC?

In some cases you can remove it simply by uninstalling it. A good strategy when you get a new system is to check it for software before you install any applications of your own and uninstall any programs you know you won’t want. (If you’re not sure whether you want it or not — even after doing a bit of research — then simply note its existence so that you can go back and remove it later if you want to.)

On the other hand, there are preinstalled programs that most users can’t do anything about. For example, Samsung was, for a while, selling its systems with preinstalled software called SW Update that was designed to handle updates for Windows, drivers and associated software. However, a small program inside SW Update called Disable_Windowsupdate.exe blocked Windows Update from working properly — and could not be removed. On June 26, 2015, Samsung changed the software to allow Windows Update to work correctly.

If you’ve got bloatware on your system that can’t be easily uninstalled — or if you suspect there is bloatware on your system that isn’t immediately obvious — there are a number of tools that might be able to remove it for you. The following are the ones I’ve found to be most useful.

The PC Decrapifier 

This free application is designed to find common bloatware installed on systems. It runs as a single executable file, so you can run it from a USB drive if you’d like.

pc decrapifier

The PC Decrapifier reports its results using three categories: Recommended, Questionable and Everything Else.

The software first takes several minutes to analyze your system. After that, it categorizes what it finds into three categories: Recommended, Questionable and Everything Else. Recommended lists software that it recommends you uninstall; Questionable lists software you might want to uninstall; Everything Else lists software about which it has little or no information.

Each lists the name of the file, the type (Application or Startup) and the percentage of PC Decrapifier users who end up uninstalling it. So in essence, The PC Decrapifier relies on the wisdom of its users to determine what is bloatware and what isn’t. You then check the box next to each application you want to uninstall and the application does the rest.

Unfortunately, the program doesn’t really provide you enough information to decide on your own whether to uninstall a piece of software. For example, when I ran it on my four-year-old Dell PC, it recommended uninstalling startup software it only identified as ehTray.exe and NvCplDaemon. Clicking the small question mark next to each launched a new browser instance, but with no useful information. I had to do a Web search to identify and decide about any pieces of software I didn’t immediately recognize.

The upshot? PC Decrapifier is a useful tool, but be prepared to do a bit of research on your own if you want to be safe.

Should I Remove It?

Like PC Decrapifier, the free program Should I Remove It? uses crowdsourcing to determine which software should be removed and which shouldn’t. For each program it finds, it shows not only the percentage of other users who removed it, but also the rating they gave to the program itself, which is more helpful than the simpler data that The PC Decrapifier offers.

should i remove it

Should I Remove It? recommends what to get rid of and what to keep — in this case, on a Dell PC.

Should I Remove It? displays all the programs it finds on your PC and color-codes them according to the removal rates — red for most removed, orange for moderate removal rates, green for low. On my old system, it found no reds, and only two orange: Dell System Customization Wizard and Dell Documentation Launcher. It rated the Google Updater and a Nook PC app as green. It didn’t find or list any startup programs such as ehTray.exe andNvCplDaemon.

What’s truly exceptional about Should I Remove It, though, is not the program itself, but the accompanying website, which has a tremendous amount of detail about bloatware. Use it as your go-to source. The site has capsule descriptions of each piece of software to help you decide whether you think that application belongs on your system. Unfortunately, though, unlike The PC Decrapifier, Should I Remove It? doesn’t report on startup items.

Slim Computer

The free Slim Computer, like The PC Decrapifier and Should I Remove It?, uses crowdsourcing to determine which software on your PC is bloatware, and then lets you decide which to remove and which to leave. Unlike the other two, however, it also looks at browser extensions, plugins, ActiveX objects and other add-ins that might be considered bloat.

Before you run a scan, it’s a good idea to go to Settings –> Advanced and change the Scanner Threshhold mode from Default to Aggressive. Default mode is designed for computer novices who might not be able to understand which software to remove and which to keep — it’s safer, but doesn’t find all potential problematic programs. Aggressive finds more and is your best bet.

slim computer

Sim Coputer offers recommendations on which software to remove from a Dell PC.

To start the process, click Scan, and after a few minutes, items that you might want to remove will appear in four categories: Applications, Browsers, Startup Items and Shortcuts. The list in each category includes the name of each program, the publisher (if available) and recommendations as to whether to remove it based on what other Slim Computer users have done.

Where Slim Computer shines is in the information it provides about each item. Click a More Info link and you’ll get a description of the software and what it does, the number of people who have recommended removing or keeping it, and individual comments that people have made about it. It’s a great way to help you decide whether to keep the software or remove it.

For information about browser extensions, plugins, ActiveX and other browser additions you might want to remove, you click Browsers in the left-hand column and then click the icon for Internet Explorer, Firefox, Chrome, Opera or Safari. You’ll then see a list of the add-ins for each browser, along with ratings and the More Info button. And near the top of the screen you’ll see the default search engine for the browser you’re currently looking at — just in case something changed your default search engine without your say-so.

ADW Cleaner

Slim Computer should remove all toolbars and similar browser bloatware, but if you want to make sure it’s all gone, give the free AdwCleaner a try. Run it, click Scan, and after it finishes its work, click the listings it generates for each of your browsers to see what kinds of toolbars and bloatware it found. It also looks through your Registry, scheduled tasks and services.

adwcleaner

AdwCleaner, after scanning a newly-bought Lenovo PC.

Uncheck the boxes next to the items you don’t want cleaned, then tell the software to clean out everything else. Before doing that, make sure to close all your programs, because otherwise AdwCleaner will do it for you and you might lose data. It will also restart after it does its cleaning, and create a text file that contains a summary of everything it found, and everything you had it clean.

Other Tools

It’s also not a bad idea to install at least one anti-adware tool, which will look for all kinds of adware, not just ones preloaded on PCs.

Examples include Ultra Adware Killer, which is efficient — but be sure that you carefully check what it identifies as adware before telling it to remove it. For example, it considers the AVG Security Toolbar as adware, which you may or may not want to get rid of.

Two freeware applications that handle both malware and spyware are Spybotand Malwarebytes Anti-Malware.

Buy Bloat Free PCs

The best thing, of course, is to buy a clean Windows computer. That’s easier said than done — you can’t just walk into a Best Buy or order a PC online and expect it to be bloatware-free.

However, there are places to turn for bloatware-free PCs. For example, Microsoft has its previously mentioned Signature Edition PCs. However, keep in mind that you may end up paying more — for example, as I write this, a Samsung ATIV Book 9 laptop with 256GB of storage costs $1,199 as aSignature Edition on the Microsoft site, but sells for $1,100 online from Newegg.

Lenovo has pledged that its Windows 10-loaded PCs will be free from bloatware.

If Lenovo truly does eliminate bloatware on its PCs as the company promises, it may well be that other vendors will eventually follow suit.

Until then, though, most of us who use Windows PCs will have to live with bloatware as an accepted industry practice. So go back through the advice in this article to make sure your new PC is as free of bloatware as possible and then use the right tools to get rid of whatever rode in that you don’t want.

Cyber Threat Shifts from Spam to Malware

There may finally be some good news in the war against spam. The overall percentage of spam among e-mail messages dropped an amazing 49.7 percent last month, the lowest level since 2003. This is the first time the figure has been below 50 percent in more than a decade, according to a new study by Symantec.

spam email

Symantec reported these figures in its “Symantec Intelligence Report” for the month of June. Enterprises in the mining sector had the highest spam rate, at 56.1 percent, according to the report. The manufacturing sector was a close second at 53.7 percent. The finance, real estate, and insurance sectors had the lowest of any industry, at 51.9 percent.

It is apparent that spammers treat all businesses the same with regard to size. On average, companies experienced a spam rate of between 52 percent and 53 percent no matter the number of employees. The only variance to this pattern was companies with 251-500 employees, which experienced a 53.2 percent spam rate.

Spam Appears on the Decrease While Malware Increases

Despite the good news with spam, there were several troubling observations I found in Symantec report. There was a grand total of 57.6 million new malware variants reported in June, up from 44.5 million created in May and 29.2 million in April. The increase in malware variants indicate, something that many of us already knew. Hackers are changing tactics and shift to the very dangerous cybercrime tool of malware, as opposed to spam and phishing,

In addition to the increase in malware variants, ransomware attacks were up in June, with over 477,000 detected during the month. While still below the levels seen at the end of 2014, June represented the second month in a row that ransomware attacks increased since reaching a 12-month low in April. Crypto-ransomware was also up in June, reaching the highest levels since December.

On social media, meanwhile, hackers continued to rely primarily on manual sharing attacks, which require victims to propagate the scam by sharing content themselves.

Airline Cancels Flights Due to Malware

Here is yet another example of how cyber crime is finding its way into our real lives.

LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw’s Chopin airport on Sunday after hackers attacked its ground computer systems.

The IT attack, which was not described in detail, left the company unable to create flight plans for outbound flights, grounding around 1,400 passengers.

The company said that plane systems were not affected and aircraft that were already in the air were able to continue their flight or to land. The incident affected only the ability of planes to depart from the airport for several hours.

It’s not clear what kind of attack it was and whether it was the hackers’ intention to ground planes or if the systems were taken offline as part of incident response procedures.

LOT Polish Airlines did not immediately respond to a request for more details.

This is not the first time hackers or malware have affected computer systems belonging to airports or airlines, although it’s one of the rare cases where such an attack actually had an impact on flight schedules.

This incident demonstrates that while attacking in-flight systems may have made headlines recently, there are many more areas of vulnerability to address in the aviation industry, Like most industries today, aviation relies on a wide variety of interconnected systems, from air traffic control to reservations systems.

Energy Sector Attacked by Malware

Malware is a plague on our personal security. Today yet another malware security threat has arrived from the energy sector.

The program, named Trojan.Laziok by researchers from antivirus vendor Symantec, was used in spear-phishing attacks earlier this year against companies from the petroleum, gas and helium industries.

The attacks targeted companies from many countries in the Middle East, but also from the U.S., India, the U.K., and others.

The Trojan is spread via emails with malicious documents that exploit a Microsoft Office vulnerability for which a patch has existed since April 2012.

“If the user opens the email attachment, which is typically an Excel file, then the exploit code is executed,” the Symantec researchers said Monday in a blog post. “If the exploit succeeds, it drops Trojan.Laziok, kicking off the infection process.”

Trojan.Laziok is mainly used to determine if a compromised system is worth further attention from the attackers. It collects information like the computer’s name, RAM size, hard disk size, GPU and CPU type, as well as a list of installed software, including running antivirus programs.

The information is sent back to the attackers, who then decide if they want to deploy additional malware that can provide them with remote access to the infected system. For this second stage of attack they use customized versions of Backdoor.Cyberat and Trojan.Zbot, two well known malware threats.

“The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market,” the Symantec researchers said. “However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind.”

What is concerning to many is that energy sector companies have been attacked so often by malware. “Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors,” the organization said. “Other actor types included hacktivists, insider threats, and criminals.”

Google Looks to Protect You from… Yourself

Google is looking to to protect Internet users from themselves. The company’s Chrome Web browser will now warn users before they visit sites that might encourage them to download programs or malware that could cripple their computers or otherwise interfere with their Web-browsing experience.

 

When users attempt to visit one of the questionable sites, they will see this warning in red letters: “The site ahead contains harmful programs.”

The warning, part of what Google is terming SafeBrowsing, informs users that attackers may attempt to trick them into installing programs that harm their browsing experiences by changing their homepages or showing extra ads on the sites they visit.

Google is suggesting that unsafe sites fall into two categories. One group consists of malware sites that contain code to install malicious software onto users’ computers. Hackers can use this malicious software to capture and transmit users’ private or sensitive information. The other category consists of phishing sites that pretend to be legitimate while trying to trick users into typing in their usernames and passwords or sharing other private information.

The new precautions also extend to Google search and ads. A Google search now incorporates signals that identify deceptive sites, and Google recently began disabling ads that lead to sites with unwanted software.

Google has had SafeBrowsing malware warnings in place for several years now, but it was only last November that it added automatic malware blocking. At that time, Google noted that if users see malicious file warnings on Web sites going forward, “you can click ‘Dismiss’ knowing that Chrome is working to keep you safe.”

These new protections apparently emerged as a result of last week’s discovery that new Lenovo PCs had shipped between September and December of 2014 with pre-installed adware known as Superfish, which uses a man-in-the-middle attack to insert ads into Web browsers.

ICS Malware Infection Could Mean Internet Trouble

A few weeks ago I wrote that there may be some troubling times ahead in respect to the internet’s structure. This weekend we learned that ISC, the home for the BIND DNS program has been infected with malware.

First, what exactly is ICS and why is it so important?

ISC is the group behind the open-source Berkeley Internet Name Domain (BIND) program. BIND is arguably the most popular DNS software on the planet. It is certainly the most used DNS program on the Unix and Linux systems that make up most of the Internet’s fundamental infrastructure.

What it DNS and How Does it Work?

dns_diagram

 

DNS is the master address list of the Internet. It is what translates every human-readable Internet address in the world, say https://www.wctechblog.com, into its IPv4 and IPv6 addresses. These numeric addresses are then used by routers and switches to move data from your computer, smartphone, tablet, whatever, to your Web sites, your e-mail server, and back again.

The result here is that this process is incredibly important.

Without DNS, there is no functional Internet.

Cyphort, an Internet security company, reported that they’d told ISC that their site had malware on it on December 22. ISC’s main site, which used an out of date version of WordPress, had, according to Cyphort had been compromised to point visitors to the sites infected with Angler Exploit Kit. The Angler exploit will only impact Windows systems and it is a Windows specific malware package.

If you manage a website or web service and the BIND code has indeed been corrupted and you have updated your DNS BIND server with the code, you could be out of service. And in addition your site might now have a security hole on it. It’s also very possible that your website could be used for a Distributed Denial of Service (DDoS) attack.

To make the situation even a little gloomier the ISC also runs the F DNS root server. This is one of only 13 root servers that the Internet relies upon for global DNS services.

The good news is that as of this report there have been no reports of issues on the BIND announcement or BIND-usermailing lists. On their webpage that now greets you on the ISC site, ISC recommends that anyone who has visited the site recently “scan any machine that has accessed this site recently for malware.”

Here we have another example of malware infecting computers and web services. malware is a plague on our internet infrastructure and our personal and professional security.

Microsoft Strikes Back Against Tech Support Scammers

This past weekend my dad called me (again) reporting that his PC was running “slow” and displaying “pop-up messages” and the internet browser was taking him to strange pages and “weird homepages”. As I was working on the PC my dad asked several times “who writes these things” and “why doesn’t every get arrested or charged” for infecting computers? I tried to explain that malware was a scourge on computers, and that it is normally triggered usually through email or visiting compromised websites. I also said that catching these cyber-criminals is incredibly difficult at best. Then I learned about Microsoft’s attempt to actually hold these cyber-criminals accountable.

Another incident that actually occurred to my dad about a month ago was a fake support message that popped up on his PC and without thinking he called the phone number listed. Fortunately he did not provide any credit card information to the the tech support company” to fix his PC and he called me instead. This is important with tech support scams. Never give anyone on the phone your credit card information!

These ongoing attempts to scam people by offering fake support and installing malware on PCs are growing at an alarming rate, and Microsoft has decided to take action.

The first example of this is Microsoft’s recent lawsuit against the software company, Omnitech Support.

Pop Up Windows offering tech support should be avoided at all costs.

Pop Up Windows offering tech support should be avoided at all costs.

As Microsoft detailed in a recent blog post, the Omni tech Support allegedly called customers and offered them to “fix issues with Microsoft software” that were not actually affecting their computers. Not just that, they actually created new problems by installing malicious software on these PCs then offering to “fix it”.

It is also evident that in addition to cheat unsuspecting computer users out of money they also have the intention of gaining access to personal data, passwords and financial information.

Microsoft has claimed that it had received 65,000 customer complaints since May 2014, with these fraudulent attempts to offer tech support using Microsoft brand and trademarks:

“Omnitech utilized the Microsoft trademarks and service marks to enhance their credentials and confuse customers about their affiliation with Microsoft. Omnitech then used their enhanced credibility to convince consumers that their personal computers are infected with malware in order to sell them unnecessary security services to clean their computers.”

As of right now there is no data on the number of users that fell victim to these scam attacks, but if the lawsuit is an indication, there probably is a large number of people that were tricked.

Microsoft has recommended that users refuse to pay for support when someone contacts them directly, and avoid paying for any such services.

And disclosing personal information and credit card details on phone should be avoided all times.

Staples Data Breached

If there is one thing for certain it’s that 2014 will be remembered as the year of data breach. These countless data breaches were almost always the result of the organization being infected with malware. This weekend as 2014 is about to conclude we have yet one more huge reported data breach, impacting countless customers.

The data breach this time was at the Staples office supply chain and it may have affected roughly 1.16 million payment cards. Once again like in so many similar cases earlier this year criminals deployed malware to point-of-sale systems at 115 stores.

The affected stores cover 35 states from California to Connecticut, according to a list Staples released Friday. The chain has more than 1,400 stores in the U.S.

The malware, which allowed the theft of debit and credit card data, was removed in mid-September upon detection, Staples said. The retailer had previously confirmed the incident in October. A previous report from security researcher Brian Krebs around that time cited fraudulent transactions traced to cards that were used for purchases at Staples stores in the Northeastern U.S., but apparently the attack was much wider than that.

The malware may have allowed access to transaction data including cardholder names, payment card numbers, expiration dates, and card verification codes, for purchases made between Aug. 10 and Sept. 16, Staples said Friday.

At two of the stores, the malware may have involved purchases over an even longer period, from July 20 through Sept. 16. Staples has posted a list of all the stores involved on its site.

Staples is offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report, to any customer who used a payment card at any of the affected stores during the relevant time periods.

Staples is another in a long line of retailers to have had sensitive data stolen this year.

Protecting Our Data

There are some ways to prevent these types of data breaches. The most immediate and effective manner is for organization’s to take information security seriously. Malware is a plague on our data systems but with strong security systems and policies in place malware can be prevented. Another solution will be the addition of chips to payment cards which are already being used in most of the world but not often in the United States. This could also help prevent future attacks. But a broad rollout of the technology may take a long time.

Password Managers Targeted by Citadel Malware

It has been recently discovered that cyber criminals have started using the Citadel Trojan program to steal master passwords for password management applications and other authentication programs

The Citadel malware in the past has typically been used to steal online banking credentials and other financial information by modifying banking sites on the fly when opened by users in their local browsers. This technique is known as a man-in-the-browser attack.

Earlier this year security researchers from Trusteer, a subsidiary of IBM reported that Citadel was know also being used is targets attacks against petrochemical companies.

The larger, more broader concern is that Trusteer recently found a Citadel configuration on a customer’s computer that targeted password management programs. In particular, the malware was configured to initiate a key-logging operation if any of the following files were running: Personal.exe, PWsafe.exe and KeePass.exe.

Password Manager programs are the best manner in which to manage and protect your passwords and their growing popularity was sure to attract cyber criminals. By compromising the master password for these programs, the attackers behind the Citadel malware can get access to all of this sensitive information as well.

Because the configuration file instructs the malware to capture keystrokes related to widely used password management and authentication solutions, we can’t know who, exactly, is the target of the attack,” the IBM researchers wrote in a blog post. “It might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions.”

Two-Factor Authentication

2FAThe use of password managers like LastPass are a good idea because they make it easy to use strong, individual passwords for every online account, which is a highly recommended security practice. However this latest threat is the latest example of the need to use two-factor authentication whenever possible. Fortunately most password managers offer this and I recommend that this latest threat inspire you to learn more about two factor authentication and use it whenever possible.

1 2