As spamming becomes more sophisticated, netizens need to be more careful

*Recently, tens of thousands of Hotmail, Gmail and Yahoo email accounts were hacked. Their passwords were stolen and posted online. This resulted in a marked increase in the number of spam emails

*Over 13 per cent of all results on search engines like Google lead to malicious links

*Close to 90 per cent of emails contain a malicious link

As the above statistics indicate, every time we go online, there's clearly some form of a threat. Social networking sites, like Facebook and Twitter, have become magnets for online spammers and scammers. We have also seen a steady increase in attacks that take advantage of topical issues to lure recipients into opening attachments in emails or clicking on malicious links, or both.

Despite all the sophistication of security software, intervention of ISPs (Internet Service Providers) and government agencies, spam volumes continue to rise. Worse, according to experts, there's no 'perfect' solution for protecting consumer data and identities online. More and more attackers are going in for direct attacks on the end user, attempting to trick them into downloading malware or divulging sensitive information.

Here's what you need to watch out for:

Social networking

With cyber thieves taking to such sites in a big way, attacks on social networking sites are set to rise even further. This is bad news, given the number of incidents that have occurred already.

Take the case of Neha, who is on Facebook and loves going through other users' profiles. When she saw the 'Who is checking your profile' application on Facebook, she was more than excited at the prospect of identifying who all were following her profile. However, little did she know that the application would create havoc for not only her but also for her 'friends'.

This latest scam hit Facebook users after a rogue application, which comes in many variants of 'Who is checking your profile?', improved its technique beyond that employed in previous attacks. "Rather than spreading a single app that Facebook can easily block, it tricks users into propagating the exploit by creating a brand new Facebook application that hands over the controls to the bad guys," says a Websense blog. In other words, the malware replicates at the users' expense.

So, what should users like Neha do in such a situation? "The important thing for Facebook users to remember is that clicking the 'Allow' button for such apps gives such applications the proverbial 'keys to the kingdom'. Do not add any applications that you do not trust," advises the blog.

One way you can assess an application's reputation is by clicking on the application name 'without authorising the application'. Look at the reviews of the application to see what other users are saying about it.

The other case in point is Twitter. Along with Twitter's phenomenal success, there also has been widespread adaptation of abbreviated URL services like bit.ly and tinyurl.com .These services now appear in all sorts of communications, making it easier than ever to mask the URLs that users are asked to click.

This trick, according to security software vendor McAfee, is the perfect way to direct users to websites that they would normally be wary of.

'Malvertising'

Beware of advertisements that urge you to go to a site and install free software. For instance, those "Your PC is infected! Click here to install our antivirus (AV) software NOW!" ads. These false advertisements are placed on trusted, reputable and well-trafficked sites.

In a high-profile incident last year, visitors to the New York Times website saw a pop-up box warning them of a virus that directed them to an offer for an AV software, which was actually a rogue one. This attack was served up through an advertisement purchased by someone posing as a national advertiser.

Browsing and web applications

Nearly 30 million netizens from India visit the search engine Google every month. Realising the opportunity in the number and faith people have in such sites, hackers have started to compromise search engine results to make their links appear higher than legitimate results.

As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious websites.

"The blended nature of today's threats, combined with compromised legitimate sites, takes full advantage of an increased perception of trust when using search engines and interacting with friends or acquaintances online," notes Websense Chief Technology Officer Dan Hubbard. There may be atrust issue in search results among consumers, unless the search providers change the way they document and present links.

The rise in online applications, such as Google's new Chrome online-based operating system, are also seen as potential areas for malware writers.

Emails

From spam to phishing, the email has been a constant source of security threats. Security experts point out that 86.8 per cent of all emails are spam. It is also a fact that, most of the time, hackers lure users into clicking on an attachment or a link.

A recent example was that of the Facebook Password reset. The email, said Websense, claimed that the recipient's Facebook password had been reset for security reasons and that the recipient should open the attachment to find the new password. Nobody should ever need to open an attachment to get a new password. Yet, these attacks often succeed.

Experts also point out that people give their information to phishing sites 45 per cent of the time. Email is still the favoured route for phishing (fraudulent methods to acquire sensitive information like passwords, username and credit card details).

How does one stay safe from email scams? Well, for one, do not open any mail that has come from an unknown address. In case, you have gone ahead and clicked it, then do not open attachments (most of the attachments have viruses). Since you would be accessing email from a PC, you ideally need to have a good security solution installed.

However, after PCs, mobile phones have become the next platform to be hit by security problems. Hackers are using a combination of voice over internet protocol (VoIP), SMSes and internet to fool and redirect users into dialling a phone number to collect critical information for financial gains. This phenomenon is called 'Vishing' (voice phishing). Enrique Salem, the president and CEO of leading security solutions provider Symantec, feels that with mobile handsets becoming the primary device of accessing information, security threats on handsets will be the next big issue.

It is necessary to apply a multilayered protection beyond traditional antivirus solutions. An antivirus engine, combined with real-time web scanning and a good behaviour layer, will ensure that businesses are protected daily from the several attack code variations. To help users remain safe while using the internet, security solution vendor AVG shares how to avoid being the victim of scammers:

Use common sense:

Make sure you use reasonable judgement when buying online and be on the lookout for spoof stores. If an offer seems too good to be true, it probably is. Take a minute or two to make sure it's not a fake/spoof website. If the online retailer doesn't provide a physical address, or contact phone numbers, be cautious. Make sure you understand the refund and return policies of any online retailer you are planning to buy from, especially if it's based overseas, just in case something were to go wrong.

Think before you link:

Employ a URL-scanning tool to ensure you don't click on links that lead to infected web pages. The time to find out whether a page is bad is before you load it into your web browser.

Look for the 'S':

Make sure the websites you are purchasing from are secure and have "https "in the URL when you are in the checkout/purchase process. The 's' ensures security. When you are in the secure section of a web site, you will also see an icon of a locked padlock on your browser, either on the address bar or on the bottom right corner.

Stay up to date on security software:

This means making sure you have the latest virus protection software updates from your security software provider. It's important because the bad guys move around frequently, but security software companies are working to stay one step ahead of them. If you are up to date, you are staying one step ahead, too.

Keep your private information private:

When shopping online, create a separate e-mail account that is just for shopping. Use a unique password, different from any other accounts you have. Your dedicated shopping e-mail account should be in no way affiliated with your personal, everyday e-mail account. Also, keep records of your online shopping - print confirmation pages and e-mail confirmations.

Mix up your passwords:

Each shopping account, bank account, credit card account, and email account should have aunique password. Write them down and keep the information in a secure location. Unique passwords for each account make it tougher for a thief to steal your personal information.

Source: Business Standard