Photo (cc) by Robbert van der Steeg
In the rush to wrap up your last-minute online shopping and meet shipping deadlines, an Internet security company says to watch for fakes.
Not fake merchandise: fake websites, which try to trick you into giving out your personal and financial details. According to Websense Security Labs, there are thousands of “typosquatter domains” lurking online waiting to snag careless consumers.
And that’s just one of the security issues the company is predicting will grow next year. Let’s look at a couple more of their 2012 predictions, and what you can do to protect yourself…
These are Web addresses similar to those of well-known brands – except for a typo. Websense offers appple.com as an example obviously close to, but completely different from, apple.com. Sometimes these sites are set up to look like the official thing to trick you into filling out forms with your personal information or offering fake contests. Other times, they just have viruses. Brands often try to buy up these name variants to protect you and their business – for instance, anazon.com will point you to amazon.com – but they can’t catch them all.
Advice: Here’s a list of bad URLs Websense found. Besides typing carefully, use a Web browser that offers protection, like Google Chrome. I tested another typosquatter address Websense mentions: Wallmatt.com. Don’t go there! In Chrome, it gave me a big red warning page without loading the site, so I was protected.
But in Internet Explorer, the site loaded normally: There’s a page with a line of text in French redirecting me to another site, and my antivirus program immediately popped up notifying me a severe threat called “Blacole.G” was blocked. (I use the free Security Essentials – because Microsoft’s antivirus is better than its browser.) Using Internet Explorer without that antivirus program, my computer could’ve been infected without me knowing.
Social media hijacking
Websense thinks criminals may become more interested in stealing your Facebook account than your credit card. Why? “Facebook has more than 800 million active users, and over half of them log on daily and they have an average of 130 friends,” Websense says. “Trust is the basis of social networking, so if a bad guy compromises your social media logins, there is a good chance they can manipulate your friends.”
From there, the criminals can repeat the process and get some of your friends’ friends, and then their friends, and so on. If even a tiny fraction of those people aren’t properly protecting their financial details, that’s a much bigger score than focusing on just one person, and many more opportunities to spend other people’s money before the banks and credit security folks notice.
Advice: You’ve probably already seen some weird messages from your friends with links you knew not to click, either because it didn’t sound like them or because you could see they sent an identical message to other friends. Keep watching for this, but look for more sophisticated tricks too. Websense says they’ve started seeing criminals with hijacked accounts who “used the chat functionality of a compromised social network account to get to the right user” – so instead of an automated message, you might end up in a real-time chat with someone trying to imitate your friends and get you to install an app that will steal your account or information.
Don’t get paranoid about social networking communication, but be skeptical if a friend who never uses Facebook chat to contact you suddenly wants to talk there. Ask them some questions to verify their identity or suggest you’ll just call them to talk instead.
Preying on the popular
Websense points out that big news events and popular gossip are common lures for criminals, because they know many people want that information fast. “The London Olympics, U.S. presidential elections, Mayan calendar, and apocalyptic predictions will lead to broad attacks by criminals,” they predict. That means fake search engine results on popular search terms and dangerous links on Facebook/Twitter/YouTube/email.
Advice: A good Web browser, antivirus software and common sense offer the best protection. If you see a shocking or tantalizing tidbit with a suspicious link, skip it and go directly to trusted sources for information – sites like TMZ or Gawker for celebrity and pop culture news, and traditional outlets like CBS News or The New York Times for breaking news. It’ll only take a few extra seconds to protect yourself.
Websense has other predictions you might want to see. And I’ve covered other Internet security tips and tricks in posts here like 6 Free Ways to Save Your Digital Life and Your Co-Worker Could Be an Identity Thief.