Home + Mobile

Cyber Monday: Big Savings, Big Risks

What business owners and MSPs should know about the year’s biggest online retail holiday It’s no secret that Black Friday and Cyber Monday are marked by an uptick in online shopping. Cyber Monday 2017 marked the single largest day of online sales to date, with...

Responding to Risk in an Evolving Threat Landscape

There’s a reason major industry players have been discussing cybersecurity more and more: the stakes are at an all-time high for virtually every business today. Cybersecurity is not a matter businesses can afford to push off or misunderstand—especially small and...

Webroot WiFi Security: Expanding Our Commitment to Security & Privacy

For the past 20 years, Webroot’s technology has been driven by our dedication to protecting users from malware, viruses, and other online threats. The release of Webroot® WiFi Security—a new virtual private network (VPN) app for phones, computers, and tablets—is the...

Unsecure RDP Connections are a Widespread Security Failure

While ransomware, last year’s dominant threat, has taken a backseat to cryptomining attacks in 2018, it has by no means disappeared. Instead, ransomware has become a more targeted business model for cybercriminals, with unsecured remote desktop protocol (RDP)...

3 Cyber Threats IT Providers Should Protect Against

With cybercrime damages set to cost the world $6 trillion annually by 2021, a new bar has been set for cybersecurity teams across industries to defend their assets. This rings especially true for IT service providers, who are entrusted to keep their clients’ systems...

Top 5 Tax Season Scams

Reading Time: ~4 min.

During tax season most of us are probably still dreading the moment we have to quit procrastinating, buckle down, and file our income taxes. Coincidentally, it’s also a time that cybercriminals are working overtime to scam home users into giving over their financial data, and even their tax returns. The frequency of attacks only increases as the IRS tax deadline (April 18th this year) looms ever closer.

Don’t Let Tax Season Scammers Steal Your Refund!

According to the IRS, thousands of people have lost millions of dollars and their personal information to tax scams and fake IRS communication in the past few years. In fact, a recent phone scam has been aggressively targeting taxpayers, often members of immigrant populations, in which callers claim to be IRS employees. They use false names and credentials and even spoof their caller ID information to appear more legitimate. The scammers tell their victims they owe money to the IRS and demand it be paid right away through a pre-loaded debit card or a wire transfer. If any victims refuse or sound too skeptical, the scammers threaten them with arrest, deportation, or any number of other downright terrifying legal scenarios.

According to data collected in the 2016 tax season, the IRS saw an approximate 400% surge in phishing and malware incidents, and our own data suggests this number won’t be going down any time soon.

A number of alerts have been issued by the IRS about the fraudulent use of their name or logo by scammers who hope to steal taxpayers’ assets and identity. Regular mail, telephone, fax, emails—scammers are using every phishing tool at their disposal to trick unsuspecting victims, and the proof is in the numbers. According to data collected in the 2016 tax season, the IRS saw an approximate 400% surge in phishing and malware incidents, and our own data suggests this number won’t be going down any time soon.

BOLO (Be on the Lookout)

While the IRS provides a list they call their tax season “Dirty Dozen” scams, here are the top 5 we think you should really watch out for.

Phishing: Taxpayers need to be on guard against fake emails or websites looking to steal personal information. The IRS will never initiate contact with taxpayers via email about a bill or refund. Don’t click on one claiming to be from the IRS. Be wary of emails and websites that may be nothing more than scams to steal personal information.

Phone scams: Phone calls from criminals impersonating IRS agents remain an ongoing threat to taxpayers. The IRS has seen a surge of these phone scams in recent years as con artists threaten taxpayers with police arrest, deportation and license revocation, among other things.

Identity theft: Taxpayers need to watch out for identity theft especially around tax time. The IRS continues to aggressively pursue the criminals that file fraudulent returns using someone else’s Social Security number. Though the agency is making progress on this front, taxpayers still need to be extremely cautious and do everything they can to avoid being victimized.

Return preparer fraud: Be on the lookout for unscrupulous return preparers. The vast majority of tax professionals provide honest high-quality service. There are some dishonest preparers who set up shop each filing season to perpetrate refund fraud, identity theft and other scams that hurt taxpayers.

Fake charities: Be on guard against groups masquerading as charitable organizations to attract donations from unsuspecting contributors. Be wary of charities with names similar to familiar or nationally known organizations. Contributors should take a few extra minutes to ensure their hard-earned money goes to legitimate and currently eligible charities. IRS.gov has the tools taxpayers need to check out the status of charitable organizations.

Preventative Measures

To stay safe during tax season, you need to first understand what is and isn’t normal. When faced with officials or people with perceived authority, we tend to get nervous and want to do anything they say to avoid getting in trouble. (Think about how you probably tense up when you see a cop pull up behind you, even though you know you weren’t speeding.)

The IRS will never:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail you a bill if you owe any taxes.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Ask for credit or debit card numbers over the phone.

Additionally, it’s important that you pay close attention to email addresses, and never share financial information through email. It is normal that online tax preparation services, such as TurboTax, will require several steps of authentication via a secure connection, and may ask for personal information. Because many modern phishing scams can look almost exactly like the real deal, be sure to go directly to your tax prep service’s website in your browser, rather than clicking the links in any emails. If you’re a Webroot user, we also highly recommend you enable the Webroot Filtering Extension to ensure you know which sites are safe to visit.

Know Your Rights

You have the right to be informed, and also the right to appeal any IRS decisions in an independent forum. Have other questions about your rights as a taxpayer? Visit www.irs.gov/taxpayer-bill-of-rights.

5 Totally Achievable Resolutions

Reading Time: ~3 min.

If you’re anything like me, you probably make a bunch of lofty resolutions every year that you probably won’t, or even can’t, achieve. (For instance, I’ve been promising to hit the gym a little harder for about 6 years now.)

But enough is enough. Here are 5 completely achievable resolutions to help keep you and your identity safe in the New Year. Best of all, they’re not too hard and don’t take long, so you get the satisfaction of checking things off your list right away!

1.     Layer Your Wi-Fi Security

Remember over the holidays, when you had to read your super long and complicated router password to everyone in your family so they could connect to the Wi-Fi? Wouldn’t it have been great if they’d taken a seat and listened all at once so you wouldn’t have to repeat it 50 times in between trips to the kitchen to baste your bird or check a timer? Wouldn’t it be even better if you could have your own guest network with a friendly password that the whole family can remember?

Well… you can.

These days, continuing technological advances have given most routers dual-band technology. The “dual” part means you have a 5 GHz band for devices that are centrally located and more or less stationary near your router, giving you the best possible speeds, while there’s a 2.4 GHz connection for devices that are more mobile and need a longer range.

If you activate Guest Networking for both your 5GHz and 2.4GHz bands within your router’s settings, you can create separate passwords for residents and guests. That way, you can manage who gets access to your secure network, and then your connection won’t get bogged down the next time you want to stream the football game while your 3-year-old niece is glued to the Disney Holiday Special.

Be sure to enable WPA2 security on both networks to protect your houseguests and to keep holiday opportunists from leeching off of your connection.

2.     Enable Biometric Screening or a PIN on your New Device

Did you get a new toy over the holidays? Make sure to enable two-factor authentication and either a security PIN or biometric access to your devices whenever possible. Although it might add another second or two to the time it takes to unlock your devices, it’ll be worth it when you realize your mom won’t casually stumble across those pictures from so-and-so’s bachelor/ette party.

3.     Avoid Opening Emails On the Go

This one might be the easiest of all, and a lot of recent studies have suggested that ignoring your email a bit more often can have incredible benefits for your stress levels and overall mental health. And, let’s face it, who couldn’t use a little help de-stressing after the holidays?

Unsecured Wi-Fi in coffee shops and the like is a prime spot for cybercriminals to take advantage. If you absolutely have to open your emails while you’re out and about, we recommend staying connected to your mobile data plan. And if you’re worried about data rates, try to wait until you’re connected to a secure Wi-Fi network that you trust, and one that you know has encryption in place. Besides, if you really take stock of it all, those emails can probably wait.

4.     Activate Automatic Updates

You’d be amazed how many breaches could be avoided by keeping software/firmware up to date. Hackers often exploit known vulnerabilities that companies like Adobe and Microsoft have already patched or are close to patching, figuring that the numbers game will still come out in their favor. After all, there are a lot of people out there who ignore updates or may not realize how important they can be. If you don’t have time to stay on top of every update, enabling automatic updates on your devices is an easy way to close the window of opportunity for cyber thieves and other hackers.

5.     Install a Unified Threat Management Appliance (UTM)

Think of a UTM as a souped-up firewall. The average family has at least 4 connected devices in their home, and many have more than double that amount. For larger families, not to mention people who run a business from their home, a Unified Threat Management appliance will add another layer of network protection for your highly connected gateway.

In all seriousness, you could probably complete most—if not all—of these tasks in the span of a Sunday afternoon, and they could save you from spending countless hours on the phone with banks and creditors as you try to retrieve a stolen identity or dispute fraudulent charges. How many of your other resolutions have that going for them?

So what are you waiting for? Take the initiative in 2017 and follow these tips to protect your family, your home, your identity, and your privacy from modern cyberattacks.



What to Expect at CES 2017

Reading Time: ~3 min.

Why wait for news on the next big thing in technology, when you can get a sneak peek at the hottest, up-and-coming consumer tech and innovations at CES 2017? For the last 50 years, the yearly CES event has served as a showcase and springboard for the latest advancements in tech as they enter the marketplace.

But, before your gobble up the newest, smartest gadgets, it’s important to consider their implications for our overall security. Here are some things we’re thinking about in preparation for this year’s event.

Artificial Intelligence and the Internet of Things

Devices of all types keep getting smarter and the number of connections between them grows in size and variety. The “Internet of Things,” isn’t just a sci-fi movie fantasy anymore—it’s here, and it raises some serious concerns.

Hypothetically speaking, if my phone were connected to my fridge and other appliances, my thermostat, my home security system, and even my car, what would happen if a hacker stumbled across a vulnerability in my toaster’s firmware? Could they lift my banking credentials? Or stop my car’s engine while I’m on my commute? Sure, it might sound unlikely or extreme, but you can see how increasing connectedness doesn’t just bring benefits and convenience; it also offers up an assortment of new opportunities for hacks and other cybercrime.

This year’s CES event will address IoT cybersecurity concerns, such as regulations around self-driving cars, what smart thermostats and other advances in the domestic future will bring.

CES Sessions to Consider:

  • The IoT Becomes Personal: Bosch shows how “things” become partners, and covers advanced tech in the areas of connected mobility, industry, smart home, and smart city.
  • Smart Technology for Smarter Cars: Valeo presents its groundbreaking technologies for intuitive, clean, and connected driving.
  • Next Big Thing: Smarter Homes for Everyone: From urban apartments to country mansions to smart cities, this talk discusses the technology at the heart of it all, and how close to this future we really are.
Architecting Smart Cities

Many organizations around the world are working on solutions to help make smart cities even smarter; more energy efficient, more comfortable, and more automated. Unfortunately, a lot of these innovations can suffuse city networks and the devices connected to them with cybersecurity vulnerabilities.

For more information about smart cities and their implications, the CES panel Smart Cities, Smart States, Smart Mobility will discuss the symbiotic relationship cities and mobility have enjoyed for centuries while considering the societal promises that connected technologies offer.

Additionally, to raise awareness and connect organizations working to address these vulnerabilities, CES 2017 will be launching The Smart Cities Hackathon, where developers, makers, and smart cities specialists can collaborate on solutions for sustainability, safety, and efficiency.

Hackathon participants will get to play with:

  • Amazon Alexa Skills Kit
  • IBM Watson Cognitive and Bluemix APIs
  • Intel’s Grove IoT Dev Kit
  • Honeywell’s Connected Home API
  • UL’s Safety Index
  • Open Data from the City of Las Vegas
  • Other leading IoT technologies TBA
Technology Rising Stars

In addition to various security concerns, we can’t forget that CES is a smorgasbord of new technology. Seasoned techies and n00bs alike, be sure to check out the 2017 Tech Trends to Watch session for a guided tour through key trends and emerging technologies, as well as how the Internet of everything, artificial intelligence, virtual reality, autonomous vehicles, wearables, and more are shaking up everything we take for granted.

Other sessions to consider:

  • Last Gadget Standing: Yahoo! Tech’s David Pogue and his team of experts, along with the audience, predict which product on the CES show floor that’s destined for greatness.
  • Mobile Apps Showdown: App producers will have just 4 minutes to demo their app before judges, both on and offline, will identify the winner. Bonus: this year, CES is introducing the 10under20: Young Innovators to Watch!
  • Extreme Tech Challenge: The Extreme Tech Challenge is the world’s largest startup competition, and identifies emerging leaders with the potential to dominate their markets.

There will be a lot to take in at CES 2017, and we look forward to hearing about the newest advances technologies, as well as how we can all collaborate to continue building a smarter, more secure future for everyone.


History of Holiday Tech Toys

Reading Time: ~2 min.

Who remembers the Atari 2600? Yeah, I don’t either. Just kidding. Maybe. It’s hard to think about the words tech and toys together before the 1990s. However, they were a thing. Kids of the late 70s reveled in the Atari 2600. It became a staple of pop culture—defining a generation of gaming young enthusiasts. But tech toys didn’t stop there.

Later was the introduction of Game Boy in 1989. The ability to leave your bedroom and actually play video games on the go? That was life-altering for, I dare to say, every teenage boy and girl. Although, for many, the 2000s were the formative years of tech toys. They saw the 90s as a blip on the radar of tech toys’ rise to the domination of Toyland. This group had a front row seat to watch Xbox Live parade onto the scene in all of its glory. The first successful home online gaming console even left this writer a little jealous. Where were you during my gaming days?

The proliferation of tech toys over the years has only been eclipsed by the dangers surfacing from the bowels of cartridge graveyards around the world. I’m talking cybercriminals. They see the one thing that brings joy to so many sugar plum-dreaming cherubs during the holidays – tech toys – as a means to wreak havoc.

I’m not talking script kiddies in their parents’ basements. These aren’t the kids we grew up with then nor the kids growing up now. Dismiss the prevailing idea of what a hacker is. Don’t be mistaken; these cyber thieves are real and dangerous. They pose a threat to your personal security and the sanctity of all that is Christmas morning.

While you’re contemplating that, our team has put together a fun infographic to take you down memory lane through the History of Holiday Tech and emergence of cyber risks. We hope you enjoy!


All Phishing Scams Want for Christmas…

Reading Time: ~2 min.

Corny title aside, ‘tis officially the season for online shopping, and that means a drastic increase in phishing scams. In order to obtain sensitive information from specific organizations and people, these threats have become increasingly sophisticated and are carefully crafted. According to the latest Webroot Quarterly Threat Update, 84 percent of phishing sites exist for less than 24 hours, with an average life cycle of under 15 hours.

“In years past, these sites could endure for several weeks or months, giving organizations plenty of time to block the method of attack and prevent more victims from falling prey,” said Hal Lonas, chief technology officer at Webroot. “Now, phishing sites can appear and disappear in the span of a coffee break, leaving every organization, no matter its size, at an immediate and serious risk from phishing attacks.”

3 things you NEED to know about phishing

During 2016, Webroot has observed an average of over 400,000 phishing sites each month. To keep up with the incredibly short life cycles and sheer volume of phishing sites and URLs, you have to abandon old techniques that use static or crowdsourced blacklists of bad domains and URLs. There are over 13,000 new malicious sites per day, approximately 11,000 of which last 24 hours or less, rendering static lists obsolete within moments of being published.

Nearly all of today’s phishing URLs are hidden within benign domains. Since phishing attacks no longer use dedicated domains, URLs must be checked each time they are requested. At the speed of today’s attacks, a page that was totally benign just seconds ago may have since been compromised.

Google, PayPal, Yahoo, and Apple are heavily targeted for attacks. Cybercriminals know to impersonate sites that people trust and use regularly. Webroot took a closer look at the companies for which impersonation would likely cause the largest negative impact. Of these “high-risk” organizations, Google was impersonated in 21 percent of all phishing sites between January and September 2016, making it the most heavily targeted.

Emails to avoid

With the holiday season in full swing and the New Year fast approaching, hackers are up to their old tricks. According to Mike Trammell, senior director, office of the CISO, Webroot, we should all be wary of emails containing UPS, USPS, and FedEx shipping alerts; 401k/benefit enrollment notices; and miscellaneous tax documents from now through the end of January.

So far, we have seen the following email subjects related to phishing:

  • FTC subpoena
  • RE: insurance
  • Shipping status changed for your parcel # XXXXXXXXX

Be on the lookout for these types of messages in your inbox, since they’re likely to be phishing attempts that could lead to credential harvesting, ransomware infections, and more.

Our holiday wish for you

With holiday gifting on the horizon, the scammers are out in force, so remember to be extra vigilant. Remind your families, friends, colleagues, and clients to use secure and reputable websites and to only click links from sources they trust. Particularly at this time of year, if a stranger contacts you or anyone you know, whether by phone or by email, remember that they might not be who they claim to be. Before giving them any information or money, try contacting them back through their publicly available contact information.

From everyone at Webroot, we hope you have a secure and joyous season, and a happy new year!

Top 10 Most Infected States

Reading Time: ~3 min.

The sheer number of cyberattacks lately led us to this question: which states are at the greatest risk of a cyberattack? Naturally, we took it a step further. We looked into data on population and population density in an effort to find correlations.


Which are the most infected states?

Opening up our list in the top three spots are California, Texas, and Florida. These three states were both the top three most populated and the top three most infected. This immediately led us to some questions: is the only correlation between states and the number of infections population? Based on these top three, that might be a safe guess.

Pulling up the rear of the top 10 are North Carolina and Wisconsin. North Carolina held strong at #9 for the Census’ most populated state and as Webroot’s 9th most infected state. The only major difference we noted is the fact that Wisconsin made it onto the list of the most infected states, while Georgia, 8th for most populous, doesn’t even rank.

Wait a second, Georgia doesn’t even rank? For the record, Wisconsin is the 21st most populous state, which puts them way outside the range of the top 10. What’s even more surprising about this discrepancy is that Georgia’s population is at 10,214,860 and Wisconsin’s is about half that at 5,771,337.

So, I think that safely puts our “more people equals more infections” theory to bed.


How do the most infected cities stack up?

The most infected cities in the U.S. compared to a list of the most populous cities proved even more surprising. Since we noticed that there wasn’t a strong correlation at the state level, we wondered about the city level instead, and took a side-by-side analysis of the most infected cities and most population dense areas of the U.S.

The first thing we noticed in the above is how little correlation there seems to be between population density and the number of infected devices in the city, which we expected would have some impact. In fact, a quick glance at the list shows that none of the most infected cities are in any of the most population-dense states.

Additionally, even though Texas is 2nd on our list of most-infected states, it has its infections more localized in its larger cities. As a point of comparison, consider that NYC is one of the most population-dense cities in the U.S., but it conversely doesn’t even make it into the top ten for the number of infected devices.

Another example of an apparent contradiction to our hypothesis is that Arizona, which doesn’t even make it into the top ten for most infected devices or for population, but look how many infected devices reside in Phoenix:


Although Phoenix is right behind Chicago and Houston in the number of infected devices, it’s a significantly smaller city. The same goes for Denver. Even though Colorado is at #23 for population and infected devices, Denver itself nonetheless makes its way into our top ten. Maybe Webroot users have some hometown pride?

Cybercriminals have no geographical bias. Whether you live in a big city or small town, east or west coast, you’re susceptible to being a victim of cybercrime. Check out our infographic on the most infected states and protect yourself with award-winning security.


Cyber Threat Halloween Prank

Reading Time: ~1 min.

Happy Halloween! To commemorate this annual night of fright, our team wanted to accentuate the unpredictability of cyber threats. What they came up with was not only funny and entertaining, but also serves as a reminder to stay vigilant when online.

This Halloween and beyond, remember these sage words of advice. Files that used to be benign can turn malicious over time. An email from your closest friend could be phishing in the end. This Halloween, use common sense. Defend yourself with confidence. Before you go to trick or treat, get protection that can’t be beat.


Get Cyberaware during National Cyber Security Awareness Month

Reading Time: ~1 min.

As the world continues to become more connected, it’s more important than ever to be “cyberaware.” But what does cyberawareness look like? Being cyberaware means being able to interact safely within cyberspace without falling victim to cybercrimes like identity theft, transaction fraud, hacking, and others you’ve probably heard about in the news.

You might think cybercrime isn’t something that would happen to you. After all, it happens to celebrities and big corporations—headline worthy names that will get people’s attention—but not to ordinary home users or small businesses. But that’s the kind of thinking modern cybercriminals use to their advantage. That’s why we strongly encourage you to educate yourself about internet risks, and learn how you can stay ahead.

October is National Cyber Security Awareness Month, making it the perfect time to discover tools and resources to keep yourself, your family, and your devices safe. Sponsored by The National Cyber Security Alliance (NCSA) and Department of Homeland Security, National Cyber Security Awareness Month exists to encourage vigilance and protection by all computer and device users.

There’s nothing more worthy of protection than your identity and data, and the Webroot team is standing by to help you do just that. In addition to our Webroot Cyberaware Campaign, we’ve compiled a list of other resources for you to access. Be smart. Be safe. Be cyberaware.


  1. Department of Homeland Security
  2. StaySafeOnline.org

What is Anti-Virus Software?

Reading Time: ~2 min.

Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove viruses, and other forms of malware such as worms, trojans, adware, and more.

As our world continues to become ever more connected, anti-virus remains critical for users seeking to keep their devices protected. However, it’s vital that the security one chooses is always up-to-date with automatic updates, as a device without proper security software may be infected within minutes of connecting to the internet.

Unfortunately, because today’s threats are so sophisticated and are constantly being updated, traditional cybersecurity companies are incapable of updating their detection tools fast enough to handle many of these threats, particularly the ones that are not yet ‘known’ by the anti-virus software.

Pretty much all of today’s anti-virus solutions offer a host of features and are able to perform the following task:

  • Scan specific files or directories for any malware or known malicious patterns
  • Allow you to schedule scans to automatically run for you
  • Allow you to initiate a scan of a specific file or of your computer, or of a CD or flash drive at any time
  • Remove any malicious code detected – sometimes you will be notified of an infection and asked if you want to clean the file, other programs will automatically do this behind the scenes
  • Show you the ‘health’ of your computer

However, while these tactics were enough to keep a device safe two or three years ago, malware has evolved at too rapid a pace for these features to remain the only thing a user needs to stay protected.

Thanks to the influx of more sophisticated phishing attacks and polymorphic malware capable of replicating and altering itself enough to not be caught by ‘traditional’ security solutions, many threats slip by, undetected. Today, an effective security solution is one that can stay ahead of these threats by automatically updating, monitoring unknown files to ensure they’re not making changes to your devices, protecting against phishing attacks and other online threats, and having the ability to roll-back any changes a file makes on a user’s device. In other words, users need to use smarter cybersecurity.

Computer Hackers and Predators

Reading Time: ~3 min.

How are they a security threat?

People, not computers, create computer threats. Computer predators victimize others for their own gain. Give them access to the internet — and to your PC — and the threat they pose to your security increases exponentially. Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access information you really don’t want them to have.

How do they find me?

Anyone who uses a computer connected to the internet is susceptible to the threats that these cybercriminals pose. These online villains typically use phishing scams, spam email or fake websites to deliver dangerous malware to your computer and compromise your computer security. Computer hackers can also try to access your computer and private information directly if you are not protected with a firewall. They may also monitor your chat room conversations or peruse your personal webpage. Usually disguised with a fake identity, online predators can lure you into revealing sensitive personal and financial information, or much worse.

What can they do to me?

While your computer is connected to the internet, the malware a hacker has installed on your PC quietly transmits your personal and financial information without your knowledge or consent. Or, an online crook may pounce on the private information you unwittingly revealed. In either case, they may:

  • Hijack your usernames and passwords
  • Steal your money and open credit card and bank accounts in your name
  • Ruin your credit
  • Request new account Personal Identification Numbers (PINs) or additional credit cards
  • Make purchases
  • Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
  • Obtain cash advances
  • Use and abuse your Social Security number
  • Sell your information to other parties who will use it for illicit or illegal purposes

In addition to the above dangers, an online stalker can pose a serious physical threat. Use extreme caution when agreeing to meet an online “friend” or acquaintance in person.

How will I know?

Check the accuracy of your personal accounts, credit cards and documents. Are there unexplained transactions? Questionable or unauthorized changes? If so, dangerous malware installed by these cyber criminals may already be lurking.

What can I do to protect myself?

When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Both online predators and hackers pose equally serious and but very different threats.

To protect your computer against the former:

  • Continually check the accuracy of personal accounts and deal with any discrepancies right away
  • Use extreme caution when entering chat rooms or posting personal webpages
  • Limit the personal information you post on personal webpages
  • Carefully monitor requests by online “friends” or acquaintances for predatory behavior
  • Keep personal and financial information out of online conversations
  • Use extreme caution when agreeing to meet an online “friend” or acquaintance in person

To protect your computer against the latter:

  • Use a two-way firewall
  • Be diligent about updating your browsers and operating systems
  • Avoid questionable websites
  • Only download software from sites you trust and carefully evaluate free software and file-sharing applications before downloading them
  • Practice safe email protocol
    • Don’t open messages from unknown senders
    • Immediately delete messages you suspect to be spam
  • Make sure that you have the best cybersecurity installed on your computers and mobile devices

An unprotected computer presents an open door for these cyber crooks. Make sure that you’re keeping all your devices protected with security that actually works, preventing attacks and keeping the threats they pose at bay.

Computer Virus 101

Reading Time: ~2 min.

What is a computer virus?

Think of a biological virus – the kind that makes you sick. It’s persistently nasty, keeps you from functioning normally and often requires something powerful to get rid of it. A computer virus is very similar. Designed to relentlessly replicate, these threats infect your programs and files, alter the way your computer operates or stop it from working altogether. It’s estimated that the ‘Conficker’ malware infected more than 10 million computers in 2009, which was a massive amount back then.

The amount of viruses and their capability to inflict damage have only increased since then. Today, hundreds of thousands of them operate over the internet, and new variants are discovered every day. When you couple this with the discoveries of mass-scale security flaws/vulnerabilities (such as ‘Heartbleed’ and ‘Bash’ in 2014), the cyber-world really starts to look like a scary place. It is. But that doesn’t mean there’s nothing you can do to protect yourself and your devices.

How does it find me?

Even if you’re careful, you can pick one up through normal online activities like:

  • Sharing music, files or photos with other users
  • Visiting an infected website
  • Opening spam email or an email attachment
  • Downloading free games, toolbars, media players and other system utilities
  • Installing mainstream software applications without fully reading license agreements

What does it do?

Some computer viruses are programmed to harm your computer by damaging programs, deleting files, or reformatting the hard drive. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful versions can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.

What are the symptoms?

Your computer may be infected if you recognize any of these malware symptoms:

  • Slow computer performance
  • Erratic computer behavior
  • Unexplained data loss
  • Frequent computer crashes

Arming yourself with the best protection

When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Take these steps to safeguard your PC with the best protection:

Make sure that you have the best security software products installed on your computer:

  • Use anti-virus protection and a firewall
  • Get anti-spyware software
  • Always keep your anti-virus protection and anti-spyware software up-to-date (Webroot SecureAnywhere updates automatically)
  • Update your operating system regularly (most update automatically)
  • Increase your browser security settings
  • Avoid questionable websites
  • Only download software from sites you trust and carefully evaluate free software and file-sharing applications before downloading them

Practice safe email protocol:

  • Don’t open messages from unknown senders
  • Immediately delete messages you suspect to be spam

An unprotected computer is like an open door for malware. Firewalls monitor Internet traffic in and out of your computer and hide your PC from online scammers looking for easy targets. Products like Webroot SecureAnywhere Complete provide total protection from the most dangerous threats out there, thwarting them before they can enter your PC, and standing guard at every possible entrance of your computer to fend off any malware that tries to enter, even the most damaging and devious strains.

While free anti-virus software is available, it simply can’t offer the consistent protection that you need to keep up with the continuous onslaught of new strains. Previously undetected forms of can often do the most damage, so it’s critical to have up-to-the-minute protection that won’t take a break to update and miss the oncoming threat.

What is Social Engineering?

Reading Time: ~8 min.

Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software which will give them access to said passwords and bank information as well as giving them control over your computer.

Cybercriminals use social engineering tactics because it is often easier to exploit your natural inclination to trust than it is to discover ways to hack your software.  For example, it is much easier to fool someone into giving away their password than it is to hack their password (unless the password is really weak).

Security is all about knowing who and what to trust – Knowing when and when not to take a person at their word, when to trust that the person you are communicating with is indeed the person you think you are communicating with, when to trust that a website is or isn’t legitimate or when to trust that the person on the phone is or isn’t legitimate, and knowing when providing your information is or isn’t a good idea.

Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. Hypothetically speaking, it doesn’t matter how many locks and deadbolts are on your doors and windows, or how many alarm systems, floodlights, fences with barbed wire, and armed security personnel you have; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate, you are completely exposed to whatever risk he represents.

Common social engineering attacks

Email from a ‘friend’  If a cybercriminal manages to hack or socially engineer a person’s email password, they have access to that person’s contact list, too. And because many people use one password everywhere, they probably have access to that person’s social networks, banking accounts, and other personal accounts.

Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave messages on all their friend’s social pages, and possibly on the pages of the person’s friend’s friends as well.

These messages may use your trust and curiosity. For example, they may:
  • Contain a link that you just have to check out–and because the link comes from a friend and you’re curious, you’ll trust the link and click–and as a result, be infected with malware so the criminal can take over your machine and collect your contacts’ info and deceive them like they just deceived you.
  • Contain a download such as pictures, music, movies, documents, etc., that has malicious software embedded. If you download–which you are likely to do since you think it is from your friend–you become infected. Now, the criminal may have access to your machine, email account, social networks and contacts, and the attack spreads to everyone you know. And on, and on.
These messages may create a compelling story or pretext:
  • Urgently ask for your help–your ‘friend’ is stuck in country X, has been robbed, beaten, and is in the hospital. They need you to send money so they can get home, but in reality, they give you instructions on how to send the money to the cybercriminal.
  • Ask you to donate to their charitable fundraiser, or some other cause, which is of course a front. Really, they’re again providing you with instructions on how to send the money to the cybercriminal.

Phishing attempts. Typically, a phisher sends an e-mail, instant message, comment, or text message that appears to come from a legitimate (and typically popular) company, bank, school, or institution.

These messages usually have a scenario or tell a story:
  • The message may explain there is a problem that requires you to “verify” your information by clicking on the displayed link and provide information in their form. The link location may look very legitimate with all the right logos and content (in fact, the criminals may have copied the exact format and content of the legitimate site). Because everything looks legitimate, you trust the email and the phony site and provide whatever information the crook is asking for. These types of phishing scams often include a warning of what will happen if you fail to act soon, because criminals know that if they can get you to act before you think, you’re more likely to fall for their phishing attempt.
  • The message may notify you that you’re a ‘winner’. Perhaps the email claims to be from a lottery, or a dead relative, or a site claiming that you’re the millionth person to click, etc. In order to claim your ‘winnings’, you have to provide information, such as your bank routing number, so they know how to send it to you, or give your address and phone number so they can send the prize, and you may also be asked to prove who you are often being asked to provide your Social Security Number. These are the ‘greed phishes’ where even if the story pretext is thin, people want what is offered and fall for it by giving away their information, then having their bank account emptied and identity stolen.
  • The message may ask for help.  Preying on kindness and generosity, these phishing attacks ask for aid or support for whatever disaster, political campaign, or charity is trending at the moment.

Baiting scenarios. These socially engineering schemes know that if you dangle something people want, many people will take the bait. These schemes are often found on Peer-to-Peer sites offering a download of something like a hot new movie or music album. But these schemes can also be found on social networking sites, malicious websites you find through search results, and so on.

Alternatively, the scheme may show up as an amazingly great deal on classified sites, auction sites, etc.. To allay your suspicion, you can see the seller has a good rating (all planned and crafted ahead of time).

People who take the bait may be infected with malicious software that can generate any number of new exploits against them and their contacts, may lose their money without receiving their purchased item, and, if they were foolish enough to pay with a check, may find their bank account empty.

Response to a question you never had. Criminals may pretend to be responding to your ‘request for help’ from a company while also offering additional help. They pick companies that millions of people use like a large software company or bank.  If you don’t use the product or service, you will ignore the email, phone call, or message, but if you do happen to use the service, there is a good chance you will respond because you may actually need help with a problem.

For example, even though you know you didn’t originally ask a question, you may have a problem with your computer’s operating system (such as slow-downs) and you seize on this opportunity to get it fixed, for ‘free’ no less. The moment you respond, however, you have bought the crook’s story, given them your trust and opened yourself up for exploitation.

The representative, who is actually a cybercriminal, will need to ‘authenticate you’, have you log into ‘their system’ or, have you log into your computer and either give them remote access to your computer so they can ‘fix’ it for you, or tell you the commands so you can ‘fix’ it yourself with their ‘help’. In actuality, some of the commands they tell you to enter will open a way for the criminal to get back into your computer later.

Creating distrust. Some social engineering is all about creating distrust, or starting conflicts; these are often carried out by people you know and who are angry with you, but it is also done by nasty people just trying to wreak havoc, people who want to first create distrust in your mind about others so they can then step in as a ‘hero’ and gain your trust, or by extortionists who want to manipulate information and then threaten you with disclosure.

This form of social engineering often begins by gaining access to an email account or other communication account on an IM client, social network, chat, forum, etc. They accomplish this either by hacking, social engineering, or simply guessing really weak passwords.

  • The malicious person may then alter sensitive or private communications (including images and audio) by using basic editing techniques and forward these to other people to create drama, distrust, embarrassment, etc.  They may make it look like it was accidentally sent, or appear like they are letting you know what is ‘really’ going on.
  • Alternatively, they may use the altered material to extort money either from the person they hacked, or from the supposed recipient.

There are literally thousands of variations to social engineering attacks. The only limit to the number of ways a cybercriminal can socially engineer users through this kind of exploit is the their imagination.  And you may experience multiple forms of exploits in a single attack.  Afterwards, the criminal is likely to sell your information to others so they too can run their exploits against you, your friends, your friends’ friends, and so on, as cybercrooks like to leverage people’s misplaced trust.

Don’t become a victim

  • Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics, be skeptical and never let their urgency influence your careful review.
  • Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site. You can also find their  real support phone number listed on the site.
  • Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
  • Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. Furthermore, if you did not specifically request assistance from the sender, consider any offer to ‘help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
  • Don’t let an email link control dictate where you land. Stay in control by finding the website yourself by using a search engine to be sure you land where you intended to. Hovering over links in an email will show the actual URL at the bottom, but a good fake can still steer you wrong.

Curiosity leads to careless clicking–if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email as it is easy for a scammer to pretend you’re talking to a bank teller, a support agent, etc.

  • Secure your computing devices. Install an effective anti-virus solution that can keep up with ever-evolving threats. Make sure to keep your OS and browsers updated, and if your smartphone doesn’t automatically update, make sure to manually update it whenever you receive a notice to do so.
  • Email hijacking is rampant. Hackers, spammers, and social engineers gaining access to people’s emails (and other personal accounts) has become commonplace. Once they control someone’s email account, they prey on the trust of all that person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment, be sure to check with your friend before opening links or downloading. Even then, the legitimacy of the links isn’t guaranteed, which is why it’s critical to be using anti-virus software.
  • Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
  • Foreign offers are fake. If you receive email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money, it is guaranteed to be a scam.
  • Set your spam filters to high. Every email program has spam filters. To find yours, look under your settings options, and set these to the highest setting; just remember to check your spam folder periodically to see if legitimate email has been accidentally trapped there. You can also search for a step-by-step guide to setting your spam filters by searching on the name of your email provider plus the phrase ‘spam filters’.
Page 4 of 7« First...23456...Last »