Retailers aren't the only ones gearing up for the holiday season. Criminals are also out in force.
To highlight the increased crime during the holidays, security company McAfee has come up with the "12 Scams of Christmas" ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity.
It's especially important to be extra careful this time of year, says McAfee's David Marcus. "The bad guys know people are spending more time online, they're paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.
In a podcast interview (scroll down to listen), Marcus counted down the 12 scams of Christmas starting with:
- Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.
- Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.
- Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.
- Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it's from a site you haven't heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it's from someone you know. If you're going to send an e-card, be sure you're dealing with a reputable service lest you risk infecting yourself and your friends.
- Fake "luxury" jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that's too good to be true, it probably isn't true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.
- Practice safe holiday shopping. Make sure your wireless network is secure and be sure you're shopping on sites that are secure. Though it isn't an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The "s" stands for "secure."
- Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.
- Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your "set up fee" but misuse your credit card too. Marcus said that some "get rich quick" sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.
- Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you're actually going to eBay or whatever site you plan to deal with.
- Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.
- E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don't click on any links but type in your bank's Web address manually if you need to access your account.
- Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.
Listen to Larry's interview with McAfee's David Marcus
Listen now: Download today's podcast
Updated 1:45am PST Tuesday with pricing information.
McAfee has released a new security suite designed to help businesses better handle security for their growing segment of Macintosh computers.
Targeting small to large companies, McAfee Endpoint Protection for Mac provides antivirus and antispyware features, and both an inbound and outbound firewall, McAfee said Tuesday.
The company is positioning the tool as a plus for IT administrators and for users. Administrators can use the same console to manage McAfee security on both Mac and Windows machines, said the company. The software lets administrators deny or control which applications can run on supported Macs. The suite's ePolicy Orchestrator tool can also generate reports of malicious activity for review.
Some have debated whether the Mac needs security software since it has traditionally been a less visible target than Windows for attack. But with Internet threats continually on the rise, few computer environments are completely immune. Even Apple has advised Mac users to protect themselves with security software.
Antivirus software for the Mac has been sold for a long time by companies such as Symantec and McAfee. But most products have been geared to the individual user.
McAfee sees its Endpoint Protection suite as filling a growing need at schools, companies, and government agencies that have adopted more Macs in recent years.
"The demand for Macintosh in the enterprise is steadily growing, yet organizations are either not using any security technology for these endpoints, or they are using a standalone, non-manageable anti-virus protection solution," Peter Lincoln, IT director at Aquent, said in a statement provided by McAfee. "The use of McAfee Endpoint Protection for Mac enables us to have complete protection on all our endpoints. Using the same integrated management console also allows us to lower our operational cost and ensure security and compliance."
A survey conducted last year by ITIC showed that a greater number of companies were planning to allow Macs into their workforce.
McAfee Endpoint Protection for Mac is compatible with the latest release of Apple's Snow Leopard as well as existing Leopard and Tiger environments. A McAfee spokesperson said the product's retail price would be $55.08 per computer for a network of 500 - 1000 computers. The pricing includes one year of Gold technical support.
Updated June 5 at 3:48 p.m. Pacific Time: Users can now download the trial of McAfee Family Protection.
Correction: The 30-day trial for McAfee Family Protection is not yet available for users. I will update this post when it does become available.
On the heels of Symantec's OnlineFamily.Norton, released earlier this year, security stalwart McAfee is jumping into the family protection game with a new home-oriented protection program. Called McAfee Family Protection, the program will offer many familiar tools to parents in the hopes of fostering conversation while protecting children from harm.
McAfee Family Protection protects children based on multiple levels of technology.
(Credit: McAfee)McAfee Family Protection will offer blocking, monitoring, and parental notifications for most computer-based activities. The program will allow for up to 10 users on three different machines, utilizing several layers of algorithms to monitor behavior. Parents can outright block or merely monitor Web sites, social-networking behavior, and instant messaging including Facebook IM and multiprotocol chat clients, according to Javed Hasan, vice president of McAfee Product Management.
In addition to blanket blocks for subject matter and specific Web site blocks, parents can customize rules so that they can block all of YouTube, or just YouTube videos that have specific tags. Web sites protected by secure protocol, https, can also be blocked. They can also set up roadblocks that prevent specific applications from opening, such as peer-to-peer clients or media players, and parents can receive brief SMS notifications alongside more-detailed e-mail reports.
The program will also be able to restrict computer usage based on cumulative time used or by time of day. It uses a server-based clock, so tampering with the local system-based clock shouldn't affect this feature.
McAfee says that Family Protection uses about 20MB of RAM when idle and can run on systems with as little as 128MB of RAM. A three-computer license for up to 10 users is available for $39.99.
Editor's Note: Article updated on May 8, 2009. Original article published September 8, 2006.
Every family has at least one member whose risky computer behavior is asking for trouble. You know whom we mean: the kid brother who can't resist those dodgy downloads; the spouse who clicks on suspicious pop-up ads and updates without a second glance; or the cousin who returns a borrowed laptop riddled with malicious software. You have two options: become a paranoid misanthrope with motion-sensor alarms rigged to your PC, or take a few minutes to establish these four security precautions. They're not foolproof against the most persistent of malicious software magnets, but these basic tips should give novices some ideas.
Step 1: Create multiple user accounts
A no-brainer, perhaps, but creating multiple user accounts is one of the surest ways of restricting a guest's risky activities without breathing down their neck while you supervise each mouse click. Families can generate an account for each member, an especially proactive move if there have been problems in the past. Enact it thus and you, the uber-administrator, can limit others' capabilities to install programs and make systemwide changes, a move that could prevent your errant relations from executing tainted programs. To sweeten the deal, each account-holder's capability to customize their own desktop could help mow down weedy sibling rivalry. Consider adding a password-protected log-in to help maintain privacy.
User accounts make it easy to restrict guest privileges.
Make sure the "password at login" feature is enabled, so everyone who accesses the computer will be required to provide their username and password. The nuisance of compelling returning users to log in after each idle period is easily outweighed by the security benefits of maintaining multiple accounts. Besides, you can always adjust your idle-time settings to minimize the frequency of logging in anew. Here's another tip--setting up an unpassword-protected guest account on a laptop means your friends can borrow it to easily get online or use core Office functions, while the password protection on your account acts as a deterrent.
... Read moreQuiz time: What do CustomizeGoogle, GooglePreview, and McAfee SiteAdvisor have in common?
Answer: The ability to improve on Google search in the Firefox browser. For example, does this scenario sound familiar: You accidentally click on a sponsored link and have to return to the main results page to try again?
How about this one: You wasted 10 minutes clicking through search results because you can't remember the link by name, but think you can identify it by sight (so you check them all)? Or worst yet: You stumble on a dangerous link and get bogged down with malware that takes hours or days to fix. Terrible!
Yep, that trio of plug-ins we mentioned helps you avoid the common pitfalls that add up to a lot of wasted time. The best part about the extensions--other than their being free--is that they're compatible with each other, so you won't see any crashes if you choose to install all three. Watch this Insider Secrets video to see how they work.
What if your desktop security application could detect and remove a new threat that was only minutes old? That's the impetus behind McAfee Artemis Technology, announced on Monday.
Artemis, which McAfee plans to market within its 2009 consumer products as "Active Protection," is not focused on hourly updates, or even 15-minute updates, as rival Symantec has. It means instant detection, said Dave Marcus, director of security research and communications for McAfee Avert Labs.
McAfee's use of Artemis is similar to Trend Micro's use of cloud-based computing to analyze and produce new signature files within 15 minutes in that software on the desktop, then pass suspicious files to a larger, remote database. McAfee's Marcus told CNET News that the difference is that McAfee plans to use a desktop communication channel already built into the product, so existing users won't need to download new software.
The file database maintained at McAfee Avert is much larger than what's possible on the desktop. Marcus said it's responsive to minute-by-minute changes in the threat landscape. The new technology opens a doorway to the larger database.
When asked if Artemis is a listening agent, one that reports desktop activity back to McAfee, Marcus dismissed the idea. He said that whenever the McAfee software finds something suspicious and not in its signature database, it'll ping the larger database back at McAfee Avert Labs to get the signature needed. The files sent back and forth are minuscule, he added.
Marcus confirmed that McAfee would continue to send down daily signature files, but, in the heat of the moment, if a new malware sample is received by a McAfee-protected computer, it'll have instant protection from the vast database back at the company headquarters.
There's a new zero-day attack in progress against Yahoo Messenger users. The instant messaging solicitation invites users to open their Webcam. However, the code used in this China-based exploit causes a heap overflow to be triggered when the target accepts a Webcam invitation. That means a remote attacker could execute malicious code on a compromised machine.
The McAfee security blog recommends the following: do not accept Webcam invites from untrusted sources until a patch is released, and block outgoing traffic on TCP port 5100 on your firewall until a patch is released.
Yahoo has been informed and says it is working on a patch.
(Credit:
CNET Networks)
As a computer tech, Jack's used to helping families evict unwanted malware.
What he's not used to is having to perform the same service three times in as many months for the same family. Is malware overpowering their defenses, or is the family relying too heavily on professional services as their safety net for chancy online behavior? Find out in this week's Spyware Horror Story.
(Credit:
CNET Networks)
William is philosophizing to his toothbrush one minute and contemplating practicing shot put with his computer the next. What burst his bubble?
William blames a virus, and in his tussle with the malignant malware, he learns a few lessons about the risks of sharing a computer with family and friends. But was it actually a virus that got him, and are the lessons he learned the right ones?
After the frustrations of dealing with damaged data, it's easy to generalize about past and future behavior. Set the record straight in a thrilling malware true-and-false in this week's Spyware Horror Story, Gone in 30 minutes.
(Credit:
CNET Networks)
Ten percent of the 4.5 million URLs Google researchers analyzed for a malware exposé harbored malicious code. The code executes through widgets, ads, compromised downloads, server vulnerabilities, browser holes, phishing lures, and links, making infection possible for even ordinarily safe users.
CNET.com's Robert Vamosi has the full story, and CNET Download.com has programs to add muscle to your antivirus armor. Netcraft Toolbar (for Internet Explorer and Firefox), is an antiphishing browser extension that sniffs out suspicious hosting locations common in spoofed sites. ... Read more
- prev
- 1
- next
