Connect with us

Featured

Fake tax-refund packed with malware

Published

on

During the second quarter of 2019 Kaspersky experts detected multiple mailshots pretending to be offers for tax refunds worldwide. This period is traditionally used as a deadline for filing tax returns and refunds in many countries. Using the scheme, criminals were trying to steal valuable information, or in some cases, install dangerous spyware. This and other findings are revealed in the Spam and Phishing in Q2 2019 Report.

Spam and phishing malicious letters usually contain links that lead users to a seemingly legitimate webpage, created by fraudsters and aimed at stealing various types of personal information. These mailshots often exploit seasonal activities to strike victims harder than usual fraudulent tricks, as there is less awareness around them compared to permanent threats. What’s more, in the case of temporary disguises, scammers can use one of the most effective social engineering techniques – giving a limited amount of time to act, justifying it with the real-life circumstances, and therefore tilting the victim towards making spontaneous decisions.

The detected wave of tax refund fraud came under the guise of tax refund letters with short expiration dates. For instance, malefactors used fake major UK tax services to urge victims to follow the link and fill out the form immediately, while emails under the guise of the CRA (Canada Revenue Agency) were giving the recipient just 24 hours to respond, otherwise a tax refund would not be possible.

Example of the phishing page disguised as CRA tax refund form

Moreover, some of the emails analysed by Kaspersky experts included malicious attachments, disguised as a copy of the return form which in fact was either a malicious downloader, which would download more malicious programs onto users’ machines when launched, or a backdoor (multifunctional malware) that provided criminals with remote access to the infected machine. Its capabilities include monitoring keystrokes, stealing passwords for browsers and Windows accounts and recording video from the computer’s webcam. To convince users to launch such a malicious file, fraudsters usually would make it look like a zip. file containing important information for tax form updates.

“Seasonal spam and phishing can be extremely effective, since the emergence of such letter in a mailbox is sometimes wished and expected, unlike most “unique offer” – type scams. Moreover, with phishing attacks, the tricked victim might not even realise that it was subjected to a cyberattack and had exposed their credentials or email until it is too late, and they suffer from the consequences. The good news is that there are security solutions that not only block malware from being launched and notify the user about the threat, but also have spam and phishing filters that prevent such emails from appearing in an inbox,” said Maria Vergelis, Security Researcher at Kaspersky.

In the second quarter of 2019, the amount of spam peaked in May (58%). The average share of spam in the world’s email traffic was 55%, which is 5% higher than the average figure in the second quarter of 2018. The overall number of phishing attacks in the quarter rose by 21% compared to the figure a year ago, reaching 129,933,555. China (23.72%) became the most popular source of spam, overtaking the U.S. (13.89%) and Russia (4.83%).

To avoid exposing your personal information and being affected by malicious attachments, users are advised to:

  • Always check the link address and sender’s email before clicking on anything sent to them.
  • Check if the link address can be seen in the email and is the same as the actual hyperlink (the real address the link will take you to). This can be checked by hovering your mouse over the link.
  • Do not download and open email attachments that come from unfamiliar email addresses, before scanning them with a security solution. If the email seems legitimate, it is best to check it by accessing the website of the organisation that supposedly sent it.
  • Never share your sensitive data, such as logins and passwords, bank card data etc., with a third party. Official companies will never ask for data like this via email.
  • Use a reliable security solution with behaviour-based anti-phishing technologies, such as Kaspersky Total Security, to detect and block both spam and phishing attacks and initiation of malicious files.

Read the full text of the report on Securelist.com

Continue Reading

Featured

Security gets an upgrade – with a few glitches

Video doorbells are all the rage in the USA. Can they work in South Africa? SEAN BACHER tries out the Ring Video DoorBell 2 and Floodlight Cam.

Published

on

IP cameras have become synonymous with both business and home security. They are readily available, fairly inexpensive and, in many cases, easy to install.

Many are wireless, allowing one to place the camera anywhere within Wi-Fi range. As a result, they are a solution that can be customised to suit any type of security situation.

A world leader in doorbell security, Amazon subsidiary Ring, has recently extended its range of security devices, which now includes doorbells, floodlights, and Wi-Fi extenders, all designed to enhance and complement existing security beams and electric fences.

First up is the Ring Video DoorBell 2

It doesn’t look much like your normal intercom system, except for the miniature eye that keeps track of mischief that may be happening.  

Setting up is fairly easy. All one needs to do is connect it to the network by pushing the connect button, create an account on the downloaded smartphone app and get started with customisation and certification. Features like sensitivity, alerts, and numbers where these alerts need to be sent can all be preprogrammed. It is then just a matter of positioning the doorbell to get the best video coverage.

Getting the correct position may take some time, though, as cars and pedestrians may set it off. 

Next up is the Floodlight Cam

This works much the same as the doorbell. However, it needs to be mounted to a wall. Ring has you covered there: in the box you will find drill bits, screws and even a screwdriver to help you secure the camera. 

You will have to set alerts, phone numbers, and sensitivity. The spotlight allows you to change what time it should light up and shut down, and the package also includes an alarm, should its beams be broken.

Although this all sounds good, there are a few drawbacks to the Ring solutions. Firstly, unlike the United States, where doorbells are stuck in the vicinity of a front door, allowing them to connect to a network easily, many houses in South Africa have gates that need to be opened before one can reach the front door. This means that the bells are on or near the gate, and they are unable to connect to a home or business network.

Now, however, Ring has launched a Wi-Fi extender, but this requires an additional set-up process – and a fairly expensive one, considering the camera cost.

The Ring devices come with Protection Plans that automatically upload any triggered recordings to the cloud, allowing you to view them at a later stage. This trial period only lasts for 30 days, after which the plans can be extended from R450 for a three month period, up to R1 500 for a twelve-month period.

In practice

The attention to detail in the packaging and the addition of the tools really does put the Ring in a class of its own. No short cuts were taken in its design, and you can immediately see that it’s no rip-off. However, the Protection Plans need to be looked at carefully in terms of their costs.

Aside from this challenge, I found the devices very handy inside my house. For instance, a few times my external alarm or fence would sound, at which stage I would get a notification from my armed response – while I was away. But I easily logged in to Ring from my phone to check if anything strange was happening – all in a matter of seconds and while I was sitting all the way in Berlin.

The devices are rather expensive, though, with the Video Door Bell starting at R3 500 and going up to R7 990, and the Floodlight Cam going for R5 000. It all adds up quickly.

The cost means these solutions may not be quite ready for the South African consumer looking for a complete external perimeter security system.

Despite the Protection Plans, I did find them very handy inside my house. For instance, a few times my external alarm or fence would sound, at which stage I would get a notification from my armed response.

But, I easily logged in to Ring from my phone to check if anything strange was happening – all in a matter of seconds and while I was sitting all the way in Berlin.

Continue Reading

Featured

It’s not a ‘techlash’ – it’s a ‘tech clash’

By RORY MOORE, Innovation Lead, Accenture South Africa

Published

on

People’s love for technology has let businesses weave it, and themselves, into our lives, transforming how we work live and interact in this new world which we at Accenture are referring to – in our Tech Vision 2020 – as the “post-digital era.” But now we are being held back.

At a time when people see the potential of embracing technology more deeply into their lives, systems and services built for a old era are not supporting where people want to go. The next five years will see radical transformation as technology is realigned to better reflect people’s needs and values.

We look at the latest emerging trends that will transform how we live in work in this fundamentally different post-digital world.
Tech trend 1: “The I in experience” – helping people choose their own adventure

The next generation of technology-driven experiences will be those that make the user an active participant in creating the experience. Businesses are increasingly looking to personalise and individualise experiences to a greater degree than ever before, but are faced with stricter data regulations and users that are wary of services being too invasive. To address this, leading businesses are changing the paradigm and making choice and agency a central component of what they deliver.

Tech trend 2: “Artificial intelligence (AI) and me” – reimagining business through human and AI collaboration

Businesses will have to tap the full potential of AI by making it an additive contributor to work, rather than a backstop for automating boring or repetitive tasks. Until now, enterprises have been using AI to automate parts of their workflows, but as AI capabilities grow, following the old path will limit the full benefit of AI investments, potentially marginalise people, and cap businesses’ ability for growth. Businesses must rethink the work they do to make AI a generative part of the process. To do so, they will have to build new capabilities that improve the contextual comprehension between people and machines.

Tech trend 3: “The dilemma of smart things” – overcoming the “beta burden”

As enterprises convert their products into platforms for digital experiences, new challenges arise that, if left unaddressed, will alienate customers and erode their trust. Now that the true value of a product is being driven by the experience, a facet of the product that enterprises have traditionally retained strict control over, businesses must re-evaluate central questions: how involved they are with the product lifecycle, how to maintain transparency and continuity over product features, when is a product truly “finished”, and even who owns it?

Tech trend 4: “Robots in the wild” – growing businesses’ reach and responsibility

Robotics are no longer contained to the warehouse or factory floor. Autonomous vehicles, delivery drones, and other robot-driven machines are fast entering the world around us, allowing businesses to extend this intelligence back into the physical world. As 5G is poised to accelerate this trend, every enterprise must begin to re-think their business through the lens of robotics. Where will they find the most value, and what partners do they need to unlock it? What challenges will they face as they undergo this transformation, and what new responsibilities do they have towards their customers and society at large?

Tech trend 5: “Innovation DNA” – creating an engine for continuous innovation

Businesses should assemble their unique innovation DNA to define how their enterprises grow in the future. Maturing digital technology is making it easier than ever before to transform parts of the business, or find new value in share tools with others. The three key building blocks of innovation DNA are:
Continue on the digital transformation journey
Accelerate research and development (R&D) of scientific advancements and utilise elements such as material sciences and genomic editing to ensure practical applications are leaving these labs quicker than ever before
Leverage the power of DARQ (distributed ledger technology, AI, extended reality and quantum computing) to transform and optimise the business
Differentiation in the post-digital era will be driven by the powerful combinations of innovation and these building blocks will enable exactly that.

It’s not a “techlash”, it’s a “tech-clash”

Essentially, this new digital world is more intimate and personal than ever imaginable, but the models for data, ownership, and experience that define that world have remained the same.

Tech-clash is a clash between old models that are incongruous with people’s expectations. The time to start transformation is now. To this end, businesses need to defuse the tech-clash, build human-centered models and foster deeply trusting relationships.

For more information on how Accenture can help enterprises adopt the latest tech trends to future-proof their businesses in the post-digital era, go to: https://www.accenture.com/za-en.

Continue Reading

Trending

Copyright © 2020 World Wide Worx