No, we don’t have guests, these shoes are mine

… is my default answer when new friends come to visit my home and are astonished by my shoe parade. Yes, I’m a shoe addict. I haven’t dared to count my collection, but I must own more than 60 pairs. My shoe cabinets are packed and you will find all colors, brands and styles: high-heels, pumps, sneakers, boots, tip-toes, sandals, trainers, clogs – you name it, I have it. I own 8 pairs alone of classic Chucks of different heights and colors. You may be questioning if this many pairs are really necessary? Oh yes, they are. There is a very particular use for every pair of shoes.

Source: ZU

A passion for shoes can easily ruin your Saturday if you are hunting for a certain pair which you just cannot find in the right size in the shoe shops nearby. And no doubt, the habit can get somewhat expensive. Thank goodness the Internet has become a global shopping mall that is open 24/7 so I can not only save time and my best friend’s nerves, but also get occasional good bargains.

But sometimes shopping for shoes online isn’t much fun. Just recently a batch of poisoned links ruined my shoe shopping experience. I was hunting a pair of black ZU heels and was searching the net for the best price. I typed a search term in Google. The third search result sounded promising and so I clicked on the URL. But I didn’t see any shoes, instead I got a warning:

Hey, this was my internet security in action. Well done! But I still wanted a pair of shoes. So I tried the next link and the same thing happened. I clicked the next link – again a warning. The top search results on the first page were poisoned with some malicious code. Very annoying! No shoes for me that day.

Booby-trapped websites are on the rise and what’s even worse, cyber criminals are successfully fooling users with fake anti-virus software and making them pay for useless applications. Google announced a couple of days ago that they had performed a 13 month analysis of 240 million Web pages and fake anti-virus accounted for 15 percent of the malicious software detected. There wouldn’t be as much of it if this wasn’t a lucrative business for criminals.

So be on the lookout when you go shopping online and are searching for popular items. Here are my personal tips for avoiding bad online (shoe) shopping:

  1. Switch search engines once in a while. Google is the most popular and that’s why the criminals target its search results the most.
  2. Check if your internet security solution protects against malware spread through URLs. In F-Secure Internet Security 2010 this feature is called Browsing Protection. If you don’t know what the feature is called in your internet security product, check the vendors website or ask support.
  3. If you’re not using our software or your solution doesn’t offer a URL check, you can use our Browsing Protection for free at http://browsingprotection.f-secure.com/swp/. Just type in the URL you are worried about and the tool tells you if that site is safe or not.
  4. Think before you buy. No security vendor would use a malware warning for marketing and no ticket service on this planet will sell you cheap tickets for the UEFA Champions League Final 2010 in Madrid.

Do you have shopping tips? Do you know some safety checked shopping sites you would like to share? Just drop us a comment below.

Have a great weekend and happy vappu (May 1st) to all our Finnish readers!

Sandra

More posts from this topic

WhatsApp Scams

WhatsApp Scams: 3 Things you Need to Know

F-Secure Labs reported this week on a new WhatsApp scam that’s successfully spammed over 22,000 people. Spam seems to be as old as the Internet itself, and is both a proven nuisance AND a lucrative source of revenue for spammers. Most people don’t see what goes on behind the scenes, but spammers often employ very sophisticated schemes that can expose web surfers to more than just ads for Viagara or other “magic beans”. Spam typically tries to drive Internet traffic by tricking people into clicking certain websites, where scammers can bombard unsuspecting web surfers with various types of advertising. Profit motives are what keep spammers working hard to circumvent spam blocks, white lists, and other protective measures that people use to try and fight back – and it can pay off. Numerous spammers have been indicted and suspected of generating hundreds of thousands of dollars in revenue from their spam campaigns, with one study projecting that spammers could generate in excess of 3.5 million dollars annually. While most spam circulates via e-mail, the popularity of services like WhatsApp is giving spammers new resources to exploit people, and new ways to make money. Here’s a few ways spammers and cyber criminals are using WhatsApp to make money off users: Following Malicious Links: One way that cyber criminals use WhatsApp to scam people is to trick them into following malicious links. For example, a recent scam sent SMS messages to WhatsApp users telling them to follow a link to update the app. But the message was not from WhatsApp, and the link didn’t provide them with any kind of update. It signed them up for an additional service, and added a hefty surcharge to victims' phone bills. Sending Premium Rate Messages: Premium rate SMS sending malware was recently determined by F-Secure Labs to be the fastest growing mobile malware threat, and WhatsApp gives cyber criminals a new way to engage in this malicious behavior. Basically the users receive a message that asks them to send a response – “I’m writing to you from WhatsApp, let me know here if you are getting my messages”, “Get in touch with me about the second job interview”, and various sexual themed messages have all been documented. Responding to these messages automatically redirects your message through a premium rate service. Spanish police claim that one gang they arrested made over 5 million euros using this scheme – leaving everyday mobile phone users to foot the bill. Manipulating Web Traffic: A lot of spam tries to direct web traffic to make money off advertising. As you might imagine, this means they have to get massive numbers of people to look at the ads they’re using for their scams. Scammers use WhatsApp to do this by using the app to spread malware or social engineer large numbers of people to visit a website under false pretenses. F-Secure Labs found that people were being directed to a website for information on where they could get a free tablet. In March there was a global spam campaign claiming people could test the new WhatsApp calling feature. Both cases were textbook scams, and instead of getting new tablets or services, the victims simply wasted their time spreading misleading spam messages and/or exposing themselves to ads. WhatsApp and other services are great for people, but like any new software, requires a bit of understanding to know how to use. Hopefully these points give WhatsApp users a heads up on how they can avoid spam and other digital threats, so they can enjoy using WhatsApp to chat with their friends. [ Image by Julian S. | Flickr ]

May 8, 2015
BY 
Cyber Espionage

Getting Cozy with Cyber Espionage

Espionage – it’s not just for James Bond type spies anymore. Cyber espionage is becoming an increasingly important part of global affairs, and a threat that companies and organizations handling large amounts of sensitive data are now faced with. Institutions like these are tempting targets because of the data they work with, and so attacks designed to steal data or manipulate them can give attackers significant advantages in various social, political and industrial theaters. F-Secure Labs’ latest malware analysis focuses on CozyDuke – an Advanced Persistent Threat (APT) toolkit that uses combinations of tactics and malware to compromise and steal information from its targets. The analysis links it to other APTs responsible for a number of high-profile acts of espionage, including attacks against NATO and a number of European government agencies. CozyDuke utilizes much of the same infrastructure as the platforms used in these attacks, effectively linking these different campaigns to the same technology. “All of these threats are related to one another and share resources, but they’re built a little bit differently to make them more effective against particular targets”, says F-Secure Security Advisor Sean Sullivan. “The interesting thing about CozyDuke is that it’s being used against a more diverse range of targets. Many of its targets are still Western governments and institutions, but we’re also seeing it being used against targets based in Asia, which is a notable observation to make”. CozyDuke and its associates are believed to originate from Russia. The attackers establish a beachhead in an organization by tricking employees into doing something such as clicking a link in an e-mail that distracts users with a decoy file (like a PDF or a video), allowing CozyDuke to infect systems without being noticed. Attackers can then perform a variety of tasks by using different payloads compatible with CozyDuke, and this can let them gather passwords and other sensitive information, remotely execute commands, or intercept confidential communications. Just because threats like CozyDuke target organizations rather than individual citizens doesn’t mean that they don’t put regular people at risk. Government organizations, for example, handle large amounts of data about regular people. Attackers can use CozyDuke and other types of malware to steal data from these organizations, and then use what they learn about people for future attacks, or even sell it to cyber criminals. The white paper, penned by F-Secure Threat Intelligence Analyst Artturi Lehtiö, is free and available for download from F-Secure’s website.  [ Image by Andrew Becraft | Flickr ]

May 4, 2015
BY