Who doesn’t own a mobile phone nowadays? Whether you have an old-school flip phone or a newer smartphone, you may already have been bothered by rogue SMS text messages.
Cyber-crooks are spamming through every avenue they can, hoping to lure their victims into revealing personal information or tricking them into sending costly text messages.
And it’s not just cyber-criminals you should be worried about. Have you ever received a message from someone you don’t know? Well, these could be attempts to blackmail you or ruin your day.
The above screenshot shows a technique, also known as smishing (SMS phishing), that is rather effective because it reaches your own personal phone. While (almost) everybody knows about email phishing scams, not many people are aware of the equivalent for phones.
Most of us have moved to mobile computing and use it daily, but we often take security for granted. After all, a cellphone is just a telephone right?
Nope. They’ve become very powerful machines, and with their functionality in the wrong hands, they can be destructive for us.
Once again, Skype has proven itself to be a valuable tool for the spread of malware and other malicious doings by cyber criminals. Our researchers have discovered a scam being spread via Skype that is designed to steal the log in credentials for Skype users by dangling free premium upgrades. However unlike other attacks, this one checks the legitimacy of your credentials before infecting your system with malware.
In this connected world, time is of the essence. The bad guys are counting on releasing their malicious programs and infecting machines before security companies have time to analyze those samples and provide detection signatures to block the threat.
Although antivirus companies have evolved their technologies and can now provide proactive heuristic detections (essentially this means being able to detect new malware without having seen it before), cyber criminals thwart these by first testing their creations against each major security vendor to make sure they aren’t detected. If they are, they simply alter their code enough to bypass detection, at least temporarily. So much for all these fancy algorithmic engines…
This is an arms race and the bad guys always have the head start. If they can infect a few thousand computers in a couple of hours before getting detected, they have achieved their goal. And even in the case of the antivirus software later detecting the threat, it is already too late as many pieces of malware disable the security products installed on a machine therefore rending them useless.