Malware using Valentine's Day as a way of tricking users into infecting computers is now a well-established feature of the IT security calendar and, says security vendor Panda, it will be no surprise to see numerous e-mails in circulation with links for downloading romantic greetings cards, or with subjects related to Valentine's Day.
“This year cyber-crooks are also exploiting other channels such as Facebook or Twitter,” warns Jeremy Matthews, head of Panda’s sub-Saharan operations. “Given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as e-mail.”
Social engineering is cyber-crooks’ preferred technique for deceiving users. This basically involves obtaining confidential information from users by convincing them to take a series of actions. Crimeware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.
“The continued use of social engineering by cyber-crooks is a good indication of the infection ratios that this technique for tricking users returns. Otherwise, they would simply have stopped using it,” says Matthews.
Panda recommends a few tips offers to avoid falling victim to computer threats:
* Don’t open emails or messages received on social networks from unknown senders.
* Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc.
* If you do click on any such links, take a close look at the page you arrive at. If you don't recognise it, close your browser.
* Do not run attached files that come from unknown sources. Stay especially on the alert for files that claim to be Saint Valentine’s greeting cards, romantic videos, etc.
* Even if the page seems legitimate, but asks you to download something, you should be suspicious and don't accept the download.
* If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.
* If you are making any purchases online related to Valentine's Day, type the address of the store in the browser, rather than going through any links that have been sent to you.
* Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page. To check that the page is secure, look for the security certificate in the form of a small yellow padlock next to the toolbar or in the bottom right-hand corner of the screen.
* Don’t use shared or public computers for making transactions or operations that require you to enter passwords or other personal details.
* Have an effective security solution installed, capable of detecting both known and new malware strains.