Can you tell the difference between real vs. rogue security software?

Published January 07, 2013

Rogue security software, also known as fake antivirus software or “scareware”, has been one of the most popular methods used by online criminals in recent years to fool computer users into installing malware and/or divulge confidential information.  Rogue AV software typically mimics the general look and feel of legitimate security software programs. Once installed on a person’s machine, it will claim to detect a large number of nonexistent threats while advising users to pay for the “full version” of the software to remove the threats.

Some versions unlawfully use looks, colors, trademarks and icons of well-known AV software companies (Symantec, AVG, Microsoft Security Essentials, Kaspersky and McAfee are just a few examples) to help sucker users into downloading, installing, and ultimately “purchasing” the bogus software. Part of the reason that rogue security programs continue to be successful is that they are very convincing.  Microsoft reports that over 4,173,491 United States users were infected with some variant of Rogue AV during the 1^st and 2^nd quarter of 2012.

Do you think you could tell the difference between a real security program and a rogue security program if it popped up on your computer screen? If you are up for it, take the Microsoft Malware Protection Center’s “Real Vs. Rogue” challenge by clicking here.

Microsoft also has a fantastic series of Security, privacy, and online safety how-to videos that that are perfect for educating computer users on common threats found on the Internet today.

Thanks to Tim Rains for originally sharing this information on the Microsoft TechNet blog.

Nationwide Insurance breach puts over 1 million customers at risk

Published December 18, 2012

Over 1 million customers are at risk of identity theft after online-criminals broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes.

The breach took place Oct. 3 and was discovered the same day. Nationwide immediately contacted authorities, but waited to inform their customers directly. “Although we are not aware of any misuse of consumers’ information at this time, we have sent letters to notify those individuals whose personal information we believe was compromised, as well as certain additional individuals whose information was or may have been involved, but whom we do not believe had information compromised in the attack,” the company said in a recent statement.

“Personally identifiable information” includes names and Social Security numbers, driver’s license numbers and/or dates of birth. It also may include marital status, gender, occupations and the name and address of an employer. So far, Nationwide maintains the position that no other sensitive data – such as medical information or credit card numbers–have been compromised.

An outside security expert was brought in to analyze the data breach and determine who needed to be notified their personal information had been compromised. The Washington Postand other news outlets say the number of notifications is at 1.1 million.

The company is offering a years’ worth of free credit monitoring and up to $1 million in ID theft protection for victims.

Current/former customers and anyone else who has recently requested an insurance quote from either of the two insurers should carefully check bank and credit card statements for any unusual activity. As a former Nationwide customer (until recently), I know I will be keeping a lookout.

How cyber-criminals steal money from bank accounts.

Published December 17, 2012

Here’s a great info-graphic from the security researchers at F-Secure that explains how cyber-criminals steal money from bank accounts.

The original post can be found here.