Instead of a legitimate statement, the attachment contains malware that if opened, automatically executes, infects your computer, and renders it under the control of a larger bot network. The malware can open network ports, steal user credentials, such as logins and passwords, and act as a self-propagating spam bot ready to execute any new attack instructions and spread malicious emails to other targets – a unique aspect of these attacks.

These attacks are variations of a similar one that was conducted last year, and take advantage of a vulnerability in Microsoft’s Windows Common Controls as described in CVE-2012-0158. The attack can successfully infect both Windows 7 and Windows XP platforms.

Bank-related phishing e-mails remain popular. We all notice a message from our bank, and we are likely to feel a sense of urgency to click or act fast. Remember not to open attachments from unsolicited emails from your bank or other organizations. When you receive a suspicious e-mail in your inbox, always be wary, and when in doubt, use the phone and call your bank. Also, make sure your security software is running and up to date. Stay safe!

Another Round of Email Phishing Attacks: Don’t Get Hooked! - ZoneAlarm Blog

How can you avoid becoming easy prey for scammers who can wreak havoc on your computer, personal information, identity and finances? Remembering what you learned from mom, consider the following security tips to help you stay clear of email scams this Mother’s Day.

To read the full article, click HERE:

Mother’s Day Email Scams: 5 Ways to Prevent Them - ZoneAlarm Blog

As wearable technology goes, Google Glass is exciting. The idea of wearing a computer that you can tell it what to do, get the answers you need, and be able to engage with friends over social media effortlessly seems like something out of the future. With Google Glass, wearers can surf the Web and look up answers to questions, take pictures and record video and upload them to Google+ and YouTube, initiate a Hangout, and get turn-by-turn navigation directions. Initial reports from people who are testing the headgear report a surprisingly comfortable fit and smooth online experience.

But as all things Google, there are some people increasingly worried about the erosion of privacy. It’s one thing for Google Glass wearers to agree to share more of their information—where they go in the physical and virtual world and what pictures they are taking—with Google. But it’s a whole new level of privacy concerns when taking pictures and taking video may violate someone else’s privacy.

A common concern seems to be the fact that people won’t know if the wearer is surreptitiously taking pictures or filming someone. According to various reports from people who are testing the gear, it’s pretty hard to hide the fact that Google Glass is on. When Glass is on, the person standing in front of the wearer can see the screen illumination.

Not only will people be able to tell when Google Glass is on, it is pretty obvious when the wearer takes a picture, since the wearer has to say, “Okay Glass, take a picture.”

The bigger question appears to be video. Did that customer start the video before walking into the store and is everything in the store being recorded? Or perhaps the wearer is presently in a Google Hangout and all the folks also in Hangout can see whatever the wearer is seeing.

That is a creepy prospect, and a valid concern. Eric Schmidt, Google’s chairman, thinks new rules of etiquette will evolve regarding how Glass would be used. “The fact of the matter is we’ll have to develop some new social etiquette,” Schmidt told the BBC recently.

“It’s obviously not appropriate to wear these glasses in situations where recording is not correct, and indeed you have this problem already with phones,” Schmidt said.

Google has pointed out that there is nothing Google Glass does that our portable devices don’t already do; it just makes the process easier and accessible. Anyone can casually record conversations using any one of the recording apps available for iOS and Android devices. Maybe you will wind up in the background of a picture or video a wearer took without you knowing it? It doesn’t seem any different from the thousands of snapshots people are taking each day with their smartphones.

“It is still very early days for Glass, and we expect that as with other new technologies, such as cell phones, behaviors and social norms will develop over time,” a Google spokesperson said recently.

Obviously with any new technology there is the potential for misuse, and people are very focused on the possibilities. The privacy concerns should be part of the conversation, but as Lance Ulanoff, editor-in-chief of Mashable recently said, “Google Glass is not a spying tool.” The way Glass is designed, the wearer has to look somewhat up and to the right to see the screen. “If I want a spy tool, put it right in front of my eye, so I can look at the person I’m talking to, while filming someone else,” Ulanoff said.

Are you concerned with Google Glass? Tell us what you think in the comments below.

Google Glass: A Privacy Concern? - ZoneAlarm Blog

Recently, we posted an infographic on securing information on your PC. Here is a purely hypothetical situation you could face this summer:

The focal character in our tale is Alex, a 20-something recent college graduate. She has a great job at a major law firm. She wants a quick vacation this summer; she works hard, plays hard. To that end, she and her friends decide to spend the weekend in Las Vegas.

Let’s see what happens after she uploads her photos through two scenarios:

Scenario 1
Alex doesn’t have software to protect her files. The photos sit in a folder on her desktop.

Scenario 2
Alex has ZoneAlarm File & Folder Lock on her computer. The photo folder is locked with a unique password generated by the program.

When Alex’s friends ask for copies of the photos, she transfers the folder onto USB flash drives, which she then sends to her friends:

Scenario 1
Alex’s friends upload the photos and then throw the USB into a random drawer or the trash, consequently leaving all the photos unprotected and visible to anyone who gets hold of it.

Scenario 2
Alex’s friends can’t open the photos until Alex provides them with the password to the folder. ZoneAlarm File & Folder Lock keeps the files locked, so if the USB is tossed into a random drawer or the trash, no one else will be able to access the photos unless they have the password.

Later in the week, Alex’s mom comes over for dinner and wants to use the computer. A curious parent, she sees the “Summer in Vegas” folder on the desktop and tries to open it.

Scenario 1
Vegas does not stay in Vegas. Mom is able to rummage through the photos Alex took in Vegas, some of which are more confidential than others.

Scenario 2
Alex’s mom doesn’t have the password and is unable to open the folder and lets it go. She understands Alex’s right to privacy.

A few years pass, and it’s time for Alex to get a new computer. What to do with her old Vegas memories?

Scenario 1
Alex deletes all of the files on her computer, empties the desktop recycle bin, then brings her computer in for donation.
Unbeknownst to her, all of the files Alex thought she “deleted” from her computer are still on her hard drive.

Scenario 2
Alex uses ZoneAlarm File & Folder Lock’s Secure Delete and her files along with the “Summer in Vegas” folder are permanently deleted from her computer. Secure Delete is based on military-grade deletion technology, meaning there are no digital traces of any information on her hard drive.

And so ends the tale of Alex, whose trip to Vegas stayed in Vegas… but only in Scenario 2.

ZoneAlarm File & Folder Lock isn’t limited to just protecting photos – think of all of the files on your computer and external devices that are at high risk of being stolen. Have you ever emailed your mortgage application documents to your broker? Did you “misplace” the USB you used to bring tax documents to your accountant? What about the computer you donated, did you really delete all of your files (and emptied the “Recycle Bin”) like Alex? You are at risk of your personal information being stolen by anyone savvy enough to hack into email and a hard drive, or by anyone who knows how to plug in a USB.

This summer, worry about SPF and not your files. Install ZoneAlarm File & Folder Lock on your computer, and it will take care of the latter.

Keep What Happens in Vegas in Vegas - ZoneAlarm Blog

(Click below image to enlarge)

To buy or learn more about ZoneAlarm File & Folder Lock, click HERE.

To buy or learn more about ZoneAlarm File & Folder Lock, click HERE.

How secure is information on your PC? - ZoneAlarm Blog

(Click below image to enlarge)

Got Teens? Online Privacy Issues Concern Parents - ZoneAlarm Blog

You know about being careful and not clicking on random links or downloading software from unknown sources in order to avoid being infected by banking Trojans. You scrutinize account activity and don’t give out bank information to prevent account fraud and takeover. However, the latest attacks knock the banking Website offline so that you can’t even login to your account.

Cyberattackers have targeted some of the largest banks in the U.S. and worldwide with large distributed denial of service (DDoS) attacks over the past few months. In these DDoS attacks, the Website is overwhelmed trying to process a large number of requests all at once. At first, the site gets sluggish, until it eventually crashes and goes offline.

These banks have been hit by waves of DDoS attacks since last fall. The DDoS attacks lasts about three days, during which time banking customers have a hard time getting anything done on the online banking site, or can’t even log in at all.

Just because you can’t log in to your online banking account doesn’t mean your money has disappeared. It just means that you may need to go to physical branch, visit an ATM, or just wait out the attack.

All the financial institutions claimed customer data was not impacted and no fraudulent activity had been detected. As soon as the attacks ended, the sites were back online without any further issues. DDoS, while disruptive, affects Web servers, which are usually well-separated from the systems that handle customer account data and actual transactions.

Even so, these attacks can be a diversion, a way to distract the IT team while another group sneaks in and steals money. These DDoS attacks have in fact “led to or been associated with fraud and customer account takeover,” warned Gartner’s Avivah Litan recently.

A large U.S. bank recently admitted in documents filed with regulators that the attacks “resulted in certain limited losses in some instances,” but did not elaborate. Users should check their accounts and statements for suspicious activity that may have occurred during the DDoS attack. Other basic security hygiene applies, such as selecting, and regularly changing, strong passwords for online bank accounts and running up-to-date antivirus and firewall products, not clicking on links, or opening attachments. It’s critical that all installed software, including Web browsers and the operating system, be updated regularly.

There is not much you can do during a DDoS attack on your financial institution, but you should still follow basic security precautions, check your statements after the attack, and just be vigilant.

What You Need To Know About DDoS Attacks - ZoneAlarm Blog

(Click below image to enlarge)

Managing Logins - ZoneAlarm Blog

Surprise, your email has been hacked. Perhaps you clicked on a link in an email from a similarly affected friend and downloaded a password-stealing malware. Or you were tricked into telling a scammer your password. Or, you were using the same password across several sites, and the attacker had found the password elsewhere.

Why you, you ask? Maybe your email address was on a spam lists or in some stolen database from some other site. Depending on who you are, or who you work for, the attackers may have specifically targeted you. Or perhaps you were just (un)lucky—the attackers cast a wide net and you just got caught.

Okay, so you are hacked. Now what?

Regain Control

The first step is to regain control. If you are locked out of your account, try the password reset process by clicking on the “forgot password?” link. If the attacker hasn’t changed your password reset or your password hints, then you can just click on the link and get back in to your account. That may not work if the attacker has already changed the reset address and security questions.

Most email providers offer some high-level process to help users regain control of their accounts. Of course, depending on the provider, that process may be easy or difficult. Hotmail/Outlook.com users can answer a few questions to verify their identity. Google requires more detailed information in order to verify you are the owner.

Maybe you were lucky and the attacker didn’t lock you out of your account or delete any of your messages. In which case, your first job is to change your password.

Change Your Password

Once back in your account, it’s time to change that password to something strong. “Password1,” “letmein,” or even your last name backwards are not good passwords. Pick a long, weird password, with a mix of characters, upper and lower case letters, and numbers. An obscure phrase would work.

Check Your Password Resets

Did the hacker change the email address listed as the recovery address? Change it back to your own, and make sure the attacker didn’t add any additional ones.

Make sure the security questions are still questions you know the answers to. This may be a good time to change them so that someone just looking at your Facebook page won’t be able to just guess the answers.

If your email provider allows you to automatically forward a copy of your messages to another address, check to make sure the attacker didn’t set that up with some other email address.

Change Your Habits

Think about what you were doing before you got hacked. Clicked on a link? Didn’t have antivirus running to detect that malware? Reused passwords across several sites? Told someone your passwords? Let’s make sure not to make that mistake again. Be careful about what sites you visit, don’t click on random links if you don’t know what they are about, and be paranoid about your password.

Don’t ever share your password with anybody!

Email Hacked? Here Is What To Do - ZoneAlarm Blog

According to industry figures, nearly 80 percent of tax documents were filed electronically last year, and that number is not expected to go down anytime soon. Identity theft cases involving tax fraud have also increased 62 percent from last year, according to the IRS.

Just to give an idea of how lucrative these tax schemes are, last summer, a report from the Treasury Inspector General for Tax Administration found that more than 1.5 million tax returns filed in 2012 claiming $5.2 billion in tax refunds were potentially fraudulent.

Whether you are going to do your taxes yourself or go to an accountant, file electronically or rely on the U.S. Postal Service, below are some tips to keep you safe from unscrupulous scammers this year.

• The first step is to watch out for tax-related emails in your Inbox or messages on social networking sites. The IRS will not email you or post on your Facebook wall. If you are getting messages via email, it’s most likely a phishing scam, no matter how authentic it may look. Just remember that no legitimate bank or tax preparation service would ask a user to enter sensitive information, such as bank account information or Social Security number, into a pop-up screen or ask for it over email.

• Don’t download documents sent to you via email, either. One click to open the file, and you may wind up with a really hard to remove malware on your computer. Even if you think it’s someone you trust, drop them a call and make sure they actually sent you that file or link before you do anything.

• If you are looking for a specific form or information, don’t hit the search engines. Go to the IRS.gov site and search there instead. Many criminals register addresses with similar names to legitimate sites to lure unsuspecting victims. Any file you get from these fake sites are likely to be malicious.

• The next step is to make sure your tax preparer, whether it’s a company or an online service, is legitimate. The IRS has a list of authorized e-filers. You can also select the online service based on how secure they are, such as offering two-factor authentication and anti-malware services. Any preparation site you wind up using must use SSL encryption—you can check by making sure the address bar has HTTPS, and not the insecure HTTP. Some browsers may display a padlock icon instead. While going through the site, make sure the address stays the same—if it changes, you’ve likely been hijacked and your data is no longer safe.

• Make sure the software running on your computer—the operating system, security software, Web browser, software applications—are all regularly updated and patched. Information-stealing malware crawl the hard drive looking for documents with sensitive information. As soon as you file your tax return, save it onto an external drive or burn it onto a DVD and store it offline in a secure location.

Stay aware and scrutinize everything you do so that you don’t fall for one of those scams.

Beware of Tax Scams and Stay Safe - ZoneAlarm Blog