Security researchers have warned users on information stealing financial malware in circulation. Cybercriminals are cashing on the interest generated by the sudden demise of pop star Amy Winehouse. The five-time Grammy award winner is the latest to join the list of celebrities who died at the age of 27. Scammers were quick to capitalize on the death of the star caused by drug overdose by sending different versions of spam e-mails to entrap users to click on a malicious URL. Security researchers at Symantec, who first reported the latest trick of the scammers, have identified the malware as Infostealer.Bancos. Earlier attackers used to attempt to compromise computers with the financial malware through fake e-mails, which appeared to arrive from a legitimate banking or financial institution. Attackers are now leveraging latest events to deceive users.
In case of the latest attack, the malicious link reportedly displays a pop-up window on a click and urges the target victims to download a file, which appears as an image or video file. Unsusceptible users who click on the link inadvertently download a malware and compromise their computer systems. The malware designed to extract user login credentials on financial sites, also mines the details of the affected computer. While it appears that the latest malware is targeting Portuguese language speakers, the malware writers may devise similar schemes to target English and other European-language speaking users.
Earlier in the year, Symantec had identified spam e-mails targeting Hindi speaking users. Attackers apparently disseminated messages written in Devnagari script. Scammers always look out for ways to deceive Internet users through devising new schemes or redesigning the old schemes. Scammers act swiftly to design fraudulent schemes based on latest happenings. Internet users must not respond to e-mails appearing from strangers, containing links that promise to display images or video. Even in case of e-mails that appear to arrive from legitimate institutions, they must verify the authenticity of the e-mail address, check for broken links, prefixes or suffixes appended to URLs, and spelling mistakes in the message to verify the authenticity of the e-mail. Internet users must scan their computers with legitimate security software at regular intervals and prevent malware infections. Internet users may improve cyber security awareness and online computing practices through online degree programs and e-tutorials.
Professionals qualified in masters of security science, IT degree programs and security certifications attempt to create awareness on security issues through blogs and forums. IT professionals may follow the security advisories offered by cyber security experts and improve the security practices in their organizations.
Educational institutions must update cyber security courses and online university degree programs to incorporate evolving threats and enable students to devise new mechanisms to improve cyber security.