Just in the past week two new major online threats have surfaced with attempts to steal private consumer information. The truth is that there are plenty more sinister applications than that lurking in our midst, but a little education and vigilance can help you keep your financial information out of the hands of cyber-thieves.
LizaMoon, an “SQL injection attack,” surfaced just last week and has infected possibly over 1 million websites with a malicious script that redirects users to another site which produces a fake antivirus scam to lure users into handing over their credit card information. The good news is that even those who aren’t very technically proficient can easily avoid the fallout of this attack.
“The simple solution: Don't install unknown files! The more complex solution: Know what antivirus programs already exist on your system, and know what they look like when they scan for and find files,” PC Magazine’s David Murphy advises readers. “If something says you have malware on your system, and this something looks nothing like applications you already have on your system, be suspicious!”
The other threat, still currently unfolding, is a data breach suffered by one of the world’s largest email marketers, Epsilon. The firm handles communications for over 2,500 clients including Kroger, TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Ameriprise Financial, LL Bean, Visa Card, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, The College Board, Disney Destinations, Best Buy, and Robert Half Technologies. It is currently not known just how many email addresses have been compromised, but experts believe that breach will result in a large wave of email scams.
"Phishing' scams are the number one concern from this breach,” says Qualys manager Amol Sawarte. “Hackers could send fake emails pretending to be your bank, pharmacy, hotel or other business that were customers of Epsilon. The email will look real and will be convincing as attackers have the customer's name and the company information that they did business with. The email could ask unsuspecting users to click on a link which can ask for credit card numbers, run malware, install spyware or carry out other attacks."
Sawarte recommends steering clear of even official looking email links, and cautions that web users should refrain from sending passwords, PINs, social security numbers, and other financial information like account numbers in response to emails.
I would also suggest that those of you who know your way around a computer may want to educate your less computer savvy relatives and friends of these threats and how they can be prevented to save yourself the headache of helping clean up a mess later on.
