Tag: Google search
IDG Contributor Network: Google Home can now recognize voices. What does...
Google has added support for up to six users to its virtual assistant device, Google Home.
That’s a huge leap in the world of machine learning and artificial intelligence.
It solves many problems related to voice-activated virtual assistants, while also creating some serious privacy concerns.I have three Gmail users in my house who all access the same Google Home device, which is linked to my account.
It’s used for playing music, watching videos through Nvidia Shield, helping with recipes, asking questions, checking appointments, and other such tasks.Here’s the problem: I hate it. My Google search history and YouTube playlists are all messed up.
It’s full of queries by my wife, guests, kids, and our au pair. My private appointments are accessible to anyone who can ask for them.
Anyone can activate my Google Home device by yelling from outside the window and taking control of connected devices like oven, lights, and door lock (I was smart enough to not install smart locks). Worst of all, Google is not learning anything about me as it’s being used by everyone.To read this article in full or to leave a comment, please click here
That’s a huge leap in the world of machine learning and artificial intelligence.
It solves many problems related to voice-activated virtual assistants, while also creating some serious privacy concerns.I have three Gmail users in my house who all access the same Google Home device, which is linked to my account.
It’s used for playing music, watching videos through Nvidia Shield, helping with recipes, asking questions, checking appointments, and other such tasks.Here’s the problem: I hate it. My Google search history and YouTube playlists are all messed up.
It’s full of queries by my wife, guests, kids, and our au pair. My private appointments are accessible to anyone who can ask for them.
Anyone can activate my Google Home device by yelling from outside the window and taking control of connected devices like oven, lights, and door lock (I was smart enough to not install smart locks). Worst of all, Google is not learning anything about me as it’s being used by everyone.To read this article in full or to leave a comment, please click here
National Foreign Trade Council Website Hit by Chinese Hackers
Hackers, cyber-security, National Foreign Trade Council, malware, Fidelis Cybersecurity, collaboration tools, SAP, Google, Google Maps, Google Search, spammers, Microsoft, Power BI Desktop, business intelligence, cloud computing
10 tips and tricks to master the Google app for iPhone
Get your Google onImage by Derek WalterGoogle’s iPhone app is way more than a conduit to Google search—it’s the hub for Google’s shadow operating system, which essentially lets you cheat on Apple and live a more Googly smartphone life.To read this article in full or to leave a comment, please click here
Adware rewrites phone details for legitimate security software on Google search
You might not know you have it, but Crusader will manipulate your search results to push tech support scams.
IDG Contributor Network: Has Ubuntu Linux become boring?
Has Ubuntu become boring?
Ubuntu has long been one of the best known and most popular Linux distributions. But has it become too boring and predictable to retain the interest of users?One writer at OMG Ubuntu asked that question after looking at a c...
Microsoft, stop sabotaging Windows 10
Windows 10 is a good operating system, the first one since Windows 7.
But Microsoft seems determined to penalize users who adopt it. The latest beta version of the forthcoming Creators Update due this spring is getting attention because it places even more ads in Windows. Windows 10 is already annoying users with ads on the lock screen and in the Start screen, but Microsoft has decided to annoy users even more by bringing ads to File Explorer.
This stupidity will create a backlash if not reversed.[ 5 fatal plans that still dog the new Windows 10. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. | Stay up on key Microsoft technologies with the Windows Report newsletter. ] Silicon Valley has an obsession about forcing advertising down users’ throats.
The “intelligent” voice assistant Google Home got in trouble last week for advertising a Disney movie to its users.
And you know that Amazon Alexa’s real purpose is to promote products, once it gets you hooked on its minor conveniences.
This model of free services in exchange for deep spying on your activities to advertise or otherwise promote products is after all the basis of Google Search, Facebook, and most consumer technology services.To read this article in full or to leave a comment, please click here
But Microsoft seems determined to penalize users who adopt it. The latest beta version of the forthcoming Creators Update due this spring is getting attention because it places even more ads in Windows. Windows 10 is already annoying users with ads on the lock screen and in the Start screen, but Microsoft has decided to annoy users even more by bringing ads to File Explorer.
This stupidity will create a backlash if not reversed.[ 5 fatal plans that still dog the new Windows 10. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. | Stay up on key Microsoft technologies with the Windows Report newsletter. ] Silicon Valley has an obsession about forcing advertising down users’ throats.
The “intelligent” voice assistant Google Home got in trouble last week for advertising a Disney movie to its users.
And you know that Amazon Alexa’s real purpose is to promote products, once it gets you hooked on its minor conveniences.
This model of free services in exchange for deep spying on your activities to advertise or otherwise promote products is after all the basis of Google Search, Facebook, and most consumer technology services.To read this article in full or to leave a comment, please click here
IBM gets a patent on “out-of-office” e-mail messages—in 2017
The US Patent Office sees no history, hears no history—unless it's in patents.
Google Assistant comes to every Android phone, 6.0 and up
The Assistant opens up to about 30 percent of Android users.
How to set up your Android phone for ultimate privacy
It’s not an exaggeration to say that your smartphone is the most personal device you have.
The fact it’s always with you, however, sure does generate a lot of information about your habits. Your location history, Google searches, web browsing habits, app usage, and even recordings of your voice talking to the Google Assistant. Yes, your phone and the Google services powering it are incredibly useful in many tangible ways.
And if you use a strong password and two-factor authentication, your information is likely safer on Google’s servers than just about anywhere else. But it’s not paranoia to take stock from time to time of just how much you’re handing over to Google or if you’d rather not place all your digital privacy eggs in the same basket. Here are some simple tips about how you can stay in control of all that critical information and ensure that privacy isn’t something you have to surrender. Get right with Google Since you’re on Android, using a Google account is essential in order to buy apps and use the company’s suite of services.
Even the privacy-focused Blackphone puts Google services front and center. If your goal is to maybe do a little de-Googling because you don’t want the company to know every thing about you, the first place to start is the My Activity account center.
This is essentially the dashboard for every instance where your activity touches Google servers.
The site is quite mobile friendly, so you can attack all these details from your phone or tablet as well as on the desktop. Greenbot My Activity is the home for everything Google remembers about your daily interactions. The amount of information is a little staggering, especially if this is your first time there.
For example, touch “Android” and you’ll see a timeline of the interactions from your phone, such as which apps you’ve used on your phone, tablet, or Android TV.
Same goes for Chrome, Search, or Play.
There’s also a search function, which is surprisingly a little hit and miss at finding your stuff. The key to this section is that you can also clean things out.
Touch the overflow (three vertical dots) button at the top right and you’ll have an option to delete details by a certain timeframe. You can also opt for the nuclear option and delete everything if you want a fresh start. Greenbot You can delete activity from a specific time period or send everything to the digital trash bin at once. The most interesting addition to this section is found if you use the Google Assistant, which is what powers the artificial intelligence smarts inside the Pixel, Google Home, and Allo.
Every voice interaction with Google is recorded, and you can play it back. Greenbot You can play back and also delete your voice interactions with the Google Assistant. It’s a little creepy to know your voice recordings are saved for all time.
So you can delete this if you’d like. However, you’re better off acknowledging that this is one of the tradeoffs we make for having an artificial genie always at your disposal.
It remembers. This is where the “delete activity by” button can come in handy.
It allows you to delete content from a specific application.
Touch Filter by date & product and then select Assistant or any other app you want to seek out.
This way all your voice searches, Google searches, or other interactions are sent away at once. Greenbot You can wipe away your voice commands all at once. Returning here often, just to see what's going on, is also a good idea as a way of ensuring your account is secure and nothing suspicious has taken place. Location, location, location So much of how your phone interacts with different apps and services is through your location.
Think Google Maps, Google search suggestions, Uber, and other services. One area you should check is your Google location history.
This is a detailed timeline of everywhere your Android device has gone.
It’s actually useful, as it’s helped me remember where I went on a certain day. However, it’s easy to understand that some may not want this saved for all time. Head to Maps > Your timeline and you’ll see what Google has on you. Your location is saved in an attractive timeline by each day, and it even integrates with Google Photos to show which pictures you took by location. Greenbot Every move you make is traceable inside of Google Maps. You can tame this behavior, however. Head to Settings > Personal > Location.
From here, you can see which apps have recently accessed your location.
There’s also a switch to turn this off if there are particular apps you don’t want included or are turning into a battery drain. Greenbot Find out which apps and devices are using Google’s location services. Keep in mind that shutting off all location-based tracking means no more regional tips from Google Now, gift card offers from Android Pay, or other location-based alerts. You’re also likely to get far fewer Opinion Rewards surveys since many of these come from your location. You can also get more specific and turn on or off location services for specific apps or devices if you want more control. Phones, tablets, and PCs that have used your Google account tend to hang this feature around a while, and for security your best bet is to ensure you’ve wiped them properly before resale. Go outside the circle Along with tightening the reins on your Google account, you can also opt to go dark with some other apps and services you use. Just like on the desktop, you can browse the web with Chrome in Incognito mode.
It’s even easier if you have a Pixel as it’s one of the app shortcuts (press and hold the Chrome icon).
This doesn’t save any of your Google searches or web history to your account; however, it doesn’t mean that you’re completely invisible. Your internet service provider and other information is still visible to the server you visit. Greenbot Go Incognito mode if you want to browse without much of a trace. For even stronger private browsing, there’s a toolset for using Tor on Android. Orbot uses Tor to create a proxy and scramble your Internet traffic. You then use the Orbox browser to surf the web securely.
It’s so secure, it won’t even let you take a screenshot of the browsing section. More technical users can also dive into node configuration, bridges, and relays. Greenbot Tor browsing isn’t just for the desktop. If you want a more conventional solution, you can always opt out of the Chrome ecosystem by going with Firefox and a different search engine.
The best mostly private option is DuckDuckGo. Not only is it a solid search engine, but none of your search history or other details are saved by the company. On the email front, you can get by with some more private alternatives to Gmail. One of the best is ProtonMail.
It’s a popular, encrypted email service with the servers based in Switzerland. You’re not going to get all the cool tricks like travel itineraries in your Google Now feed, but you can rest assured that your email account is securely hosted. Greenbot DuckDuckGo, Signal, and many other apps are good choices if you want to elevate your privacy. The other area that gets a lot of attention is messaging.
There are many good, private messaging options for you. Personally I’m a fan of Signal, as I find it to have the best feature set and a robust development pace.
It uses end-to-end encryption, which means that only the sender and recipient are able to see the message. Privacy and security are just as much a mindset as they are about using specific apps, however.
The real key is to think about apps that you interact with and what privacy tradeoffs you may be making for their services.
In many cases it’s worth it. Yet as technology creeps ever more into our lives, it’s best from time to time to decide just how much is enough. This story, "How to set up your Android phone for ultimate privacy" was originally published by Greenbot.
The fact it’s always with you, however, sure does generate a lot of information about your habits. Your location history, Google searches, web browsing habits, app usage, and even recordings of your voice talking to the Google Assistant. Yes, your phone and the Google services powering it are incredibly useful in many tangible ways.
And if you use a strong password and two-factor authentication, your information is likely safer on Google’s servers than just about anywhere else. But it’s not paranoia to take stock from time to time of just how much you’re handing over to Google or if you’d rather not place all your digital privacy eggs in the same basket. Here are some simple tips about how you can stay in control of all that critical information and ensure that privacy isn’t something you have to surrender. Get right with Google Since you’re on Android, using a Google account is essential in order to buy apps and use the company’s suite of services.
Even the privacy-focused Blackphone puts Google services front and center. If your goal is to maybe do a little de-Googling because you don’t want the company to know every thing about you, the first place to start is the My Activity account center.
This is essentially the dashboard for every instance where your activity touches Google servers.
The site is quite mobile friendly, so you can attack all these details from your phone or tablet as well as on the desktop. Greenbot My Activity is the home for everything Google remembers about your daily interactions. The amount of information is a little staggering, especially if this is your first time there.
For example, touch “Android” and you’ll see a timeline of the interactions from your phone, such as which apps you’ve used on your phone, tablet, or Android TV.
Same goes for Chrome, Search, or Play.
There’s also a search function, which is surprisingly a little hit and miss at finding your stuff. The key to this section is that you can also clean things out.
Touch the overflow (three vertical dots) button at the top right and you’ll have an option to delete details by a certain timeframe. You can also opt for the nuclear option and delete everything if you want a fresh start. Greenbot You can delete activity from a specific time period or send everything to the digital trash bin at once. The most interesting addition to this section is found if you use the Google Assistant, which is what powers the artificial intelligence smarts inside the Pixel, Google Home, and Allo.
Every voice interaction with Google is recorded, and you can play it back. Greenbot You can play back and also delete your voice interactions with the Google Assistant. It’s a little creepy to know your voice recordings are saved for all time.
So you can delete this if you’d like. However, you’re better off acknowledging that this is one of the tradeoffs we make for having an artificial genie always at your disposal.
It remembers. This is where the “delete activity by” button can come in handy.
It allows you to delete content from a specific application.
Touch Filter by date & product and then select Assistant or any other app you want to seek out.
This way all your voice searches, Google searches, or other interactions are sent away at once. Greenbot You can wipe away your voice commands all at once. Returning here often, just to see what's going on, is also a good idea as a way of ensuring your account is secure and nothing suspicious has taken place. Location, location, location So much of how your phone interacts with different apps and services is through your location.
Think Google Maps, Google search suggestions, Uber, and other services. One area you should check is your Google location history.
This is a detailed timeline of everywhere your Android device has gone.
It’s actually useful, as it’s helped me remember where I went on a certain day. However, it’s easy to understand that some may not want this saved for all time. Head to Maps > Your timeline and you’ll see what Google has on you. Your location is saved in an attractive timeline by each day, and it even integrates with Google Photos to show which pictures you took by location. Greenbot Every move you make is traceable inside of Google Maps. You can tame this behavior, however. Head to Settings > Personal > Location.
From here, you can see which apps have recently accessed your location.
There’s also a switch to turn this off if there are particular apps you don’t want included or are turning into a battery drain. Greenbot Find out which apps and devices are using Google’s location services. Keep in mind that shutting off all location-based tracking means no more regional tips from Google Now, gift card offers from Android Pay, or other location-based alerts. You’re also likely to get far fewer Opinion Rewards surveys since many of these come from your location. You can also get more specific and turn on or off location services for specific apps or devices if you want more control. Phones, tablets, and PCs that have used your Google account tend to hang this feature around a while, and for security your best bet is to ensure you’ve wiped them properly before resale. Go outside the circle Along with tightening the reins on your Google account, you can also opt to go dark with some other apps and services you use. Just like on the desktop, you can browse the web with Chrome in Incognito mode.
It’s even easier if you have a Pixel as it’s one of the app shortcuts (press and hold the Chrome icon).
This doesn’t save any of your Google searches or web history to your account; however, it doesn’t mean that you’re completely invisible. Your internet service provider and other information is still visible to the server you visit. Greenbot Go Incognito mode if you want to browse without much of a trace. For even stronger private browsing, there’s a toolset for using Tor on Android. Orbot uses Tor to create a proxy and scramble your Internet traffic. You then use the Orbox browser to surf the web securely.
It’s so secure, it won’t even let you take a screenshot of the browsing section. More technical users can also dive into node configuration, bridges, and relays. Greenbot Tor browsing isn’t just for the desktop. If you want a more conventional solution, you can always opt out of the Chrome ecosystem by going with Firefox and a different search engine.
The best mostly private option is DuckDuckGo. Not only is it a solid search engine, but none of your search history or other details are saved by the company. On the email front, you can get by with some more private alternatives to Gmail. One of the best is ProtonMail.
It’s a popular, encrypted email service with the servers based in Switzerland. You’re not going to get all the cool tricks like travel itineraries in your Google Now feed, but you can rest assured that your email account is securely hosted. Greenbot DuckDuckGo, Signal, and many other apps are good choices if you want to elevate your privacy. The other area that gets a lot of attention is messaging.
There are many good, private messaging options for you. Personally I’m a fan of Signal, as I find it to have the best feature set and a robust development pace.
It uses end-to-end encryption, which means that only the sender and recipient are able to see the message. Privacy and security are just as much a mindset as they are about using specific apps, however.
The real key is to think about apps that you interact with and what privacy tradeoffs you may be making for their services.
In many cases it’s worth it. Yet as technology creeps ever more into our lives, it’s best from time to time to decide just how much is enough. This story, "How to set up your Android phone for ultimate privacy" was originally published by Greenbot.
Have an xHamster Account? You Might Want to Change Your Password
Whether the leaked information is legit is still up for debate, however.
Potentially bad news for xHamster users. The porn site was reportedly breached and hackers have been trading account details on shady corners of the Web.
Vice's Motherboard obta...
Facebook, Google seek to gut fake news sites’ money stream
Servizi Multimedialireader comments 27
Share this story
On Monday, the top trending story if you searched Google for "final election vote count 2016" was a fake story on a site called 70News claiming that Donald Trump had won the popular vote, even though he had not. And in the week before the election, Facebook and Google were being criticized about fake news on their sites, which critics believe could have swayed the presidential race's outcome.
Google responded Monday with a pledge to restrict fake news sites from using its AdSense advertising network. Facebook, for its part, updated its policy to clearly state that its advertising ban on deceptive or misleading content applied to fake news.
"We do not integrate or display ads in apps or sites containing content that is illegal, misleading or deceptive, which includes fake news," Facebook said in a statement. And Facebook chief Mark Zuckerberg on Saturday tried to put the kibosh on the idea that Facebook's platform influenced the election.
"Of all the content on Facebook, more than 99 percent of what people see is authentic. Only a very small amount is fake news and hoaxes," Zuckerberg said. "The hoaxes that do exist are not limited to one partisan view, or even to politics. Overall, this makes it extremely unlikely hoaxes changed the outcome of this election in one direction or the other."
Still, Google and Facebook are not preventing fake news or hoaxes from appearing on the social networking site or in Google search. Instead, the companies' policies are geared toward trying to reduce the financial incentive for producing fake news. And for Google, it's not just about seeking the truth. Advertisers don't want their wares displayed next to bogus content.
"Moving forward, we will restrict ad serving on pages that misrepresent, misstate, or conceal information about the publisher, the publisher's content, or the primary purpose of the web property," Google said in a statement. Google also has the same policy for pornography or violent content. AdSense vets content with artificial intelligence and humans to ensure compliance.
For its part, Facebook has been hit hard by some who accused the social-media platform of tilting voters in favor of Trump by allowing completely fabricated stories, including one that Trump won the endorsement of Pope Francis, to circulate on the site.
The Pew Research Center, meanwhile, in May said that 62 percent of Americans obtain some, or all, of their news on social media—the bulk of it from Facebook.
Spam and phishing in Q3 2016
Download the full report (PDF)
Spam: quarterly highlights
Malicious spam
Throughout 2016 we have registered a huge amount of spam with malicious attachments; in the third quarter, this figure once again increased significantly.
According to KSN data, in Q3 2016 the number of email antivirus detections totaled 73,066,751. Most malicious attachments contained Trojan downloaders that one way or another loaded ransomware onto the victim’s computer. Number of email antivirus detections, Q1-Q3 2016 The amount of malicious spam reached its peak in September 2016.
According to our estimates, the number of mass mailings containing the Necurs botnet alone amounted to 6.5% of all spam in September.
To recap, this kind of malicious spam downloads the Locky malware to computers. Most emails were neutral in nature. Users were prompted to open malicious attachments imitating bills supposedly sent by a variety of organizations, receipts, tickets, scans of documents, voice messages, notifications from stores, etc.
Some messages contained no text at all.
All this is consistent with recent trends in spam: fraudsters are now less likely to try and impress or intimidate users to make them click a malicious link or open an attachment.
Instead, spammers try to make the email contents look normal, indistinguishable from other personal correspondence.
Cybercriminals appear to believe that a significant proportion of users have mastered the basics of Internet security and can spot a fake threat, so malicious attachments are made to look like everyday mail. Of particular note is the fact that spam coming from the Necurs botnet had a set pattern of technical email headers, while the schemes used by the Locky cryptolocker varied a lot.
For example, the five examples above contain the following four patterns: JavaScript loader in a ZIP archive loads and runs Locky. Locky is loaded using a macro in the .docm file. Archived HTML page with a JavaScript script downloads Locky. Archived HTML page with a JavaScript script downloads the encrypted object Payload.exe, which runs Locky after decryption. Methods and tricks: links in focus IP obfuscation The third quarter saw spammers continue to experiment with obfuscated links.
This well-known method of writing IP addresses in hexadecimal and octal systems was updated by scammers who began to add ‘noise’.
As a result, an IP address in a link may end up looking like this: HTTP://@[::ffff:d598:a862]:80/ Spammers also began to insert non-alphanumeric symbols and slashes in domain/IP addresses, for example: http://0122.0142.0xBABD/ <a href=/@/0x40474B17 URL shortening services Spammers also continued experimenting with URL shortening services, inserting text between slashes.
For example: Sometimes other links were used to add text noise: The use of search queries Some spammers have returned to the old method of hiding the addresses of their sites as search queries.
This allows them to solve two problems: it bypasses black lists and makes the links unique for each email.
In the third quarter, however, spammers went even further and used the Google option “I’m Feeling Lucky”.
This option immediately redirects users to the website that’s displayed first in the list of search results, and it can be activated simply by adding “&btnI=ec” to the end of the link.
Clicking on the link redirects users to the spammer’s site rather than to the page displayed in the Google search results.
The advertising site itself is obviously optimized to appear first in the search results.
There could be lots of similar queries within a single mass mailing. The example above involves yet another trick.
The search query is written in Cyrillic.
The Cyrillic letters are first converted to a decimal format (e.g., “авто” becomes “Авто”), and then the whole query in decimal format, including special symbols, are converted to a hexadecimal URL format. Imitations of popular sites The third quarter saw phishers trying to cheat users by making a link look similar to that of a legitimate site.
This trick is as old as the hills.
In the past, real domain names were distorted very slightly; now, cybercriminals make use of either subdomains imitating real domain names or long domains with hyphens.
So, in phishing attacks on PayPal users we came across the following domain names: Phishing attacks targeting Apple users included the following names: Spammers have also found help from new “descriptive” domain zones, where a fake link can seem more topical and trusted, for example: Testers required Q3 email traffic contained mass mailings asking users to participate in free testing of a product that they could then keep.
The authors of the emails we analyzed were offering popular goods such as expensive brand-name home appliances (coffee machines, robot vacuum cleaners), cleaning products, cosmetics and even food. We also came across a lot of emails offering the chance to test the latest models of electronic devices including the new iPhone that was released at the end of the third quarter.
The headers used in these mass mailings include: “Register to test & keep a new iPhone 7S! Wanted:! IPhone 7S Testers”.
The release of the latest iPhone was met with the usual surge of spam activity dedicated exclusively to Apple products. The largest percentage of spam in the third quarter – 61.25% – was registered in September #KLReport Tweet The people sending out these messages are in no way related to the companies whose products they use as bait. Moreover, they send out their mass mailings from fake email addresses or from empty, newly created domains. The senders promise to deliver the goods for testing by post, and using this pretext they ask for the recipient’s postal and email addresses as well as other personal information.
A small postal charge in is imposed on the user, but even if the goods are delivered, there is no guarantee they will be good quality.
There are lots of posts on the Internet by users saying they never received any goods, even after paying the postage costs.
This has an element of old-fashioned non-virtual fraud: the cybercriminals receive money transfers under the pretext of a postal charges and then disappear. Gift certificates to suit all tastes Spam traffic in Q3 included some interesting mailings using the common theme of fake gift certificates. Recipients were offered the chance to participate in an online survey in return for a certificate worth anything from ten to hundreds of euros or dollars.
They were led to believe that the certificates were valid for large international retail chains, online hypermarkets, grocery stores, popular fast-food chains as well as gas stations. In some cases, the senders of these fraudulent messages said they were carrying out a survey to improve the customer support services of the organizations that were allegedly behind these generous offers, as well as to improve the quality of their products.
In other cases, the message was described as a stroke of luck and that the recipient’s email address was randomly selected for a generous gift as a mark of appreciation for using the brand’s goods or services.
The messages were indeed randomly sent out to email addresses that had been collected by spammers, and did not necessarily belong to customers of the companies named in emails. To confirm receipt of the gift certificate, the user is asked to follow a link in the email which in fact leads to an empty domain with a descriptive name (e.g. “winner of the day”).
Then, via the redirect, the user ends up at a newly created site with a banner designed in the style of the brand that supposedly sent out the mailing.
The user is notified that the number of certificates is limited and that they have only 90 seconds to click on a link, thereby agreeing to receive the gift.
After completing a short survey asking things such as “How often do you use our services?” and “How are you planning to use the certificate?” the user is asked to enter their personal data in a form.
And finally the “lucky winner” is redirected to a secure payment page where they have to enter their bank card details and pay a minor fee (in the case we analyzed the sum was 1 krone). In Q3 2016 Germany (13.21%) remained the country targeted most by malicious mailshots #KLReport Tweet According to online reviews, some potential victims of this type of certificate fraud were asked to call a number to participate in a telephone survey rather than an online survey.
This type of fraudulent scheme is also quite common: the idea is to keep someone on the paid line for as long as possible until they give up on the promised reward. Like the offers to participate in the testing of goods, these themed messages were sent out from fake addresses with empty or newly created domains that had nothing to do with the organizations in whose name the cybercriminals were offering the certificates. Statistics Proportion of spam in email traffic Percentage of spam in global email traffic, Q2 and Q3 2016 The largest percentage of spam in the third quarter – 61.25% – was registered in September.
The average share of spam in global email traffic for Q3 amounted to 59.19%, which was 2 p.p. more than in the previous quarter. Sources of spam by country Sources of spam by country, Q3 2016 In Q3 2016, the contribution from India increased considerably – by 4 p.p. – and became the biggest source of spam with a share of 14.02%.
Vietnam (11.01%, +1 p.p.) remained in second place.
The US fell to third after its share (8.88%) dropped by 1.9 p.p. As in the previous quarter, fourth and fifth were occupied by China (5.02%) and Mexico (4.22%) respectively, followed by Brazil (4.01%), Germany (3.80%) and Russia (3.55%).
Turkey (2.95%) rounded off the TOP 10. Spam email size Breakdown of spam emails by size, Q2 and Q3 2016 Traditionally, the most commonly distributed emails are very small – up to 2 KB (55.78%), although the proportion of these emails has been declining throughout the year, and in Q3 dropped by 16 p.p. compared to the previous quarter. Meanwhile, the proportion of emails sized 10-20 KB increased considerably from 10.66% to 21.19%.
The other categories saw minimal changes. Malicious email attachments Currently, the majority of malicious programs are detected proactively by automatic means, which makes it very difficult to gather statistics on specific malware modifications.
So we have decided to turn to the more informative statistics of the TOP 10 malware families to trigger mail antivirus. TOP 10 malware families Trojan-Downloader.JS.Agent (9.62%) once again topped the rating of the most popular malware families.
Trojan-Downloader.JS.Cryptoload (2.58%) came second.
Its share increased by 1.34 p.p.
As in the previous quarter, Trojan-Downloader.MSWord.Agent (2.34%) completed the top three. The popular Trojan-Downloader.VBS.Agent family (1.68%) fell to fourth with a 0.48 p.p. decline.
It was followed by Trojan.Win32.Bayrob (0.94%). TOP 10 malware families in Q3 2016 A number of newcomers made it into the bottom half of this TOP 10. Worm.Win32.WBVB (0.60%) in seventh place includes executable files written in Visual Basic 6 (in both P-code and Native modes) that are not recognized as trusted by KSN.
The malware samples of this family are only detected by Mail Anti-Virus.
For this type of verdict File Antivirus only detects objects with names that are likely to mislead users, for example, AdobeFlashPlayer, InstallAdobe, etc. In Q3 2016 India (14.02%) became the biggest source of spam #KLReport Tweet Trojan.JS.Agent (0.54%) came eighth.
A typical representative of this family is a file with .wsf, .html, .js and other extensions.
The malware is used to collect information about the browser, operating system and software whose vulnerabilities can be used.
If the desired vulnerable software is found, the script tries to run a malicious script or an application via a specified link. Yet another newcomer – Trojan-Downloader.MSWord.Cryptoload (0.52%) – occupied ninth place.
It is usually a document with a .doc or .docx extension containing a script that can be executed in MS Word (Visual Basic for Applications).
The script includes procedures for establishing a connection, downloading, saving and running a file – usually a Trojan cryptor. Trojan.Win32.Agent (0,51%), which was seventh in the previous quarter, rounded off the TOP 10 in the third quarter. Countries targeted by malicious mailshots Distribution of email antivirus verdicts by country, Q3 2016 Germany (13.21%) remained the country targeted most by malicious mailshots, although its share continued to decline – by 1.48 p.p. in Q3. Japan (8.76%), whose share increased by 2.36 p.p., moved up to second.
China (8.37%) in third saw its share drop by 5.23 p.p. In Q3 2016, fourth place was occupied by Russia (5.54%); its contribution increased by 1.14 p.p. from the previous quarter.
Italy came fifth with a share of 5.01%.
The US remained in seventh (4.15%).
Austria (2.54%) rounded off this TOP 10. Phishing In Q3 2016, the Anti-Phishing system was triggered 37,515,531 times on the computers of Kaspersky Lab users, which is 5.2 million more than the previous quarter. Overall, 7.75% of unique users of Kaspersky Lab products worldwide were attacked by phishers in Q3 2016. Geography of attacks China (20.21%) remained the country where the largest percentage of users is affected by phishing attacks.
In Q3 2016, the proportion of those attacked increased by 0.01 p.p. Geography of phishing attacks*, Q3 2016 *Number of users on whose computers the Anti-Phishing system was triggered as a percentage of the total number of Kaspersky Lab users in the country The percentage of attacked users in Brazil decreased by 0.4 p.p. and accounted for 18.23%, placing the country second in this rating. UAE added 0.88 p.p. to the previous quarter’s figure and came third with 11.07%.
It is followed by Australia (10.48%, -2.29 p.p.) and Saudi Arabia (10.13%, +1.5 p.p.). TOP 10 countries by percentage of users attacked: China 20.21% Brazil 18.23% United Arab Emirates 11.07% Australia 10.48% Saudi Arabia 10.13% Algeria 10.07% New Zealand 9.7% Macau 9.67% Palestinian Territory 9.59% South Africa 9.28% The share of attacked users in Russia amounted to 7.74% in the third quarter.
It is followed by Canada (7.16%), the US (6.56%) and the UK (6.42%). Organizations under attack Rating the categories of organizations attacked by phishers The rating of attacks by phishers on different categories of organizations is based on detections of Kaspersky Lab’s heuristic anti-phishing component.
It is activated every time a user attempts to open a phishing page while information about it has not yet been included in Kaspersky Lab’s databases.
It does not matter how the user attempts to open the page – by clicking a link in a phishing email or in a message on a social network or, for example, as a result of malware activity.
After the security system is activated, a banner is displayed in the browser warning the user about a potential threat. In Q3 of 2016, the share of the ‘Financial organizations’ category (banks, payment systems, online stores) accounted for more than half of all registered attacks.
The percentage of the ‘Banks’ category increased by 1.7 p.p. and accounted for 27.13%.
The proportion of ‘Online stores’ (12.21%) and ‘Payment systems’ (11.55%) increased by 2.82 p.p. and 0.31 p.p. respectively. Distribution of organizations affected by phishing attacks by category, Q3 2016 In addition to financial organizations, phishers most often attacked ‘Global Internet portals’ (21.73%), ‘Social networking sites’ (11.54%) and ‘Telephone and Internet service providers’ (4.57%). However, their figures remained almost unchanged from the previous quarter – the change for each category was no more than a single percentage point. Hot topics this quarter Attacks on users of online banking The third quarter saw the proportion of attacked users in the ‘Banks’ category increase significantly – by 1.7 p.p.
The four banks whose clients were attacked most often are all located in Brazil.
For several years in a row this country has ranked among the countries with the highest proportion of users attacked by phishers, and occasionally occupies first place. Naturally, online banking users are priority targets for cybercriminals, since the financial benefits of a successful attack are self-evident. Links to fake banking pages are mostly spread via email. Example of a phishing email sent on behalf of a Brazilian bank.
The link in the email leads to a fake page that imitates the login page to the user’s banking account ‘Porn virus’ for Facebook users At the beginning of the previous quarter, Facebook users were subjected to phishing attacks.
Almost half a year later, the same scheme was used by fraudsters to attack users in Europe.
During the attack, a provocative adult video was used as bait.
To view it, the user was directed to a fake page (a page on the xic.graphics domain was especially popular) imitating the popular YouTube video portal. Example of a user being tagged in a post with the video This extension requested rights to read all the data in the browser, potentially giving the cybercriminals access to passwords, logins, credit card details and other confidential user information.
The extension also distributed more links on Facebook that directed to itself, but which were sent using the victim’s name. Phisher tricks Carrying on from the second quarter, we continue to talk about the popular tricks of Internet fraudsters.
The objectives are simple – to convince their victims that they are using legitimate resources and to bypass security software filters.
It is often the case that the more convincing the page is for the victim, the easier it is to detect with a variety of technologies for combating fraudsters. Nice domains We have already described a trick whereby spammers use genuine-looking links in emails to spread phishing content.
Fraudsters often resort to this technique regardless of how the phishing page is distributed.
They are trying to mislead users, who do actually pay attention to the address in the address bar, but who are not technically savvy enough to see the catch. The main domain of the organization that is being attacked might be represented, for example, by a 13th-level domain: Or might simply be used in combination with another relevant word, e.g., secure: These tricks help deceive potential victims, though they make it much easier to detect phishing attacks using security solutions. Different languages for different victims By using information about the IP address of a potential victim, phishers determine the country in which they are located.
In the example below, they do so by using the service http://www.geoplugin.net/json.gp?ip=. Depending on the country that has been identified, the cybercriminals will display pages with vocabulary in the corresponding language. Examples of files that are used to display a phishing page in a specified language The example below shows 11 different versions of pages for 32 different locations: Example of a script used by phishers to display the relevant page depending on the location of the victim TOP 3 attacked organizations Fraudsters continue to focus most of their attention on the most popular brands, enhancing their chances of a successful phishing attack. More than half of all detections of Kaspersky Lab’s heuristic anti-phishing component are for phishing pages hiding behind the names of fewer than 15 companies. The TOP 3 organizations attacked most frequently by phishers accounted for 21.96% of all phishing links detected in Q3 2016. Organization % of detected phishing links Facebook 8.040955 Yahoo! 7.446908 Amazon.com 6.469801 In Q3 2016, Facebook (8.1%, +0.07 p.p.) topped the ranking of organizations used by fraudsters to hide their attacks. Microsoft, the leader in the previous quarter, dropped out of the TOP 3.
Second place was occupied by Yahoo! (7.45%), whose contribution increased by 0.38 p.p.
Third place went to Amazon, a newcomer to the TOP 3 with 6.47%. Conclusion In the third quarter of 2016, the proportion of spam in email traffic increased by 2 p.p. compared to the previous quarter and accounted for 59.19%.
The largest percentage of spam – 61.25% – was registered in September.
India (14.02%), which was only fourth in the previous quarter, became the biggest source of spam.
The top three sources also included Vietnam (11.01%) and the US (8.88%). The top three countries targeted by malicious mailshots remained unchanged from the previous quarter.
Germany (13.21%) came first again, followed by Japan (8.76%) and China (8.37%). In Q3 2016, Kaspersky Lab products prevented over 37.5 million attempts to enter phishing sites, which is 5.2 million more than the previous quarter.
Financial organizations were the main target, with banks the worst affected, accounting for 27.13% of all registered attacks.
The most attractive phishing targets in Q3 2016 were clients of four banks located in Brazil.
According to KSN data, in Q3 2016 the number of email antivirus detections totaled 73,066,751. Most malicious attachments contained Trojan downloaders that one way or another loaded ransomware onto the victim’s computer. Number of email antivirus detections, Q1-Q3 2016 The amount of malicious spam reached its peak in September 2016.
According to our estimates, the number of mass mailings containing the Necurs botnet alone amounted to 6.5% of all spam in September.
To recap, this kind of malicious spam downloads the Locky malware to computers. Most emails were neutral in nature. Users were prompted to open malicious attachments imitating bills supposedly sent by a variety of organizations, receipts, tickets, scans of documents, voice messages, notifications from stores, etc.
Some messages contained no text at all.
All this is consistent with recent trends in spam: fraudsters are now less likely to try and impress or intimidate users to make them click a malicious link or open an attachment.
Instead, spammers try to make the email contents look normal, indistinguishable from other personal correspondence.
Cybercriminals appear to believe that a significant proportion of users have mastered the basics of Internet security and can spot a fake threat, so malicious attachments are made to look like everyday mail. Of particular note is the fact that spam coming from the Necurs botnet had a set pattern of technical email headers, while the schemes used by the Locky cryptolocker varied a lot.
For example, the five examples above contain the following four patterns: JavaScript loader in a ZIP archive loads and runs Locky. Locky is loaded using a macro in the .docm file. Archived HTML page with a JavaScript script downloads Locky. Archived HTML page with a JavaScript script downloads the encrypted object Payload.exe, which runs Locky after decryption. Methods and tricks: links in focus IP obfuscation The third quarter saw spammers continue to experiment with obfuscated links.
This well-known method of writing IP addresses in hexadecimal and octal systems was updated by scammers who began to add ‘noise’.
As a result, an IP address in a link may end up looking like this: HTTP://@[::ffff:d598:a862]:80/ Spammers also began to insert non-alphanumeric symbols and slashes in domain/IP addresses, for example: http://0122.0142.0xBABD/ <a href=/@/0x40474B17 URL shortening services Spammers also continued experimenting with URL shortening services, inserting text between slashes.
For example: Sometimes other links were used to add text noise: The use of search queries Some spammers have returned to the old method of hiding the addresses of their sites as search queries.
This allows them to solve two problems: it bypasses black lists and makes the links unique for each email.
In the third quarter, however, spammers went even further and used the Google option “I’m Feeling Lucky”.
This option immediately redirects users to the website that’s displayed first in the list of search results, and it can be activated simply by adding “&btnI=ec” to the end of the link.
Clicking on the link redirects users to the spammer’s site rather than to the page displayed in the Google search results.
The advertising site itself is obviously optimized to appear first in the search results.
There could be lots of similar queries within a single mass mailing. The example above involves yet another trick.
The search query is written in Cyrillic.
The Cyrillic letters are first converted to a decimal format (e.g., “авто” becomes “Авто”), and then the whole query in decimal format, including special symbols, are converted to a hexadecimal URL format. Imitations of popular sites The third quarter saw phishers trying to cheat users by making a link look similar to that of a legitimate site.
This trick is as old as the hills.
In the past, real domain names were distorted very slightly; now, cybercriminals make use of either subdomains imitating real domain names or long domains with hyphens.
So, in phishing attacks on PayPal users we came across the following domain names: Phishing attacks targeting Apple users included the following names: Spammers have also found help from new “descriptive” domain zones, where a fake link can seem more topical and trusted, for example: Testers required Q3 email traffic contained mass mailings asking users to participate in free testing of a product that they could then keep.
The authors of the emails we analyzed were offering popular goods such as expensive brand-name home appliances (coffee machines, robot vacuum cleaners), cleaning products, cosmetics and even food. We also came across a lot of emails offering the chance to test the latest models of electronic devices including the new iPhone that was released at the end of the third quarter.
The headers used in these mass mailings include: “Register to test & keep a new iPhone 7S! Wanted:! IPhone 7S Testers”.
The release of the latest iPhone was met with the usual surge of spam activity dedicated exclusively to Apple products. The largest percentage of spam in the third quarter – 61.25% – was registered in September #KLReport Tweet The people sending out these messages are in no way related to the companies whose products they use as bait. Moreover, they send out their mass mailings from fake email addresses or from empty, newly created domains. The senders promise to deliver the goods for testing by post, and using this pretext they ask for the recipient’s postal and email addresses as well as other personal information.
A small postal charge in is imposed on the user, but even if the goods are delivered, there is no guarantee they will be good quality.
There are lots of posts on the Internet by users saying they never received any goods, even after paying the postage costs.
This has an element of old-fashioned non-virtual fraud: the cybercriminals receive money transfers under the pretext of a postal charges and then disappear. Gift certificates to suit all tastes Spam traffic in Q3 included some interesting mailings using the common theme of fake gift certificates. Recipients were offered the chance to participate in an online survey in return for a certificate worth anything from ten to hundreds of euros or dollars.
They were led to believe that the certificates were valid for large international retail chains, online hypermarkets, grocery stores, popular fast-food chains as well as gas stations. In some cases, the senders of these fraudulent messages said they were carrying out a survey to improve the customer support services of the organizations that were allegedly behind these generous offers, as well as to improve the quality of their products.
In other cases, the message was described as a stroke of luck and that the recipient’s email address was randomly selected for a generous gift as a mark of appreciation for using the brand’s goods or services.
The messages were indeed randomly sent out to email addresses that had been collected by spammers, and did not necessarily belong to customers of the companies named in emails. To confirm receipt of the gift certificate, the user is asked to follow a link in the email which in fact leads to an empty domain with a descriptive name (e.g. “winner of the day”).
Then, via the redirect, the user ends up at a newly created site with a banner designed in the style of the brand that supposedly sent out the mailing.
The user is notified that the number of certificates is limited and that they have only 90 seconds to click on a link, thereby agreeing to receive the gift.
After completing a short survey asking things such as “How often do you use our services?” and “How are you planning to use the certificate?” the user is asked to enter their personal data in a form.
And finally the “lucky winner” is redirected to a secure payment page where they have to enter their bank card details and pay a minor fee (in the case we analyzed the sum was 1 krone). In Q3 2016 Germany (13.21%) remained the country targeted most by malicious mailshots #KLReport Tweet According to online reviews, some potential victims of this type of certificate fraud were asked to call a number to participate in a telephone survey rather than an online survey.
This type of fraudulent scheme is also quite common: the idea is to keep someone on the paid line for as long as possible until they give up on the promised reward. Like the offers to participate in the testing of goods, these themed messages were sent out from fake addresses with empty or newly created domains that had nothing to do with the organizations in whose name the cybercriminals were offering the certificates. Statistics Proportion of spam in email traffic Percentage of spam in global email traffic, Q2 and Q3 2016 The largest percentage of spam in the third quarter – 61.25% – was registered in September.
The average share of spam in global email traffic for Q3 amounted to 59.19%, which was 2 p.p. more than in the previous quarter. Sources of spam by country Sources of spam by country, Q3 2016 In Q3 2016, the contribution from India increased considerably – by 4 p.p. – and became the biggest source of spam with a share of 14.02%.
Vietnam (11.01%, +1 p.p.) remained in second place.
The US fell to third after its share (8.88%) dropped by 1.9 p.p. As in the previous quarter, fourth and fifth were occupied by China (5.02%) and Mexico (4.22%) respectively, followed by Brazil (4.01%), Germany (3.80%) and Russia (3.55%).
Turkey (2.95%) rounded off the TOP 10. Spam email size Breakdown of spam emails by size, Q2 and Q3 2016 Traditionally, the most commonly distributed emails are very small – up to 2 KB (55.78%), although the proportion of these emails has been declining throughout the year, and in Q3 dropped by 16 p.p. compared to the previous quarter. Meanwhile, the proportion of emails sized 10-20 KB increased considerably from 10.66% to 21.19%.
The other categories saw minimal changes. Malicious email attachments Currently, the majority of malicious programs are detected proactively by automatic means, which makes it very difficult to gather statistics on specific malware modifications.
So we have decided to turn to the more informative statistics of the TOP 10 malware families to trigger mail antivirus. TOP 10 malware families Trojan-Downloader.JS.Agent (9.62%) once again topped the rating of the most popular malware families.
Trojan-Downloader.JS.Cryptoload (2.58%) came second.
Its share increased by 1.34 p.p.
As in the previous quarter, Trojan-Downloader.MSWord.Agent (2.34%) completed the top three. The popular Trojan-Downloader.VBS.Agent family (1.68%) fell to fourth with a 0.48 p.p. decline.
It was followed by Trojan.Win32.Bayrob (0.94%). TOP 10 malware families in Q3 2016 A number of newcomers made it into the bottom half of this TOP 10. Worm.Win32.WBVB (0.60%) in seventh place includes executable files written in Visual Basic 6 (in both P-code and Native modes) that are not recognized as trusted by KSN.
The malware samples of this family are only detected by Mail Anti-Virus.
For this type of verdict File Antivirus only detects objects with names that are likely to mislead users, for example, AdobeFlashPlayer, InstallAdobe, etc. In Q3 2016 India (14.02%) became the biggest source of spam #KLReport Tweet Trojan.JS.Agent (0.54%) came eighth.
A typical representative of this family is a file with .wsf, .html, .js and other extensions.
The malware is used to collect information about the browser, operating system and software whose vulnerabilities can be used.
If the desired vulnerable software is found, the script tries to run a malicious script or an application via a specified link. Yet another newcomer – Trojan-Downloader.MSWord.Cryptoload (0.52%) – occupied ninth place.
It is usually a document with a .doc or .docx extension containing a script that can be executed in MS Word (Visual Basic for Applications).
The script includes procedures for establishing a connection, downloading, saving and running a file – usually a Trojan cryptor. Trojan.Win32.Agent (0,51%), which was seventh in the previous quarter, rounded off the TOP 10 in the third quarter. Countries targeted by malicious mailshots Distribution of email antivirus verdicts by country, Q3 2016 Germany (13.21%) remained the country targeted most by malicious mailshots, although its share continued to decline – by 1.48 p.p. in Q3. Japan (8.76%), whose share increased by 2.36 p.p., moved up to second.
China (8.37%) in third saw its share drop by 5.23 p.p. In Q3 2016, fourth place was occupied by Russia (5.54%); its contribution increased by 1.14 p.p. from the previous quarter.
Italy came fifth with a share of 5.01%.
The US remained in seventh (4.15%).
Austria (2.54%) rounded off this TOP 10. Phishing In Q3 2016, the Anti-Phishing system was triggered 37,515,531 times on the computers of Kaspersky Lab users, which is 5.2 million more than the previous quarter. Overall, 7.75% of unique users of Kaspersky Lab products worldwide were attacked by phishers in Q3 2016. Geography of attacks China (20.21%) remained the country where the largest percentage of users is affected by phishing attacks.
In Q3 2016, the proportion of those attacked increased by 0.01 p.p. Geography of phishing attacks*, Q3 2016 *Number of users on whose computers the Anti-Phishing system was triggered as a percentage of the total number of Kaspersky Lab users in the country The percentage of attacked users in Brazil decreased by 0.4 p.p. and accounted for 18.23%, placing the country second in this rating. UAE added 0.88 p.p. to the previous quarter’s figure and came third with 11.07%.
It is followed by Australia (10.48%, -2.29 p.p.) and Saudi Arabia (10.13%, +1.5 p.p.). TOP 10 countries by percentage of users attacked: China 20.21% Brazil 18.23% United Arab Emirates 11.07% Australia 10.48% Saudi Arabia 10.13% Algeria 10.07% New Zealand 9.7% Macau 9.67% Palestinian Territory 9.59% South Africa 9.28% The share of attacked users in Russia amounted to 7.74% in the third quarter.
It is followed by Canada (7.16%), the US (6.56%) and the UK (6.42%). Organizations under attack Rating the categories of organizations attacked by phishers The rating of attacks by phishers on different categories of organizations is based on detections of Kaspersky Lab’s heuristic anti-phishing component.
It is activated every time a user attempts to open a phishing page while information about it has not yet been included in Kaspersky Lab’s databases.
It does not matter how the user attempts to open the page – by clicking a link in a phishing email or in a message on a social network or, for example, as a result of malware activity.
After the security system is activated, a banner is displayed in the browser warning the user about a potential threat. In Q3 of 2016, the share of the ‘Financial organizations’ category (banks, payment systems, online stores) accounted for more than half of all registered attacks.
The percentage of the ‘Banks’ category increased by 1.7 p.p. and accounted for 27.13%.
The proportion of ‘Online stores’ (12.21%) and ‘Payment systems’ (11.55%) increased by 2.82 p.p. and 0.31 p.p. respectively. Distribution of organizations affected by phishing attacks by category, Q3 2016 In addition to financial organizations, phishers most often attacked ‘Global Internet portals’ (21.73%), ‘Social networking sites’ (11.54%) and ‘Telephone and Internet service providers’ (4.57%). However, their figures remained almost unchanged from the previous quarter – the change for each category was no more than a single percentage point. Hot topics this quarter Attacks on users of online banking The third quarter saw the proportion of attacked users in the ‘Banks’ category increase significantly – by 1.7 p.p.
The four banks whose clients were attacked most often are all located in Brazil.
For several years in a row this country has ranked among the countries with the highest proportion of users attacked by phishers, and occasionally occupies first place. Naturally, online banking users are priority targets for cybercriminals, since the financial benefits of a successful attack are self-evident. Links to fake banking pages are mostly spread via email. Example of a phishing email sent on behalf of a Brazilian bank.
The link in the email leads to a fake page that imitates the login page to the user’s banking account ‘Porn virus’ for Facebook users At the beginning of the previous quarter, Facebook users were subjected to phishing attacks.
Almost half a year later, the same scheme was used by fraudsters to attack users in Europe.
During the attack, a provocative adult video was used as bait.
To view it, the user was directed to a fake page (a page on the xic.graphics domain was especially popular) imitating the popular YouTube video portal. Example of a user being tagged in a post with the video This extension requested rights to read all the data in the browser, potentially giving the cybercriminals access to passwords, logins, credit card details and other confidential user information.
The extension also distributed more links on Facebook that directed to itself, but which were sent using the victim’s name. Phisher tricks Carrying on from the second quarter, we continue to talk about the popular tricks of Internet fraudsters.
The objectives are simple – to convince their victims that they are using legitimate resources and to bypass security software filters.
It is often the case that the more convincing the page is for the victim, the easier it is to detect with a variety of technologies for combating fraudsters. Nice domains We have already described a trick whereby spammers use genuine-looking links in emails to spread phishing content.
Fraudsters often resort to this technique regardless of how the phishing page is distributed.
They are trying to mislead users, who do actually pay attention to the address in the address bar, but who are not technically savvy enough to see the catch. The main domain of the organization that is being attacked might be represented, for example, by a 13th-level domain: Or might simply be used in combination with another relevant word, e.g., secure: These tricks help deceive potential victims, though they make it much easier to detect phishing attacks using security solutions. Different languages for different victims By using information about the IP address of a potential victim, phishers determine the country in which they are located.
In the example below, they do so by using the service http://www.geoplugin.net/json.gp?ip=. Depending on the country that has been identified, the cybercriminals will display pages with vocabulary in the corresponding language. Examples of files that are used to display a phishing page in a specified language The example below shows 11 different versions of pages for 32 different locations: Example of a script used by phishers to display the relevant page depending on the location of the victim TOP 3 attacked organizations Fraudsters continue to focus most of their attention on the most popular brands, enhancing their chances of a successful phishing attack. More than half of all detections of Kaspersky Lab’s heuristic anti-phishing component are for phishing pages hiding behind the names of fewer than 15 companies. The TOP 3 organizations attacked most frequently by phishers accounted for 21.96% of all phishing links detected in Q3 2016. Organization % of detected phishing links Facebook 8.040955 Yahoo! 7.446908 Amazon.com 6.469801 In Q3 2016, Facebook (8.1%, +0.07 p.p.) topped the ranking of organizations used by fraudsters to hide their attacks. Microsoft, the leader in the previous quarter, dropped out of the TOP 3.
Second place was occupied by Yahoo! (7.45%), whose contribution increased by 0.38 p.p.
Third place went to Amazon, a newcomer to the TOP 3 with 6.47%. Conclusion In the third quarter of 2016, the proportion of spam in email traffic increased by 2 p.p. compared to the previous quarter and accounted for 59.19%.
The largest percentage of spam – 61.25% – was registered in September.
India (14.02%), which was only fourth in the previous quarter, became the biggest source of spam.
The top three sources also included Vietnam (11.01%) and the US (8.88%). The top three countries targeted by malicious mailshots remained unchanged from the previous quarter.
Germany (13.21%) came first again, followed by Japan (8.76%) and China (8.37%). In Q3 2016, Kaspersky Lab products prevented over 37.5 million attempts to enter phishing sites, which is 5.2 million more than the previous quarter.
Financial organizations were the main target, with banks the worst affected, accounting for 27.13% of all registered attacks.
The most attractive phishing targets in Q3 2016 were clients of four banks located in Brazil.
