More users affected by identity theft malware during economic crisis

According to data compiled by PandaLabs, the number of users affected by malware designed for identity theft has increased 600% so far this year with respect to the same period in 2008. Most of these are Trojans, but there are also many examples of phishing, worms, spyware, etc.

According to Luis Corrons, Technical Director of PandaLabs, “maybe one of the reasons of this increase is the economic crisis along with the big business that selling this information on the black market, such as credit card numbers, Paypal or Ebay accounts, etc. We have also seen an increase of the distribution and infection of this kind of malware through social networks.”

Just as an example, PandaLabs receives nearly 37,000 samples of new viruses, worms, Trojans and other types of Internet threats every day. Of these, 71% are Trojans, mostly aimed at stealing bank details or credit card numbers as well as passwords for other commercial services. Between January and July 2009 we received 11 million new threats, some 8 million of which were Trojans. This is in clear contrast, for example, to the average of 51% of new Trojans that we received at PandaLabs in 2007.

Hackers have also been busy exploring new channels for propagating threats as well as new sources of revenue. With malware samples, which previously targeted -almost exclusively- users’ online banking information by getting them to enter their user name and password in a spoof bank website, potential victims are now taken to any platform or online site in which their bank details may be stored or where they might have to enter them.

Such is the case with the increase in targeted attacks on pay platforms (such as Paypal) and other services where users often save their payment details, including popular online stores (such as Amazon), online auctions (e.g. eBay), or even NGO portals where they make charitable donations.

Similarly, whereas email was practically the only channel used in the past for contacting victims, many other methods are now being used:

  • Message distribution across social networks with fake URLs, such as Twitter or Facebook
  • Cloning of Web pages to make them appear among the first results in searches by keywords in popular search engines.
  • SMS messages to cell phones.
  • Infecting computers with spyware which displays alarming messages and takes users to fake websites (e.g. fake antivirus programs).

Messages that use social engineering are often the final touch to lure users into taking the bait. Once they have obtained credit card or bank details, they have two possible options: either using them to make purchases which victims will be unaware of until they receive their bank statement; or selling the details on the black market (often fetching around 3 euros a time).

How can users avoid falling victim?

We estimate that around 3% of all users have been victims of this techniques. The problem with these types of threats, unlike traditional viruses of the past, is that they are designed to go undetected, and therefore users do not realize they have become victims until it is too late.

There is a series of basic prevention measures

  • Firstly, it is extremely improbable that online banks, payment platforms or social networks will ever send messages (emails, texts, etc.) to users asking for their login credentials, and much less for their credit card details.
  • Whenever you access an online bank, store, etc. always type the address directly in your browser. It is never advisable to enter these sites through links received through any channel nor links returned by search engine results.
  • Even having written the address in the browser, check that the URL is really the one you have entered, and that the address has not changed into something unusual when you have clicked Enter.
  • Check that the page contains the corresponding security certificates (these are generally displayed with a “locked padlock’ icon in the browser).
  • Needless to say, you should always have a good security solution installed on your computer. This will help detect if you are entering a spoof Web page. It is always good to have a second opinion to ensure that you have not been infected by Trojans or the like.
  • Above all, if you have any suspicions don’t enter your details and contact the corresponding bank, store or service provider that you are trying to access. Practically all of these will have a customer services line.
  • If you are someone that frequently uses online services for shopping, banking, etc., you can also get insurance for your online activity, which will cover you in the case of fraud.

Don't miss