The majority of Internet security risk factors can be controlled with the right tools, the right attitude (a willingness to learn and apply the necessary strategies), and the desire to become proactive versus reactive. Keeping your computer free from badware, malware, botnets, viruses, adware, and a host of other nasties plays an important role in extending some decent net etiquette. 

If you think of  surfing the web as an Interstate and the computers that frequent the web as vehicles – driving a stable vehicle on the Interstate is integral to highway safety. Would you feel safer driving next to a car that is well maintained with a current safety inspection sticker intact, or would you feel safer driving next to that dilapidated hunk-of-junk with four bald tires and no safety inspection sticker?

10 Ways To Protect Your PC

 1-Back-up: How and why you should back up your personal computer.

Though this is one of the most neglected areas of computer maintenance,  it is essential to have a clean back-up source if your system has a hard disk failure (crashes) or your data and system files become compromised by a virus.

2-Use strong passwords: Check your password at Microsoft, is it strong?

A weak password such as 123456, password, abc123, or using your first name or pet’s name as your password is the Achilles heel of online security. Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

3-Use a firewall: What is a firewall?

A firewall is a barrier that can keep destructive forces (hackers, malicious software) from the Internet away from your computer.It can also stop your computer from sending malicious programs to other computers.

4-Use Anti-virus software and keep it up-to-date.  

New viruses and malware is created everyday, so it is important that you keep your definitions updated.

5-Use a reputable malware scanner. Malwarebytes is highly recommended.

6-Don’t use an administrative account to browse the web

Create a new user account with limited rights to surf the web. Since malware requires administrative rights to run on the system – using a nonadministrative account will not enable malicious software to install on your system.

7-Keep your PC operating systems and programs updated.  Secunia PSI is an excellent [Free] option that keeps third-party software updated.

Windows Vista and Windows 7

To turn on Automatic Updates yourself, follow these steps:

1. Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
2. In the left pane, click Change settings.
3. Select the option that you want.
4. Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK. –Microsoft Support

8-Never download pirated software 

According to The Dangerous world of Counterfeit and Pirated Software, pirated and counterfeit software (i.e. unlicensed software and bogus software pretending to be genuine) has become one of the most reliable fast-tracks to the risk of malware infection. –NetworkWorld

9-Be responsible with social networking sites.

Social networking sites are rife with rogue apps and Internet scammers that often prey on user’s to spread their wares via permissions granted by the user. With a little education anyone can stay on top of the bad stuff and have a better Internet experience overall.

Subscribing to the Sophos Security Blog and FaceCrooks will keep you aware of the seedy and unsavory side of social media, along with providing great tips on how to stay safe online.

10-Use a layered approach when surfing the web.

As an example of using a layered approach: You would use a Internet Security Suite to take care of your antivirus needs, an anti-malware product installed such as Malwarebytes, Secunia PSI to check for vulnerabilities, a link scanner like McAfee SiteAdvisor and use Cocoon to anonymize and protect your web browsing sessions.

 “Layered security is about multiple types of security measures, each protecting against a different vector for attack.” — Chad Perrin, TechRepublic

When you browse the web it is easy to land on an unsavory site or get hit by a drive-by-download. Today, the virtual threat landscape needs more protection than an antivirus suite or antimalware application. Many exploits utilize 3rd party browser plugins (Flash, Adobe Reader) and if your operating system or browser has a vulnerability – it can easily become an open door that invites hackers in.

By following the above 10 tips, you will be able to minimize the impact that hackers and malicious software can have on your PC.

Do you have more PC Internet safety tips to offer? Please leave a comment at our blog or let us know on Twitter, Facebook, Google+, or Pinterest.

Wikipedia describes ransomware as a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid to the creator of the malware in order for the restriction to be removed.

Essentially online extortion, ransomware involves infecting a user’s computer with a virus that locks it. The attackers demand money before the computer will be unlocked, but once the money is paid, they rarely unlock it. –NYT

While your computer is locked, the cybercriminals can steal your private data; launch online banking and credit card fraud; and take full control of your computer and online life. Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam.

How it works

According to the Internet Crime Complaint Center (IC3)  the latest version of ransomware uses the name of IC3 to frighten victims into sending money to the perpetrators. This version of the Citadel malware platform also claims that the user’s computer activity is being recorded using audio, video, and other devices. This is a very clever social engineering trick – designed to instill fear of potential criminal prosecution if the victim fails to comply with the perpetrator’s ransom demands.

Next, the victim is lured to a drive-by-download website that installs ransomware on the user’s computer. Once installed, the computer freezes and a warning screen is displayed warning the user that they have violated U.S. federal law. Then the perpetrator goes even further (instilling more fear in the victim), by stating that IC3 has discovered that the victim’s IP address has accessed child pornography or other illegal content. To unlock the computer, the victim is instructed to pay an IC3 fine by purchasing a prepaid money card.

How can you avoid ransomware?

Cocoon offers a better way to view the web and skips interactions with your hard drive, (Ransomware can encrypt your computer hard drive). Any fear of drive-by-downloads, malvertising or ransomware messing with your hard drive becomes obsolete. Cocoon works by securely connecting over any network to Cocoon’s servers, providing enterprise-grade virus protection and encrypting all interactions to prevent drive-by-download attacks.

Virtual World Computing, developer of the Cocoon online privacy solution, is announcing a new collaboration with child-safety advocate Marc Klaas’KlaasKids Foundation that aims to harness the power of social networking to protect children from predators and abusive marketers alike.

While immediately giving parents a tool to manage which websites their kids can access, a top priority of the collaboration will be the creation of a parent-sourced “white list” of recommended websites. This tool will join Cocoon’s other online security and privacy tools which include eliminating corporate tracking of children, protecting the family computer from harmful downloads of viruses and malware, and helping parents manage their family’s online lifestyle.

“We are proud to announce this collaboration in large part because, since KlaasKids began in 1994, it has always been about social solutions and distribution of information,” said Jeff Bermant, co-founder and Executive Chairman of Virtual World Computing.

Marc Klaas, who became a missing person’s advocate after his daughter Polly Hannah Klaas was kidnapped and murdered in a high-profile 1993 case, said the collaboration offers a chance to advance the KlaasKids mission.

“The predators out there have certainly embraced new technology,” Klaas said. “They might understand your child’s iPhone better than you do and much of this new location-identifying technology should really give us pause. Cocoon’s solutions offer an immediate chance to address some of those threats while protecting from marketers who might be unduly targeting our kids.”

In addition to its collaboration with KlaasKids, Virtual World Computing works with the National Center for Missing & Exploited Children to implement an automated “blacklist” updated daily to help assure that the Cocoon service is off limits to online child predators.

When a Facebook Concert ticket giveaway event appears on a friend’s wall, it might be a scam that leads to plenty of wall spam or malware could be downloaded to your computer without your knowledge or consent. This morning’s scam event claimed that the band One Direction (1D), a very popular U.K. band who debuted at #1 on the U.S. billboard 200 was giving away free tickets to loyal fans.

Scam Events

Many of the fake pages were titled Free 1D Tickets Giveaway! (Limited Offer). In order to get a free ticket code you have to jump through quite a few hoops. You have to join the event and then you have to invite your friends to the event. They even tell you how to select your friends faster!

Next, you supposedly need to be ‘verified’ by the scammers and then wait 12-24 hours to receive the ticket code. The waiting period allows them to set up other fake pages or to start new scam campaigns with another band or popular trending event. Don’t hang out out with your messenger waiting for a response from these scammers, because you won’t be receiving the ticket code in this lifetime.

They also have a rogue VIP scam that includes a bit.ly link, that when clicked, silently sneaks  you over to a Prizepalacepalace website (without your knowledge) and is either using it for rogue affiliate marketing purposes or you could end up with malware downloaded to your computer.

Clicking on the above link sends you through a series of redirects (all unencrypted) and there is no telling what the code on their end could be baking in the code-oven. The final redirect sends you back to Facebook to join their scam event. On the short URL that I listed above there is a tracker and two other websites (that were recently purchased) that lie well below security community radar, (for potential deployment of malware or unsavory code bits in the future).

Social Engineering Tactics

In Commtouch’s quarterly Internet Threats Trend Report, 74% of Facebook attacks were targeted at leading users to fraudulent marketing affiliate and survey scams (out of the Facebook scams that proliferated in 2011). The benefits for cybercriminals can become lucrative. They often receive affiliate payments for driving users to specific sites and they can also collect personal data for the purpose of identity theft. They can spread malware through rogue apps (or rogue code) that steals passwords or sends spam and they can also generate an enormous number of ‘likes’ with no clear malicious purpose.

One of the most important components of furthering their scam is through the use of your ‘friends’ network. Utilizing the trust factor – they lull you in to believing that you just might be able to receive FREE tickets to see One Direction if you share this with all your friends too (via the power of socially engineered persuasion).

Tristan was invited by her friend…

Before joining any event on Facebook check with an authentic source first!

We all know that if the band was really giving away free tickets to their loyal fans that it would be listed somewhere on their fan page. One Direction (1D) has plenty of interesting tabs, but you won’t find a FREE ticket giveaway tab on their page.

Where do I go from here?

Check with the Facebook Help Center and learn how to report scams and spam. Be sure that you report the rogue page and get your friends to report it too. Get these scammers shut down and become part of the solution to help make Facebook  a safer place for all.

—————————————————————-No FREE tickets here…

You’ve read all about the risks of shopping online and by now even heard of some of the questionable solutions that are being considered by the U.S. government. Only now, you find yourself sitting at your local cafe taking advantage of that free WiFi. You’re frantically searching the Internet for an affordable gift to give your loved one for their birthday next week. Credit cards in hand, you write to friends on Facebook asking them for any last-minute advice before you make a purchase, and…STOP! Haven’t we taught you anything?

Not only are there a ton of things that could go wrong with your unsecured shopping experience, but anything else requiring private login information while you’re on that free WiFi (i.e. social networking sites) connection. This is precisely the type of situation that could lead to identity theft, access to files on your computer’s hard drive, or full disclosure of any private information you send and or receive over the network.

A common approach to intercepting private data and opening the door to identity theft is the Man In The Middle Attack. In the past, free programs like Firesheep have made it possible for even less tech savvy people to perform such an attack. The program could, for instance, hijack an active Facebook, Twitter, or even bank account session if the victim is using an unencrypted network. This applies to many of your online accounts, so think about it before logging on Facebook or making a purchase on public WiFi.

Using websites that utilize HTTPS (rather than standard HTTP) may help you in some scenarios, but this remains limited. While on Facebook, check the address bar to make sure you see “https” and not just “http”. If you are not in https mode, check your Facebook Preferences page and make the change.

If you’re using Firefox, it is recommended that you do not use the browser’s built-in password saving tool, because it is unencrypted to anyone who has access to your computer. To see any of the passwords that Firefox has saved for you, simply go to your Firefox Preferences in the Firefox menu; click on the Security tab; then go to ‘Saved Passwords’ in the bottom right corner. Once there, all that’s needed to show your full passwords is to highlight a website and click ‘Show Passwords’. If you have passwords saved, we recommend deleting them while in this menu.

Check back with us soon to find out more about phishing attacks, and how you can protect yourself from them. We’ll also show you some of the ways Cocoon can help secure and protect you should you find yourself on an open WiFi network, browsing from home, and more.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall

Part 4: The Online Pickpockets of The World Wide Mall

We have taken a look at some of the ways commerce has evolved over the past decade, and the raw numbers that have emboldened the movement.  A worldwide surge of online espionage and crime has led initiatives by criminals, governments, and corporations into action. Each entity is striving to steal from, protect, and take advantage of the expanding scale to which online crime has tipped. It has become clear who’s after our money, but then who will protect us in this time of need?

Here in the United States, our government has become aware of the issue of online privacy and security, and Senate talks are rampant on the subject. The recently proposed Cyber Security Act of 2012 is being considered as a centralized means of reducing the problem. Critics argue that the Act is expensive and poses a threat to online privacy. The Act would essentially put the job of fighting cybercrime in the hand of the Department of Homeland Security, and would introduce a slew of new expenditures for big companies such as Google and Amazon.  Whether or not the Act would truly reduce the amount of cybercrime in the U.S. is unknown, but our privacy could likely suffer.

The age old argument of government regulation versus the private sector reinforcement certainly rings true to cybercrime today. What we can be sure of, however, is that public education remains a win-win for everyone, everywhere. Be sure to check back here tomorrow for some tips on how to stay safe on your own accord.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall

The Norton Cybercrime Report 2011 surveyed over 12,000 adults in 24 countries last year, and obtained some rather shocking results. Each day of the past year, the study suggests, over 1 million online adults in these 24 countries experienced cybercrime. The study determined the majority (54%) of those cases to be malware or virus attacks. The Second and third leading causes were online scams (11%) and phishing (10%), respectfully.

Norton estimated that the total bill for cybercrime in these 24 countries over the year in case was roughly $388 billion, which included time needed to recover. This astonishing amount nearly matches the entire illegal drug trade for that same period of time.

It is said that something like 1 in 10 US consumers have already been victimized by identity theft (Frugal Dad). A growing variety of methods are being implemented by criminals in order to achieve such results. Some of these methods include phishing scams, man-in-the-middle attacks, spyware, malware, keystroke logging, botnets, and viruses.

Trojan Horses have been known to trick users into installing them by masquerading as legitimate software packages. Malware, however, can be delivered via drive-by downloads through a website you trust, all without your knowledge. The Zeus malware platform in late 2010, for instance, would use infected computers to form a botnet where it would then target holiday shoppers. Zeus used man-in-the-middle attacks socially engineered to get Macy’s and Nordstrom account holders to reveal sensitive information online (CSO Online). Once a consumer has handed over their private information, cyber criminals can then use it to steal the victim’s identity, commit fraud, and more.

Be sure to check back here tomorrow for Part 3 of our Pickpocket Series.

Part 1: The Online Pickpockets of the Worldwide Mall

Attention shoppers, the mall will be closing in, well, never. The times are changing, and consumerism is far from waning. Your local brick and mortar shops are struggling to keep their doors open; meanwhile, online commerce continues to grow at an alarming rate.

In the UK, for instance, online retailers saw sales nearly double the week before Christmas 2011 when compared to the same week one year prior, according to MetaPack. Similarly, e-commerce revenue continues to see exponential growth as online shopping grows. Total revenue in 1996 was $600 million, compared to roughly $680 billion in 2011, and climbing to an estimated trillion plus dollars by 2014 (Techcrunch).

Whilst online retailers gleefully reap the benefits of these numbers, another kind of beneficiary watches from the shadows of the Internet. We’re talking about “cybercriminals”, and they aren’t looking at numbers, but rather the increasingly large flow of money being exchanged between individuals and their trusted servers. These are modern day pickpockets, and they’re here to stay.

Be sure to check back here tomorrow for Part 2 of our Pickpocket Series.

Part 2: The Online Pickpockets of the World Wide Mall

Society has an obligation to protect our children and online safety for children should be a priority. We need a three-pronged approach to address this issue: policy changes; industry self-regulation; and more parental tools, monitoring and education. –Vernon Irvin, President and COO, Virtual World Computing | Huffington Post

Cocoon Beta is now available for Internet Explorer exclusively from CNET downloads today!

Cocoon Internet Explorer offers the same protection that our Firefox version offers:

1- Antivirus scanning of downloads
2- Encrypted browsing history
3-IP address anonymising
4-Malware blocking
5-On-the-fly disposable e-mail addresses
6-Secure public Wi-Fi

Internet Explorer users can easily download the free plug-in, which instantly provides users with greater privacy protection, security and convenience when surfing the Web. Cocoon works by securely connecting over any network to Cocoon’s servers, providing enterprise-grade virus protection and encrypting all interactions preventing “man in the middle attacks.”

Your privacy is protected because websites and advertisers only see Cocoon servers, hiding your unique IP address and preventing your online activity from being tracked by cookies. Unlike traditional anti-virus software, Cocoon prevents malicious software and virus downloads by instantly scanning files for viruses before they reach your computer.

Download Cocoon IE from CNET Downloads Today!

The Cocoon Team