A number of people have asked me lately if smart phones can get viruses. The quick answer is, yes.
Here are is a recent example from the news:
Android Botnet Sends SMS Spam
(December 19, 2012)
Earlier this month, two security companies detected a botnet composed of infected Android devices. The devices become infected when users install certain game applications that contain a Trojan horse program called SpamSoldier. Last week, the botnet was estimated to have sent out more than half a million unsolicited texts a day.
Most of the news stories I see are related to Android phones, but due to their popularity iPhones could be targeted more in the near future. IT is already researching anti-malware for smart phones (our current AV vendor doesn't make an app for iPhone), but the best protection is (and always has been) avoiding high-risk activities in the first place.
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.
These phishing scams and malware campaigns may include, but are not limited to, the following:
These messages, which may appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.
US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing scams and malware campaigns:
One of our members reported a fake lottery scam letter they received in the mail. The letter starts with the phrase, "We are pleased to inform you that you are one of the declared winners in the MEGA LOTTERY..." The letter includes a claim number and a fake check for thousands of dollars.
Please remember, if it looks too good to be true, it probably is! Lottery scams are very common this time of year.
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holidays and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.
These phishing scams and malware campaigns may include but are not limited to the following:
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
One of our members recently reported receiving an email with the subject "Rejected ACH payment" from email@example.com. The email was sent from a fraudster hoping to get the member to click the attachment called "report_####.PDF.EXE" to see details on a cancelled transaction. The attachment likely contained a keystroke logger or other type of malware. Please note that NACHA will never send you an email about a failed ACH.
We continue to receive reports from our membership about fraudulent text messages and automated phone calls. Please remember that Texas Trust will never send you a message asking for your social security number or credit card information.
There has been an increase in the number of malicious websites targetting Internet browsers, Flash Player, Adobe Reader, and Java. Please make sure you are keeping these products updated on your computer because many patches come with security updates that will prevent infections.
Several members have reported receiving fraudulent text messages recently. One example said "You have a pending credit union alert," followed by a phone number to call. Please note that Texas Trust never sends messages of this nature via text message.
A data breach at Citibank has leaked information for about 200,000 of their credit card customers. Names, account numbers, and email addresses are among the items identified in news reports. Those affected by the breach will be notified by a letter in the mail.
One thing to keep in mind is that whenever email accounts are stolen it opens the possibility of targeted phishing attacks. If you are a customer who has shared information with Citibank, you could receive a fraudulent email that includes your real account number in an effort to fool you into clicking on links in the message.
Hotmail, Gmail, Yahoo, and other personal email account systems are frequently targetted by fraudsters. Make sure you have a good password (at least 8 characters with mixed-case and some non-alphanumeric characters) protecting even your free accounts. Otherwise, someone you know may receive an email "from you" asking for money or with a hyperlink sending them to a malicious website.
Are you using a smart phone? If so, be careful about the types of "apps" you download. Not every application is safe and some may attempt to steal sensitive information, such as online banking login and password information. It's always a good idea to check the rating of the app, read reviews, and check the developer's website for signs of legitimacy.
An advertising company recently suffered a security compromise that allowed someone to steal millions of email addresses and possibly customer names. This may allow the bad guys to conduct phishing attacks that use the victim’s real name (e.g. “Hello <member name>, please click here to access your account”) in a more targeted scam than what we normally see.
A running list of companies that may be affected is below:
As always, please remember to avoid clicking links in email messages. Instead, copy and paste links into a web browser or (when available) close the message and visit the login site for the company that you already have bookmarked in your browser.
A member reported a text-message that read as follows: "Customerservice.com: You have a new credit union message alert. Call now free 281-(# removed) and follow instructions." Remember, Texas Trust will never send you a text message asking you to call a number to get information. This is an attempt at fraud!
WASHINGTON (3/15/11) -- NACHA, the electronic payments association, on Monday warned of a phishing scam perpetrated by individuals who are claiming to be representatives of NACHA.
The emails, which contain harmful links, have been sent to both individuals and companies and bear the name of NACHA and, at times, the names of fictitious NACHA employees and departments.
NACHA in its Monday release said that the organization "does not process nor touch [auto clearinghouse (ACH) transactions] that flow to and from organizations and financial institutions."
"NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive," the organization added.
NACHA warned recipients not to click on the link included in the email, and added that similar fraudulent emails, with some changes, could be sent in the future. NACHA also recommended the use of antivirus programs.
NACHA most recently warned of a similar scam on Feb. 22, and has been the victim of other phishing scams in recent years.
For the full NACHA release, use the resource link.