Scam E-mail Spoofing Western Union on the Prowl

Scam E-mail Spoofing Western Union on the Prowl

According to the reports from MX Logic released via its security blog on 27 May 2009, yet another deceitful, scam e-mail pretending to arrive from Western Union appears to be currently circulating all over the Internet.

Reportedly, the new fictitious e-mail seems to originate from the Support Team of Western Union.

The uninvited e-mail, arriving in users' inboxes, addresses the recipient as "Dear Client!" Thereafter it states that the recipient's money transfer sent on March 18, 2009 hasn't still been collected.

Hence, according to the agreement contract with Western Union, the money transfers that aren't picked up within 15 days of dispatch are to be handed back to the person initiating the transfer. And to collect this undelivered money, the recipient of the e-mail must take out a print of the invoice given as an attachment and deposit it with the local Western Union office, the e-mail explains.

Finally, the-mail thanks the recipient for his attention.

Meanwhile, commenting on the e-mail's text, security researchers said the con guys have drafted it extremely sophisticatedly such that it appears fully official to the recipient. Yet another factor to note is that it does not specify where exactly to submit the printout.

Thus, many of the e-mail's recipients, desperate to know what amount of money they could get if they visited the local Western Union agency, go ahead with clicking the attachment.

In truth, the researchers at MX Logic Threat Operations say that at the moment they are keeping track of about 100,000 of the latest Western Union e-mails every single hour.

Meanwhile, with phishers and spammers continuously targeting reputed financial institutions such as Western Union, it means a tough time for security experts to halt vicious activities.

However, to prevent from being trapped into such Internet scams, specialists at MX Logic stated in their security advisory that if any consumer had any questions regarding a transaction with any vendor, such as Western Union then he must refer to the vendor's tracking number provided for that transaction's verification. Also, the user must either call the vendor directly or visit its website for the purpose.

SMEs Report Cybercrime as a Key Concern

A latest survey conducted by the security firm Trend Micro on May 26, 2009, which peeped into the small businesses in the UK, showed that alongwith bankruptcy (39%) and stiff competition (21%), cybercrime is one of the biggest concerns for the British SMEs (small and medium business enterprises). Cybercrime puts an excessive pressure on the IT executives of these business enterprises.

In the survey, IT decision makers of one in every five (20%) small businesses admitted that they were highly concerned about cybercrime.

Particularly, in context of electronic crime, one out of every four respondents (25%) reported that their business had suffered on account of a computer virus in the past one year starting since May 2008.

In addition to this, it was also found that the social engineering tactics used by cybercriminals flourish at uncertain point of time. Also, projections indicate towards a steep rise in the incidents of security breaches via Web 2.0 platforms such as social networking sites, and a rise in malware stealing confidential information such as login details and credit card details.

On the other hand, a similar survey "Symantec 2009 SMB Security & Storage" was conducted by security firm Symantec focusing on the SMEs in India. As per the survey, as much as 73% respondents expressed their worries about the basic security threats such as virus attacks.

Despite the concerns expressed by majority of respondents about the virus attacks, merely half of them were found to have anti-virus software in place. The survey also unveiled that 64% respondents were worried about spam while 60% were worried about phishing attacks.

James Walker, Trend Micro's Product Marketing Manager, suggested that a lot needs to be done to make the SMEs aware of the newly evolving security threats, which are destructing their IT infrastructure, affecting their budgets and repute, as reported by channelemea.com on May 26, 2009.

According to the recommendations of Trend Micro, small business enterprises must make sure that all of their employees are using effective passwords and changing them regularly in order to safeguard their assets. SMEs should also discourage their employees from downloading contents from any unreliable source and should install anti-virus software and firewalls to ensure the safety of their networks and PCs.

CISOs seek frugal ways to secure systems

CISOs seek frugal ways to secure systems
It is budget cutting time. Companies in all industries are looking for ways to save money in a down economy. Security analysts say companies are slowing ongoing projects and delaying others signaling the acceptance of more risk. Security pros that attended the two day SecureWorld Expo on March 25-26 in Boston learned about a number of [...]

It is budget cutting time. Companies in all industries are looking for ways to save money in a down economy. Security analysts say companies are slowing ongoing projects and delaying others signaling the acceptance of more risk.

Security pros that attended the two day SecureWorld Expo on March 25-26 in Boston learned about a number of ways to keep sensitive systems locked down while trimming their already tightening budgets.

Candy Alexander, CISO at Long Term Care Partners LLC, urged attendees of her session, “Security compliance program on a shoe string budget,” to develop a framework by using guidelines outlined by NIST. Alexander said NIST would be a cheaper source over the ISO standard. Although the benefits of ISO over NIST or vise versa is debatable, ISO is also not a widely adopted standard in the U.S., she said.

While much of the information doled out during the 45 minute presentation was basic, it certainly could serve as a starting point for some security pros looking for ways to keep systems secure despite a tightening budget. The most important piece of the talk: Know your data. Know where it is. Know how it flows through your systems. It’s so simple, yet time after time I hear that many data breaches happen because an attacker found a hole in a database that IT didn’t even know existed.

A friend who works for a major university in Massachusetts told me that in the first few weeks on the job he followed the basic steps of identifying the most sensitive information, where it was and how well it was protected. During the process he found a database containing thousands of credit card transactions in a small office off one of the university’s dining facilities. It had been there for years. Few knew it was there and those that did — dining facility staff with little technical expertise — didn’t realize the data residing on it was so sensitive.

Having a sound security policy and enforcing that policy was also one of the takeaways from the expo. Although it’s another fundamental part of being a security professional, we’ve heard countless times that some organizations have policies that they downloaded off of a website and rarely refer to them or educate end users about them. Charles Cresson Wood, a consultant at InfoSecurity Infrastructure Inc., a Mendocino, Calif-based consultancy, gave the SecureWorld keynote, urging those listening to rethink their security policies. If an organization doesn’t have policies that align with business objectives then they should be written with that in mind, Wood said.

Wood advised attendees to conduct an annual risk assessment tying it into the company security policies. He said some of the best security programs also create an environment that fosters higher security standards among employees. Management plays a big role, he said.

Finally, an information security officer tag team of Leilani Lauger of Loyola University and Morey Straus of NHHEAF Network Organizations tackled ways CISOs can do their job frugally. Straus said CISOs can consider managed security services and should also take a look at the company’s existing contracts with third-party vendors. Some of them may be able to be renegotiated at a cost savings, he said. Straus said CISOs can also help foster the culture of valuing information security by acting “less as a cop and more like a guide.” Lauger said security pros should also design training programs that are interesting and replace outdated posters and material with fresh content on a regular basis. Send out security messages in multiple forms, not just weekly email messages or security posters, she said.

Source: feedproxy.google.com