Malaysians to be On High Alert as Hot Season for Cyber Scams Begins!

Fortinet Unveils Top Cybercrime Tactics and Tips to Stay Cyber-Safe

MALAYSIA, June 12, 2012 - The second half of 2012 will be a busy media period globally as several world events are set to take place including UEFA European Football Championship in early June, London Summer Olympics in July and United States Presidential election in November 2012. Closer to home, Malaysia’s 13th General Election is tipped to be called soon. Such significant events guarantee strong Internet activity and with it, cybercriminals will attempt to “cash in” with a flood of malware attacks.

“With more than 2 billion people connected online, the Internet has become the favorite playground of scammers. There are thousands of scams in circulation today and it would be difficult to list them all. But they clearly pursue the same goal: extort money from their victims by taking advantage of their credulity” said Karine de Ponteves, FortiGuard Antivirus Analyst at Fortinet.

Fortinet today announced the latest cybercriminal scams that Malaysians need to be aware of:

1. Fake Lotteries
These consist of spam emails sent to users to inform them that they are one of the lucky winners eligible for a large money amount or an exciting high-value prize. To collect their winnings, users are asked to first pay duties. Of course, whether they pay or not, they will never receive their prizes.

2. Purchase Fraud
Promising tickets at discount prices for major events, known as “Purchase Fraud,” is blossoming on the Web too. By surfing on classified ads websites such as eBay and Craigslist, users may find tickets at low prices. They should be very suspicious during this hot event period, as the seemingly good deals are oftentimes pure frauds.

3. Rouge AV
During major sports or political events, many users browse the Internet to learn about scores, results and other hot news. From a simple search on their favorite search engine, it is quite possible for users to get to a malicious website (or a legitimate website that has been hacked) with a pop-up window on their screen indicating that their computer is infected (even if they already have an antivirus (AV) program) and offering to clean it. This false message typically prompts users to click on the pop-up, enabling the installation of a fake AV without their knowledge and, next, the installation of Trojans to collect users’ key data such as passwords and banking numbers.

4. Video Hoaxes and Social Networks
Users may receive a message from a Facebook friend claiming to offer "exclusive" images or "rare" video footage, especially after a major event - like match-winning goal of a football match, a tragic sporting accident or political speeches and rally scenes - hits the news. These images or videos are often fake. Clicking on the link will take users to a legitimate looking Facebook page where they will be asked to copy and paste a link onto their browser, which will install malware onto the computer and automatically spread the scam to the users’ contacts.

5. Phishing & Identity Theft
Users may receive an email from their bank and/or Paypal highlighting that their account is blocked and requiring them to complete a form with their bank login details to remedy the situation. Those users should not reply and keep in mind that their bank would never ask for their banking ID by email. If they give away their banking credentials, their account could be completely emptied by scammers. This technique, called phishing, is also used by scammers to acquire other sensitive information like social security numbers. This scam can quickly become a major issue that affects more people than just the victim: damage can snowball when stolen credentials are used in second-stage attacks.

6. Advance Fee “Nigerian” Fraud
This scam has existed in various forms for centuries. The concept is simple: convince the victims they are going to receive a huge amount of money in exchange for little or no effort on their part. After making contact with the victim, the scammer would ask for fees to release the money. More money may be requested subsequently. This type of fraud can sometimes lead to serious financial losses by the victim.

7. Sweetheart Swindles
Perpetrators develop a long-distance relationship with their intended victims. In most cases, the cybercriminals pass themselves off as wealthy businessmen working abroad, or charming women looking for someone to take care of them. When the contact is made, it isn’t long before the perpetrator starts asking for money.

All the above scams are flooding the Web and even well-informed Internet users might be snared. Fortinet advocates the following tips to stay cyber-safe:

• Requests for password or credit card information should set off alarm bells − double check before one complies
• Be very wary of links that either lead to applications or external websites
• Believe the popular saying: “If it's too good to be true, then it probably is”
• Never send money to anyone you have never met in person
• If you haven't entered for a lottery, you can't win it.

网络诈骗季节来临，大马人须提高警戒 !

Fortinet提出最高网络犯罪的策略和技巧，以维持网络安全

马来西亚, 2012年6月15日 - 随着欧洲杯足球赛、伦敦奥运会、美国总统选举及马来西亚第13届大选将在今年下半年举行，网络罪犯正蠢蠢欲动，打算趁人们在这段期间活跃使用互联网之际，大事进行网上欺诈活动，以大捞一笔。

“互联络固然连接全球逾两亿人，但同时也成为了先进的行骗工具。如今在网络仍然活跃的骗局有上千种，要将它们一一列举十分困难。但很显然，这些网络骗子皆追求同一个目标：凭着受害者轻信他们的优势勒索钱财，”Fortinet的FortiGuard防毒分析师Karine de Ponteves说道。

为了让大马人对此有所警惕，Fortinet今日公布了最新的网络骗子的诈骗手法：

1. 假奖券
这些由“垃圾”邮件发送给用户，通知他们是幸运儿，已赢得高价值的奖金或奖品。在领取奖金之前，用户必须要先缴纳税款。当然，无论支付或不支付，他们永远是不会领取到奖品。

2. 购买诈骗
在重大活动提供优惠价格的“购物欺诈”，如今也在网络盛行。如在eBay及Craigslist等分类广告网站，用户可能会发现门票价格便宜。此时用户应该怀疑，在这种热门赛事的季节，有时看似不错的交易，常常都会是骗局。

3. 流氓反病毒（Rouge AV）
在大型体育活动或政治事件，许多用户会浏览互联网来了解分数或结果等热点新闻，只要用简单的方式搜寻本身喜爱的网页，它就很可能带你浏览到恶意网站或一个已经被黑客入侵合法的网站。即使他们已经有了一个防病毒（AV）软件，还是会有弹出式窗口指他们的电脑已感染病毒。这种虚假的消息通常会提示用户点击弹出，在不知情的情况下安装一个假的防病毒AV，以收集用户的关键数据，如密码和银行号码。

4. 视频恶作剧和社交网络
在一项重大的事件或活动后，用户可能会从面子书的朋友中声称提供“独家图片”或“罕见”的录像的讯息，如一场足球比赛的致胜进球，一个悲惨的体育意外、政治演说或集会的场面 。这些图像或视频往往是假的。点击链接后将会出现在用户合法的面子书页面，他们将被要求复制并张贴到自己的浏览器，这将使电脑安装了恶意的软件，并自动传播到用户及接触诈骗。

5. 钓鱼和身分盗窃
用户可能会收到一封电子邮件，指他们的银行或他们的帐户已被封锁，并要求他们完成与银行登录信息表单，以纠正这种情况。用户不应该回应，并牢记自己的银行不会要求他们通过电子邮件提供银行密码。诈骗者通过使用这种称为钓鱼的技术，获得他们银行密码及其他信息。这种涉及多人的诈骗手法将很快成为重大问题：当被盗取的身份被用于第二阶段的攻击，将会导致很大的损坏。

6. 预收费：“尼日利亚”欺诈 （Advance Fee “Nigerian” Fraud ）
这类形式的骗局已存在多个世纪。它的概念很简单，即说服受害者在无需或给予一些付出的情况下接收一笔钱。他们与受害人接触后，就会向受害者拿钱宣称要释放那些钱。接下来，诈骗者会不时向你讨钱。这种骗局往往导致受害者损失庞大的钱财。

7. 甜心诈骗
在大多数情况下，犯罪分子号称自己是在国外工作的富裕商人，或是漂亮女性要找人照顾他们。当接触不久后，罪犯就开始要钱。

以上种种骗局皆已充斥网络，甚至消息灵通的网民也可能陷入陷阱。藉此，Fortinet提倡以下贴士，确保网络安全得以维持：

• 被要求密码或信用卡资料时应提高警觉 – 在提交之前加倍检查
• 遇到带你去应用程式或外部网站的链接要格外谨慎
• 相信那普遍的俗语：“天下没有白吃的午餐”
• 从不寄钱给你没见过的任何人
• 如果你从未购买任何彩卷，你不可能会赢奖