Get Safe Online: the Latest Spyware Threat

If the news has passed you by, you may not know you’re currently enjoying “Get Safe Online Week’, as designated by Get Safe Online: a UK government-funded online safety awareness campaign. The 15th-19th November 2010 is the date for this year’s annual event to raise awareness of internet safety issues such as the ever-present threat of spyware. Get Safe Online’s PR campaign hit the ground running on Monday morning with stories across all major media reporting the threat posed by the latest “scareware’ techniques being employed by hackers.

“Scareware’ scams that are on the rise are identified in two different formats: spreading pop-up adverts and the use of cold-calling techniques.

Pop-up adverts are generated by malware on an infected machine and appear incessantly. The adverts are designed to appear authoritative and warn of detected virus infections. Simultaneously, the advert offers the solution to problem in the form of a downloadable virus cleansing program that can be purchased online. These programs are either ineffective at removing the “detected virus’, are worthless “solutions’ to a phantom problem, or contain dangerous spyware that can command remote control of a user’s system. The success of the scam depends on targeting naive and ill-informed computer users who are susceptible to being duped and/or are vulnerable to exploitation by scare tactics.

Cold-calling scams normally involve fraudsters calling on the premise of being from an IT helpdesk. Bogus advice is given in order to mislead users into thinking their computers are infected, leading them to purchase fake antivirus software. Victims are deceived into paying a one-off fee (typically around ?£30) to download security software from an apparently legitimate website. In reality, fraudsters use the transaction to obtain credit card information or infect the user’s computer with malware. This can then be used to hijack the system remotely, to facilitate further identity fraud or to launch untraceable phishing attacks.

Get Safe Online quote Sharon Lemon, Deputy Director of Cyber Crime at the UK’s SOCA (Serious Organised Crime Agency): “In recent cases, we have seen gangs employing 300-400 people to run their operations and using call centre-scale set ups to target victims en masse. They can also be paying out as much as $150,000 a month (on a pay per download basis) to individual webmasters who are unwittingly advertising their fake software – this level of investment from criminals indicates that the returns are much heftier than this.”

Tony Neate, Managing Director of Get Safe Online: “Web users should ignore ‘cold calls’ from companies offering free virus checks, and be very cautious of any on-screen pop-ups. Most reputable antivirus providers such as Kaspersky, Panda and Bullguard do not approach customers in this way without prior notice or a direct request.”

The 2010 Get Safe Online survey, found that almost 1 in 4 (24%) UK adult web users have been approached by someone claiming to be from an IT helpdesk offering to check their computers for viruses. In addition, UK security minister Baroness Pauline Neville-Jones said that eight out of ten people were not aware of this type of scam: “Given that our latest research indicates 80 percent of UK internet users have never heard of these ‘IT helpdesk’ scams, yet almost a quarter have been approached by them, it is vital that we make people aware of this threat”.

As part of the “Get Safe Online Week’ initiative, SOCA will announce their latest research reveals that more than a third of UK internet users (34%) report being the victim of a computer virus attack, 22% have experienced a phishing scam, and more than one in five (21%) have been a victim of identity fraud.

Like us on Facebook