75 Million Unique Malware

At the end of 2011 (just recently) the total number of unique malware (viruses, spyware, etc) reached 75 million. That’s 75 million different threats people created to cause havoc, steal passwords and steal money from you. The internet can be a dangerous place.

The figure comes from a report by McAfee. They also report that malware for Macs are becoming less common, and malware for Android are becoming more common.  You can read more details here, it’s pretty grim.

Some tips to avoid being a victim:

  • Use a good antivirus product on your computer. Paid ones are usually better. Keep it updated
  • Use Google Chrome
  • Don’t click on every link you see in Facebook, Twitter, etc.
  • Sometimes people’s accounts get hacked, so something they wrote online might not really be from them
  • Don’t believe every sensational headline you see
  • Don’t believe every alarming email you receive, especially emails that sound urgent and have poor spelling and grammar
  • Use common sense (why would a stranger in an African country want to give you millions of dollars, or did you really enter the Spanish lottery?)
  • Use Google to check if something you read is true

 

PIN 1234

1234 is the most common PIN used in banking.

A new study of 1100 banking customers found that 1234 and birth dates make up a large percentage of PINS. This means if your wallet is stolen, a thief can find your birth date from your license or other ID, take your ATM card and guess your PIN. And it will work for 1 in 18 stolen wallets (or 1 in 11 for some banks). They’re good odds for thieves.

The study suggests that banks issue a random PIN instead of letting you set one yourself. I think it’s a good idea. Here’s the full document.

$114b Industry

Which industry made $114 billion in the past 12 months? Cybercrime did.

According to  Norton’s Cybercrime 2011 report, criminals stole US$114b worth of money using the internet. This is a serious problem. Think about where all that money came from? Who do you know that had stolen from their bank account, credit card, or other cases of fraud?

Here’s a breakdown the US$114b:

  • USA: $32b (74 million victims)
  • China: $25b
  • Brazil: $15b
  • India: $4b
These figures are calculated from survey results, so they’re not completely accurate but they do give a very good indication of the problem. The report also estimated that more than 1 million people lose money to cybercrime every day. That’s a lot of people!
Poll:

Most Common iPhone Passcodes

Daniel Amitay has been able to collect a sample of over 200,000 passcodes used to lock an iPhone. The most common ones were:

  1. 1234
  2. 0000
  3. 2580 (a vertical row)
  4. 1111
  5. 5555
  6. 5683 (spells LOVE)
  7. 0852 (a vertical row)
  8. 2222
  9. 1212
  10. 1998

This list represents 15% of all PINS (that’s too high). Years starting with 199 were also found to be common. And PINS starting with 1 are also very common.

The information here is relevant to other devices as well, basically anything that uses a 4 digit PIN typed into a keypad.

If you use any of these codes to lock something you consider important you should change it now.

 

Common Passwords

Security companies sometimes get to analyse real people’s passwords and create interesting reports. Imperva has just done that, analysing 32 million passwords used on the Rockyou.com site (which was recently hacked).

Below is a summary of their findings. Why is this important to you? Because it means that statistically, you probably have a weak password that can be guessed.

  • 41% of passwords only use lower case letters (weak)
  • 15% of passwords only user numerals (even weaker)
  • Nearly 50% of people used names, slang words, dictionary words or trivial words as their passwords. These can be guessed in seconds by a “brute force” program.

The ten most common passwords were:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

If you use any of these as your password then change it now, it’s too easy to guess, especially now that everyone can see this list.

For tips on how to choose a good password read our previous article. And here are some tips on testing how good your password is.

Imperva’s complete report is here. It’s full of interesting technical details on what they found and what the risks are.

Malware Statistics

Avast! is a company that makes a decent anti-virus program. They recently published some statistics that are interesting:

  • Their anti-virus programs blocks 1 billion malware a month. That’s 1,000,000,000 attempts to install viruses, trojans, password stealers, etc on to people’s PCs. A month. And that’s just by one small company.
  • 1 in 15 people encounter a malware every day.
  • They find about 3,000 new malware each day (that’s new and unique viruses, trojans, etc). They have 2.1 million in their database.

These statistics are not just marketing numbers, they give you an idea of how serious a problem malware is. If you don’t have a good anti-virus system installed on your computer they you need to take action now (today) and install something to protect you. Good anti-virus systems generally cost money – it’s a good investment, the cost of not buying one is usually greater.

And get something from a known vendor. Last week I talked about a comparison of anti-virus programs, you can use this as a guide.

And Macs and Linux computers aren’t safe either.

Spam Sentences

A quick post about spam. Some of the most common sentenced used in spam are:

  • We are letting you try it for FREE, you just pay the shipping costs!
  • FREE Download without limits!
  • Get your Free Trial Now!
  • Take FREE exotic vacations!
  • Get Free trial bottle!

In similar news, Norton has published a list of what they consider the top 100 most dangerous web sites. I won’t copy & paste the names here because my site and newsletter will no doubt be blocked by filters everywhere. You can have a look here to get an idea of what they consider to be highly dangerous web sites.

FIFA World Cup Lottery Scam

The FIFA World Cup is scheduled for 2010 in South Africa and scammers have already started using this news to trick people into giving out their personal details.

Targetting peopleA new scam email is sent to people telling them they won a lottery. The email is full of interesting things to catch people’s attention such as a large dollar amount ($850,000) and social tricks such as asking them not to tell anyone about their winnings.

At the end they ask the recipient to send them a few personal details, which the scammers then use to steal money from your bank accounts.

The email uses broken English and is full of "official looking" random letters and numbers.

Below are some quotes from the scam email. If you receive this email just delete it.

South Africa FIFA World Cup 2010
Government Accredited Licensed!!
Online National Lottery South African
2009/REF:EAASL/941OYI/04&
Batch: 12/25/DC34 RE:LOTTO

Your email have luckily won the sum of USD$850,000.00

Which subsequently won you the lottery in the 2nd category i.e. match 5 plus bonus. You have therefore been approved to claim a total sum of $850,000.00 USD… In cash credited to file KPC/9080118308/02. All participants for the online version were selected randomly from World Wide Web sites through computer draw system and extracted from over 100,000 union associations and corporate bodies that are listed online this promotion takes place weekly.

Our agent will immediately commence the process to facilitate the release of your funds as soon as you contact him. For security reasons, you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize. This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program your request to fill the information below.

And it goes on and on.

Some people who fall for these things have never entered a lottery, but they want to believe it so much that they don’t stop to consider why they were selected.

Now you might be wondering who could possibly be so foolish to fall for lottery scams. In fact, a large number of people fall for these things. In Australia alone (and with a small population of 21 million) 329,000 people lost money to lottery and phishing scams in one year. 3.6 million people fell for these scams in USA. Imagine how many people worldwide fall for these things.

Not everyone in the world reads Fraudo.com. You can help by talking to people about lottery scams, making them aware of what they are and how they work (there’s more information here). Help educate people, especially those who are less tech savvy or might be desperate for money. You could also help them subscribe to Fraudo.com – get them to enter their email address in the top right corner of this page, sometimes email is an easier way to receive these updates.

Keep the wolves at bay

A New Year

2009 - Happy New Year

It’s now 2009. I started this site in 2007 with the intention of helping people understand online fraud. Things are coming along nicely.

In 2008:

  • I published 174 new articles on this site (for a total of 229 articles). My goal was 200 new articles so I’ve slacked a bit.
  • 8493 people used Fraudo.com when looking for information about scams, fraud, etc.
  • 576 people wanted to know if it’s ok to give out their bank account details to strangers (I answered this question here)

I also introduced an email subscription service. Enter your email address in the top right corner of this page and you’ll receive an email with all the latest updates.

Fraud, scams, and viruses are bigger problems than ever so I’ll continue my efforts on this site. The best way to overcome these dangers is through education, so continue reading this site and let everyone know about it.

All the best for 2009,

Enrique.