Security and Risk Online: Strengthening your Online Protection

security2band2brisk2bonline2bstrengthening2byour2bonline2bprotection

In this modern world, identity theft is a huge black market industry today. Don’t be just another statistics and take precautionary measures to protect your identity online today. Here are some useful ways to follow:

Stay away from public Wi-Fi

Connecting to a free public Wi-Fi is risky. It provides an easy way for hackers to steal your identity and track what you’re doing online. They may steal your logins and obtain any sensitive information if you aren’t being extra careful.

Software updates are important

You might find software updates that keep on popping on your screen as a disruption and insignificant but what you don’t know is that their updates are very important for many different reasons. One thing is because software updates could save you from outside attacks. Outdated software is like living in a house with no locks on the doors, you are so unprotected and vulnerable inviting unwanted intruders to access important things.

Phishers! Phishers!

Phishers are tech-savvy con artists and identity thieves whose goal is to steal sensitive information from their victims using fake websites, fake emails, and other sophisticated techniques to steal information.  Email phishing scams are the most effective strategy cybercriminals used to steal your information. If you ever encounter an email asking to confirm any information, don’t give away details.

Check if you’re already a victim

There’s a certain website called hasmyidentitybeenstolen.com that can detect whether your email address is at risk and if it’s on the dark web already. All you have to do is to enter your email address and confirmed it. This is so legit that the CEO of this site has been featured in BBC Rip-Off Britain last year 2015.

Check your online bills and statements

Regularly monitor your online bills, in this manner you’ll quickly detect if there’s a malicious activity going on your accounts and to quickly take actions before it’s too late.

 

Advertisements

Tokyo Online Fraud detection firm outs $1b Russian ad-fraud gang and its robo-browsing Methbot

fraud-detection-firm-outs-1b-russian-ad-fraud-gang-and-its-robo-browsing-methbot

A $1 billion Russia-based criminal gang has been bilking online advertisers by impersonating high-profile Web sites like ESPN, Vogue, CBS Sports, Fox News and the Huffington Post and selling phony ad slots, but that’s about to end.

Online fraud-prevention firm White Ops is releasing data today that will enable online advertisers and ad marketplaces to block the efforts of the group, which is cashing in on its intimate knowledge of the automated infrastructure that controls the buying and selling of video ads.

The group has been ramping up its activities since October so that it now reaps roughly $3 million to $5 million per day from unsuspecting advertisers and gives them nothing in return, says White Ops, which discovered the first hints of the scam in September.

When someone clicks on a video that’s posted to a Web page, the video is often preceded by a short advertising video known as pre-roll. The pre-roll slot is sold realtime – within 100 milliseconds – via an automated auction. That click to request the video is what initiates the ad auction, and the browser directly receives the pre-roll from the advertiser that wins, says White Ops CEO Michael Tiffany.

The system relies on information provided by the browser to verify what site the browser user is visiting and that it actually receives the pre-roll ad. “The ecosystem believes what the browser says about what site you’re at,” he says.

Beware Methobot

The gang, which Tiffany calls AFT13, has created a robo-browser called Methbot that spoofs all the necessary interactions needed to initiate, carry out and complete the ad transactions. So Methbot contacts an ad exchange and says it needs a pre-roll for a video on Vogue.com, for example. The system runs an instant auction, settles on an ad and sends it to Methbot, which verifies that it received it and played it.

Then the advertiser pays the entity the website that the browser claimed to be visiting, but that entity resolves ultimately to AFK13, not to Voguecom, in this example, he says.

INSIDER: Traditional anti-virus is dead: Long live the new and improved AV

Beyond this, AFK13 spoofs the geolocation of the IP addresses that the Methbot servers use so it seems they are all owned by U.S. internet service providers. The proxy IP addresses mask the fact that Methbot traffic is generated by servers as opposed to individual personal computers generating legitimate traffic. It also hides that the servers are located in data centers in Dallas and Amsterdam.

This helps Methbot duck detection mechanisms that look for a few IP addresses that generate enormous volumes of requests Tiffany says, enabling AFK13 to sell 200 million to 300 million false ad impressions per day for 1.3 cents per view on average, White Ops says. The fraud network does its work from an estimated 800 to 1,000 nodes in its data centers and operates 24 hours per day, with a sales cycle of 5 seconds per impression.

Methbot further avoids detection by selling the ads on more than 6,000 domains representing about 250,000 URLs.

To pull this all off, AFK13 has amassed an impressive infrastructure that includes:

The servers that generate all the Methbot browser activity.

A bank of 500,000 IPv4 addresses (worth about $4 million if sold on the open market).

A means of registering those IP addresses so they appear to be allocated to U.S. ISPs.

Methbot software.

The software has been upgraded over the period that White Ops became aware of it, Tiffany says. For example, White Ops first caught on to the scam when it noted a small error in an HTTP header used by the group. One value, known as Cache-Control, contained a colon, which violated the specification for that value. Since then the error has been corrected.