Webcam scams

The Australian government’s Stay Smart Online advisory service is warning people about the possibility of webcam hacks:

In another type of webcam-based scam, malware installed on your computer can be used to operate your built-in webcam, recording images of you without your knowledge. This malware is known as a Remote Access Trojan or RAT and can remotely activate your webcam, at the same time, disabling your camera indicator light.  These images can also be used to blackmail you.

What should I do?
  • As always, make sure your software and systems are up-to-date, and that you are using up-to-date security software.
  • Be aware that anything you do on the internet, including video and voice calls, can be recorded.
  • Never use your webcam to video call someone you do not know.
  • Be cautious about people you meet online. People you meet online may not be who they seem to be.
  • Revealing personal details online is extremely risky.
  • Be aware that this type of scam is blackmail and it is illegal. The scammers are breaking the law.

If you have been threatened, you should:

  • Block their emails and their accounts from all networks. Cease all contact with the scammer. Scammers often seek soft targets, so they may move on if you do not respond. Some victims have reported no further consequences once they blocked the scammer and ignored their demands.
  • Be suspicious of any new or unusual friend requests, for example, someone you thought you were already friends with on Facebook.
  • Save the scammer’s details, emails, comment threads or any other evidence you have of them and the extortion attempt.   This can be done with screenshots or taking a photo with your phone.
  • If you think images or footage may be posted online (you can set up a Google email alert to look for this content every day), you can contact the host site to ask them to remove the files.
  • Contact your local police and notify them of the activity.
  • Report it to SCAMwatch.
  • The only leverage the scammers have is your embarrassment. You may consider accepting the disclosure.
  • Paying scammers and extortionists is never encouraged. Once you have paid, there is nothing preventing them from targeting you or your compromised computer again

Read the whole article here.

Some Android games monitor your location

The Australian government’s Stay Smart Online service is advising that some Android games can reveal your location without the user being aware:

Many mobile educational and game applications (apps), despite being designed for young children, have been identified monitoring children’s geographical locations and selling the information to advertisers.

Apps on your phone may request permission to access location, address book, email, SMS and other information as part of their normal functions, but for some apps, access to this information may not be necessary. If you are concerned about the privacy of your family, read the permission information carefully and be selective about granting the app access to information on your phone.

Managing an app’s access to information requires careful attention to the permissions you give the apps when you load it on your smartphone or tablet.

Security firm Bitdefender recently warned about the practice after noticing that some Android games such as Kids Educational Puzzles were requesting permission to track their users’ locations. This information is often sold to advertisers, who use it to target advertisements to specific types of users in particular parts of the world.

Android devices will show a warning screen when an app is installed and run, outlining exactly what type of information it wants to access. The latest version of Android (4.3), installed on new Android devices, includes an App Ops feature that lets you allow or block specific activities for each installed app.

iPhones and iPads do not explicitly highlight the types of data they collect, but you can control apps’ access to location information by looking in Settings > Privacy > Location Services.

Read the whole article here.

Malicious chargers can exploit mobile devices

The Australian government’s Department of Broadband, Communications and Digital Technology has reported in their email newsletter Stay Smart Online that some modified chargers for Apple products can exploit the mobile devices.

A vulnerability has been discovered in Apple iOS devices, such as iPhones and iPads, allowing a modified USB charger to compromise the device.

Researchers have demonstrated how connecting an iPhone or iPad to a specially built USB charger has allowed malware or unwanted apps to be installed on the device.

Once connected to the charger, the phone’s software essentially recognised the device as belonging to the attacker, enabling access.

A good tip is to always use official Apple chargers to avoid unwanted issues.

Apple ID account holders targetted

Anyone who has an iTunes account and therefore an Apple ID could be subject to a phishing email that is currently doing the rounds.

The Stay Smart Online Alert Service is reporting that

Apple ID account holders need to be cautious of a sophisticated phishing camping targeting your Apple ID, personal information and credit card details.

The phishing email looks official and currently includes the subject line “Update your Apple ID account”. Other known subject lines include: “Please update your Apple ID”, “Please verify the email address accociated [sic] with your Apple ID”, and “Your Apple ID has been Disabled for Security Reasons”. Similar versions could also reference iTunes.

The email includes a link which, when clicked, takes you to a fake, but realistic looking Apple website asking you to sign in to your account.

The Stay Smart Alert includes images of the fake emails to help users identify them. Read the whole newsletter here.

Malware found in Android apps

The Australian government’s Deaprtment of Broadband, Communications and Digital Economy‘s Stay Smart Online site has published a concerning post regarding the possibility of apps in the Google Play store containing malware.

The post explains:

Google has removed 32 apps from Google Play after the apps were discovered carrying a new form of malware (BadNews).

Globally, the apps have been downloaded millions of times.

Although the apps are no longer available from Google Play, if you have already downloaded any of these apps on your device you will need to uninstall them, they contain malware which may access your personal information or introduce further costly malware.

Read more here. It’s worth considering subscribing to the Stay Smart Online alerts service, where items of concern are emailed to all subscribers.

Gamers advised to avoid downloading hacks

Stay Smart Online, part of the Australian government’s Department of Broadband, Communication and the Digital Economy has just released the following information about the danger of gamers downloading hacks:

Antivirus vendor AVG has issued a warning to gamers following research which suggests that more than 90 per cent of ‘hacks’ available online contain some form of malware or malicious code.

Hacks and cheats are commonly incorporated into games; however, the sheer popularity of online multiplayer games has made gamers prime targets for cybercriminals.

The research suggests more than 90 per cent of hacks, cracks, patches, cheats, key generators, trainers and other downloadable game tools contain malware or executable code.

These hacks are commonly delivered via unregulated torrents and file sharing sites, an easy vector for malware. 

Malware inadvertently downloaded with hacks can give attackers easy access to your online gaming account as well as other sensitive information such as online backing details, personal data and passwords for other online services. 


What should you do?

The best advice is to not download any unofficial hacks, patches, cracks or other gaming software (or any unofficial software whatsoever). 

Only download patches from the game’s official site.

Always be suspicious of any files downloaded from torrents and file sharing websites. 

Ensure you always have uptodate security software installed on your computer. 

Use unique account logon and password information for each of your online gaming accounts (and every other online service you use). 


If you think you’re affected

If you think you might have been infected by a downloaded hack: 

Change your password immediately for the game and any associated or similar online accounts.

Contact the game provider to confirm access to your account. 

Run a scan of your computer using up-to-date security software. Most security software should identify and remove common malware. 

You might also consider seeking additional local technical support.

Please share this information with the gamers in your life.

Stay smart online

The Australian Government’s Department of Broadband, Communications and the Digital Economy has an excellent site to help all ages called Stay Smart Online. Tips include:

  • using your credit card safely online
  • banking security tips
  • cyber security awareness
  • information session
  • cybersafety help for children and young adults
Advice is tailored for:
  • home users
  • businesses
  • school
  • kids and teens
There is also the option to sign up for alerts about the latest scams.  Access the whole site here.