Net scams prey on unemployed, target social networks
Jump to: Featured stories
The downturn in the economy in 2009 sent people looking for new ways of making money online. Notably, fraudsters tried a variety of tricks to separate people from their money, including preying on unemployed Web surfers with work-at-home and other offers too good to be true.
The year got off to a bumpy start, with news of what was believed to be the largest data breach in U.S. history. Heartland Payment Systems, which processes payroll and credit card payments for hundreds of thousands of businesses, reported that an unknown number of
In Europe, malware was discovered on ATMs that enabled criminals to steal account data and PINs, and even empty machines of cash. Researchers said there was evidence that ATMs in the United States had also been compromised.
Scammers also came up with innovative social-engineering tricks to lure Web surfers into downloading Trojan horses that steal bank information, or paying for software they don't need (and would likely never receive) with fake antivirus alerts.
Spammers appealed to the unemployed with vague job offers that turned unwitting citizens into mules for laundering money stolen online. Other scams gathered credit card numbers for work-at-home "kits" that resulted in unauthorized recurring charges on the consumer's card, including a number of misleading ads using the Google name.
Money seemed to be the motivation behind Conficker as well. The much-hyped worm dropped malware masquerading as antivirus software onto computers.
Fraudsters followed consumers onto social-networking sites like Facebook and Twitter. Facebook found itself shutting down rogue apps, and Twitter and Facebook repeatedly had to fend off spam, worms, or phishing attacks designed to drop malware on their machines, steal their log-in credentials, or direct them to dubious marketing sites.
Malware writers also discovered a new outlet for delivering their code to unsuspecting Web surfers--advertisements on legitimate Web sites, including The New York Times.
Meanwhile, security holes in Adobe Systems' Flash and Reader led to exploits targeting the popular programs. And security researchers at the Black Hat conference unveiled serious weaknesses in the way domains are verified on the Internet.
Mobile continued to be the new frontier for attacks, as cell phones became more like computers than phones. Apple's iPhone seemed to be a prime target. After security experts showed how they could attack an iPhone by sending an SMS text message, Apple hurried to fix the hole. Researchers also demonstrated a way to snoop on iPhone calls made via VoIP, or voice over Internet Protocol, connections.
And jailbroken iPhones, modified so they can run unauthorized apps, were targeted with several pranks late in the year. A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages offering to tell the owners how to fix the phone, if they paid a fee.
--By Elinor Mills
Breach at payment processing company Heartland exposes millions of accounts and could make it the largest security breach ever.
The worm is updating itself on infected computers via peer-to-peer and is programmed to stop running on May 3, Trend Micro researchers say.
As RSA 2009 kicks off, Microsoft begins education campaign about new security features of Windows 7.
Yet another scam on Facebook sends users to a Web site designed to steal their log-in information and download malware, while Twitter suffers its own phishing attack.
Hidden code on ATMs dating back two years has given criminals the ability to use special cards to steal account data and money from the cash dispensing machines.
Trojans target Mac OS users, including one hidden in a porn site.
Poor programming practices in Chinese-mandated Green Dam filtering software put users at risk of compromise, security expert says.
A security firm in Vietnam says it has traced the origin of the denial-of-service attacks to the U.K., contrary to speculation that North Korea was the culprit.
PandaLabs says rogue antivirus software could be infecting as many as 35 million computers a month.
Two security researchers prove to a reporter during Black Hat that they can indeed "Pwn" her iPhone by just sending a text message.
Dan Kaminsky and Moxie Marlinspike explain how flaws in the way domain names are verified on the Internet could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.
Melissa Hathaway, who at one point was considered a leading candidate to fill the "cyberczar" post permanently, tells the Wall Street Journal she's resigning for personal reasons.
Accounts of pro-Georgian blogger were targeted in denial-of-service attack that led to outage at Twitter and problems at Facebook, Blogger, and LiveJournal, Facebook CSO says.
Florida man accused of stealing credit card data from TJX is among those named in breach involving Heartland, 7-Eleven, Hannaford Brothers, and others.
A flaw that could attack Microsoft's Web server software is now being used to attack machines, the software company reports.
"Scareware" and other malicious content are sneaking onto high-profile Web sites via ad delivery systems that are not secure, experts say.
Trojan hijacks your browser, calculates how much money it can steal from your bank account without detection, transfers the money and displays fake balance information to hide its activity.
Top attacks on computers come from phishing and worms, separate reports from Microsoft and McAfee show.
A new iPhone worm is impacting jailbroken iPhones and iPod Touch devices. The threat, unlike the previous one, is extremely serious.