How is it that today’s ‘mal-aware’ users are still falling for spam emails offering cheap Viagra, beautiful girls looking for love, or inappropriate photos of celebrities?

AVG (AU/NZ) Pty Ltd reminds Internet users that the weakest point in Internet security is often the behaviour of online users themselves, enabling socially engineered malware to be more successful.


A survey by the Australian Bureau of Statistics* covering 2010-11 suggests Australians are far from learning about online scams and ID theft attempts and may in fact be becoming more gullible. Some 6.4 million – or just over a third of the population – were exposed to a scam of some kind in the 12 months before the survey interview. Only 514,500 responded to a scam, but – and surprisingly given the increased publicity on scam attempts – this is an increase from the 329,000 victims who responded to some sort of scam in 2007.

Much of today’s malware is aimed at those who readily open suspicious links. In particular, the subject matter often seems to target men, providing free games, free music, free movies, Get Rich Quick schemes, and inappropriate content in emails such as porn and revealing photos of celebrities.

According to the AVG Q2 2012 Community Powered Threat Report*, in the last quarter Android smartphone users were tricked into downloading malware which was hidden in seemingly legitimate applications such as ‘Angry Birds Space’. This then allowed the hacker to monetise from the infected device as they wish, and to download additional malicious code or connect the device to a botnet.

As AVG’s Threat Labs face the minute-by-minute launch of new online threats, Michael McKinnon, Security Advisor at AVG (AU/NZ) answers the top five cybercrime questions:

Although Internet security awareness is high, are there real dangers of which consumers are unaware or underestimate?

Since most Internet users use spam filters, the majority of virus-ridden emails now end up in the ‘Junk’ folder. However, it is surprising how often people still click on the links or attachments in emails for “Buy Cheap Viagra” or “You want to make $100,000 fast?”. Once the user clicks on the link, they are transferred to an infected website that begins the malware download.

Spam is also being rapidly spread by other means such as social networks. Cybercriminals are becoming increasingly adept at collecting facts from a victim’s or group of victims’ real environment: friends’ surnames, online interests, searched companies. Then they send what looks like safe online correspondence with links, which are tempting to click on. “You really need to keep up your guard at all times,” McKinnon said.

Are Apple users better protected than PC owners?

It’s not that Apple’s security technologies are any better than others, it’s that hackers follow volume to money. In our experience, a platform only needs to have 10 percent market share to become sufficiently worthwhile to malware authors, so it’s no surprise that Android is attractive -  and with the number of Mac users rising, cybercriminals will now think it’s worth the effort to develop malware for that environment.

How many users fall victim to cybercrime?

According to the Australian Bureau of Statistics’ Personal Fraud Survey, around 1.2 million Australians fell victim to at least one incident of personal fraud (defined as credit card fraud, identity theft, and scams) in 2010-11, losing $1.4 billion over the year.

McKinnon believes: “Almost every computer user has fallen victim to a malware infection, often without even noticing it. Whether damage is inflicted depends largely on the protection mechanisms in place.”

How can I spot a scam?

There is no fool-proof way to always identify a scam all of the time.  Some of the latest techniques used by scammers mean that even so-called security experts can be fooled.

It is imperative to ensure you have layers of security in place, including anti-spam, anti-malware and antivirus detection along with a firewall – and most importantly, a link scanning technology that inspects web links as you click on them.  Plus use your commonsense before clicking on links sent by strangers.

Will using the ‘In private’ browser feature keep me safe?

No, using this privacy feature in web browsers does nothing more than prevent browsing history, images and content being stored permanently on your computer or device.

Using ‘In private’ browsing still allows malicious websites to infect your system or take advantage of a vulnerability, or trick you into revealing private information; and more often than not actually helps the bad guys cover their tracks since your browser keeps no record of what happened.

5 cyber-safety tips

·         Protect every Internet-enabled device with security software: your computer, laptop, tablet and mobile

·         Switch on automatic updates for all programs and upgrade to the latest operating system

·         All data has value to a cybercriminal  so consider carefully what personal information you are willing to share in the public domain

·         Only carry out financial transactions in a secure https:// page. Also,  use a credit rather than debit card as the financial institution will not charge you for any proven fraudulent activity on your credit card

·         Think and check before you click through on any link or attachment, particularly on the latest social networking sites