Computers at the Japan Pension Service were recently infected with a virus, and a huge amount of personal information was stolen. Other cases involved the decrypting of wireless LAN passwords, leading to damage caused by illicit access.
Anyone – including users of smartphone and tablet devices – could become a victim of such cyber-attacks.
It is essential to take precautions, such as remaining on the alert about suspicious e-mails, to protect against such threats.
Stay alert at work
The target of the cyber-attack on the Japan Pension Service was a computer terminal used by one of the employees. The computer was infected when the employee opened an e-mail attachment that contained a virus.
This type of cyber-attack, called a “targeted e-mail,” is mainly aimed at stealing information from large companies and public institutions.
Since the e-mails use the names of actual organizations or people and the subject and content look natural, they often appear genuine to the recipient.
For example, the sender name might read “Health Insurance Office,” and the subject “Notice about medical expenses.” Senders of such e-mails research their target institutions and disguise their e-mails based on that research so as to make the messages they send appear plausible.
What should you do to see through these deceptions?
According to Junsuke Sawarame of the IT security company Trend Micro Inc., “You should be suspicious if the sender’s e-mail address is a free e-mail service.”
Free e-mail services, such as Google’s Gmail, allow users to register addresses freely and use them anonymously. Companies and public institutions never send notifications via free e-mail.
Sawarame also says, “Pay attention to the names of attached files.” If attachments are documents made with popular word processing applications, for example, the document names normally appear as “MedicalExpenses.doc” or “MedicalExpenses.docx.”
On the other hand, files that contain viruses may appear as “MedicalExpenses.exe.”
“.exe” denotes a file that executes a program. These files quite likely will infect your computer with a virus by masquerading as a text document.
Sawarame says, “If something appears suspicious, you should call the sender by phone to confirm, or report the incident to your boss or your company’s IT department.”
Cyber-attacks on individuals become more sophisticated year by year.
The Information Technology Promotion Agency (IPA) is consulted about 1,000 times each month by people who have been victims of Internet scams or attempts at unauthorized system access.
According to Takayuki Ogawa of the IPA, “one-click billing,” “phishing,” and “ransomware” attacks have become more common recently. Many tricks are employed to obtain money from people by deceiving or threatening them.
According to Trend Micro, viruses have shown up recently that seek to initiate unauthorized transfers from online banks.
If you connect to an online bank from a computer that is infected with such a virus, a fake log-in screen is displayed that can steal your PIN or other log-in details. It is difficult to determine that anything is wrong because the URL appears to be normal.
The key to protecting yourself from attacks such as these is to ensure that the basic software running on your computer and smartphone is always up-to-date.
Viruses can exploit vulnerabilities in software, but many of these vulnerabilities are repaired by updates in the most recent version of the software. Nowadays, most computers are set to automatically update their software, but it’s a good idea to check your settings.
It’s also a good practice to update other software on your computer and apps on your smartphone or tablet.
Also, be sure to install security software. In addition to deleting viruses, other safety features have recently been added to these programs, such as warning messages that are displayed when the user tries to open a suspicious web site. Do not forget to keep this software updated as well.
If you connect to the Internet with a wireless LAN at home, check that your signal is encrypted. If you do not encrypt the signal, or the encryption is set to a low level, people may be able to view your passwords or steal information from your computer.
In many of the cases the IPA has handled, users had neglected to follow some of these measures. “In other words, you can avoid most cyber-attacks by taking proper countermeasures and being careful not to open suspicious e-mails or web pages,” Ogawa says.
Source: Asia One