But have you ever wondering how this is so wide spread? The answer lies is part of a much wider security problem online where large websites trade safety for speed and hackers exploit weaknesses in wireless networks.

With the proliferation of wireless devices like the iPad and smart phones these days people are pretty much connected to the Internet at all times, using a spare few minutes to see what our friends are upto on social networks or logging to do some quick banking on the go.

Quite often we’ll be out at a train station, restaurant or sporting event and take advantage of free WiFi use browsing and download speeds faster than our 3G network coverage. The problem with doing this is most of us just assume connecting to these networks is secure – but is it really?

WiFi technology is still in it’s infancy but has spread so rapidly into portable devices that the security is lagging behind. Hackers and security enthusiasts have been able to develop sophisticated ways of intercepting our data since the very early days of the Internet and computer networks, but now there is a new free tool available that can give anyone with even the slightest computer knowledge the power to hijack your bank, facebook, twitter, PayPal, Gmail or just about every other online account.

The tool call Firesheep was originally created as an addon to the popular web browser Firefox by software engineers Eric Butler and Ian Gallagher. There intent was to demonstrate just how insecure the Internet is, particularly wireless (WiFi) technology. Using the plug in, hackers can easily harvest login details from users with they sign in to there favourite websites using WiFi networks. It works by listening to traffic passed over insecure connections between the WiFi network and a computer, phone or tablet capturing the data and session cookies and allowing the hacker to be able to use that cookie to access websites the user has visited over the unsecure WiFi network.

How to protection your accounts and information

The most effective way of course would be to refrain from using public WiFi networks, but this is not always practical so here are some tips to keep your data and accounts safe:

• If you are using WiFi on a laptop, firstly use the Firefox browser and then install some handy plugins called HTTP-Everywhere or Force TLS that will attempt to force all over you connections with websites onto the encrypted Secure Socket Layer (SSL).
• Always signout of websites when you have finished browsing. This ensures that no one can come in after you, as the session cookie will now be invalid.
• It’s good practice to always look at the URL of a website you are visiting before entering any login details to make sure you do not get any details phished, but always be on the look out for https rather than http. Sites like facebook and gmail do no default to HTTPS mode due to performance issues.

The following message pops up in the chat window:

Hello *******, what are you doing in this video??? LOL No comment!

http://apps.facebook.com/frienddi?sfgs1

Clicking on the link leads users to a Facebook phishing page. If users enter the login details on the phishing page then their details will be stolen. As Trend Micro points out, Facebook phising attacks are not a new threat, however links popping up in the social networks on chat functions is fairly concernining. The application that produced this link has already been removed by Facebook, however more are likely to pop up in the near future.

Subject: “McAfee VirusScan Plus”
Message body: “Download a FREE 30-day Trial of MCAfee VirusScan Plus and Be Automaticaly Entered to Win.
Installation file attached”

McAfee has been quick to point out that they never send setup files for their products as email attachments, and that you should also be suspicious of opening any attachments when they have arrived unsolicited or from an untrusted source.

Those with a keen eye would’ve also noticed the mis-spellings in the email, “MCAfee” and “Automaticaly”.

If you want a legit trail version of McAfee VirusScan, you can grab it here.

Melbourne, Tuesday 20 July 2010 – Did you know:

• Almost 6 million Australians are exposed to scams and frauds each year (Australian Bureau of Statistics);
• 800,000 Australians fall victim in some way;
• Almost A$1 billion is lost each year, a good part of which will go out of the Australian economy;
• The Australian Government year-long enquiry into the rapidly growing problem of cyber crime recommended banning people from connecting to the Internet unless they have proper anti-virus software.

Identity theft poses very real dangers which can have a severe impact on your life as well as a knock-on effect on your family and friends. The most worrying aspects of having your identity stolen are that it appears to be relatively easy to do and the consequences of losing your identity in today’s digitally connected world can be appalling.

Lloyd Borrett, Security Evangelist at AVG (AU/NZ), says: “Essentially, identity fraud means criminals using your personal information for monetary gain. This can also mean they are opening bank accounts in your name, redirecting your post to another address or even securing a passport using your personal details.

“So what can you do to prevent the fraudsters getting enough of your details to be able to clone your identity and then wreak havoc with your finances, credit rating and your life? We’ve put together a list of tips to help you stay safe and keep the bad guys at bay.”

1. Don’t throw away anything that contains personal information unless it has been shredded or ripped up to make the document illegible. So shred the following: bank statements, utility bills, application forms, chequebook stubs, card receipts and letters that have personal details. Today a smart burglar wouldn’t bother breaking into your home and taking household goods and personal items. Instead they’d just steal identity-related documents. An even smarter one wouldn’t even break in. They’d just go through your mailbox and rubbish bin.
2. Be aware of phishing phone calls – if someone asks you to give away personal information over the phone, check their details and get a phone number to call the organisation back to check they are legitimate.
3. Be very alert online – phishing attacks are a growing problem. Keep your email address as private as possible and don’t fall for emails asking you for personal information like bank account details, usernames, passwords or credit card details. A legitimate bank or financial institution will never email you asking you to follow a link or asking you for personal details. Report these scam attacks to www.scamwatch.gov.au.
4. Be careful when using social networking sites, as these can be an easy route to snatching your data. You could be giving up your personal details to the bad guys, crooks with fake profiles, or the friends of your friends who you can’t possibly know and trust. When you next log on to social media sites like Facebook and Twitter, check and set the privacy settings on your accounts so that you’re only divulging information to those you truly trust. Please be very circumspect as to what personal information you post on social media web sites.
5. Always go directly to web sites asking for personal information rather than clicking on links in an email or web site page.
6. Only conduct an internet transaction if you are sure the web site is valid and secure. The rise of the internet has created a playing field for fraudsters – always ensure a web site is secure before providing personal details or account information.
7. Remember to set strong passwords. Last year, 20,000 Yahoo, AOL and Hotmail passwords were hacked only to find the most popular password was 123456. Try to use a combination of letters and numbers and change your passwords regularly.
8. Monitor your credit card and/or bank statements and look for suspicious transactions. Also check your credit status regularly; this way you’ll be aware who is doing credit searches on you and if any new accounts have been set up in your name. Contact Veda Advantage or Dun & Bradstreet to get a copy of your credit file.
9. If you move house then have your post forwarded for at least six months to prevent important mail with personal details landing on someone else’s doormat.
10. Go with your gut feel. If it sounds too good to be true then it probably is. If you’re suspicious as to whether an offer or request is genuine then get independent advice from a trusted advisor, family member or friend.

And if you suspect fraudulent activity then act fast and contact your bank, credit card, store cards, utility and phone companies so they can monitor irregular activity. Too hard? Then get an agency such as Secure Sentinel to help you resolve the situation.

Borrett says, “If you follow these simple steps and are vigilant it could save you lots of money and hours of wasted time cancelling cards and chasing up your bank to reclaim the stolen cash. You also may want to consider buying AVG Identity Protection, which sits on top of your existing anti-virus, shielding your passwords, credit card numbers, and other digital valuables from prying eyes. Even better, get a complete security suite solution like AVG Internet Security for total protection.”

AVG (AU/NZ) has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/.

And since there was no evidence nor report of an iTunes App Store data leak, it is most likely that individual iTunes user credentials were stolen via phishing attacks.

What does a “Spyware Blocker” do?

Spyware blockers do exactly as the name suggests, that is they “block” or prevent spyware from infecting your computer. It is slightly different from a spyware remover, although the same piece of software often provides both functions.

Spyware blockers work by preventing the installation of spyware software on a computer. Data transferred by the computer is scanned for spyware and when detected its installation is blocked. Spyware Blockers may also offer protection by scanning computers for spyware that had already been installed. If any spyware is detected, it is then removed.

Spyware Blocker Features

Real Time Protection

This is probably the most important function of any Spyware Blocking software. Basically this means that your computer is being constantly monitored or any type of suspicious behaviour as your computer sends and receives data online (browsing, emails etc). If the Spyware Blocker detects any irregular activity it perceives as a threat to the computers security it will automatically prevent the file(s) in questions from performing their malicious function (perceived or otherwise).

Signature Updates

It is very important that anyway software you choose be updated regularly. Just like anti-virus software, anti-spyware is practically useless if it does not have up-to-date signatures. A good Spyware Blocker will automatically check for updates in the background.

Brand Name Vendors

It is now common for attackers to make spyware disguised as anti-spyware, so that when a user has been infected and looks for a spyware blocker to remove the infection downloading the wrong piece of software may actually add to the problem and install more spyware. You should only install software from a trusted source or vendor that has a good history of spyware removal.

Once spyware has been successfully installed onto a computer it gathers information on the user(s) and relays it back to advertises or other parties such as criminal networks. There are a few ways spyware can be installed on a computer:

• Whilst installing a program
• installed like a typical virus
• loaded form a USB dongle
• served up by an infected email
• opening spam emails

Spyware programs often range from plain annoying to extermely harmful like keyboard loggers and screen grab applications capable of stealing  passwords and other sensitive information.

Just like anti-virus software, anti-spyware scans a comptuer looking for files that are known to be spyware or adware programs. Once these files have been located they are quarantined or permentately deteleted.

As with anti-virus software, anti-spyware software must be updated regulary as it relies heavily on a database of known threats. Anti-spyware softeare often includes a function known as a Spyware Blocker, that prevents spyware from being installed in the first instance.

One of the best ways to prevent spyware is to install a Spyware Blocker. There are many free and paid Spy Blockers available for download, however if you’re looking for a trusted source consider Microsoft offers Windows Defender for XP onwards.

Prevention is the best cure. By taking the following precautions you can significantly prevent your PC from being infected with Spyware.

Firewalls

A firewall is a type of software that monitors data coming in and out of your computer to stop hackers from accessing your computer. If your computer is infected with Spyware, at some stage it will try to send data home remotely – A firewall with attempt to block this unauthorized transmission and alert the user.

Examine all downloads and installations

Most spyware is installed by downloading software from the internet that has the software hidden within the downloads content. You should deny any request to install software and web browser add-on unless you absolutely need it and it is coming from a trusted software vendor.

When something pops up on your screen you should always take the time to read it – we are accustomed to clicking the ‘OK’ button and often spyware can be install right in front of our eyes. If you are unsure, do a quick search online for the programs name and see what comes up.

It may sound obvious, but websites or peer-to-peer services that offer pirated software, music or movies are havens for spyware and malware.

License Agreements

You should be suspicious of any software that tries to install without prompted the license agreement. If you are worried about private companies recording your PC behaviour, then take time to read the agreement of any software downloaded. You should be extra cautious of free software downloads – they are often the culprit that installs unwanted search tool bars (a way of monetising their “free” software).

Pop-up Blocker

All the major web browsers such as Internet Explorer, Safari, Firefox etc can block web sites from launching pop-up windows. Modern browsers generally have this enabled by default and a warning message will appear at the top of the browser window.

Closing a pop-up window

Cancel doesn’t always mean cancel when it comes to spyware. The creator of the software may try and trick you into installing some unwanted program, so always click the X in the top right of the window in question to close or use the MS Windows keyboard short cut (Alt – F4).

Browser Security Settings

Since Internet Explorer is bundled with Windows it is the most popular browser, making up over 50% market share – therefore most spyware is targeted towards this medium. A simple way to protect yourself is to download Firefox or Google Chrome which are regarded to provide better protection. Older or out-of-date browser also dramatically increase your risk.

If you stick with Internet Explorer, put the security settings for the Internet Zone to medium or higher which restricts the amount of information a website can read and write to on your computer.

Always check for updates

Microsoft is very reactive to spyware and accordingly make many updated available. Windows 7 and Vista both allow you to set updates to download and install automatically – this is highly recommended.

The problem is that not many people actually bother to read the agreements as they are long and often full of jargon. Ticking to box to agree to the license agreement allows these companies to legally install spyware onto your computer. However, often it is just anonymous user data that is being collected.