Cyber thieves are up to their old tricks in Brazil. Forbes recently reported on a new type of malware – called “Bolware” – that allows cyber criminals to redirect electronic payments into fraudulent accounts and steal login credentials. The malware is named after the Boleto, Brazil’s most popular form of online payment. A Boleto is sort of like a money order and allows consumers to pay a merchant an exact amount.
The RSA report cited in the article estimates that Bolware has made almost 500,000 fraudulent transactions and stolen about 84,000 email credentials (mostly from hotmail.com and live.com domains). It’s estimated that there are more than 192,000 infected PCs across Brazil.
Fortunately, this sneaky form of malware only appears to function with Boletos, so individuals and businesses in the United States don’t have to worry about it. But that doesn’t mean there isn’t a lesson to be learned.
What Is Malware?
Malware is a generic term for malicious software, including viruses, worms, rootkits, spyware, trojans, and adware. Different types of malware behave in various ways – and some are more dangerous than others. But malware is always serious. Many types steal private information, which can lead to identity theft and fraud. Anyone – including small-business owners – can accidently install malware.
How Small Businesses Can Protect Themselves from Malware
One of the things that make Bolware so dangerous is that it’s very difficult to detect. The fraud is invisible both to both browsers and individuals. Plus, because of the nature of the Boleto, it’s difficult for consumers to verify that their Boleto information has not been replaced with information from a fraudulent account.
It’s unclear exactly how Bolware infects computers – and cyber criminals regularly update its methods and self-protection. But because Bolware is known to steal email credentials and send spam, it’s likely that users unknowingly install the malware by clicking on fraudulent links or by visiting malicious websites.
Even though Bolware is not an issue in the United States, standard malware is. Anyone – including you and your employees – can fall victim to a phishing scam and end up with malware on your devices. The best defense? Train your employees to recognize malware and other types of viruses. As long as your business knows what to look for, you can avoid downloading malicious software.
Here are some tips from PCWorld that can help you recognize online dangers:
- Websites. Don’t download anything from a website that looks strange or malicious. Sometimes malware is disguised as something that mimics the type of update downloads we see every day. Always read dialog boxes carefully before you hit “install.” If a piece of software or a company sounds unfamiliar, research the name first.
- Email. Avoid opening spam email altogether, and never click on any of the links. Most of the time, spam is easy to spot. But hackers are getting craftier. They disguise spam to look like it’s coming from a trusted institution (the USPS, for example) or a business associate. Sometimes, these emails ask you for personal information. When in doubt, call the institution or person in question to verify that the email came from them.
- Physical media. This includes CDs, DVDs, flash drives, and other types of media. A good rule of thumb is to never use outside media on your business computers. Employees, for example, shouldn’t use the same flash drive they use for work at home.
- Pop-up windows. At best, a pop-up window is a legitimate (if annoying) advertisement. At worst, it will try to con you into downloading something or “scanning” your computer for viruses. If a pop-up window claims it’s detected a virus on your computer, take a minute to examine the message. Make sure the name of the antivirus software exactly matches the kind you use on your computer. If it doesn’t, you know it’s a scam.
If you don’t have antivirus or antimalware protection, get some and scan your computer regularly. Additionally, you should always keep your operating system, browser, and software up to date to ensure you have the latest security patches. Lastly, don’t forget to run a firewall!
Unfortunately, your best defenses sometimes fail. Accidentally installed malware can lead to a security breach, which can cost a business thousands in lost revenue and data breach cleanup. That’s why insurers offer Cyber Liability Insurance. It helps you pay for your data breach response, including credit-monitoring services, investigation, and marketing campaigns.