Despite laws enacted in 2001 to combat digital-related incidents, cyber crime is still pervasive in Algeria. This is due not only to a lack of detection tools, awareness and training courses, but also to the negligence of private and public institutions in protecting their intellectual properties online. In 2010, the Center for Judicial and Judiciary Research (a branch of the Algerian Department of Justice) began developing and implementing cyber security laws. Until then, the field went mostly unregulated. Since 2010, 12 cases have been reported and to-date there has been eighty-eight cases brought to Justice.

Technological innovations in the world of cyber criminals have made the traditional bank robbery seem almost prehistoric. Computer and Internet access now replace the gun; surreptitious locations replace the need for an actual physical presence to confront the victim. Hacking, phishing, spear phishing, spamming, 419 scams, malware, web piracy and cyber terrorism, can all take place from the comfort of one’s cubicle – far from and invisible to the intended target.

A variety of those cyber crimes mentioned above are already affecting Algeria. In 2010, individuals suspected of operating from China infiltrated Algeria Telecom and hacked their servers, thus gaining control over their internet traffic in order to monitor digital communications among its citizenry.

There are other reasons why cyber criminals thrive. First, many law enforcement agencies lack the latest technological tools essential to tackling the problem. Second, the victims lack basic IT skills and an awareness of what has happened to them until it is too late. Yet if we are to address the growing threat of cyber crimes, there needs to be significant improvement in both of these areas. Expertise in the many forms of cyber attacks, training the audience on computer security, and a campaign of educational awareness must be instituted across private and public organizations. Information fliers, posters, e-mails, and videos are simple but vital tools in the war against cyber crime.

Now step back from the fact that these things are happening in Algeria, because while it may seem we are leaps and bounds in front of Algeria on the technology spectrum, the same holds true for organizations and consumers in the United States. We are so enamored with the cool new technologies that allow us to connect and share information from anywhere that we often forget that there are online criminals out there counting on us to have our guard down. We can’t simply rely on technology to protect us completely, because the criminals have found ways around technology – human error. The more people, employees and senior management understand the complexities of the cyber environment, the better off they will be in protecting their personal security and the security of their organization. Don’t become complacent with cyber security; make sure you and your organization are fully aware of the dangers and how to address them.

As a result, in October 2007, the United States, the European Community, Switzerland and Japan simultaneously announced that they would negotiate a new intellectual property enforcement treaty, the Anti-Counterfeiting Trade Agreement, or ACTA. ACTA represents a significant achievement in the fight against the infringement of intellectual property rights, particularly against the proliferation of counterfeiting and piracy on a global scale, and provides a mechanism for the parties to work together in a more collaborative manner to achieve the common goal of effective Intellectual Property Rights (IPR) enforcement. When it enters into force with all participants, ACTA will formalize the legal foundation for a first-of-its-kind alliance of trading partners, representing more than half of world trade.

Highlights

• On Saturday, October 1, 2011, Representatives of the U.S., Japan, Australia, Canada, the E.U., South Korea, Mexico, Morocco, New Zealand, Singapore and Switzerland met in Japan for the signing ceremony for the Anti-Counterfeiting Trade Agreement (ACTA).
• ACTA – initially designed to be a treaty, thus requiring Senate ratification in the U.S. — will likely be an “executive agreement” that cannot alter or supersede U.S. law. Fortunately, ACTA is consistent with existing U.S. law and does not require any change to U.S. law prior to implementation in the United States. In particular, ACTA is consistent with U.S. copyright, patent, and trademark laws. For example, the application of injunctive relief as provided for in the Digital Millennium Copyright Act (17 USC §512j) and other provisions of U.S. law is consistent with and implements the obligations of ACTA. The United States may therefore enter into and carry out the requirements of the Agreement under existing legal authority, just as it has done with other trade agreements.
• ACTA provides for: (1) enhanced international cooperation; (2) promotion of sound enforcement practices; and (3) a legal framework for IPR enforcement in the areas of criminal enforcement, enforcement at the border, civil and administrative actions, and distribution of IPR infringing material on the Internet. Listed below are the most notable provisions:
  • ACTA will require that border enforcement authorities be empowered to act on their own initiative (“ex officio”) against both imports and exports of counterfeit and pirated goods.
  • ACTA will require that criminal authorities be able to act on their own initiative in piracy and counterfeiting cases, rather than waiting for a complaint.
  • ACTA will further clarify existing international requirements for the availability of criminal penalties when piracy or counterfeiting is carried out for commercial advantage.
  • ACTA will require criminal remedies for the importation or use of labels or packaging for counterfeit goods
  • ACTA will include new rules on criminal seizure and destruction of counterfeit goods, seizure of the equipment and materials used in their manufacture, and seizure of the criminal proceeds from piracy and counterfeiting offenses.
  • ACTA will clarify existing international requirements to protect against circumvention of digital security technologies (such as passwords or encryption).
  • ACTA will require parties to address copyright piracy on digital networks, while preserving principles such as freedom of expression, fair process, and privacy.
  • ACTA will enhance the international framework for civil enforcement provisions dealing with issues such as damages, provisional measures, recovery of costs and attorneys’ fees, and destruction of infringing goods.
• With respect to the legal framework, ACTA establishes a strengthened standard, as demonstrated in the highlighted parts above, that builds on the minimum standards of the WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS). This marks a considerable improvement in international trade norms for effectively combating the global proliferation of commercial-scale counterfeiting and piracy in the 21st Century.
• What ACTA is NOT about:
  • Seizing portable music players and laptops at the border
  • Extending the term of protection for copyrights
  • Preventing “parallel” imports
  • Filtering internet traffic for infringing copyright works
  • Limiting access to generic pharmaceuticals
  • Reducing the court’s involvement in determining infringement
  • Weakening privacy laws
  • Lowering evidentiary standards for injunctions
  • Freezing bank accounts of suspected infringers
• Not all participants are completely satisfied with the final version of ACTA. Critics in the E.U. have suggested the trade agreement doesn’t comply with Europe’s data privacy laws, and have questioned its compatibility with E.U. law.

Commentary

Critics claim that ACTA has several features that raise significant potential concerns for consumers’ privacy and civil liberties, for innovation and the free flow of information on the Internet, for legitimate commerce, and for developing countries’ ability to choose policy options that best suit their domestic priorities and their level of economic development.

Additionally, the secrecy of the negotiation process has left the public with many concerns and questions. Gigi Sohn, Public Knowledge’s president and co-founder, called the ACTA negotiations an “extremely flawed” process. “ACTA should have been considered a treaty, and subject to public Senate debate and ratification or, in the alternative, debated in an open and transparent international forum such as the World Intellectual Property Organization,” she said. “Instead, public interest groups and the tech industry had to expend enormous resources to force the process open to permit public views to be presented and considered.”

The Impact

Although this agreement does not change U.S .law, it will alter international law. Companies engaging in business on an international level will need to educate themselves on the effects of ACTA. Critics of ACTA in the U.S. have said the treaty could allow foreign organizations to target U.S. companies and websites that don’t comply with overseas copyright laws. The truth of this statement has not been proven. However, ACTA leaves the door open for countries to introduce the so-called “three-strikes rule”, which would see Internet users cut off if they download copyrighted material, as national authorities would be able to order the ISPs to disclose personal information. This concern about the privatization of enforcement has the potential to impact the operations of U.S. companies.

You may just type in your first candidate name for the product into a browser and see what happens when you add .com to the end, like so:

Great! It’s available. Now you head off to register the domain and along the way the domain registrar makes the generous offer to sell you the .net, and .org versions for you too, so you purchase those too just for good measure. Time to call it a day, right?

It would be nice if it were so straightforward (like most things on the internet!). Unfortunately, the top level domain space is probably larger than you think. Verisign’s August 2011 Domain Name Industry Brief reports that .com accounts for about 95 million of the 215 million domain names registered. What accounts for all those that aren’t .com? According to the Verisign report:

The largest TLDs in terms of base size were, in order, .com, .de (Germany), .net, .uk (united Kingdom), .org, .info, .nl (netherlands), .cn, .eu and .ru (russian federation).

Even if one’s company is not currently physically present in Germany, the UK, China, etc, would it be a terrible idea to defensively register them?

Consider that there is more at stake than the loss of brand integrity when web traffic is diverted to the website created by a cybersquatter. If that weren’t bad enough, there are legitimate security considerations to think about. A brand not registered in a foreign top level domain can make an attractive destination to send potential victims in phishing campaigns and other nefarious schemes. Think about it – what percent of your company’s customers would click a link that was sent from an email address that contained yourcompany.co, or yourcompany.cn? The theft of banking information, drive by malware downloads, and customers who remember your name associated with a really bad experience are all possibilities in that scenario.

We don’t recommend that a company attempt to register its name and brands in the hundreds (yes, hundreds!) of possible top level domains and country code top level domains out there. Not only would that probably be impossible because of the requirements placed on registrants in some locales, it’s certainly impractical and almost definitely a poor use of resources. We simply recommend that extra consideration is paid to registering domains that one traditionally might not (yes, including .xxx!). The specific business needs of your company and its aspirations in global markets will determine whether it makes sense to go ahead and register domains outside the normal .com, .net, and .org.

Finally, even once the decision is made to not register a domain somewhere overseas, that doesn’t mean one can forget about them. Companies must actively monitor the web to make sure that others haven’t decided they can put your brand to use, lest they learn about fraudulent uses of their brands in domains the hard way.

(Not scared yet about the risk posed by variations of your brands in unusual domains abroad? Check out Wired’s report on doppleganger domains, if you dare!)

Trademark owners outside of the adult industry may sign up with ICM Registry to block trademarks from showing up on its new .XXX gTLD. Trademark owners have been making several common errors when applying for a .XXX gTLD.[1] If your company plans on submitting an application before the Sunrise B October 28, 2011 deadline, keeping these mistakes in mind can help you avoid paying multiple fees and having to reapply.[2]

Research which registrar you will use when submitting an application. Some registrars are more experienced than others.[3] Make sure you choose a registrar that will pre-check your application for compliance with all of the application guidelines.[4]

Also, the most common application mistakes to avoid are:[1]

• Eligibility. Make sure that your trademark is eligible. To be eligible, you must have a trademark that was registered prior to September 1, 2011, and you must have the following information:
  • Trademarked Name
  • Trademark Registration Number: Note that your trademark registration number is not the same as your application number
  • Nation Code: The country where your trademark was registered
  • Trademark Registration Date: The date your trademark was registered
  • Trademark Ownership: Your relation to the trademark: Owner or Assignee
• Dropping .com from Trademark. Do not drop the ‘.com’ from your trademark if it includes a ‘.com’. If you want ‘example.com’ to be eligible for ‘example.xxx.’ and not just ‘examplecom.xxx’ you can file amendment 7 with the United States Patent and Trademark Office to have the ‘.com’ removed.
• Inexact Match. Apply to register a domain that is an exact match for your trademark. If you want to register characters in addition to the actual brand name, such as slogans or tag lines, apply under Sunrise AD using a pre-existing domain name because members of the adult entertainment industry (the “Sponsored Community”) is very broad.

Cyveillance recently asked Alex Bobotek, Co-Vice Chairman, of the Messaging Anti-Abuse Working Group (MAAWG) to comment on security risks and trends in spam sent by SMS.

Cyveillance: Most mobile users in North America would not report that they receive much text message spam. Is that because text message spam is not sent to North American users or because the filters set up by mobile carriers are very effective? In either case, is text message spam considered a problem that’s mostly solved here?


Alex Bobotek: Text message spam in North America accounts for less than 1% of messages. It is a problem but it isn’t, and hasn’t been, as severe a problem as email spam, where 80-90% of messages are spam. This is largely due to the carriers’ best-in-class spam filters at the email interfaces, higher costs to senders of mobile spam, and aggressive actions against spammers. These conditions have made it more difficult to spam phones than email inboxes.


Cyveillance: Although certain types of email spam are reportedly on the rise, the overall volume of email spam sent appears to have dropped. How do the current levels of text message spam compare with what you’ve seen in the past?



Alex Bobotek: Unfortunately, although the volume is still comparatively low, the quantity of North American text message spam reaching subscribers’ phones has been increasing rapidly over the past two years. From around 2003, email-to-text spam – traffic sent as email to carriers’ email SMS gateways for delivery as text messages – has been a problem. But the industry has dealt with this effectively, reducing deliveries to a trickle. In the last two years, however, abusers have been exploiting unlimited or other low-cost messaging rate plans to send high volumes of spam. Some of this comes from mobile phones, chiefly prepaid, anonymously-purchased devices controlled by spammers. Additionally, as SMS services become more open to Internet marketers through short codes, affiliate spam has also increased.


Cyveillance: Is there a common topic in text message spam? Does it share the generally slimy advertising for adult sites, illegal online pharmacies, gambling (the “3 P’s: porn, pills, and poker), payday loans, replica rolexes and gucci bags? Or does the mobile environment tend to bring out other topics?



Alex Bobotek: Text messages are more expensive to send, even for spammers. So some of the spam campaigns that depend on high message volume such as pharmaceuticals are rare. Campaigns with higher expected profit per message, such as “free gift cards” and “payday loans,” are more common.


Cyveillance: When spammers send messages by SMS, what are the tactics they often use to avoid detection?



Alex Bobotek: As with email, there are techniques for staying under the radar, such as “snowshoeing,” which is spreading the load across multiple sending devices or accounts, and “polymorphism,” which is generating variations in the messages. Interestingly, it’s more common in SMS than email to bury a small volume of spam in a larger stream of legitimate messages. This is probably because it is much more difficult to spoof an SMS sender’s address (i.e., a sender’s phone number or a short code) than an email address.

Additionally, there’s little mobile botnet activity to date in North America. There are two leading theories as to why this is: First, there is more profit in botting PCs because of the lower cost to infect and the higher value when they are infected, so the professionals are attacking computers instead. The second theory is that the conditions aren’t ripe yet, but mobile botnets are coming as mCommerce and mBanking grow, smartphones gain market share, app downloads explode, and a single mobile OSs gains a dominant market share.


Cyveillance: Do any particular text message spam campaigns that you’ve seen stand out in your mind as being particularly clever or devious?


Alex Bobotek: Absolutely, but I’m afraid I can’t publicize these. On the other side of the spectrum, one not-so-clever spammer bought postpaid phones from a carrier’s mobile phone store, showing his driver’s license to set up an account. He allegedly then sent millions of diet pill spam messages. This turned out to be quite convenient for the carrier’s lawyers, who needed a name and address where they could to which to send the legal process notices. The case got almost comical when the guy tried to argue that it was academic research.


Cyveillance: In your experience, where are the senders of most text message spam to North America located geographically?


Alex Bobotek: They are mostly in North America. Sending from a mobile phone, the most common source of text spam, to a North American mobile is most economical from phones located in North America. Of course, botnets and more sophisticated or specialized spam organizations could change this. However, today most of the text spammers are just developers and hi-tech entrepreneurs with an ethics deficit, rather than script kiddies who have rented resources or obtained an affiliate kit. Therefore, they tend to be in the areas with the most hi-tech developers and entrepreneurs. 



Cyveillance: The advanced persistent threat is a common topic in information security these days. Have you seen evidence of unsolicited text messages being used as part of APT attacks?


Alex Bobotek: APT isn’t my specialty, so I’ll just comment on a few factors that may make text messaging more or less likely to be used in APT attacks. Numerous surveys show that people – correctly, due to much lower levels of mobile abuse – trust their SMS inbox more than their email inbox, which would seem to make text messaging spam a good choice for these attacks. However, many APT attackers targeting U.S. organizations seem to prefer not to use resources that can be traced to parties located in the U.S., such as a prepaid phone traceable to a U.S.-based purchaser. Additionally, it’s difficult to spoof a local phone number from outside the country and a message from a foreign phone number, would likely raise suspicion.


Cyveillance: What is MAAWG’s recommended response for consumers who receive text message spam? 



Alex Bobotek: Text message spam should be reported to the carrier. Some carriers, such as AT&T and Verizon, have set up the short code 7726 – “SPAM” on the keypad – to report spam so you just forward the spam text message to 7726. North American carriers are quite aggressive in protecting their subscribers through both technical defenses and legal means. But with billions of legitimate text messages passing through their networks every day, they need consumers’ help in identifying the spammers, which will then enable carriers to block and prevent their subsequent spam activity. Google “report text message spam ” for instructions.


Cyveillance: Any parting comments?


Alex Bobotek: As with wired Internet abuse, collaboration between ISPs and network operators, government, vendors and academia is the key to managing abuse. Industry led the way in creating collaboration forums such as MAAWG that have worked well in email and that are now working to control mobile messaging abuse. Attending these forums is the best way for security professionals and vendors to learn about and collaborate in fighting mobile abuse.

Many thanks to Alex Bobotek and the MAAWG for taking the time to answer our questions.

While this process is intended to provide greater security, it also opens the doors for brand abuse. To help thwart misuse, ICM Registry, the company that will act as a registry for all domains ending in .XXX, has developed a comprehensive rights protection mechanism (RPM) for the launch period of these new gTLD’s. To protect non-adult entertainment industry rights holders from trademark infringement, ICM is also providing an opportunity for these rights owners to block their mark from registration. The opt-out effectively blocks names at the .XXX registry and means they cannot be used as conventional web addresses. This feature, provided by ICM for a onetime fee, will only be available to trademark holders during the sunrise period, which began earlier this week on September 7^th.

There will be two initial sunrise periods (A and B) for the launch of .XXX, allowing trademark holders and adult entertainment webmasters to secure their .XXX domains. This includes companies that own trademarks outside of the adult entertainment industry that wish to defensively register domains the same way that they register “sucks” sites. Both sunrise periods will run concurrently followed by a landrush period and finally a general availability period:

Sunrise A Sunrise A is dedicated to members of the adult entertainment community with either verifiable trademark rights or owners of exact matching domains in other Internet Assigned Numbers Authority (IANA) TLDs which is also known as “Grandfathering.” This period is open from September 7, 2011 to October 28, 2011.

Sunrise B Sunrise B was created especially for Intellectual Property holders who are non-members of the adult entertainment community with verifiable trademark rights so that they can block their domains in the .XXX sTLD. This period is open from September 7, 2011 to October 28, 2011.

Landrush Landrush is for members of the adult Sponsored Community but NOT on a first come, first served basis. Unlike Sunrise A and Sunrise B, there are no qualification requirements needed for Landrush. Applications for competing names will go to a closed-auction at the end of the Landrush period. This period is open from November 7, 2011 to November 25, 2011.

General Availability General Availability is when members of the adult entertainment community get regular, resolving names on a first come, first served basis. Non-members of the adult Sponsored Community can also get “Non-Resolving” names.[1] The period opens December 6, 2011 and is ongoing.

Please note that to be successful, applications made during the sunrise periods must provide basic trademark particulars such as the mark, registration number and date, designated class(es), the country or region, and the status of the entity submitting the request. Applications are $200-$300 per registered mark, assessed as a one-time fee and will run for the length of ICM’s contract with ICANN (at least 10 years). If you miss the Sunrise Period or want to block others from using a .XXX domain corresponding to an unregistered trademark, you can defensively register .XXX domains once the general availability period opens in December 2011. However, keep in mind that the annual registration fees for .XXX domains are expected to be significantly higher than the annual fees for domains in existing TLDs like .com, .net, etc.

The .XXX registration process requires all registrants to agree to participate in and abide by specific dispute resolution procedures that will provide mechanisms for brand owners to challenge .XXX domains that infringe trademarks. ICM is contracting with the National Arbitration Forum to provide the RES and CEDRP dispute resolution services. ICM estimates that the cost for each service will be US$750 to US$1,500. During these disputes, the domain will be locked against transfers. Decisions will not be published. Statistical information about the process itself will be made available. In the event of a conflict between a trademark rights holder and a member of the adult entertainment industry, the domain will be awarded to the adult entertainment industry member and the Sunrise B applicant will be notified.

Although ICM services have been approved by ICANN, there are legal issues that have not been tested. Participating in this process could limit your legal remedies because of your agreement to participate in and abide by the dispute resolution procedures outlined. Additionally, porn and mainstream businesses alike complain they are being forced to buy domain names they don’t want, don’t need and won’t use. A few companies are refusing to pay, but also demanding that ICM block their domains free of charge. ICM responded to the legal threats with a seven-page report in July, claiming that a registry cannot be sued for trademark infringement. The letters, though, have placed ICM on notice, which increases the potential for liability if ICM sells the trademarked names.

As this exchange indicates, registering domains with ICM is one option but may not be the only option available to companies seeking to protect their trademarks. Cyveillance encourages companies to take a hard look at their brand protection strategy to determine if defensively registering for .XXX gTLDs is the only and best option for their brand protection. The ongoing battle for domain name registration and brand protection is always going to be waged; the key to minimizing losses is tied to a company’s assessment of their true threats and their proactive approach to minimizing those threats.

In total, these promoters would help Glavmed process in excess of 1.5 million orders from more than 800,000 consumers who purchased knockoff prescription drugs between May 2007 and June 2010. All told, Glavmed generated revenues of at least $150 million.

The problem with online pharmacy sites selling lifestyle drugs like Viagra and Cialis, the controlled substances vicodin and hydrocodone, and even cancer drugs is that without the oversight of a medical professional, patients may misuse or abuse the medications – whether genuine brand or generic. Another possibility is that what they receive in the mail from these faraway online pharmacy operations is not even real medication at all, but fake pills that contain inert ingredients like corn starch or dangerous chemicals like mercury. People can and do die in all of the scenarios above.

Remember the “Canadian” Pharmacy?

The availability of cheaper medication above the United States’ border has resulted in the creation of websites that appear to be from Canada, but actually originate far overseas, as we have written before. Cyveillance currently sees more than thirteen hundred websites out there today that mention Canada and the word pharmacy in the site’s domain. Of course there are many, many more which suggest they have a connection to Canada in other parts of their website.

But competition for customers who search for a Canadian pharmacy online is stiff, and operators of these illegal websites diversify by offering alternatives to American consumers with sites that suggest an origin in Mexico.

Cuidado!

Americans have long headed below the border for cheaper medications. In addition to the many opportunities for recreation that greet visitors in Tijuana are many brick and mortar pharmacies looking for Americans in search of a deal. These establishments may not always be safe either. According to a former federal law enforcement officer who worked cases of counterfeit pharmaceutical sales along the border…

There are over a thousand pharmacies lining the border in Tijuana; over twice the count you’ll find in neighboring San Diego. The number of storefronts is greater than what can serve the daily foot traffic from the U.S. Many make their earnings through illicit Internet and mail order sales.

The person greeting you from behind that counter in that white jacket and making healthcare recommendations is not a pharmacist. He’s a salesperson. That’s because there is no college of pharmacy in Mexico, nor is there a requirement to staff these businesses with licensed professionals. The pharmaceuticals are pre-packaged by the manufacturers with general dosage recommendations, as opposed to dispensed into amber vials with a professional consultation that you’d find in the U.S

U.S. law enforcement has seized millions of dollars of counterfeit pharmaceuticals from these operations. I recall an operation that imported from an unsanitary plant that I subsequently visited in India. This operation used day laborers to repackage the pills in bottles with English language labels. Some of these laborers placed the diabetes medicine in bottles intended for heart medication. One of the manufacturers supplying the operation could not keep up with the demand and, instead, supplied tablets that had no active ingredients which were ultimately repackaged and sold to Americans. I have also seen pretty good knock offs of American brands in Mexico. It is difficult to know exactly what you’re getting on the border.

Dangerous Online Pharmacies Which Claim to be from Mexico But Are Not

This site’s domain contains the words “online mexican pharmacy”. Click to enlarge.

The above site’s domain name couldn’t be more explicit about where it wants visitors to think it is from: it includes the words “online mexican pharmacy” right in the domain name. However the domain is registered anonymously, which is never a good sign when you want to entrust your health to someone. The site is hosted in the Netherlands, and belongs to an illegal pharmacy network from Russia.

This fake Mexican online pharmacy’s homepage is full of contradictory information. Click to enlarge.

The second impostor calls itself a “Real Mexican Online Pharmacy”. Unfortunately the domain’s registrant claims to be from Bulgaria and the site is hosted in Atlanta. The text on the very same page states that the medications will come from pharmacies in the United States. Which is it? And why the misinformation? No prescription is required from a healthcare provider to receive prescription drugs on this site.

Dangerous Online Pharmacies Which are from Mexico

Click to enlarge.

The illegal online pharmacy shown above does not require prescriptions for the very powerful prescription drugs it offers. Several are high-potency pain killers like Oxycontin that are known to place patients at risk for addiction. This domain’s registrant is in Mexico, and is hosted in Atlanta. Open source intel about this operation confirms that they’re shipping from Mexico into the United States.

Click to enlarge.

The “new formula” Oxycontin for sale at the premium price of $450 for ten tablets in our final example today is another example of controlled substances being sold online without a prescription. Like the site above, the domain is registered to a Mexican citizen. It’s hosted in Dallas, and information we’ve seen online suggests that the drugs are indeed shipped north from a brick and mortar pharmacy in Mexico.

Are they All Bad?

To be clear there is such thing as a safe online pharmacy. The FDA has a page with tips on safe ways to buy medication online. Please be safe out there.

The sender name is spoofed to appear to come from “protection@nsa.security.gov” and the links go to national-security-agency.com, a domain that was just registered yesterday. This attack is a perfect example of how deeply spear-phishers understand the psychology of social engineering users. It invokes the authority of a respected and mysterious government agency, it uses fear of being hacked or getting “in trouble” at work to prompt action, and it takes advantage of current events in the form of the widely reported (i.e. verifiable fact) and recent RSA token hack. This is a potent cocktail of logic, emotion and authority to manipulate the user into a desired action, and is typical of today’s advanced Phishers.

Here are some of the tips that can help you spot scams like this one:

1. Supposed needs for patches, security updates and vulnerability fixes are a favorite technique of scammers and phishers. Even if the message appears to come from someone in your own company, treat all such requests as suspicious and verify with your IT team by voice or fresh email to the actual IT person who supports you.
2. Treat ANY email that tells you to download something as malicious until proven otherwise. Again, contact your IT team before installing anything on your system.
3. Hover (but do NOT click) your mouse over all links in the email. The true destination of the link will pop up next to your mouse pointer. If you’ve never heard of the site, treat it as dangerous. Does the site in the link address match the site in the sender’s email address? If it does not, be suspicious. Is the pop up destination different from the URL shown in the visible text of the email, what we call a bait-and-switch link? If so, this is a major warning.
4. Finally, any link that ends in .zip or .exe should be treated as extremely hazardous and not clicked on.

Education is needed to convey to your network users that the stakes here are high. Even if the intruder isn’t seeking a dime from your company, the potential cost with respect to response, data loss and reputation can be crippling. As indicated, the vast majority of these incidents are the result of your users’ social-media behavior. Actually, the exploitation of social media for the purpose of malware attacks is growing at the same or at an even greater pace than the overall use of these sites. Online tools – like the popular, URL-shortening ones for Tweets – are very handy in masking malware threats, and a lack of security-savvy on the part of users establish social networks as a virtual playground for cyber criminals.

In seeking to avoid fallout from this that would impact your business, we at Cyveillance strongly advocate the following five-point plan for our customers a plan that has helped us earn recognition by industry-research leader Gartner Inc. as a top provider of the surveillance/collection/analysis of social-media activity for commercial-organization networks:

1. Launch a social-media policy. We realize that many of our customers already have a policy in place. We examine it, however, to get a sense of whether it’s up to date. Social media changes all the time. Legal documents do not. We look to see whether the policy addresses “real” modern-day concerns about social media, or if it’s really just a copy/paste of some antiquated HR form. Here as some questions to consider within the policy: Is it OK for employees to say that they are representing the company on Facebook, Twitter, etc.? If so, what are the guidelines as for appropriate content to post?

2. Train everyone. As stated before on this blog, your weakest link can be your most uninformed employee. Printing and distributing a policy is fine. But reinforcing it with training is even better. Don’t lecture them. Instead, engage in interactive workshops or computer-based training sessions to test their awareness of the latest social engineering attack techniques. Too many organizations put all of their focus on firewalls and passwords. These days, hackers don’t necessarily need to know how to get around these measures to do damage. They just need to get a single user within the network to trust them via a cleverly disguised email.

3. Establish the significance. Meaning, make sure your users realize how important it is to remain informed and alert. If your logo is used to support some kind of malware scheme, for example, your future relationships with customers and partners will suffer. As conveyed previously, there’s tangible, bottom-line value in a company’s reputation. Within minutes, a successful intrusion can crush the good reputation that an organization has been building for years.

4. Don’t try to do it all on your own. Social media is a very, very large universe. In fact, nearly 56 percent of Internet users in the U.S. use some type of social media, according to the Pew Research Center. That translates to a lot of traffic to monitor. Consider tools such as social media monitoring solutions and protection appliances to address this need for you.

5. Keep it current. No matter what tools you use – as well as intrusion techniques you share with users – make sure everything is up-to-date. The entire landscape of social media and the methods used to exploit it are in a constant state of rapid transformation. What worked this month won’t necessarily work the next. Your security team needs to stay on top by constantly educating and re-educating itself and company staffers on the latest trends.

The bottom line is that – in the “share more, not less” world of today criminals can easily obtain the information needed to craft emails that can fool even the most savvy of users. With no “silver bullet” solution to thwart all intrusion attempts, the best practice is to educate users to make decisions, and equip yourself with the best monitoring tools to detect attacks in progress.

James Brooks, Director of Product Management, Cyveillance

Question to consider: What essentials do you feel are needed in a social-media policy?