How to protect yourself from unauthorised online transactions
In August, Amazon’s payment processor Venmo suspended all payment transactions due to a software flaw, but a recent security breach has raised the possibility that other merchants could also be vulnerable.
According to security firm Kaspersky Lab, one of the two merchants it detected with an unauthorized payment request had a malicious payload that had been delivered via email.
The vulnerability allowed the attackers to collect payments from the compromised customer’s account and send them to an attacker.
As a result, the payment service has suspended all payments made to the compromised Venmo account.
While Kasperskin says the vulnerability was discovered “over a week ago”, the vulnerability appears to have been in the payment processor’s software since late September.
The security firm says the malware is not new, and it is not uncommon for attackers to exploit the flaw to obtain credentials to access other merchants’ systems.
In August, the FBI seized a cache of the malware’s source code after discovering the vulnerability.
The agency says the software’s code was leaked in August by a group known as the Dark Wallet, and a ransom has been demanded.
Last week, Kasperska reported that the FBI had identified a new threat called the Cryptokitties, which it said has been active for several months.
Cryptokittys has the same codebase as the previous Cryptokitteys, which Kaspersk says was first discovered in May.
This means that the malware could still be out there, and Kasperski has been monitoring Cryptokitys and has detected several other malicious campaigns using the same vulnerability.
One of the attackers behind Cryptokitty is reportedly based in Germany.
Kaspersky says that the new threat is targeting small and medium businesses, especially in the US.
“We expect the malware to be deployed in small and large businesses, as well as retail and online retailers, as they are targets for these attacks,” the company said in a statement.
What is the ransomware?
What is Cryptokitta?
Cryptonokitty is a distributed denial of service (DDoS) attack that can cause significant damage to websites.
The malware infects computers with a malicious version of the Adobe Flash Player plugin that exploits a vulnerability in Adobe Flash that allows attackers to gain control of a computer.
A user clicks on a malicious link that will load a malicious web page.
Once a user opens the malicious page, the malware downloads an application and downloads the malicious file.
The infected computer is then infected with the ransomware and is then able to load the malicious files.
When a victim clicks on the malicious link, it installs the malicious software on the infected computer, which encrypts the victim’s files and steals their money.
However, this doesn’t stop the ransomware from collecting money from the victim.
Users are told to pay $100, $200 or $300 in order to decrypt their files.
Once the files are decrypted, the user is asked to enter their password.
After a ransom is paid, the ransomware will attempt to decrypt the encrypted files and will allow the user to regain access to their files, but the infected system will remain locked.
Why is Cryptonokitta targeting businesses?
The ransomware is being deployed against businesses because they are more vulnerable than people realise, according to Kasperskaya.
“[A]ffected businesses have the same problems as individuals in that they have to pay a ransom to get access to files and to get to their accounts, but they also have to rely on the payment processors,” Kaspersker said.
For instance, many small businesses are relying on a small number of payment processors, which can cost up to $20 per month to maintain.
Additionally, these companies are more likely to be in the middle of the day when they receive payments.
If you want to protect your businesses from ransomware, there are two things you can do: pay a monthly fee to the payment processing service, or you can buy the antivirus that will scan the infected machines and stop the virus from spreading.
How do I protect myself from unauthenticated online payments?
If the unauthorisation comes from a third party, you can take several measures to prevent this from happening.
PayPal, for instance, has implemented a payment filtering service that will allow users to choose which payments they want to approve.
There are also a few online payment services that will notify users if a payment has been made and allow them to cancel it.
Lastly, it is possible to block online payments in several ways.
First, you could sign up for a service that blocks unauthoried online payments and then add a “block” in the settings.
Secondly, if you use a payment processor that you trust, you should block any unauthorise payments from that company.
Finally, if a customer wants to make a payment on a