Humans are overall, very trusting. Regrettably, technology is leveraged by cybercriminals to abuse that trust. As technologies become even more sophisticated, this abuse will become even more egregious. That’s a fact, Jack [& Jackie].
With carefully worded email, voicemail, or text messages, strangers convince the trusting to transfer money, provide confidential information, or download a file that installs malware. We are easily influenced by our emotions and these digital thugs leverage victim’s fear, greed, curiosity, helpfulness, and urgency.
The siren call to emotion will be packaged in one of the following ways:
Baiting uses a false promise to pique a victim’s greed or curiosity. They lure users into traps to steal their personal information or infect their system with malware.
Quid Pro Quo relies on an exchange of information or service to convince the victim to act. While Baiting may offer something for free, Quid Pro Quo convinces the target that the transaction is more balanced and therefore not a risk.
Scareware bombards victims with false alarms and fictitious threats. Victims are deceived into thinking that their system is infected with malware, prompting them to install software that has no real benefit (except to the cybercriminal) or is itself malware.
Pretexting impersonates a co-worker or a figure of authority who is well known to the victim to gain access to login information or other valuable data.
With little effort, cybercriminals can package an emotional payload into multiple high-tech delivery systems with crazy sounding names.
Pharming creates a bogus website that mimics a legitimate one, to obtain personal information.
Phishing sends emails to potential victims to lure them to a pharming site.
Vishing employs urgent voice mails to convince victims they need to act quickly to protect themselves (or loved ones) from arrest or other risk.
Smishing is the short messaging service (SMS) version of phishing.
Water-holing uses compromised sites to capitalize on the trust users have in places they regularly visit. Given their trust in the site, the victim feels safe to interact in a manner they would not on a new site.
Spear Phishing targets specific individuals and businesses using details of the victims to make their attack more compelling.
While historically, thieves took a victim’s money, this new breed of digital thieves steal your identity and reputation as well.
Keep alert for the seven signs of a cybersecurity ploy.
1. The email is poorly written [misppellings and not best grammar]
2. The email address seems altered [it says it is from Peter, but the email address is not his]
3. The email contains unsolicited attachments [if you are getting something you didn’t ask for – it is nothing you want]
4. It requests sensitive information [things you don’t tell your best friend]
5. There is urgency involved [you must act NOW!]
6. It sounds too good to be true [it almost always is]
7. It may not address you by name [generic requests should be feared]
Social Media is a fertile environment for nefarious actors and Facebook is a favorite platform. Be wary of:
Malvertising - these “ads” download malware to your device. o Messenger Links - a lot of malware uses Facebook Messenger to spread viruses and malware. Don't click links!
Dubious Apps and Quizzes – While data harvesting is the focus of these applications, they have also been used to deliver malware or steal account credentials.
Timeline Posts – You would hope that posts from “friends” would be safe, but shared links may only provide the appearance of a legitimacy with the site injecting malware onto the victim’s device.
Please keep these tips in mind and always validate sender’s identity and intent before acting. Never respond or click on a link without certifying the source.
Be safe and remember, Think About IT
Tony Keefe, COO, Entre Computer Services www.entrecs.com
