This week will bring April First and many of you will be taking the opportunity to play a prank or two on your friends, family, and colleagues. Trend Micro thinks it’s also a great day to remind you about the top tricks cyber criminals regularly try to play on all of us.
Unlike the harmless April Fool’s joke, the repercussions of cyber scams can be pretty distressing for the victim or organization concerned – leading to identity theft, data breaches, and potentially large monetary losses.
Cyber scammers are getting pretty good at hiding their true intent. So stay alert online, keep up to date with the latest security software, and make sure you don’t fall victim to any of the following:
This is junk email that can be any unsolicited bulk messages on various platforms, from email to Internet phone service (VoIP), and could result in identity theft, malware downloads, or paying for faulty/pirated or non-existent items. Most email providers have decent antispam filters now, but always verify any request for personal information by the organization requesting it. Also, beware of a new onslaught of phone and text-based spam.
One of the oldest tricks in the book is phishing. This is an attempt by an attacker to elicit sensitive information from you, such as log-in details and personal information, which can be used to commit identity fraud or as the first stage in an information-stealing malware attack on a business. The attacker will spoof email to appear as if it comes from a trusted sender or someone you know. We recommend not clicking on suspicious links in emails and keeping up to date on security that handles spam phishing and checks links.
Malware that tricks you into thinking your computer is infected with a virus and suggests that you pay for antivirus software to remove it, is called FakeAV or scareware.
A variation of FakeAV, ransomware restricts access to various files and demands payment to unlock them – sometimes encrypting said files until they do.
Another stalwart of the threat landscape, the 419 scam is a type of fraud where the scammer promises to share a large amount of money with you, their potential victim, can pay a small upfront charge. Typically, they’ll continue you to bilk you for more money until you realize it’s a scam or run out of money. Never trust unsolicited emails from strangers asking for money.
Social media threats
Social media threats can take many forms, from phishing messages to “likejacking” and spam tweets. Good content filtering software should block this, but even so, never blindly click on links and social content. If it looks suspicious, check with the sender/poster first.
The end goal for many phishing and malware attacks on consumers is identity fraud. However, if you’re a business, it can be a major cause of lost revenue via chargebacks. Ask your payment provider what fraud screening measures they have in place, and if an online transaction looks dubious, check with the buyer.
When a scammer sets up a scam web address that is very similar to a legitimate, he or she is hoping to attract visitors who have accidentally typed in the wrong address. This is called typosquatting. Bookmark sites or click on searched-for links to reduce your risk exposure.
A popular tactic on social media, clickjacking refers to when an attacker tricks you into clicking on seemingly innocuous content that is actually hiding malware. Again, be careful of unsolicited content and ensure you have reputable anti-malware running.
Fraud and scams are fairly common on auction sites. Frequently, users are tricked into paying for stolen or pirated goods, or items which never arrive. According to Craigslist, “most scams attempts involve one or more of the following:
Don’t be an April fool. Be cool and don’t fall for these or other online threats – no matter what day or month it is…Eek! There’s a spider on your shoulder!
Please add your thoughts in the comments below or follow me on Twitter; @smccartycaplan.