If you answered “I‘ll check to see what is in it,” you must read this post.
Trust me, it’ll do you good.
The world of network security is jargon-heavy. Some innocuous sounding terms can have dire consequences if you happen to be the victim. So here are twelve network security scams that you should be aware of.
Fake Apps: So how many apps do you have on your smartphone that you never use?
The proliferation of mobile apps has caught the attention of cyber criminals who have started creating fake versions of such popular apps. Some popular apps that have fake versions include Angry Birds and Netflix. The idea is to dupe users into entering their username and passwords into the fake app’s login screen which will in turn be exploited by the hackers for personal gain. The ultimate goal of a hacker is to get hold of your username and password which will in turn give him/her access to your credit card. Make sure that the apps that you are using are legitimate.
Here’s some helpful information on fake Android apps.
Phishing: As a tool to fool people into clicking on links and opening malware-laden attachments, phishing has been very effective.
Often, cybercriminals masquerade as trustworthy sources in electronic communications such as emails to extract sensitive information from unsuspecting users. Phishing emails typically appear to come from reputable sources such as a bank, Apple, PayPal etc.
Spear-phishing: As opposed to phishing, spear-phishing is a targeted attack at individuals or institutions. Hackers gain access to organizational information through LinkedIn, Facebook etc. and use this information in emails to personalize it and sound genuine. Spear-phishing is one of the more successful hacking techniques currently in use in the industry.
Whaling: A spear-phishing attack targeted at senior executives (whales) in a company is another technique used by cybercriminals. Phishing emails to senior executives can appear serious and have overtones of financial transactions, legal actions, organizational issues and the like, which increase the chance of open/click rates.
Social engineering: You don’t have to be using your computer to fall victim to social engineering scams. It is a modern version of confidence trickery where perpetrators gain access to personal and sensitive user information by befriending people, creating a sense of urgency, and other such manipulative actions. Spear-phishing, fake friends on social media, and tailgating into an office are examples of social engineering activities.
Scareware: Have you ever landed on a website from which you can’t seem to get out? You then get a message something like the image shown here. Welcome to Browlock, and other similar scareware – a form of malware – which locks your browser until you pay a fine/ransom. The official-looking messages are meant to scare you into paying the ransom. Users who browse adult sites and the like are more likely to be targeted by scareware scammers. Most scareware banks on you panicking and paying up, or clicking on links that further infects your computer. Fortunately, in most cases, a simple reboot will end your session and unfreeze the system and get you back in business.
A more aggressive version of ransomware is discussed below.
Ransomware: Ransomware are malicious programs that blocks/limits access to computer systems that it infect. Unsuspecting users click on links or attachments within emails or visit harmless looking sites from where their computers get infected by ransomware. The perpetrators demand that a ransom be paid before they unblock access to the computer(s).
Crypto-ransomware: Hopefully, you never have to deal with this.
Crypto-ransomware is an advanced form of ransomware that can cause you some serious damage. CryptoLocker and CryptoWall are examples. Once installed, these programs can encrypt all the files on your computer, making it impossible for you to retrieve the data without a private digital key held only by the cybercriminals. To minimize your pain, and increase the chances of you paying up, the ransom amounts are kept reasonable – $100-$300.
If you think this is far-fetched, read this news item: Massachusetts police department pays $500 CryptoLocker ransom.
If you don’t backup your computer to an external/cloud drive, this is the time to start doing it.
Drive-by: If you are diligent about not clicking links and attachments within emails from strangers, you may want to add this to your not-to-do list. Drive-by is a technique used by cyber-criminals whereby legitimate websites are infected with malware that secretly install such programs to the computers of people visiting the site. Malware is downloaded in a manner that is not obvious to the users. The best way to minimize your chances of getting infected is to have a robust anti-virus program running on your computer. As an added level of security, you can use the free tool from Google – Virus Total – to check if the link you are about to click is clean.
Watering Hole: This is similar in nature to “drive by” attacks except that it is more targeted at a certain community of users. This is a cyber attack technique whereby the hackers infect legitimate websites with malware with the intent of infecting its visitors’ computers. Typically, watering hole attacks target communities of interest such as discussion forums, sports groups, IT support sites etc.
Trojan: Similar to the Trojan horse from Greek mythology, a Trojan in the context of network security refers to malicious software that disguises itself as a useful program enticing users to install it. It can also be installed inadvertently by users clicking on links in phishing emails and malware-laden attachments. Trojans help hackers gain access to computers by opening backdoors, shutting down anti-virus programs etc. You can minimize the chances of being infected with a Trojan by avoiding downloads of untested software from unknown sites, and by using a good antivirus program.
USB Flash Drives: If you find a USB flash drive in your company’s parking lot, beware!
A successful scam that has been doing the rounds involves lost and found USB flash drives being plugged into corporate computers by curious employees. Once plugged in, the USB installs malware on to the user’s computer with the ultimate goal of spreading the malware across the organization.to gain access to your company’s network.
While network security involves complex technology, a substantial number of breaches are caused by human error or oversight.
You owe it to yourself to do your part.
If you found this post useful, please share it with your friends on social networks.