What would you do if you came across a USB flash drive in your company’s parking lot?
If you answered “I‘ll check to see what is in it,” you must read this post.
Trust me, it’ll do you good.
The world of network security is jargon-heavy. Some innocuous-sounding terms can have dire consequences if you happen to be the victim. So here are twelve network security scams that you should be aware of.
Fake Apps
So how many apps do you have on your smartphone that you never use?
The proliferation of mobile apps has caught the attention of cybercriminals who have started creating fake versions of such popular apps. Some popular apps that have fake versions include Angry Birds and Netflix. The idea is to dupe users into entering their usernames and passwords into the fake app’s login screen which will, in turn, be exploited by the hackers for personal gain. The ultimate goal of a hacker is to get hold of your username and password which will give him/her access to your credit card. Make sure that the apps that you are using are legitimate.
Here’s some helpful information on fake Android apps.
Phishing
As network security scams go, phishing has been a very effective tool for scammers. Gullible users are fooled into clicking on email links and malware-laden attachments that are programmed to infect their computers.
Often, cybercriminals masquerade as trustworthy sources in electronic communications such as emails to extract sensitive information from unsuspecting users. Phishing emails typically appear to come from reputable sources such as a bank, Apple, PayPal, etc.
Spear-phishing
As opposed to phishing, spear-phishing is a targeted attack on individuals or institutions. Hackers gain access to organizational information through LinkedIn, Facebook, etc., and use this information in emails to personalize it and sound genuine. Spear-phishing is one of the more successful hacking techniques currently in use in the industry.
Whaling
A spear-phishing attack targeted at senior executives (whales) in a company is another technique used by cybercriminals. Phishing emails to senior executives can appear serious and have overtones of financial transactions, legal actions, organizational issues, and the like which increase the chance of open/click rates.
Social engineering
You don’t have to be using your computer to fall victim to social engineering scams. It is a modern version of confidence trickery where perpetrators gain access to personal and sensitive user information by befriending people, creating a sense of urgency, and other such manipulative actions. Spear-phishing, fake friends on social media, and tailgating into an office are examples of social engineering activities.
Scareware
Have you ever landed on a website from which you can’t seem to get out? You then get a message something like the image shown here. Welcome to Browlock and other similar scareware – a form of malware – that locks your browser until you pay a fine/ransom.
The official-looking messages are meant to scare you into paying the ransom. Users who browse adult sites and the like are more likely to be targeted by scareware scammers. Most scareware banks on you panicking and paying up, or clicking on links that further infect your computer. Fortunately, in most cases, a simple reboot will end your session, unfreeze the system, and get you back in business.
A more aggressive version of ransomware is discussed below.
Ransomware
Ransomware is malicious programs that block/limit access to computer systems that it infects. Unsuspecting users click on links or attachments within emails or visit harmless-looking sites from where their computers get infected by ransomware. The perpetrators demand that a ransom be paid before they unblock access to the computer(s).
Crypto-ransomware
Hopefully, you never have to deal with this.
Crypto-ransomware is an advanced form of ransomware that can cause you some serious damage. CryptoLocker and CryptoWall are examples. Once installed, these programs can encrypt all the files on your computer, making it impossible for you to retrieve the data without a private digital key held only by the cybercriminals. To minimize your pain, and increase the chances of you paying up, the ransom amounts are kept reasonable – $100-$300. On the other hand, ransomware targeted at corporations comes with demands for bigger payouts.
If you think this is far-fetched, read this news item: Massachusetts police department pays $500 CryptoLocker ransom.
If you don’t back up your computer to an external/cloud drive, this is the time to start doing it.
Drive-by
If you are diligent about not clicking links and attachments within emails from strangers, you may want to add this to your not-to-do list. Drive-by is a technique used by cyber-criminals whereby legitimate websites are infected with malware that secretly installs such programs to the computers of people visiting the site. Malware is downloaded in a manner that is not obvious to the users. The best way to minimize your chances of getting infected is to have a robust anti-virus program running on your computer. As an added level of security, you can use the free tool from Google – Virus Total – to check if the link you are about to click is clean.
Watering Hole
This is similar in nature to the “drive-by” attacks except that it is more targeted at a certain community of users. This is a cyber attack technique whereby the hackers infect legitimate websites with malware with the intent of infecting their visitors’ computers. Typically, watering hole attacks target communities of interest such as discussion forums, sports groups, IT support sites, etc.
Trojan
Similar to the Trojan horse from Greek mythology, a Trojan in the context of network security refers to malicious software that disguises itself as a useful program enticing users to install it. It can also be installed inadvertently by users clicking on links in phishing emails and malware-laden attachments. Trojans help hackers gain access to computers by opening backdoors, shutting down anti-virus programs, etc. You can minimize the chances of being infected with a Trojan by avoiding downloads of untested software from unknown sites, and by using a good antivirus program.
USB Flash Drives
If you find a USB flash drive in your company’s parking lot, beware!
A successful scam that has been doing the rounds involves lost and found USB flash drives being plugged into corporate computers by curious employees. Once plugged in, the USB installs malware onto the user’s computer with the ultimate goal of spreading the malware across the organization.to gain access to your company’s network.
While network security involves complex technology, a substantial number of breaches are caused by human error or oversight.
You owe it to yourself to do your part.
If you found this post useful, please share it with your friends on social networks.
