Halloween is the holiday of tricks (and treats). However, some tricksters out there, like cyber criminals, have malicious intent with none of the sugary sweets to go with it. Here are 4 ways that cyber criminals can trick you into giving up your information for their own personal gain and how you can prevent them with proper training. If you’re short on time, you can click here to view the infographic.
Malware
“Malware” is the term used to describe any type of malicious software that is intended to damage or disable a network, computer, tablet or mobile device. From highly hazardous to inconvenient, malware’s main goal is to make money for the cyber criminal by stealing, encrypting, or changing your data. Three common types of malware cyber criminals use to try to trick you include:
1. Ransomware
What is it? You may have heard about the recent ransomware attack on cloud software company, Blackbaud. Ransomware is a type of malware that can make your data inaccessible to you. Ransomware is often unknowingly downloaded on a computer through suspicious email attachments or links, disreputable ads, or by visiting a hacked website. Three of the most common varieties of ransomware include:
- Scareware: The most docile of the 3 types, scareware often shows up in the form of tech support pop-ups that claim your computer is infected and you need to pay to have it removed. Although annoying, your files remain untouched. A legitimate tech support company would never inform users of malware in this way.
- Screen lockers: Screen locker ransomware locks you out of your computer. When you boot up your computer, you’ll be greeted with an official-looking government notice stating that illegal activity has been identified on your device and you need to pay a fine. We probably don’t need to tell you that government agencies would follow different channels if illegal activity were suspected.
- Encrypting ransomware: This ransomware is the scariest of the bunch. Encrypting ransomware encrypts your data so you can’t access it at all. In order to get your data back, cyber criminals use a pop-up notification to demand a ransom payment via credit card or cryptocurrency. The FBI advises against paying the ransom. Paying the ransom doesn’t guarantee that you’ll actually get your data back and it encourages cyber criminals to target more victims.
How to prevent it? Be cautious when visiting websites, clicking links, and opening attachments. Regularly update your operating system, hardware, and software to ensure the newest security safeguards are in place. Conduct off-site backups frequently. If your device gets infected, you can restore it to its most recent backup to help prevent data loss.
2. Trojan
What is it? Much like the Trojan Horse of Greek mythology, this deceptive type of malware appears to be harmless on the outside. Trojans often hide in what seems to be a normal file or mobile app and rely on social engineering to trick the victim into downloading it. Once installed, it wreaks havoc on your device. Trojans are multi-purpose malware that can infect your computer in various ways, a few Trojan types include:
- Backdoor: By creating an unlocked backdoor to your machine, attackers can control your computer or download additional malware at any time.
- Remote Access: Once this Trojan is installed, attackers are given full remote control over your computer.
- Distributed Denial of Service (DDoS) attack: This Trojan performs DDoS attacks, which can shut down an entire network by flooding it with traffic.
How to prevent it? Since Trojans often tagalong on legitimate seeming files, be wary when downloading free material online, installing apps, or clicking attachments. You should also keep your devices up to date with the latest security defenses, run periodic anti-virus scans, and use a firewall.
3. Spyware
What is it? Spyware is a type of malware that spies on you. It’s used to clandestinely monitor and collect data on everything you do online including website visits, keystrokes, emails sent & received, payment information used, and passwords typed. Stolen data can then be used for extortion or sold on the Dark Web. Spyware can also cause crashes, the inability to connect to the internet, or disabled firewalls and antivirus software. It often gains access to your device in one of these ways:
- Phishing or spoofing: Legitimate looking emails and spoofed websites that convince a user to click a dangerous link or download a malicious attachment are a main source of spyware.
- Security vulnerabilities: Cyber criminals often exploit known security vulnerabilities and software bugs to gain access to your device and install spyware.
- Software & apps: Misleading free software and apps can secretly contain spyware with the download files.
How to prevent it? Once again, cyber education is important. Be vigilant when using any internet-connected device. Don’t click email links or download attachments from unknown senders. Even if you think you know the sender, hover over an email link before clicking to double check it is what it says it is. If free software sounds too good to be true, it very well could be. Lastly, always keep your devices up to date and use reputable anti-virus software protection.
Social Engineering
Social engineering is when a cyber criminal maliciously tries to trick a person into sending money, installing malware, or giving up confidential/personal information by manipulating the victim’s emotions or gaining their trust. Humans are social beings by nature and can easily be influenced into making decisions they typically wouldn’t make through the 6 principles of persuasion. This makes social engineering extremely effective. Even fun social media trends can be social engineering attempts. We’ve included information about the most common social engineering attack below:
4. Phishing
What is it? In a phishing attempt, the target receives a spoofed email in their inbox that appears to come from someone they know or an organization with which they’re familiar. This gains their trust. However, the email is actually a malicious attempt to get the unsuspecting victim to take an action such as downloading malware, wiring money, or giving up login credentials. There are various types of phishing styles including:
- Spear phishing: Hyper-targeted (using a spear instead of casting a wide net) to a specific person or business in order to steal personal data or install malware on a computer.
- Business email compromise: BEC attacks are designed to impersonate senior execs and trick employees, customers, or vendors into wiring funds to alternate bank accounts.
- Whaling: Targets the big fish in a company AKA the execs.
- Cloning: A legitimate email is copied but the links and/or attachments are replaced with malicious ones.
How to prevent it? Knowing the phishing red flags is key – Urgent or threatening language, spelling & grammatical errors, broad language (“Hello Sir or Madam”), mismatched email addresses or links (@wh0.com instead of who.int), too good to be true promises, requests for confidential information, unexpected emails (an email from “Amazon” about an order you didn’t place), and suspicious attachments. Don’t reply to phishing attempts, even as a joke. This just lets cyber criminals know that your email address is active and they’ll keep bombarding you with more phishing emails. You should also employ email spam protection and disable macros. You can learn more about macros and see examples of real phishing emails here.