Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Six rising threats from cybercriminals

John Brandon | May 19, 2011
Watch out for these cyberattacks that can turn smartphones into texting botnets, shut off electricity, jam GPS signals and more.

Stratum Security's Morehouse says criminals are becoming increasingly crafty on social networks: They first identify a target, then do the research -- what is this person like, whom do they follow, what do they like to do?

What's more, social network attacks are sometimes combined with email and website spoofing, Morehouse says. You might develop a friendship on LinkedIn and then get an email from that person that looks like it was sent via LinkedIn but is actually a fake. When you click the link to reply to the message, you're taken to a fake LinkedIn site; logging in there reveals your LinkedIn username and password to the spoofer.

LinkedIn email spoof
The email message above looks like it came from one of your LinkedIn friends, but look closely at the domain name and you'll see it's a fake.

LinkedIn site spoof
If you click on a fake LinkedIn message, you'll see a fake site -- a ploy to steal your log-in and password.

Another type of attack Morehouse describes targets companies as well as individuals. The spoofer might set up a Facebook page pretending to be the official company page for, say, a retailer like office supply giant Staples. To make it seem credible, the spoofer might claim that the page is a formal method to contact the company or register complaints.

The page might offer free (but fake) coupons to entice people to join, and it soon goes viral as people share it with their network of friends. Once hundreds or thousands of users have joined the page, says Morehouse, the owner tricks them into giving out personal information, perhaps by signing up to receive additional coupons or special offers.

This is a double attack: Consumers are damaged because their personal data is compromised, and the company is damaged because its customers associate the fake Facebook page with the real company -- and decide not to buy from that company anymore.

As with text-message attacks, individuals' best defense against spoofing attacks is to use common sense, Joffe says -- criminals usually do not do a good job of impersonating a person or company, and they tend to send links and phishing scams to con you. They might try to mimic a friend but rarely manage to accurately convey their personality. In some cases, the attacks are traceable through e-mail headers or IP addresses, and most attacks are too general and untargeted to be believable to anyone who's careful.

 

Previous Page  1  2  3  4  5  6  7  8  9  10  Next Page 

Sign up for CIO Asia eNewsletters.