You’ve read about the government’s GetSafeOnline campaign. You’ve seen the news articles about loss or theft of data from the largest of companies and government agencies. But, hey, you’ve not been affected. Why do anything, it only happens to the other person?
I say to you, “Not so fast Mr It Ain’t Gonna Happen To Me”. That ‘other person’ is going to be you and your business if you don’t take a few moments to make sure you’re safe and secure. Cyber criminals and organised crime do not take holidays. But, neither do the thousands of people across the planet working 24/7 to help make the internet safer.
What's in store for this year?
2008 will be all about the Social Engineer – internet miscreants getting you to do something we would not otherwise do online had we been given all the facts, such as clicking on a link in an email from someone we don’t know, giving out personal details that we wouldn’t give to our next door neighbour, wire transferring money in reply to a ‘get rich quick’ scheme and many other variations.
More importantly, 2008 will be about recognising the social engineered email, text or link. Many people have developed at least a basic awareness of internet security, and businesses have done well to educate their employees in the past. New scams come and go, but social engineering crimes that hinge on tricking people into clicking on attachments or links to activate the scam are, as we identified in 2007, increasingly used to underpin all these scams. Television programmes such as The Real Hustle demonstrate how this process has infiltrated both the on and offline worlds and cyber criminals are using social engineering to create ever more advanced methods of infecting computers or stealing data.
The list of malicious, social engineered tactics is almost as limitless as the imaginations of those that perpetrate the attacks, but there are a few that need highlighting in particular, either for their expected prevalence or prominence in 2008.
Most of us have experience of receiving phishing emails at some point and this type of attack accounted for more than one in three infected emails in the first half of 2007.
However cyber criminals are increasingly employing “spear-phishing” whereby an event topical to an audience, perhaps around the time when tax refunds are expected, or when your company’s HR department alerts you to yearly bonuses, is used to lure victims in with the promise of relevant news.
The Christmas and New Year’s holiday may be over for another year but don’t think that e-greeting card scams will disappear. Data suggests that URLs emailed through these scams will actually increase in 2008. These online cards typically have a general subject line such as “You’ve received a greeting from a family member” that, when clicked, installs malicious software to the person’s computer that can log information, remove data or use it as a distribution device forfurther attacks. We all like to think that we’re too clued-up to fall for such scams, but with the vast variety of tools with which content can be shared online these days, it’s all too easy to fall into a ‘click first, ask questions later’ approach.