Five Top Internet Scams
Internet scams come in a variety of forms, all of which threaten cyber security. Although new variations of each type appear every year, these long-standing internet scams persist as hackers get more creative. We’ve included a handy infographic a the bottom to post as a reminder. The embedding code is at the bottom of the page. Feel free to share this on your website as long as you cite the source!
The solutions to internet scams, malware, and hacks are not that simple. The infographic at the end of this post, is a good start and a reminder for your staff. Part of your strategy should include keeping systems up-to-date and working with your IT Department to secure systems.
What are Phishing Scams?
This type of internet scam is an email scheme that attempts to obtain personal information from the recipient. The phishing email seeks password, account numbers, dates of birth, or even softer information like pets’ names. The information is later used to gain access to accounts or transfer money to the hackers. Phishing scams are not targeted; they are purely an odds game.
Certainly, you or someone you know has received a request from a “Nigerian Prince” who wants to send $10,000 USD or more of you would only click on this link! Don’t worry that link just goes to our home page!
Spear Phishing Scams
What are spear phishing scams?
This is a much more interesting version of the phishing scam. Rather than a generic Nigerian Prince general trolling scam, this scam sends a targeted email from a familiar name or business. The lucky recipients of the spear phishing scam already know their attacker – sort of! A potential victim may receive an email from the bank they do business at or from their own mother. Like the phishing scam, the spear phishing email asks for some personally identifiable information and asks the reader to click on a link.
Last March Hillary Clinton’s campaign chairman John Podesta received an email that appeared to originate from internet giant Google.com The email claimed that there were attempts to hack Podesta’s Gmail account and that he should change his password. The campaign staff was wise to verify the legitimacy of the email with the IT staff.
Another staffer emailed Podesta’s office, in error, reporting that it was “a legitimate email.” But he also directed Podesta to change his password. Although Podesta did change his password, he did so via the link in the email which was indeed a spear phishing scam. Podesta handed hackers his email password which they used to steal ten years of email records and release them though WikiLeaks
This type of internet scam also involves obtaining personal information. But it is not all done through the internet. Hackers use websites and social media to obtain the name of higher level employees. They then, go boots on the ground and begin to gather more sensitive information from other trusting employees. For example, hackers once called the internal corporate support desk of a major Philadelphia corporation. They talked their way through asking to have the password of one of the VPs reset and forwarded to another email address. Easy, they were in and all with the paid staff of the company who were none-the-wiser.
Ransomware is a type of malware internet attack. Ransomware attacks take control of a computer system and demand a ransom in exchange for returning control to the owner. Sometimes ransomware attacks steal data in advance and then threaten to release it unless the ransom is paid. The most recent ransomware attack was the global WannaCry malware that hit Europe.
Packet sniffing is a different type of internet attack. A Packet sniffer is known as a packet analyzer or a network analyzer. Hackers listen (“sniff”)to all Internet traffic with special apps. They then use patterns in the data to determine the header information from individuals’ data. Packet sniffers can differentiate between web browser traffic, email traffic, FTP as well as other types. Packet sniffing can be used legitimately but is a common hacking tool used on open WiFi connections to scam login and credit card information.