Cybercriminals Use Social Engineering to Hack Victims
Posted by: Timothy Weaver on 01/28/2016 05:17 AM
[
Comments
]
Jean-Phillip Taggart, Senior Security Researcher at Malwarebytes, says: "Why use some hard technical flaw to acquire a password when you can simply ask the user for it?"
1) Clickbait: "Huge snake eats man alive!" Headlines like that will draw people into clicking on a link. The link will lead to a malware infection.
2) Watering Hole Attacks: Hackers use the social media to track users interests. They then infect these popular websites to infect the victims.
3) Social networking attacks: "Cyber criminals know that one of the biggest vulnerabilities people have is their self-image," says Adam Kujawa, Head of Intelligence at Malwarebytes. "People are worried about what others think of them." Second, they make their messages appear to come from a friend. Click on a picture that is supposedly uploaded by a friend and you find yourself infected.
4) Ransomware: Cyber criminals have come up with law enforcement scams that make it appear as though the U.S. Department of Justice or FBI Cybercrime division are contacting you to claim that you've done something illegal. Again, a click and you are infected and your files are encrypted.
5) Phishing/spear phishing: Phishing is a form of social engineering that relies on fooling people into handing over money or data through email. Spear phishing emails are crafted in order to make someone believe they're from a legitimate source.
A healthy dose of skepticism goes a long way. Verify information. Contact the claimed source.
Source: MalwareBytes
1) Clickbait: "Huge snake eats man alive!" Headlines like that will draw people into clicking on a link. The link will lead to a malware infection.
2) Watering Hole Attacks: Hackers use the social media to track users interests. They then infect these popular websites to infect the victims.
3) Social networking attacks: "Cyber criminals know that one of the biggest vulnerabilities people have is their self-image," says Adam Kujawa, Head of Intelligence at Malwarebytes. "People are worried about what others think of them." Second, they make their messages appear to come from a friend. Click on a picture that is supposedly uploaded by a friend and you find yourself infected.
4) Ransomware: Cyber criminals have come up with law enforcement scams that make it appear as though the U.S. Department of Justice or FBI Cybercrime division are contacting you to claim that you've done something illegal. Again, a click and you are infected and your files are encrypted.
5) Phishing/spear phishing: Phishing is a form of social engineering that relies on fooling people into handing over money or data through email. Spear phishing emails are crafted in order to make someone believe they're from a legitimate source.
A healthy dose of skepticism goes a long way. Verify information. Contact the claimed source.
Source: MalwareBytes
Comments
