Top Social Engineering Tricks and How to Avoid Them
Valentine’s Day is fast approaching. (Yes, you still have time to buy a box of chocolates and flowers, but not much time.)
I’ve written before about the way the bad guys tie malware infections to special events – the Olympics, the Super Bowl, the Final Four – but Valentine’s Day seems to be a special favorite of cyber criminals. Or maybe of people who are angry that they don’t have a date that night. Or, if it isn’t Valentine’s Day proper, the bad guys take advantage of affairs of the heart by hitting our desire to find love. According to the folks at Kaspersky Lab, here are the four top love-related attacks:
- “ILOVEYOU” worm, May 2000 – First of its kind, sometimes referred to as “Love letter,” that attacked tens of millions of Windows computers. The email and attachment spread globally and has been regarded as one of the world’s most dangerous pieces of malware.
- Okcupid data breach, January 2013 – 42 million passwords stored in unencrypted plain text exposed member’s names, email addresses and dates of birth, putting those members at high risk of identity theft and account hijacking.
- eHarmony data breach, June 2012 – 1.5 million password hashes were stolen and then dumped online by the Doomsday Preppers.
- Tinder security breach, July 2013 – This incident briefly revealed users’ locations, but was quickly patched.
If employees are looking for a new romantic partner online, there is a good chance they are doing so on a computer or a device that accesses the company network. For example, a new study from anti-fraud company iovation
discovered that 39 percent of online daters are turning to their mobile device. In addition, in January 2014, iovation found that 1.2 percent of all online dating transactions were fraudulent. Those same fraudsters are found at other sites, particularly financial sites, and the problems snowball from there. If your employees are using BYOD
, what kind of risk could they create for the corporate network and perhaps customers and other employees?
Then, of course, there is the danger of social media. Fortinet calls it Socially Transmitted Infections and a particular problem around Valentine’s Day. I don’t know about you, but my social media sites have been inundated with links to romance-inducing sites or encouragement to purchase gifts for my loved one. How do I know they are safe, even if they are coming from someone I know and supposedly trust? I don’t, and that’s the problem. Social media, says Fortinet, is built on trust and most of us don’t think twice about clicking a link sent by friends.
I wish everyone success in the pursuit of love, but perhaps it would be better to take it away from the workspace. A bad date is one thing, but stolen passwords and a network under attack could haunt the company for a long time.