Natural disasters, such as the devastating earthquakes in Haiti and Chile in early 2010, are often used in fake disaster relief scams. But in 2009, few natural disasters attracted global interest, so cybercriminals launched more targeted campaigns focused on regional events.
Manmade disasters were also exploited in a number of Web-based attacks. One scam claimed to have recovered $1.3 billion in funds hidden by convicted Ponzi schemer Bernard Madoff.The site asked victims to submit personal information to verify their entitlement to a refund - a shameless effort to further exploit victims of financial fraud. During periods of slow disaster news, cybercriminals repurposed older disasters, such as 9/11, by driving users to 'commemorative' sites that doubled as a fake antivirus attack.
The most successful attacks of 2009, as in previous years, required a successful social engineering component at one stage of the attack or another. For instance, fake antivirus scams exploit common security fears, while fake code malware teases individuals to the point where they lack the patience to really think about what they are being asked to do.
In addition, death, disaster and drama have become hugely effective vehicles for spreading malware. These tactics are explored in more detail below.
As part of a comprehensive review of 2009, Blue Coat Systems has compiled this list of the most common (and successful) bait and scams the bad guys are using to install malware on unsuspecting users' systems and steal personal information.
An effective content automation solution can ease the transition to a digital-first distribution strategy, helping companies preview and approve content across all platforms and media types. ... More >>