Savvy computer users are well aware of the fact that online scammers are renowned for playing off of public interest in current events and the latest breaking news to trick computer users. So, it may come as no great surprise that fraudsters again leveraged a hot global issue to con computer users: the swine flu epidemic. Find out how to avoid these types of socially engineered threats.
Understanding the Threat
Years ago, malware, viruses and spyware were spread in relatively unsophisticated ways. Unfortunately, those days are long gone. Social engineering attempts - when users are manipulated into performing certain actions or disclosing confidential information - are becoming more advanced and increasingly prevalent.
According to Albin Bodahl, a malware analyst at the Malware Labs at Lavasoft, "Times are not the same anymore because malware authors constantly invent new intellectual ways to compromise machines. The target has moved from the actual computer to full focus on users. Lavasoft Malware Labs has seen a major increase of obfuscated downloads which make use of social engineering tricks."
"Nowadays, users oftentimes infect their own machine by making an interactive choice," Bodahl says.
One of the latest lures cyber criminals used was the worldwide news of an influenza pandemic. From the cyber criminals' perspective, the topic had all the right characteristics needed to pull off an online scam: a global nature, a hot media-hyped issue, and high levels of curiosity and concern by the general public.
The Bad Behavior
True to form, cyber criminals were quick to capitalize on the news of the global swine flu epidemic to infect computers and steal personal information. And here are the stats to prove it: while the phrase "swine flu" had reportedly not been seen in spammed messages prior to the end of April, an estimated 5 percent of junk mail clogging inboxes around the world referred to it at the start of May, according to industry statistics cited in a Guardian.co.uk article.1
The reason for sending these spammed messages? Cyber criminals were attempting to bring users in contact with malicious links or attachments; scammers enticed victims to click links to bogus health websites peddling vitamins, vaccines and other supposed prevention measures (in an attempt to capture banking information or credit card details), and were also seen pushing links to videos (requested the viewer to download a fake codec in order to watch the video), according to industry reports.
News of swine flu has died down in recent weeks, and likewise, so have these specific types of scams. Still, socially engineered ploys, like those developed by the swine flu outbreak, flood the Web. There simple steps you can take to ease your chances of getting scammed include:
1. Always get your news from a reliable source.
If you are curious about the facts of the latest news story, go directly to a trustworthy online resource. Do not trust links in instant messages, e-mail and other personal messages.
2. Be aware of popular phishing scams.
The best way to beat social engineering scams is awareness. Familiarize yourself with common phishing scams so you know what to expect. Refer to archives like the one on the Anti-Phishing Working Group site to see updated examples of scams.
3. Protect your PC.
Have updated security software in place (anti-spyware, anti-virus and a firewall) and make sure your operating system and applications are fully patched.