We all recognize the classic internet hacks and scams. Whether it be a plea for help from a Nigerian prince who wishes to place a large sum of money in your bank account; a request from a friend’s email account, noting he’s stranded in Spain, and asking you to send him a few dollars; or a request for legal counsel coming from a major corporation in Japan that just happens to prefer to use Gmail, these familiar efforts are easy to spot. As the old approaches become less effective, however, the scammers have to look for new ways to get lucky. Some of the more recent include:
- The Mysterious Flash Drive. The IT security world has known for years that a thumb drive can be a useful method of getting malware on a computer system, going back at least to 2008, when the Defense Department was hacked, after employees who found flash drives left in the Pentagon parking lot decided to investigate by plugging them into their Pentagon computers. Yet, in a 2013 study of 300 IT professionals, 78% of them still admitted to having plugged in an unknown flash drive they had found laying around.
- The Account Verification Ruse. UPS is trying to deliver a package, click here for details. There’s a problem with your PayPal account, respond here or else we will disable. Visa would like to increase your credit line, please confirm your account information by clicking below. Emails purporting to come from respected companies can look and feel real, but spoof sites will take your information and use it against you. One remarkable story of account verification gone horribly wrong can be found here.
- Attack of the Clones. To breach security, all a hacker may need is for you to click on a link or open an attachment sent in an email. While we all may be skeptical of emails from those we don’t know, what about an email that appears, at first blush, to be sent internally? I heard one story about an email that appeared to be sent inadvertently from a company manager, which seemed contained salary information on others at the company, which nearly everyone opened. Another story comes from the Financial Times, which was recently scammed by an email that appeared to come from FT’s own IT department, using FT terminology, from an FT email address, asking FT users to change their FT passwords.
Surely, scammers will continue to try new ways to get lucky. In short, if you’re not sure about it, don’t click on it. If you are suspicious, ask your security team to run it down for you. That said, if you still want to get lucky, disregard what I just said about not clicking on things recommended by strangers, and enjoy this video.