It is almost summertime, and while the livin' supposedly gets a bit easier, it remains risky. As the vacation season approaches and everybody is planning travel, socializing with friends and family and relaxing, people in the "always connected" world should add one more item to their list: Don't relax when it comes to online security.
Social engineering scams are more ubiquitous and sophisticated than ever. And they can do a lot more than ruin a vacation. As experts consistently point out, a successful scammer can steal, destroy or hold your files hostage, install malware on your computer, steal your identity and other personal information, steal your money, break into your house and ruin your reputation.
There are dozens to hundreds of such scams, but with the help of several experts, CSO has selected a somewhat arbitrary "Top Five" that represent the most common social engineering threats that target individuals and organizations, concluding with some general advice on how to detect and avoid them.
1. You've won a free ticket to the World Cup!
No, you haven't. But Christopher Hadnagy, CEO of Social-Engineer Inc., said the breathless email that potential victims receive is hard to detect and resist.
"This one is particularly evil," he said, "since they have a valid SSL (secure sockets layer) certificate. This means that everything really looks legit. It would take extra work to look into the URL and who owns it."
Of course, if targeted victims clicks on a link that promises to print the ticket, they are instead loaded with a Trojan and then hacked the goal is to plunder personal banking details.
Hadnagy said he doesn't know where the scam originates. "Without being able to analyze the malware it would be hard to say," he said. "But we do know they are using a database breach, as they have a lot of data on their clients. And they are most likely going after banking info from their targets."
He added that he also doesn't know how many victims have been ensnared by the scam, "but in Brazil alone there are a reported 50-60 new phishing links reported every day."
Security vendor McAfee calls a similar scam related to the World Cup the "Red Card Club," according to Robert Siciliano, CEO of IDTheftSecurity and also a blogger for McAfee.
"It involves 11 footballers whose names appear on web sites that contain the biggest threats of malware infection to fans who visit," he said. "Cristiano Ronaldo and Lionel Messi lead the pack, followed by other footballers like Karim Ziani and Iker Cassillas.
He said the scam appears to have originated in South America and Europe, and the goal is to, "trick fans into giving up personal information so that the thieves can steal an identity or get credit card information and max out the fan's cards. The sites most likely to be risky are those offering videos showing the athlete's skills, and screensaver downloads," Siciliano said.
Sign up for Computerworld eNewsletters.