The best way to avoid such scams, he said, is to, "beware of the free download' offer. If a site wants personal information like your email address or credit card before letting you see an exclusive' story, run for the hills," he said.
2. We can help you avoid Cryptolocker!
This pitch offers victims a chance to download a security patch to, "protect against new malware circulating over the net,' allegedly from security vendors," according to a blog post by John Zorabedian, of security vendor Sophos.
Zorabedian quotes fellow blogger Paul Ducklin, noting that, "the email doesn't explicitly mention the Cryptolocker ransomware that locks your files and tries to sell them back you. But there is little doubt that many recipients, having heard of the ongoing saga of Cryptolocker, will be more inclined than usual to read on.
Instead of a security patch, victims download Zbot, which cybercriminals use to load other malware onto an infected computer. The most important thing for the targets of such scams to remember is that legitimate security vendors never deliver patches in an email.
3. Please send me money, grandma! And don't tell my parents!
This scam is not new, but it remains popular for a good reason it still works. Attackers are much better at it, in part because people post so much personal information about themselves on social media sites, making it much easier to provide credible information to a potential victim often an elderly relative like a grandparent.
"The attacker poses either as a friend or family member in trouble in another country and in need of money," said Michele Fincher, chief influencing agent at Social-Engineer, Inc. "The request for help is usually combined with a plea for silence out of embarrassment or not wanting to worry other friends or family members."
Liz Phillips, a freelance journalist, wrote in The Guardian last fall about clicking on a link she thought was from her internet provider, BT, asking her to confirm her email address with a code. Instead, hackers got her entire address book of more than 1,000 contacts, and she started getting calls from friends the next morning saying they had received an email purportedly from her, saying she was stranded in Ukraine, "having lost my passport and cell phone, and urgently needed £2,100 to settle my hotel bill and get home."
Fortunately, none of her friends or family fell for it, and after spending a morning on the phone with BT and waiting 48 hours for her addresses to be restored, she had learned a hard lesson. "I have learned never to click on a link in an email message, no matter how genuine it appears," she wrote. "In future I will close the browser, reopen it and type the address directly into the address bar."
Sign up for Computerworld eNewsletters.