It is almost summertime, and while the livin' supposedly gets a bit easier, it remains risky. As the vacation season approaches and everybody is planning travel, socializing with friends and family and relaxing, people in the "always connected" world should add one more item to their list: Don't relax when it comes to online security.
Social engineering scams are more ubiquitous and sophisticated than ever. And they can do a lot more than ruin a vacation. As experts consistently point out, a successful scammer can steal, destroy or hold your files hostage, install malware on your computer, steal your identity and other personal information, steal your money, break into your house and ruin your reputation.
[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
There are dozens to hundreds of such scams, but with the help of several experts, CSO has selected a somewhat arbitrary "Top Five" that represent the most common social engineering threats that target individuals and organizations, concluding with some general advice on how to detect and avoid them.
1. We can help you avoid Cryptolocker!
This pitch offers victims a chance to download a security patch to, "protect against new malware circulating over the net,' allegedly from security vendors," according to a blog post by John Zorabedian, of security vendor Sophos.
Zorabedian quotes fellow blogger Paul Ducklin, noting that, "the email doesn't explicitly mention the Cryptolocker ransomware that locks your files and tries to sell them back you. But there is little doubt that many recipients, having heard of the ongoing saga of Cryptolocker, will be more inclined than usual to read on.
Instead of a security patch, victims download Zbot, which cybercriminals use to load other malware onto an infected computer. The most important thing for the targets of such scams to remember is that legitimate security vendors never deliver patches in an email.
[Insider: CSO's ultimate guide to social engineering (registration required)]
2. Please send me money, grandma! And don't tell my parents!
This scam is not new, but it remains popular for a good reason it still works. Attackers are much better at it, in part because people post so much personal information about themselves on social media sites, making it much easier to provide credible information to a potential victim often an elderly relative like a grandparent.