'Tis the season ... of malware

Every year cyber criminals find the time to give out holiday malware, so look out for these pieces of malware coal

Tis the season…of malware

Cyber criminals have been preparing for another Black Friday/Cyber Monday. It’s a time for them to make big profits too. Last year’s scams will undoubtedly return and some new tricks will arise.

Here are some of the top scams that CSOs should be preparing their company's users to be aware of:

The Amazon Phish

Cyber criminals are attacking Amazon users with a phishing campaign that falsely claims a small number of accounts have been hacked.

[ ALSO ON CSO: The worst of the worst phishing scams ]

Cyber criminals are attacking Amazon users with a phishing campaign that falsely claims a small number of accounts have been hacked. The email starts with an "Important Notice" and you are required to "verify" your Amazon account, by providing payment card information and security details. The email threatens that if you do not comply with the verification process, restrictions may be placed on your account. Well, Think Before You Click. The email is a scam to try to trick you into revealing your credit card information and more. If you see an email like this that has not been caught by any spam filter, delete it. Remember the rule: "If In Doubt, Throw It Out!" Stay safe out there.

Ad Poisoning

People need to understand something about poisoned ads on websites which might infect your computer. Here is the situation in a nutshell: Advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.

And there is the problem. Cyber criminals fool the ad network into thinking they are a legit advertiser, but the ads which are displayed on major websites are poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your PC will be encrypted with ransomware, which costs $500 to get your files back.

So here are a few things you can do about this. 

  1. Disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which blocks the automatic infections. 
  2. Keep up-to-date with all the security patches and install them as soon as they come out. 
  3. Download and install Ad Blocker plug-ins for your browser, these prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular, hundreds of millions of people use them.  

In a network, you could either get rid of Flash all together, or deploy ad blockers using group policy. Here is a forum post at the AdBlockPlus site where it is explained how this can be done. 

Facebook dislike button

At a Sept 15, 2015 Town Hall Q&A session at Facebook headquarters, Zuckerberg mentioned that for years users had been asking about a 'dislike button', and that Facebook was finally working on such an option. He went on to clarify that this would not be a "downvote" for a post, but more meant to communicate empathy in case of bad news.

[ 2014 EDITION: ]

Well, scammers all over the Internet jumped on this like flies on manure, and came out with a multitude of scenarios trying to lure users to "get the new dislike button" in their profile. Over the years there have been a multitude of similar scams.

End-users falling for these attacks wind up giving out confidential information, install malware on their machine, install rogue browser plugins and/or get inundated with unwanted phone calls, emails and snail mail trying to sell them various products.

Star Wars Movie Tickets

​ It's time to warn your users against phishing attacks that try to trick them into winning movie tickets for the new Star Wars movie. For the next two months this is going to be a highly successful social engineering attack that a lot of users are going to fall for. 

The Syrian Boy

​​Lowlifes are exploiting the recent picture of 3-year-old Syrian boy Alyan Kurdi. He drowned while attempting to reach Greece with his family and other refugees.

The picture is used for a variety of scams, Facebook spammers to start with. Their goal is to get as many Facebook likes as possible for their pages, which are called "like-farming scams". Followers are used later for other nefarious uses and sold to marketing firms. This Scam Of The Week focuses on the tactic “1share = 1prayer” which tricks people into sharing the post.

Ashley Madison Extortion

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and this is a message you could recieve: "I now have your information. If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approximate value is $225) to the following address: 1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez. Sending the wrong amount means I won't know it's you who paid. You have seven days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here....."

Business email compromise

There is a 270 percent spike in victims and cash losses caused by a  skyrocketing scam in which cyber criminals spoof emails from executives  at a victim organization in a bid to execute unauthorized international wire transfers. According to the new FBI report, thieves stole nearly $750 million in such  scams from more than 7,000 victim companies in the U.S. between October  2013 and August 2015. In January 2015, the FBI released stats showing that between Oct. 1, 2013  and Dec. 1, 2014, some 1,198 companies lost a total of $179 million in  business e-mail compromise (BEC) scams, (also known as “CEO fraud”).

The figures show an incredible 270 percent increase in identified victims and exposed losses. Taking into account international victims, the  losses from BEC scams total more than $1.2 billion, according to an FBI report.

There is a clear pattern you need to watch out for. It often begins with  the scammers phishing an executive, dropping a Trojan, and gaining 24/7 access to that individual’s inbox. Then they research the organization and monitor the email account for months until the right circumstances  arrive, then they pounce. They spoof the CEO's address and send messages to employees in accounting from a look-alike domain name that is one or two letters off from the target company’s true domain name.

Tech support scams

​The Tech Support Scams are getting worse by the month. Here is a horror story that was just shared. Keep alert for Red Flags like these!  

"My dad almost got badly scammed by a guy who claimed he was from "IT Innovations" selling virus protection for computers. My very trusting dad who isn't at all computer savvy fell for this guys' pitch when he called my parents land line several months ago.

"The same man called back this past Saturday telling dad he had to refund the money because the company was going out of business. He convinced my dad to sign into some website that gave the scammer access to my parents' home computer. Then he got dad to log into his credit union account online in order to make sure the money was back in his checking account.

"It was, plus an extra $2,000. When my dad told the guy he said he had made a mistake and wanted my dad to wire the money back to him. Thank God my mom walked into the house and made my dad stop and power off the computer.

"At this point the guy was yelling and threatening my parents over the phone. My mom simply told him he wasn't getting his money back, that he is evil, and hung up on him (go mom!). Thank heavens my parents know the president of the credit union and they were able to get the accounts locked down immediately, get new accounts, and the guy didn't get a penny.

Here is the crux of the scam, pay attention to what happened! 

 "What he had done was transfer money from one of my dad's other accounts into his checking so that it 'looked like' he had sent my dad money when in fact it was my dad's money all along."​

Sjouwerman is the founder and CEO of KnowBe4. He teamed with Kevin Mitnick, the world’s most famous hacker, to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.

This story, "'Tis the season ... of malware" was originally published by CSO.

Copyright © 2015 IDG Communications, Inc.