Cybercriminals continue to rely on email delivering malicious software threats, all the while their email scams get more sophisticated.
Malware scams are designed to trick you into installing malicious software onto your device, thus broadcasting your keystrokes to the hacker, or simply deploying a digitally-lethal script onto your PC. Phishing scams are slightly different, they are made to lure you into revealing your personal information without the intent of damaging your data or files.
According to The NTT Security Global Threat Intelligence Platform (GTIP), 67% of all malware distribution is email-based and 22% were executed using brute force. Malware comes either in a form of attachment or a link that at first seems like a website address but it turns to be executable file. The types of malware used in scams are commonly Trojan viruses, key loggers and ransomware. Pointing and clicking with your computer mouse to the link or attachment in the email, could have serious consequences. Once installed, the software either pretends to do a legitimate job, or it simply blends in the background performing its malicious actions. Malware scams are designed to make you click that link, thus open the door to your digital life and privacy to hackers.
Researchers point out that scams including malware have a 57% rise in comparison to last year. Since the internet news travel fast, scammers need to change their approach quickly. So one day you will receive an email with reward or lottery, and the other something far more serious like email from the IRS or the FBI. There are numerous ways that an email can be composed, to attract that click… Another way is through social media platforms, Facebook, Twitter, Snapchat are all having the same if not more of impact than email on the targets. Some even use social networks to research and gain information before they send you email. This is called social engineering, anything that is falsely written to catch your attention, even go so far as to copy legitimate websites.
What are some of the emails and social media messages that could make you install suspicious and malicious software?
Tech Support scam
Visiting malware infected website you can get an email from tech support. This scam represents the Email as tech support team from Microsoft for example. Furthermore, suggesting to a target to install software for remote access or similar excuse to access user’s computer. Microsoft recently warned of the piece of malware imitating Microsoft Security Essentials, also known as Hicurdismos. Once installed it will show a fake Blue Screen of Death error message (BSOD). Microsoft is regularly pathing its products, however some software company either no longer uses or pathing is still a target for the hackers. Microsoft would not perform unsolicited calls or emails, especially the ones installing software.
Emergency assistance
Using both email and social media posts, scammers craft a message for person in dire need of help. Links or posts are sometimes infected with malware, which allows the scammer to access your computer and collect valuable information or extort money. The latest monstrosity is connected with victims of Harvey storm in Texas. Message containing the following text, has been circling around the Internet: “The National Guard is being deployed to our Texas area. If you find yourself in a state of emergency. Call 1-800-527-3907. Please copy, paste or share!!!!!” You never know if that money you intended to give is actually going to the people in need.
IRS scam
Internal Revenue Service (IRS) has recently warned about fraudulent use of the logo by scammers trying to get access to victims’ computers to install malware and monitor computer capturing keystrokes. Emails contain links to bogus websites such as IRSgov instead or IRS.gov. Another new scam abusing IRS name is connected to W-2, targeted at the businesses with consumer or employee lists. Again IRS would never send unsolicited emails.
Social media malware
Facebook’s Messenger has been abused to share a video posts lately. While actually the link points to a dynamic landing page that looks like a playable movie. When clicked the link takes you to different websites offering to install update for Flash. Another way is when a person whom you may or not knot, adds you as a friend, once you accept sends a message with attachment containing the malware. A warning sign is when a software you never installed appears “magically” on your computer.
Students and loans scams
College students are one of the most targeted groups online. Fraudulent email sent by fake debt collectors, offering help and ways to reduce or eliminate student loans. In return they ask to be paid upfront. In the mail vicious malware is instructed for install, it injects code enabling criminals to use user’s computer and download files remotely. Not only does it not solve the debt but leaves a student with infected computer.
Lucky You
What once begun as telemarketing ended up being a scam? Email in a sense of “today is your lucky day” should never be trusted, anything from won lottery to your distant relative leaving you with a whole lot of money. Just to tempt you, the prizes are ridiculously high. Following the email you will have to open certain file and malicious software spreads on a computer.
Playing with the Game of Thrones
Apparently all hackers love Game of Thrones, and recent abduction of the season 7 finale is a tool for scam too. You may receive email containing text: “Wanna see the Game of Thrones in advance?“. But, instead of leading you to a video once the attachment is downloaded, it installs a 9002 remote access Trojan. And so the game of fire and ice continues.
Apart from emails and social networks be very wary of phone calls and mobile messages. So what are the ways to protect from scammers?
- Read carefully emails for any mistakes or grammatical errors.
- Do not follow unsolicited web links in email messages or click attachments
- Do not give your personal information without asking why it is needed
- Do a research and check if the mail is legitimate
- Use antivirus software that will protect you from any unwanted malware intrusions.
- Update software and OS regularly
- Educate elders and kids in your family to be careful.
Although home users are the ones targeted, hackers are also likely to target a larger group and that’s business mailbox users. The victimized employees are usually the ones who stay after work hours, concentration and watchfulness is substantially lower than earlier in the the day, and thus are more likely to click virus infested messages. It only takes one mouse click to breach the entire network open to a virus or ransomware attack, and these malware tainted email messages keep evolving as the hackers use new models of phishing and pretexting to reach their goal.