Fraudsters are constantly looking for new methods of stealing personal information, making traditional ways to spot illegitimate sites or potential malware attacks ultimately useless. Graham Cluley reports the emergence of two new cyber crime tactics.
Phishing has been a favored practice of criminals for decades. And why not? It has proven highly successful for stealing personally identifiable information (PII). Traditionally, phishing websites and emails had easily recognizable characteristics: grammar and spelling errors, obscure hyperlinks, unfamiliar sender domains and odd attachment file extensions (.exe, .html, double extensions, etc.). For the most part, hovering over hyperlinks to confirm their true destinations and examining file extensions were effective in avoiding a phishing attack. Unfortunately, this may not be the case today.
How does tactic #1 work?
Initial phishing attempts may still utilize email attachments that can make these attacks easier to spot. But, researchers fear that hackers could turn the illegitimate pages or forms into active websites with names similar to legitimate websites. As a result, these phishing attacks could be virtually impossible to detect.
— My Online Security (@dvk01uk) June 13, 2016
Tactic #2: Internet Service Provider (ISP) Scam
Scams work by impersonating an individual or a business to obtain funds or your personal information under false pretenses. Tech support scams where hackers create fake anti-virus pop-ups or impersonate tech representatives over the phone to gain access to your computer have become increasingly popular.
However, a new type of tech support scam has emerged, using legitimate computer software as a front door to users’ computers. Hackers are now able to impersonate an individual’s Internet service provider (ISP) to either gain remote access to the victim’s computer or scam them out of money for their “services.”
How does tactic #2 work?
Criminals grab victims’ IP addresses to determine their ISP through single-pixel malware hidden in ads or graphics on legitimate websites. These tracking devices, known as web beacons, are typically used to learn more about a user’s activity like whether individuals have opened emails, clicked on links or visited various website pages for marketing purposes.
Hackers have taken this approach because it’s a more efficient and cost-effective way to gain access to your personal computer. Hidden malware allows hackers to go virtually undetected, as cold-calls and unfamiliar pop-ups have become obvious cons to avoid.
- Look for the green lock icon at the top of the web address bar to ensure you are using a secure website before entering any personal information into online forms.
- Always contact your ISP directly if you receive any notifications regarding your service or if you are in need of technical support.
- Never open email attachments from senders that you do not know, especially if they have unusual or multiple extensions.
- Take advantage of your Internet browser web tools (like Firebug for Firefox) to inspect suspicious elements of a website’s code.