I have noticed an uptick in the amount of junk mail I receive, the number of people getting hit with viruses, and the number of technical articles talking about botnets. What’s going on??
Basically, the bad guys are getting better at being bad. Grammatical and spelling errors are becoming less common while the use of real company logos and lingo is becoming more prevalent.
Many people no longer are naive enough to click on a link in an unsolicited email – even if it [erroneously] claims to be coming from someone they know. But what about clicking on a popup on a webpage you are visiting as a result of a Google search? Most people think they can just click the ‘Cancel’ button. However, even “legitimate” websites don’t always keep their servers patched in a timely manner, and the bad guys sneak a small piece of malicious code into the innocent website. And guess what? The bad guys label the ‘Install’ button “Cancel”, so the user gets nabbed.
But let me run another one past you… What if you decide to do some online shopping at Macys and find something you want to order. And further suppose when you place your order a security dialog like the one shown to the right appears. What do you do? It turns out that if you filled it out and clicked Verify, you would become the victim of identity theft. This popup was actually a ‘man in the middle’ attack, having nothing to do with your Macys order! The bad guys were monitoring your PC browsing and when they saw you placing an order, they jumped at the opportunity to do a little social engineering. And the only clue was that your SSN and Mother’s Maiden Name was being requested in a situation that doesn’t typically request it. Never give out your SSN!!!
No comments:
Post a Comment