Question: What do holiday charities, school closings,social media and ransomware have in common?
Answer: They are all tools that cybercriminals use to steal money from you!
Social engineering is a fancy way to describe old fashioned lying. It is what happens when bad guys use deception to get people to do something really dumb that they would not ordinarily do. Most hacking, cybercrime, and data breaches are not caused by sophisticated attacks but are accomplished by social engineering.
The bad guys play on your emotions so that your desires overpower your judgment and “BAM!” they got you. This is the Nigerian Prince. This is the chain letter. This is countless other examples just like that. Remember the old lesson, “if it seems too good to be true …”
There is another variant floating around during the Holidays especially. Sad stories about people suffering tragedies during the Holidays, news events of tragedies during the Holidays, etc. and they all play on your emotions to get you to either give them something (money or data), propagate the scam by sharing it, or downloading something such as ransomware that will then force you to give them something!
Yesterday, I saw a different twist on this emotional game. With freezing weather moving in, Facebook was littered with people sharing a “story” with an image that read “SCHOOL CLOSINGS” that led you to something that was not a legitimate story on school closings (I don’t know what it was, I didn’t click on it). This “fake news” item may have been good fun or it may have been something worse, I don’t know because I didn’t click on it. But what I do know is this: researchers have recently discovered that cybercriminals are now using Facebook and LinkedIn to distribute Locky ransomware through people clicking on images.Facebook and LinkedIn to distribute Locky ransomware through people clicking on images. If the bad guys see that people love clicking on “SCHOOL CLOSING” links, you can bet they will start using them.
This Holiday Season and always, click with caution!
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.