Social Scams and Why They Work

Over the last week, as New Zealanders begin to change their jandals (flip-flops / thongs) for shoes, I’ve noted a significant increase in the number of “warnings” being posted in my social network feeds. This is not uncommon and it’s not unique only to my network of contacts as these articles point out.

Scam ImageNow, for the most part, folks in my social stream tend to only get caught on an infrequent basis by these messages. I do my best to flick a link back if it’s an obvious hoax, as do others who we share as common contacts. I have been caught myself and have more than once shared something which, if I’d relied on more than wishful thinking, would/should have been filtered out.

So – why do these attacks work, why do the hoaxes perpetuate, and what can we do as a community to reduce our chances of passing on misinformation to our networks?

The simple answer is diligence. Continue reading “Social Scams and Why They Work”

“If something seems too good to be true…

…it probably is.”

It’s an old, well-worn saying for sure, but it holds as true today as it did way back whenever the anonymous, cynical, amateur philosopher came up with it.

Recently in New Zealand, there have been an increase in phishing attempts trying to get people to open email attachments which then deploy malware onto the computer, and recruit your PC into a global network of compromised machines.

A few weeks ago, there were a number of emails arriving to various mailboxes I hold claiming to be from DHL or UPS and containing details of a package delivery, over the last few days, this threat has evolved to include messages purporting to be from Amazon and including details of a paid order.

The short version of this post is simply:

Don’t open attachments from people you do not know”

…but we can also extend this advice to “Treat any attachments or links from people you think you may know with a healthy dose of caution”.

For those who are interested in a little more information

The biggest risk around phishing attacks is they take advantage of our human nature of curiosity, implied trust of people (especially those we believe we know) and, dare we say it – greed. These “social hacks” are useful in that it’s relatively simple to change the appearance of an email so it looks like it comes from a friend or colleague, or to obscure a link to make it appear that is comes from your bank, or favourite social networking site.

It’s human nature…

The very nature of how we as humans operate is once we recognise a name we believe we can trust, we instinctively lower our defenses to being scammed and are often convinced to click that link, or open that email attachment.

The best defense against such attempts is a healthy dose of skepticism, look closely at the link, does it look long and complicated, does it redirect through a web domain that you don’t recognise?

Scan your email attachments – and, if you are in any doubt, contact your friend/colleague to check on the attachments validity. Or, visit the website directly rather than clicking on the link within the message – if it is your bank contacting you, you’ll still be able to access the information directly from the bank website, if it is a message from Facebook – you’ll also be able to get those updates direct from the site.

Protection at Home

In terms of viruses and malware, we don’t have anything near the same level of protection that we may enjoy on a corporate network. It’s up to us, whether we’re at work or home, to make the right decisions when dealing with any communications which may expose us, our machines, our data to risk. Email, Instant Messenger links, Social Network links/messages/applications, the list goes on – they’re all targets

The best advice I can offer is:

  • Keep your operating system and applications updated with the latest patches as they are released
  • Invest in a good anti-virus/anti-malware program, keep it updated daily – and use it to perform regular full scans on your systems, as well as checking out those suspicious files
  • Access websites from your browser rather than via emailed links
  • Perform regular backups of your important files (don’t forget your digital photos & video)
  • If you think you may have been compromised, scan your systems, change your passwords and seek help.

Above all, employ a healthy dose of skepticism when dealing with communications that you are not expecting, even when you believe you know the sender – and be careful out there…