Last time we talked about the basic money mule game plan. Today we’ll talk about some variations and schemes fraudsters use at each stage to see what we’re really up against. I promise this is going to be fun!
- Can you trust an Angry Bird? Emails are disguised as the Angry Birds game or as a Microsoft software update, these look extremely real and are very hard for you to ignore. When you click on the link to play the game or download the update, you instead get malware loaded onto your computer, often without you even knowing it
- Fun fact: 22 percent of Google search results lead to malicious links. (source:Websense)
- Oh, and not to mention those pesky government agencies! Email from the FDIC, IRS and other well-recognized and trusted entities are spoofs. In a recent example, the FBI distributed an alert about an attack that started with spoof emails from the National Automated Clearing House Association, NACHA, which created a network of computers subsequently commandeered to launch a Distributed Denial of Service (DDoS) attack that turned out to be a smokescreen to hide fraudulent wire transfers
- Holy Timeline, Batman! 43% of Facebook users have reported being phished (source: Sophos)
- The other Greek Financial Crisis! An estimated 5 million computers have been infected by the ZeuS Banking Trojan (source: Web Security Journal)
- Hold the phone! Android apps infected with malware called ZitMo (ZeuS in the Middle) are designed to intercept one-time passcodes sent to smart phones
- Congratulations, you are now connected to – VIRUS! Social Networking sites, e.g. LinkedIn and Plaxo, include links to malware
- You’ve heard it before, but you really do get what you pay for, but sometimes you get more! Cell phone charging kiosks at airports, malls and hotels (how nice of them to offer) are configured to read phone data and/or upload malware to your phone as it’s being charged, typically without the knowledge of the nice people who installed the kiosks
There are many, many more examples like these. The real message is that attacks are ever-changing, cleverly disguised and coming at us from all directions. So, you must be constantly on your guard, aware of what to look for, and know what to do when faced with a questionable invitation, email, or website.