Here’s a scary scenario. You’re innocently surfing the Web, maybe on an unfamiliar site, not paying close attention. Suddenly your computer screen fills with illegal pornographic images of minors. You try to navigate away, but a warning screen branded by the National Security Administration’s Internet Surveillance Program pops up with the message: “Your computer has been locked due to suspicion of illegal content downloading and distribution.”
You are then offered a sort of Hobson’s choice: Pay a fine immediately, or face prosecution for downloading child pornography.
The folks behind that scam were actually based in Russia, SC Magazine reported, not NSA headquarters. The number of people entrapped by this type of scam has been increasing exponentially. According to a recent report from McAfee, an Internet security company, they catalogued fewer than 25,000 samples of ransomware per quarter in the first half of 2011. In the second quarter of 2013 alone, the number of new samples multiplied to more than 320,000, (which was double the number in the first quarter of this year).
“During the past two quarters we have catalogued more ransomware than in all previous periods combined,” MacAfee found. “This trend is also reflected by warnings from law enforcement and federal agencies around the globe.”
If you think the most common cyber scam still involves deposed Nigerian royalty eliciting your help to extract fortunes from African banks, your time machine has stalled. Cyber ninjas have become far more creative, sophisticated and inscrutable. With that in mind, here are five links you should never, ever click.
1. Mobile Apps That Are Unfamiliar to You
It’s easy to think of spam and phishing as email-based scams. But with the rise of mobile devices, scammers have added mobile apps to their repertoire. Malware attacks on Android phones grew by 35% to nearly 18,000 new samples in the second quarter of 2013, according to McAfee.
It appears the onslaught will only grow worse. While the number of attempted mobile device hacks increased by just over a third, the total number of new malware applications discovered by McAfee researchers in the second quarter was double the number found in the first. This trend suggests that cyber scam artists are honing their craft.
Mobile malware takes many forms. It could purport to come from your bank. It could trick you into paying for a fake dating app. Some scammers even “weaponize” legitimate apps, turning real programs into spying machines that siphon your location, contact and other data away from legal enterprises and funnel it into the black market.
How to Avoid It: Control the impulse! Don’t just click on any app no matter how cool it seems at first blush. And just because you see it in the app store doesn’t mean it’s safe. Do the research to make sure it’s the real deal before you download.
2. Remote Access
In the latest and most popular iteration of this scam, con men pose as employees of Microsoft. They send emails, instant messages or texts with warnings that your computer has contracted a virus, and provide a link that you can click so a “Microsoft employee” can fix the problem. The thieves claim to work for different divisions of Microsoft such as Windows Helpdesk and the Microsoft Research and Development Team.
Once the scammers gain access, they “can install malicious software, steal personal information, take control of the computer remotely or direct consumers to fraudulent websites where they are asked to enter their credit card information,” according to the Better Business Bureau.
How to Avoid It: Never trust an unsolicited contact. Only provide personal information or agree to a remote access session when you initiate communication. If, for some reason, you are contacted by anyone representing an institution with which you have a relationship, always confirm the authenticity and contact information of the organization before you respond and then only to the appropriate department.
While you mindlessly surf the Internet, you may accidentally click on sketchy ads or spam. Or perhaps you get an email with a tantalizing picture or link, which ultimately sends you to a site rife with illegal pornographic images. Such despicable lures are just one part of the larger epidemic of ransomware.
How to Avoid It: Pay attention! Absentminded clicking can land you in a world of pain. Also, deal with businesses that are security minded. These businesses have their websites tested at least annually for vulnerabilities, then fix the security gaps before you get trapped in them. Intentionally clicking on illegal sites, however, will (and should) entitle you to a one-way ticket to a federal sleep-away camp for a not inconsequential period of time.
4. Authority Scams
Email, texts or phone calls alerting us to issues with our checking accounts, tax returns and credit cards tend to elicit knee-jerk instant responses (and are designed to do so). A natural tendency is to immediately provide whatever personal information is required to identify ourselves and make the problem go away.
This is not lost on scammers, which is what makes “authority scams” so appealing to those on the dark side. From May 2012 through April 2013, 102,100 Internet users globally received phishing attacks every day, twice the number of recipients the previous two years, according to a report by Kapersky Lab, an Internet security company. Of those attempts, 20% involved scammers impersonating banks. Of all fake and deceptive websites, 50% of those discovered by Kapersky attempted to impersonate banks, credit card companies and other financial services such as PayPal.
How to Avoid It: Before clicking any links, entering any username or password information or flinging any kind of precious personal information into the ether, stop, take a breath and think. No reputable financial institution, or government entity, would ever ask you to provide such data via email; nor would they cold-call potential victims of fraud and request sensitive personal data. If you receive an email alerting you to fraud and requesting that you verify by email your account username and password, it is – by definition – a scam.
5. Drug Spam
For nearly as long as there’s been email, there’s been spam. Creative criminals have used lures of all stripes to entice people into clicking on links in their emails. Email has become the “carrier” for malware. The email subject may be about a job, travel, shopping discounts, sex, news, or, the most popular, drugs. McAfee’s research team has found that about 20 percent of all spam emails sent to recipients in the U.S. referenced drugs in the subject line. It’s no wonder with the cost of healthcare in the U.S. that this is a particularly effective subject line. Delivery service notification, in which fraudsters claiming to be from UPS or FedEx say they could not deliver a package, came in a distant second.
How to Avoid It: Don’t take the bait. Why would you buy drugs from anyone who contacts you blindly over the Internet? Your health, your bank account, or both will suffer. And, if you’re expecting a package, contact the shipper directly.
These scams will continue as long as people will fall for them. It’s all about fear, carelessness, curiosity or distraction — any of which can lead to financial issues, health implications or being labeled a criminal — even a sexual predator. The convenience and access of the Internet creates vulnerabilities, opportunities and also requires personal responsibility. Before you click, weigh each against the other and do the smart thing.