As Internet scams increase in sophistication, Network Box advises users to be more alert, with the publication of a guide to common hoaxes, hacks and Internet horrors.
The guide is designed to help IT managers educate their users on common hoaxes, as well as techniques for IT managers to identify and shore up any vulnerabilities in their security systems. The guide looks at the different kind of common attacks, with examples of each, and simple ways for IT manager and employees alike to avoid falling victim to them.
Hacks: The “hacks’ section looks at attacks through application vulnerabilities and SQL attacks, and gives a number of examples of high profile recent hacks, including the attack on hosting company, Vaserv.com, which had more than 100,000 websites deleted from its systems.
Hoaxes: The guide shows an example of the log in page of a hoax site (pretending to be Natwest) next to the real site, to show how sophisticated some of these fraudulent sites can be now. It advises users to look out for the padlock symbol, indicating the authenticity of the site; https, rather than http – always used by real sites for sending secure information over the Internet; and the real URL, as opposed to a bogus URL – commonly (and easily) overlooked by users.
It also examines how fraudsters lure their victims. With the advent of social networking (and associated vulnerabilities), scammers are using false relationships to defraud their target. The so-called “419′ scam is still doing the rounds, but in a much more sophisticated form than the first emails from Nigeria, with victims persuaded to meet con artists in person, resulting in financial fraud or even, in the most extreme cases, the murder of the victim.
The “Storm Worm’ trend continues, which entices readers to open attachments by associating them with topical disasters or news: “Death toll in China exceeds 1000000′, “230 dead as storm batters Europe’ and “A Killer at 11, he’s freed at 21′ are just some of the examples. Equally common are false anti-virus programmes (such as the variant of Trojan.Peacomm, which hit in April 2007), which trick users into downloading a “cure’ for a false virus on the user’s computer.
Finally, key dates in the calendar are proving too tempting for spammers and fraudsters to resist. The guide advises IT managers and users alike to exercise extra caution around dates such as Easter, Christmas, Thanksgiving, Independence Day and Valentine’s Day.
The guide is available in PDF format here.