TrendLabs Digital Life E-guide: What Is . - Trend Micro (UK)

ADIGITAL LIFE E-GUIDEWhat is Social Engineeringand How Does it Works

What is social engineering?Social engineering is the art of deceiving people.It is a popular tool cybercriminals use to gettheir dirty hands on your money. In today’sSocialprofit-driven world, cybercriminals are noengineering, a termlonger just after infamy, they’re afterpopularized by hackeryour money.turned-consultant, KevinWorse than the most intrusivemalware, socially engineered threatsare harder to protect against. Why?Because they target you, not just yoursystem.Mitnick, is the act of trickingpeople into doing somethingthey don’t want to or givingout confidential information.Source: http://en.wikipedia.org/wiki/Social engineering (security)The most effective way to protect yourselffrom these threats is to stay informed. Know whatto watch out for, what to avoid, and what to be careful of.

Big news can be bad news.Buzz-worthy events like natural disasters or highly anticipatedproduct or service launches always catch people’s attention.And those with a working system and Internet access naturallysurf the web to ride the wave. Little do they know nor careabout the cybercriminal traps that lie in wait for them.WHAT YOU SEE: Social media posts with links to hard-to-resistvideos or photosWHAT YOU DON’T SEE: Cybercriminals waste no time laying traps,aka malicious sites, every time a big event hits the fan. These sites,often malware laden, can automatically wreak havoc on your system.Some redirect you to surveys or ads but none ever lead to what you werepromised.WHAT YOU SHOULD WATCH OUT FOR: Malicious links to fake news sites orpagesBUZZ-WORTHYEVENTS CYBERCRIMINALSTOOK ADVANTAGE OFNATURAL DISASTERSMinutes after the 3/11 tsunami in Japanoccurred, fake news sites hostingFAKEAV malware infected the systemsof users in search of updates.Source: n-japan-searches-lead-to-fakea/PRODUCT OR SERVICE LAUNCHESA fake iPad giveaway promo trickedvictims into giving away their personalinformation via email.Source: s’-identities-away/

Popular celebritiesmake populartargets.

Celebrity news are sure to gain the most interest than any kindof news. They cater to a much wider range of audiences, mostlyfans or followers, and so get more media attention, too. In thebattle for readership, media outfits often had to rely onsensationalism and exaggeration to grab the public eye. Themore unbelievable the headline, the more readers flocked toread about it.WHAT YOU SEE: Links to stories with attention-grabbingheadlines that promise even more incredible and scandalousrevelations when clickedWHAT YOU DON’T SEE: Like other significant news, these linksoften lead to specially crafted malicious sites that take advantage ofthe media hype surrounding the celebrity in focus. Similar to mostscams, these often contain malware or redirect victims to survey orad sites.WHAT YOU SHOULD WATCH OUT FOR: Unbelievable headlines with linksto related videos or photosCELEBRITY NEWSCYBERCRIMINALS ABUSEDSCANDALSCONTROVERSIESA social media postpromoting a video that“just ended Justin Bieber’scareer for good” redirectedvictims to a survey sitewhile ending up on theirown pages.Various events related toMichael Jackson’s deathlured victims to downloadmalware in the guise of animage that spread via MSNMessenger.FAKE DEATHSSource: ersy-over-michaeljacksons-death/Source: ommunication-media-betrusted/Source: eslinkedin/A fake news site spreadrumors of Jackie Chan’sdeath to redirect victimsto a malicious site.

Keep your friendsclose but yourenemies at bay.

Millions flock to their favorite social networking sites everyday. It is therefore not surprising why social networkingfraud, a form of misdirection using certain aspects of socialmedia platforms, has become a norm.WHAT YOU SEE: Posts promoting new social media featuresonly available for limited amounts of time that come withsuspicious codes that must be copied and pasted onto browseraddress bars or apps that must be downloaded and installedin systemsWHAT YOU DON’T SEE: These suspicious codes or apps usuallylead to malicious pages tailored to hijack accounts, steal personalinformation, or spread through account infections.WHAT YOU SHOULD WATCH OUT FOR: Suspicious links to feature- orapp-download sitesSOCIAL MEDIA SCAMSCYBERCRIMINALS HAVE TRIEDTIMELY THEMESA social media post advertising aValentine’s Day theme instead forcedvictims to download and install amalicious extension for their Chromeand Firefox browsers.Source: e-leads-to-malware/NEW FEATURESA fake Twitter app that supposedlymonitored victims’ follower activitiesinstead allowed bad guys to hijacktheir accounts.Source: hits-twitter-trending-topics/

Cybercrooks will alwaystry to spook you intogiving in.

Fear is a great motivator, even cybercriminals know that. That’swhy they use threats and alarmist language to urge you to givein to their desires—reveal personal information or part withhard-earned money.WHAT YOU SEE: Suspicious email disguised as urgentnotifications, mostly regarding system or financial safety, thatrequire immediate action—viewing an attachment, buying anapplication, or making an online paymentWHAT YOU DON’T SEE: These threats can be likened to badguys holding a gun to your back to take your money and othervaluables. No matter how scary their tactics are, these normallydon’t inflict that much harm unless you give in.WHAT YOU SHOULD WATCH OUT FOR: Scary email subjects andcontent asking you to do something or suffer the consequenceSCARY PROPOSITIONSCYBERCRIMINALS HAVE PULLEDRANSOMWAREFAKEAVRussian users were threatened intopaying bad guys about US 15 with fakecitations for viewing inappropriatecontent.FAKEAV vendors are known fortricking their victims into buyinguseless applications with the use ofscary system infection warnings.Source: re-spotted/Source: eav-affiliate-networks/

Threats, like seasons,come and go.

Christmas or any other widely celebrated holiday and the“Super Bowl” or any popular sporting event will always befavorite cybercriminal baits. We can therefore always expectthem to usher their coming, celebrate with the masses, andmuse on what has passed every single time.WHAT YOU SEE: Suspicious spam and social media postspromoting unbelievable offers in time for holidays or hugesports eventsWHAT YOU DON’T SEE: The links embedded in these lead totailor-made sites that either host malware or redirect to survey orad sites but never to freebies or great offers.WHAT YOU SHOULD WATCH OUT FOR: Online deals that are toogood to be trueSEASONSCYBERCRIMINALS RIDE ONHOLIDAYSA Facebook scam page once offeredvictims a free Christmas theme plugin, which instead allowed victims’accounts to be hijacked for spammingpurposes.Source: book-profile-leads-to-malspam/SPORTS EVENTS“Super Bowl” fans in search of updateswere instead redirected to FAKEAVhosting sites.Source: -fakeav/

SocialEngineeringSafety Tips

BOOKMARK TRUSTED SITES.They say trust is gained. Treat new sites like people youmeet for the first time. Just like you don’t trust everyoneyou meet the first time you lay eyes on them, don’timmediately trust sites you’ve only visited once.SUSPICIOUS IS AS SUSPICIOUS GETS.Never click suspicious links, no matter how promising theiraccompanying messages seem. Promises that are too goodto be true are just that.FEAR IS NOT AN OPTION.Don’t be intimidated by threats. A lot of bad guys often rely on theelement of surprise to scare you into doing something you otherwisewon’t. It’s always best to ignore scare tactics outright.SPREAD THE WORD.Tell others about what you know. Doing so will ensure your friends andrelatives’ safety. Don’t let them fall for cybercriminal traps.PREVENTION IS ALWAYS BETTER THAN CURE.Invest in an effective security solution that protects your system and datafrom all kinds of threats. Explore and utilize the built-in security featuresof the sites and pages you frequently visit. Some sites like Facebookeven provide information on the latest threats and tips to help you safelynavigate through their pages.Read up on the latest security threats and issues in the following TrendMicro blogs: Fearless Web TrendLabs Malware Blog Internet Safety for Kids & Families

TREND MICRO TRENDLABSSMTrend Micro Incorporated (TYO: 4704; TSE: 4704), a globalcloud security leader, creates a world safe for exchangingdigital information with its Internet content securityand threat management solutions for businesses andconsumers. A pioneer in server security with over20 years’ experience, we deliver top-ranked client, serverand cloud-based security that fits our customers’ andpartners’ needs, stops new threats faster, and protects datain physical, virtualized and cloud environments. Poweredby the industry-leading Trend Micro Smart ProtectionNetwork cloud computing security infrastructure, ourproducts and services stop threats where they emerge—from the Internet. They are supported by 1,000 threatintelligence experts around the globe.TrendLabs is a multinational research, development,and support center with an extensive regionalpresence committed to 24 x 7 threat surveillance,attack prevention, and timely and seamless solutionsdelivery. With more than 1,000 threat experts andsupport engineers deployed round-the-clock in labslocated around the globe, TrendLabs enables TrendMicro to continuously monitor the threat landscapeacross the globe; deliver real-time data to detect, topreempt, and to eliminate threats; research on andanalyze technologies to combat new threats; respondin real time to targeted threats; and help customersworldwide minimize damage, reduce costs, and ensurebusiness continuity. 2012 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro,Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

TREND MICRO Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years experience, we deliver top-ranked client, server