Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, cautions all Internet users in Malaysia to avoid falling victim to rampant cyber fraud. In Malaysia, Cybersecurity Malaysia reported that 60 per cent of the complaints or 1,302 cases it received from January to April 2018 were cyber scams.
Cybercriminals today use a wide variety of scam tactics in order to gain access to a device or network, extort money, or steal valuable information. In order to effectively protect the valuable information that motivates cybercriminals, it is important to understand the different types of scams.
“As people continue to adopt more and more devices that connect to a network, the risk of falling victim to a scam only increases.” said Gavin Chow, Fortinet’s Network and Security Strategist. “By being aware of the common cyber scams targeting people today, as well as recognizing the tell-tale signs of those scams, you can safeguard your valuable information and the information of the networks you connect to.”
Fortinet reveals six common cyber scams currently being used to target users in Malaysia and recommends important tips on how to prevent them:
1. Phishing Scams
Phishing attacks happen when a criminal sends a communication such as email, phone call and text, pretending to be someone else in order to extract or access credentials, personal data, financial information or sensitive information. An estimated 59 percent of all successful ransomware infections are transported via phishing scams. To better recognize these malicious scams, check contact names when you receive communications from a source you don’t recognize that asks you to take an action.
- Check contact names. Use caution if when you receive communications from a source you don’t recognize that asks you to take an action.
- Look for misspellings and poor grammar. Professional organizations take the time to read their communications over before sending. If you receive a message from a supposedly trusted source that includes typos, poor grammar, or bad punctuation, chances are it’s a scam.
- Look for aggressive behaviour. If the subject matter and language of a message is overly aggressive, it is likely a scam. Check with the party they claim to represent before taking any immediate action.
2. Spear Phishing Scams
Spear phishing scammers conduct in-depth research about their victims and take the time to understand them to boost their chances of success. To better protect yourself from spear phishing.
- Use an email verification service. Email verification works by validating the source of the emails you receive to check whether or not the identities of the Administrative Management Domain (ADMD) match the email address being used.
- Maintain good security hygiene. Practice basic security hygiene will deny scammers many of the common attack vectors.
3. Baiting Scams
Baiting scams aim to bait unsuspecting users into performing a certain action like downloading a virus or entering personal information in exchange for the bait. This type of scam can take many forms and the end goal is always the same: luring users to install something malicious. To protect yourself and your organization, pay attention to these common indicators:
- Many cyber scammers will attempt to lure victims in with promises of “free deals”. Be sure to double check the source, read the fine print of any agreements and also do some checking on the organization claiming to make these offers.
- Baiting can be done digitally or with physical drives that install malicious software. Make sure you know the owner of the drive before you connect it to your machine.
4. Tech Support Scams
Scammers pose as tech support employees, either working for a victim’s organization or for an independent service, in order to gain access to personal information. It is important to watch out for some of the tell-tale red flags:
- Lookout for unsolicited messaging. Rarely, if ever, will tech support reach out to “check in” or offer to fix your computer. If a tech support worker or company is reaching out to you via a pop-up ad, an unsolicited email or phone call, or through social media, it is likely a scam. Legitimate companies have established processes in place to update your products and services that are built directly into the solution itself.
- Avoid installing anything from an unknown source. Like baiting scams, cybercriminals will often attempt to offer “free security scans” or “computer clean-ups,” which then infect the victim’s computer with malware.
- Lookout for actors who want remote access to your device. Remote access allows real tech support teams to “take over” a machine remotely in order to fix it but it can be used to quickly access personal information off of your device. If a source you are unfamiliar with asks to gain access to your device, steer clear.
5. Securing Mobile Devices
Fake applications used to mine for data or ransomware are widely available, especially for Android operating systems.
- Avoid malware masquerading as legitimate applications and updates.
- Be mindful of free WiFi. When using public WiFi, use VPN connections and avoid sensitive transactions. Cybercriminals often use common WiFi SSIDs, such as “Home Network” to trick devices into automatically connecting without requiring any user input.
6. IoT Devices
Many IoT devices are easy to exploit, have a persistent Internet connection, and use powerful GPU processors, making them ideal for crypto-mining and DDoS exploits.
- Update credentials: The most common exploit strategy is to simply attempt to connect to an IoT device using its default username and password. Whenever possible, change the password on your routers, smart TVs, and home entertainment systems.
- Inter-connectivity: As more and more devices become interconnected, they become vulnerable to the weakest link in the chain. Devices including connected cars are not only rich targets for attackers, containing user data, phone contact information, and even payment information, compromise can also pose a risk to drivers and passengers.