The 3 S's of Cybersecurity: Spoofing, Spamming, and Scamming
Common Spoofing Types
Caller ID and Messages: delivers calls and texts that look like legitimate business communications, in an attempt to gain personal information. A message might read: “We have detected illegal activity on your account, click here to log in and report it.”
Website (URL): uses copies of a trusted brand’s website to trick a user into logging in and giving away personal information.
Internet Protocol (IP address): hides a computer’s IP address to get network access or carry out a denial-of-service attack.
Address Resolution Protocol (ARP): links an attacker’s media access control (MAC) address to a real IP address to bypass data to steal or modify it.
Domain Name System (DNS): maps URLs and emails to the wrong IP address, taking a user to a site that spreads malware.
Email: hinges on fake accounts used in phishing to deliver ransomware, trojans and DDoS attacks and more.
GPS: hoodwinks a device’s GPS with a false location for nefarious purposes.
File Extension: hides malware files in common files such as .exe or .txt.
Deepfakes/Facial Spoofing: uses 3D models of real people in video and images to create false video content or gain access to devices using facial recognition to unlock.Spamming Any unsolicited digital communication, mainly email, that is sent by an attacker in bulk. Spam takes up bandwidth, time, and resources. Spam can range from annoying marketing emails with real offers to marketing emails with fake offers that can push to dangerous sites. Most annoying marketing is filtered out by your email software and doesn't pose a serious threat. In more serious cases, spammers are attempting to break into your online accounts to steal data, money, and spread malware. 5 Types of Spam
- Advance-fee Scams: The Nigerian prince email scam is an oldie but a goodie. The scam has been around for over 40 years, but despite its age, Americans continue to fall for it and lost $700,000 to the scam in 2019. This is also known as the Nigerian money scam or the 419 scam, named for the section of criminal code in Nigerian law that the scammers violate. Although not all spam comes out of Nigeria, this is where the concept originated. The general premise is that you will receive a large amount of cash, but first you need to send a processing or admin fee. Once the fee is paid, the criminal disappears.
- Phishing Emails: Disguised as a copy of an email from a legitimate sender, usually requesting that some type of action is made. Whether it is for payment for an overdue invoice, verifying a password or account, or requesting an update on billing information - these emails are designed to get a user to give up personal information.
- Malspam: A kind of malware spread via spam emails. Also dependent on a user to click on a link, which initiates a download of scripts which infect your computer.
- Mobile: Text messages or automated voice-calls (robocalls), preying on human curiosity to click on links or pay to receive important documents.
- Search Engine Spamming: Keyword stuffing is the repetitive use of a word to increase its frequency on a page. Meta tag stuffing uses words not relevant to the content on the website as well as word repetition. Mirroring websites is the hosting of different websites that are similar or copies of the same content with different URLs. Hidden links are links placed in websites where visitors can’t see them, to increase popularity of the site.
- Donation Scam: A person creates a fake illness or something similar, claiming to need financial assistance to elicit money from a user. Oftentimes, they use fake accounts on donation sites to spread their message and increase their victimbase. This scam is more popular than ever in light of the COVID pandemic.
- Catfishing: A criminal creates a fake online profile, pretending to be someone they’re not, in order to deceive the user into giving over money, property or information.
- Cold-calling Scam: Usually someone claiming to be from a technical company, like Microsoft, saying they’ve received an alert that your computer has a virus. They offer to connect to you remotely to fix the problem, requiring you to give them access to personal information and potentially your computer through screen share.
- Online survey scams: Survey sites claiming to offer money or gift vouchers to participants in exchange for filling out demographic information which they resell to spammers.
- Focus on details: In random communications from companies you engage, look out for poor spelling, grammar and unusual wording.
- Check the sender: Incorrect spelling is a giveaway that a spoofer has reached out. Typically they’ll add or subtract a letter. Aka Disny versus Disney.
- Review the URL: Slight spelling changes can indicate a spoofed domain.
- Think before you click: Don’t click on random links or attachments. In fact, it is always a good practice to exit the email and go to the website directly to access your account.
- Hang up or request to call back: Think critically about phone calls received out of the blue. Remember never to give out personal information over the phone.
- Delete and Flag: Don’t respond to spam over email or text in any way, not even to unsubscribe.