2012 Will Be Rife With Cybercrime Tricks

Cybercrime

According to a report for December 2011, phishing campaigns once again proved to be among the most significant threats, with scammers targeting Chase and Barclays customers, as well as launching malware attacks against Amazon shoppers expecting holiday packages.

The threats we uncovered last month illustrate the consistent reuse of tried-and-true attack methods slightly modified to target new groups of potential victims. Most cyber-attacks at any given time rely on old techniques deployed with a new disguise. The reason we see them again and again is quite simply because they work, and I anticipate 2012 to bring many fresh takes on old scams.

In a continuing trend highlighted, bank related phishing is increasingly becoming a common threat. Barclays customers received messages from a free Yahoo email address claiming that their account had been suspended due to incorrect login attempts.

The phishers employed scare tactics by insisting information had to be provided to reactivate the account within a certain amount of time. Once the victim’s identity was submitted, they were redirected to the official Barclays website in order to further mask the crime. Chase clients were targeted by a similar phishing campaign last month as well.

Online shoppers also continue to be a popular pool of potential victims. Emails disguised as messages from Amazon fooled users into clicking a link to infected websites hosting Black Hole Exploit Kits. These kits are designed to take advantage of unpatched Windows operating systems and software.

An infected PDF file is then downloaded to the victim’s computer which exploits a vulnerability in Adobe Reader and loads malware onto the system.

Another familiar cybercrime tactic that continued to gain momentum in December was scareware—fake antivirus software and system utility programs—that warn infected users of completely false threats to their computers.

Most malware is avoidable. Knowing how cybercriminals operate and understanding how to recognise common attacks are the first steps toward keeping your PC clean and your personal information safe. Most cybercrime requires the victim to aid in the process. A little caution and common sense can go a long way in helping users avoid becoming unwitting accomplices.

Christopher Boyd is a Senior Threat Researcher for GFI Software. He is also a 6-time Microsoft Most Valuable Professional (MVP) awardee for Consumer Security and former Director of Research for FaceTime Security Labs. He has given talks at RSA, InfoSec Europe and SecTor, and has been thanked by Google for his contributions to responsible disclosure. Chris has been credited for finding the first instance of a rogue Web browser installing without permission, the first Twitter DIY botnet kit, and the first rootkit in an IM bundle. Chris is regularly quoted in relation to his work on gaming security issues.

Our latest thought leaders