- Cash Grabs: Online “friends” report they’re in trouble, and ask you to “loan” them money, or even better, a good, solid, real-life friend sends you an urgent request for cash. In both cases, the trouble is fabricated, as some online friends you’ve never met in the flesh may also be. In fact, a scammer is requesting the money, and your real friends are neither in trouble nor aware that their identities are being used to poach your assets.
- Hidden Charges: Requests to complete surveys, take tests, or perform other simple, silly time-wasters actually result in monthly charges assessed to your cellphone bill. Though such items are often advertised as “free and fun,” while they may be diverting, they’re definitely not free. Though Symantec doesn’t classify this attack as a form of phishing, it’s not unthinkable to regard it as a bait-and-switch technique to facilitate petty theft. Don’t take the bait, and do check your monthly phone bills closely. Worst case, you’ll only get zinged for a month’s charges, if you act fast, and protest loudly.
- Phishing Requests: Phishing is not just an email phenomenon anymore. Wall postings or Twitter feeds can just as easily impel you to click a link to try to salvage your reputation, undo a mistake, or tackle a supposed account problem. Whatever you do, don’t click: it will probably take you to an elaborately-faked out replica of whatever real site you think you’re logging into, for the express purpose of harvesting your login and password, after which thieves can masquerade (and conduct business) as if they were you.
The most popular element on the Norton/Symantec list is labeled “Hidden URLs.” It refers to the common practice on Twitter (and all over the Web elsewhere) of providing shortened URLs for users to click in feeds or messages. You never know where you’ll wind up when you click such a link, so proceed with caution when you encounter links from bit.ly, goo.gl, tinyurl.com, and so forth. This kind of bait has a lot in common with phishing, in that clicking the link can expose you to drive-by downloads and infest your system with malware (including the Trojans and keyloggers so beloved of criminal who foist phishing attacks on the Internet populace).
Norton/Symantec’s conclusion to this story is right on the money, enough so to be worth repeating verbatim: “Sites that attract a significant number of visitors are going to lure in a criminal element, too. If you take security precautions ahead of time, such as using antivirus and anti-spyware protection, you can defend yourself against these dangers and surf with confidence.” We’d like to observe that a well-informed user, one who’s had the right kind of Internet security awareness training (ISAT), is also far less likely to fall prey to such scams, simply because they’ve been made aware of the risks, and taught how to avoid potential trouble.