The year 2014 has seen a boom on hoax news stories, as these are particularly successful social engineering tactics used by hackers to get people to click on links, and worse, share the news with their friends and become part of the infection vector. Many of these hoax stories infect the device with some kind of malware. It's particularly bad at the moment.
As an illustration how hoax news has boomed, since Facebook's shift into becoming a major news platform, it attracted so much cybercrime interest that Facebook decided to cut a deal with ESET to automatically scan Facebook's user's devices for malware.
Facebook software engineer Chetan Gowda stated: "If the device you’re using to access our services is behaving suspiciously and shows signs of a possible infection, a message will appear offering you an anti-malware scan for your device."
It's obvious that not getting infected in the first place is by far the best way to deal with this, so I suggest you send this to your friends, family and employees. Feel free to edit any way you like, mentioning the KnowBe4 Blog would be nice but is not needed.
"At the moment, there is a spike in hoax news stories that spread malware and infect your phone and computer. The bad guys use all the tricks in their black book to get you to click on and share hoax stories with your friends. This happens on Facebook, popular websites, they are sent straight to your inbox, and even major news outlets are sharing them unthinkingly. So, be on the lookout for these five hoaxes:
- Stories that urge you to share something before you have even read them. Step away from that keyboard.
- Celebrity deaths are increasingly being used to shock people into clicking on links and making a zombie out of their PC or lock their smartphone with ransomware. Recent example: Will Smith.
- Very violent video news reports that draw your attention with "Warning: Graphic Content" and lurid titles like "Giant snake swallows zookeeper". Don't touch 'em.
- Outrageous stories about Facebook itself, like it will start charging for the service, it sells your personal information, a way to show you who looked at your page, or other claims that might upset you and click on a link.
- And last, especially in this season of charity, heart-rending reports about dying girls that beg you for "likes" so they can obtain drugs or hospital treatment. Think Before You Click!
Cybercrime is moving into mobile malware with astonishing speed so be especially careful clicking/tapping on suspicious things on your smartphone. Anything you received but did not ask for, watch out because your phone may get locked with mobile ransomware.
To train employees to be on the lookout for social engineering attacks year-round, use effective security awareness training. Find out how affordable this is for your organization:
Warm regards, Stu
(Hat Tip to WeLiveSecurity)