eWhite House Watch - Full Article

April 1, 2014: Internet Scam Day – no joke . . .

By Fernando M. Pinguelo and Sarah Austin

 

April Fool’s Day is meant to be one of the most light hearted days of the year, but pranks and jokes turn sinister when hackers and scammers online trick innocent people into sharing their private information. This year, fraudsters use tricks both old and new to collect private information, steal money, and infect systems with malware.

 

The most popular scams were distributed via email and included fake email messages or websites that use household names such as Microsoft, Wells Fargo, FedEx, and Google. The fake message might invite users to click on a link by claiming that the user has won a contest or needs to confirm login information. After the user clicks on a link or enters login information to a site which he or she believes is secure, the hackers have the opportunity to download malware to the user’s system or gain access to his or her personal information.

 

One of the most popular email subject lines for April Fool’s Day scammers is “This is not an April Fool’s jokeYou won!”

 

Fraudsters also take advantage of this time of the year because it’s tax season. Emails are sent to U.S. citizens requesting they fill out a form in order to receive a refund from the IRS. The form requires credit card and social security information. After the innocent user submits the fraudulent form to a site disguised as the IRS, or other seemingly official website, scammers have access to the data needed to steal the person’s money and identity.

 

Another scam which is also often distributed to internet users via email is a specific from of malware called ransomware. Ransomeware locks down computers so that hackers can send a ransom note demanding payment from the victim in order to unlock his or her computer files. Even if the hacker were to pay the ransom, there is no guarantee that the victim’s files will be recovered. Ransomware can be disguised not only as a fake email message, but also as a Facebook post, JPEG, PDF and other Microsoft Office files.

 

This year a ransomware called Cryptolocker threatened to make April fools out of unsuspecting computer users around the world.

 

Recently popular “Click Bait” scams have begun to surface on social media sites such as Facebook and Twitter. The scam works by catching the attention of social media users through posts that display interesting news articles or videos. These articles and videos invite users to click on the scammer’s unsecured link or “like” the post. In cases where the user clicks on the link, malware is installed or the hacker gains access to the user’s personal information. In cases where the user “likes” the posts, “likes” are redirected to fraudulent and malicious profiles and pages.

 

As with any April Fools Day prank, in order to avoid becoming a victim you must remain aware and avoid situations that put you at risk:

 

  • Do not enter your personal login information, credit card information, or social security number to any site that is not secure and reputable.
  • Do not open emails from unidentified senders.
  • Be skeptical of individuals requesting money.
  • Hover your mouse above a potentially suspicious link before you click on it. This will allow you to view the web address to be sure its website extension is of the reputable source before you link to it.
  • Report scam posts, emails and other suspicious internet activity.

 

 

* Fernando M. Pinguelo, a trial lawyer and Chair of the firm’s Cyber Security & Data Protection and Crisis Management groups devotes his practice to complex, high-stakes litigation. He also serves as an Adjunct Law Professor at Seton Hall University Law School.  To learn more about Mr. Pinguelo, visit Cyber Jurist (www.CyberJurist.com).

 

Sarah Austin serves as Chief Blog Correspondent for the award-winning blog eLessons Learned – Where Law, Technology, & Human Error Collide (www.eLLblog.com) and eWhiteHouse Watch.  To learn more about data privacy and security, visit eWhiteHouseWatch – Where Law, Technology, & Politics Collide (www.eWHWblog.com).

 

Sources:

 

http://www.irs.gov/uac/IRS-Warns-of-New-E-Mail-and-Telephone-Scams-Using-the-IRS-Name%3B-Advance-Payment-Scams-Starting

 

http://blogs.msdn.com/b/securitytipstalk/archive/2014/04/01/april-fools-the-most-popular-pranks-cybercriminals-use-to-steal-your-money.aspx

 

http://snakeriverbbb.wordpress.com/2014/04/01/malaysian-airlines-tease-puts-malware-on-your-computer-dont-click/

 

http://yubanet.com/life/Fraud-alert-New-malware-scams-threatening-to-make-April-fools-out-of-victims.php

 

http://www.ic3.gov/media/2014/140321.aspx

 

http://www.fbi.gov/scams-safety/fraud/internet_fraud

 

http://www.hotforsecurity.com/blog/old-pranks-and-hoaxes-still-work-8277.html

Leave a Reply