Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Your gullibility can cost you

Read: 1233 Comments: 15 Rating: 43

What can criminals do if they have Internet access but can't legally publish malware on high-trafficked sites?

In situations like this, human gullibility comes to their rescue.

Imagine that a user receives an email whose sender field indicates that the message is from a friend or a company they trust. Attackers use this strategy to greatly improve the likelihood that the user will relax their vigilance and open the link. And, what if a similar message is sent to millions of users simultaneously…

Let's say you've received the following message:

#drweb

Dr.Web CureIT 2! How interesting! But look at the link and reply address carefully. Recently criminals dispatched messages with that exact subject header to take advantage of users and trick them into downloading malware.

If an email uses HTML format, it can be difficult to discern the address concealed by the hyperlink text. You can right-click on the suspicious link in the email client window, and then in the drop-down menu, select the option to copy the URL, and then paste it in a text editor such as Notepad. You will instantly see that someone is trying to deceive you.

And here's another example of a fraudulent email: here criminals try to scare a potential victim by informing them that someone is allegedly trying to access their Apple account and that they should change their password immediately. The link will take users to a fake AppleID site. As soon as the user divulges their actual account information, cybercriminals gain control over their Apple devices.

#drweb

There are also more sophisticated techniques used to deceive gullible people.

Security researchers discovered a new browser vulnerability in May 2016. Under certain conditions, the opening of a specially crafted link in a new tab can change the contents or even the URL in the previous tab. People usually trust pages they’ve already opened and are very unlikely to notice a page’s subsequent modification.

https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

Interestingly, Google considers this issue a browser feature and doesn't believe that it can ever be resolved completely.

https://sites.google.com/site/bughunteruniversity/nonvuln/phishing-with-window-opener

Thus while clicking on a seemingly harmless link to a cat photo, for example, a user fails to notice that the tab they previously opened has been altered. And, now it can display a message notifying them that the connection has been lost and they need to log in once again or confirm their password when prompted to do so. Falling for this trick can have the most unpleasant consequences.

Dr.Web recommends

  • When browsing the web, keep focused as if you were walking on the side of a road. You wouldn't walk with your eyes closed or casually sing a song while gazing up at the clouds, would you?
  • Known vulnerabilities eventually get closed, but new ones are always emerging. That's why when it comes to protecting yourself from online fraud, you first need to pay close attention to what you are doing.
  • Enter passwords, payment information and other valuable information only if you are sure that you've ended up on a legitimate web page.
  • When surfing the web, never disable the HTTP monitor SpIDer Gate™—it is better to detect and disarm malware before it gets onto your hard drive. And if the anti-virus informs you that access to a site has been blocked because it is on the non-recommended list, it can be a good idea to follow its advice rather than the advice of criminals who may advise you to disable the anti-virus before you launch their software program.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments