Blog / Black Hat Friday and Cyber Criminal Monday!
Many of you have likely heard about Black Friday; you know, the day after the American Thanksgiving. It’s that time of year for those looking to get the best deal, so they wait outside a Walmart or Best Buy in the early hours of the morning. If you’re anything like me and you prefer getting at least 8 hours of sleep and avoiding crowds altogether, online shopping is more your thing.
Sure, there are online retailers like Amazon and Staples who are relatively safe to order from, but how about Twitter and Facebook, with their “Free” Black Friday Amazon gift cards, or iPhone 11 giveaways? All you need to do is fill-in your contact information to enter for a chance to win… I would say 98% of people wouldn’t fall for this, but what would happen if you were to enter some data about yourself? I mean, come on; after all, it’s only info that’s public domain, together with an email address, right? So, let’s say you do enter this information and click next, and you are greeted with a cute little pop-up asking you to install a browser extension, or maybe a small application. It may have some politely-worded text explaining why you need to install this, so you install it. [Insert Dramatic Music]
A couple of days go by… nothing seems out-of-the-ordinary on your PC and you’ve already forgotten about the application you installed; however, you’ve noticed that your PC has really slowed-down, so naturally, you re-start it (because you remember the iconic scene from celebrated British sitcom, “The IT Crowd.”) Only this time, when your computer loads-up, all your files are gone, and you are presented with a talking skull in crossbones telling you that your files have been locked and you need to pay 1 Bitcoin. [PAUSE]
Now let us go back a few days to that give-away. Well, as many of you may have already figured-out, it was a SCAM. Something to be aware of at this time of year are Cyber Criminals taking advantage of “Holiday Sales” and creating fake Social Media accounts to blast “appealing posts and giveaways” with hopes that people will click on them and enter their information, which can be used for Phishing emails later on; or if they really strike-out, they’ll get a person to install an application they’ve created, with the intention to extort money.
If there’s any advice I could give, it would be the following:
– Be wary of deals that look too good to be true. Huge savings from unknown senders are likely bait for a scam.
– Domain names for popular brands that have spelling errors or mistakes are not legitimate; e.g.: Amzon.ca instead of Amazon.ca
– Don’t click on links in emails or Social Media posts; alternatively, search the web for the brands’ legitimate websites and view any deals they may have.
By Kind Courtesy of our Resident Baby-Face Cyber-Assassin.