Bangkok--5 Apr--Core and Peak
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, remarked 2011 was a profitable year for cybercriminals who manipulated people into divulging personal or confidential information to make money. In 2012, social engineering will still continue to play a big role in the propagation of such malware campaigns.
Cybercriminals employ social engineering tactics to trick people into running malware-laden email attachments, clicking malicious links, or divulging sensitive information. Whether the threat is disguised as an email from users’ bank, a business opportunity from a foreign dignitary, or even a piece of Internet security software, their real objective is to steal identity and private data like credit card numbers, passwords or other sensitive information.
“Public interest in social media is in itself a powerful tool that cybercriminals have repeatedly used to their advantage. Common tactics include the use of intriguing posts that ride on seasonal events, celebrity news, and even disasters,” said Myla Pilao, Director of Trend Labs,Trend Micro.
Last year, as the disaster relief efforts in Japan continued to unfold, Trend Micro identified several different disaster-squatting attacks taking advantage of the unfortunate incident to push their malicious schemes.
Cybercriminals are using major sports event to scam users into giving out personal information too. Lately, Trend encountered a spam campaign that makes use of the “London 2012 Olympic Games” to give credence to their malicious scheme. The spammed messages have been crafted to make the recipients think they won a contest related to the said event.
More and more shoppers are turning to promotional deals to get more for their money. A study shows that 35 percent of Asia Pacific consumers said more than 10 percent of their monthly shopping expenditure is done online. “Everybody loves a good deal but be sure to watch out for the trap,” Myla said. “With the popularity of coupon codes, deal aggregate sites, and other online promos, fake promos have begun sprouting all over.”
Another popular social engineering tactic that scareware criminals use is to create shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Fake antivirus products (FAKEAV), which continue to proliferate, are good examples of the said scare tactic. FAKEAV variants pose as legitimate antivirus applications that display false malware detections. They then show pop-up warnings to force affected users to purchase the software.
“Users should always be discerning about the things they encounter online. Don’t be swayed by breathless superlatives or name-dropped brand names. If it sounds too good to be true, it probably is,” Myla said. Besides installing an effective security solution, users should also exercise caution when opening email messages or when downloading attachments from unknown senders.
The Trend Micro Smart Protection Network? protects users from these malware by preventing spam from even reaching their inboxes with email reputation technology. It also blocks user access to malicious sites via the Web reputation technology. Finally, it prevents the download and execution of malicious files onto users' systems with the aid of file reputation technology.