There are few things more appealing to Internet scammers than major news events. When stories emerge — good, bad or sometimes entirely fabricated — scam artists are on-hand to craft legitimate-looking links, Facebook messages and phishing emails designed to draw in users and infect computers. How do companies stay ahead of these cons and make sure networks stay protected?
Last week, news broke that over 100 iClouds were hacked, and nude photos of A-list celebrities like Jennifer Lawrence and Kate Upton were posted on several message boards. According to Infosecurity Magazine, these images have drawn enough interest to grab the attention of cybercriminals, who are now running several new scams.
The first can be found on Twitter in a tweet that contains hashtags with the names of celebrity victims. Along with the hashtag comes a shortened link, supposedly leading the user to an enticing video. In fact, the link leads to a “video converter,” which is nothing of the sort — it’s malware.
Facebook also has a variation of this scam: Users must “share” the supposed video site’s URL before gaining access to the illicit movie. There’s nothing great waiting for those who fall victim — once again, it’s a malicious app looking for a home.
While the top layer of this scam may be new, the infrastructure hasn’t changed. Scammers have been using major news events to grab attention and fool users for years, and because they often succeed, there’s no reason to change tactics.
Consider the recent death of comedian Robin Williams. International Business Times reports that after his passing, Facebook was inundated with messages claiming the actor had left a “final goodbye” video. It was a hoax, of course, but many people looking for some explanation of Williams’ final act were willing to share the bogus message. Their reward? A redirect to paid survey sites that generated income for con men.
In some cases, the news isn’t even real. Guardian Liberty Voice noted that in February, a fake story about bad-boy singer Justin Bieber made the rounds on Facebook, claiming the star had been driving drunk when he hit and killed a seven-year-old boy. The post included what appeared to be a video but was actually a fake “play” button posted over a picture. Clicking the video took users to a fraudulent Facebook-like website that contained a host of links, all of which started a malicious app download.
It’s easy to see this as a “personal” problem; what users do on their own time is their own business, right? But according to Forbes, that’s not always the case. Twenty-five percent of working adults admit to looking at illicit materials during work, and 70 percent of all pornography access happens between 9 a.m. and 5 p.m. In other words, employees aren’t afraid to search for naked celebrity pictures at the office, placing corporate networks at real risk.
So do companies cover their technology assets? It starts with a clear use policy coupled with diligent oversight: If users are accessing these materials, consequences must be both clearly defined and immediate. Training is also critical. As noted above, the form of these scams never really changes; major news events will always spawn legitimate-looking Tweets and Facebook posts. If users don’t click and don’t share, then con artists lose their leverage.
Finally, robust application management policies are essential. Companies need to know what apps are on their network, where they came from and what they’re doing if they want to sniff out problems.
Bottom line? No nudes is good nudes.
Image Source: Wikimedia Commons