How to Spot the Latest Ransomware Scam

Posted by .

ransomwareDid you know that over 400,000 phishing web sites were detected in each month of 2016?  You read that right – 400,000 PER MONTH (thanks to Webroot for that sobering fact).  Also interesting is the fact that almost all of them were connected to otherwise benign sites and were most represented by financial institutions and technology sites.  Very scary – what is the average user to do?  Seems like it is almost impossible to avoid getting sucked in at some point.

In a lot of cases, you might think to yourself “Man, you’d have to be pretty gullible to fall for that” what with all the bad spelling, grammar and poor command of the English language.  But if you send out three million emails (an effortless exercise these days) and you get a hit rate of even .0001%, you net 300 likely victims.  Pretty good return even if all you do is manage to smoke each one for a hundred bucks.  Think about it: it wouldn’t be happening if it wasn’t profitable.  Well it is profitable, wildly profitable as a matter of fact.  So if anything, the pressure is about to be ratcheted up another notch and you can expect things to get a lot worse before it gets even a little better.

What is Phishing?

According to Wikipedia, Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an computer-guy-facepalmelectronic communication.  That means email – think Nigerian prince scams – but it also web pages, documents, text messages, social media, IM and even phone calls.  But the biggest arrow in their quiver is the ability to use social engineering to compromise and individual with the overall intent of exploiting the company the individual works for – also know as spear phishing (I love my industry’s creative ability to concoct new words).

Phishing Trends
Used to be that a phishing attack would last for weeks or months and that elongated time frame gave companies a chance to block messages and web sites.  And in many cases, they aren’t even fraudulent web sites, they are bona fide corporate web pages that have been compromised so blocking them isn’t even an option. And nowadays, the bad guys have automated toolkits that can help them setup and take down fraudulent web sites in a matter of minutes or hours instead of days or weeks.  The perpetrators have become so sophisticated that some of them even offer help desk services to get the hacker up and running!  Amazing, yes – but that is how much money is now involved.  These guys have help desk, operational manuals, consulting services, R&D – you name it.  Most of them are now being run like the profitable businesses they are!  BTW – for those of you keeping score at home, the top 5 web sites being impersonated were (in order of rank) Google, Yahoo, Apple, PayPal and Wells Fargo.

16252825 - a hero with computer circuitTrends in Protection
As mentioned above, gone are the days of blocking email sources and known-to-be malicious web sites.  Not that there isn’t some value there – for example, blocking emails that come from foreign countries when you don’t do business outside of North America – just that it shouldn’t be the only strategy.  New technologies are emerging that use machine learning to determine if a web site or an email link shows signs of malicious activities as a basis for denying access.  Given that phishing sites and pages appear and disappear in minutes, it is likely the only way to combat this disturbing trend.  But until that becomes mainstream, your best defense is common sense which I outline here.

Stay safe out there and feel free to contact us if you have questions on how to stay best protected!