Cyber Threat Intelligence on the Up and Up
Blog General Infosec

3 Reasons Hackers Swipe Right on Your Profile

This Valentine’s Day, keep the DMs (mostly) open but stay cautious when online

I know that for you and that special someone (or the special someone you’re hoping to meet), Valentine’s day is all about the things that make your heart go bump-bump when they walk into the room. But, while the chemistry you’re seeking may be all X’s and O’s, you have to keep an eye out for the 1s and 0s. Whether it’s ordering flowers or gifts online, emailing a love letter, or swiping right on a dating app this February 14th, the Internet is right there with you. And that means that there are plenty of opportunities for hackers to trick you into giving them a nice big bouquet of personal information, passwords, credit, or more. While they’re on the prowl all year-round, they like to pounce on holidays, because they know you’ll be there. And it’s no wonder they love us: despite the fact that 91 percent of U.S. consumers are aware of phishing, nearly 2 in 5 still click on a phishing link, resulting in all manner of Bad Things, including downloaded malware, stolen information, counterfeit goods, and lost money.

 

 

Here are the top three reasons hackers think you’re their perfect match.

Reason #1: It’s Just Too Good to Be True…Hackers Can’t Keep Their Eyes Off of You

Online coupons are convenient for you (when they’re real) and for hackers (when they’re a scam). We all know that prices on everyday items like long-stemmed roses go through the roof on Feb 14, so it makes sense that a killer coupon deal might catch your eye. But take a closer look, and you might discover that you’re about to give a gift to the hacker instead of your sweet babboo.

  • A coupon can be presented as a simple image file, and that image can contain anything, such as logos and websites of well-known businesses. However, if the coupon is fraudulent, the link leads to the criminal’s infrastructure, where they can host dangerous and deceptive content. A quick way to tell if the whole ad is an image is to see if you can highlight the text. If it’s an image, you won’t be able to highlight it. (But be careful that your highlight doesn’t register as a click!)
  • Be sure to hover over links, including images, and look carefully at the domain name that shows up. If you don’t 100% trust this is the business you’re interested in, don’t visit the site.
  • Be hyper-paranoid when stumbling upon “good” deals served to you through ads or unfamiliar emails. If something seems too good to be true, it likely is.

Recommendation #1: Be paranoid. Assume links are dangerous until proven otherwise.

Reason #2: Netflix & Chill? More Like Netflix & Scam

Sometimes the best Valentine’s Day includes a couch and some binge-watching with your one-and-only. However, beware of odd emails from content providers about your account. In the past few months, several sophisticated phishing attempts have been reported. Falling victim to one of them could be a real romance-killer if you suffer a financial or identity compromise.

  • Emails sent by proficient scammers imitate the brand to a tee – effectively fooling subscribers everywhere into giving up their Netflix username, password, and even credit card information, address, and date of birth.
  • Go straight to the source: brands like Netflix have protocols in place that help users identify a phishing attempt on their website. Rather than clicking on that email, go online and check out the company first.

Recommendation #2: Navigate directly to a company’s website instead of clicking on links in emails or social media.

Reason #3: Love is Blind, But So Are We

Don’t get catfished! Many scammers succeed in the game by creating fake websites and emails that look like legitimate businesses, and a popular way to do it is by hiding behind a façade of so-called homograph domain names. Our lives are fast-paced, and hackers assume you won’t be paying close-enough attention to every email that ends up in your inbox.

  • Homograph attacks are phishing schemes in which the phisher takes advantage of the ability to register domain names using non-Latin characters that look the same as Latin characters. A recent mobile scam tried to lure victims to adidạs[.]com to claim a killer discount. See that little mark below the second A in the domain name? It could easily be confused with a speck of dirt on your screen. And that’s not even among the hardest-to-spot homographs. But—if you saw this domain in your browser and hovered over the link, you’d see something like xn--adids-m11b[.]com, which would be a good tip off that something was amiss!
  • Unfortunately, these domains are often difficult to catch, due to their nearly identical appearance to otherwise harmless domain names. To compound matters, there is no simple way for domain registrars or regulators to detect and prevent these registrations. This puts more pressure on those of us on the front lines.

Recommendation #3: Closely examine URLs and email senders for typos. Look for added letters, dashes, and reversed letters in the domain name.

Life Could Be A Dream…If You Stay Secure

There are certain common sense precautions that most of us take when it comes to dating or romance, and when they become part of the routine, they can help us avoid a lot of heartache, or worse. Being safe online is analogous: we have to develop a set of rules and practices that become second nature. Things like carefully inspecting links or images, being skeptical about anything that looks too good to be true, visiting websites directly instead of via ads or emails, and keeping anti-virus/anti-malware up to date, can help keep you out of a world of hurt. While we’re at it, it’s also a good idea to be very choosy about which apps you install on your mobile device. You’re probably choosy in your romantic life—be choosy with technology, too!