Cybercriminals of course have been using social engineering techniques for years to bypass user security. Such techniques depend on users themselves, who are manipulated into granting hackers or malware access to their computer, mobile device, online account or personal data.
Perhaps one of the best-known and oldest examples of social engineering is when the Greeks were able to enter the city of Troy by tricking guards into accepting a trophy of victory. The trophy, a large wooden horse, instead contained warriors who were able to then defeat the Trojans once inside the city.
In today’s world of personal computing, “Trojan horse” attacks include malware that successfully exploit commonplace user activity such as downloading mobile phone applications and accessing online content through popular sites such as YouTube. Inherently sophisticated and tricky, such attacks can dupe even the savviest of us if they happen to catch us at the right time.
The latest of such attacks is what appears to be the first Android bootkit, which hackers use to hijack Android phones and take control over them. This ‘DKFbootkit’ malware tricks users by masquerading as a legitimate Angry Birds Space app.
Once the app is downloaded, it functions like the legitimate app, except hackers are also using it to syphon off money on an ongoing basis using premium SMS. Users typically don’t notice as the amounts charged to each account are so small.
You should also be on the look-out for celebrity sex and scare-mongering scams that lure PC users into, once again, downloading what appear to be legitimate videos and apps.
A major threat that emerged in recent months is a new version of last year’s LizaMoon SQL mass-injection attack hidden inside celebrity sex videos and false security alerts that promise to remove malware detected on user machines.
Instead, when users click on a link to view the non-existent video or visit the fake security website, the malware downloads a Trojan.
So what to do? Here are five tips to help keep your computers and web-enabled mobile devices safe:
- Prior to installing any application, check on the developer and application, looking at ratings, reviews, history. Only download from app stores, sites and developers you trust. Android users should set their device to download only from Google Play.
- Think before you click ‘OK’ to any requests your phone or PC make for your permission. Check if it seems bona fide or whether it appears odd that the app should be asking to execute a download.
- Keep your computer programs, especially Adobe Acrobat and Adobe Reader, up-to-date so you are not tempted to follow prompts to upgrade when trying to access content from the web.
- Install antivirus security software on your computer and your smartphone and keep it updated. This will work as your eyes and ears to keep your personal information safe and ensure your peace of mind at home and on the move.
- Monitor your mobile phone bills very carefully. If you notice any small amounts you cannot account for and you suspect your smartphone has been exploited, run a genuine security product to find and remove any malware.
What do you think of these latest threats? Have you already encountered them in the wild? Were you able to see past these malicious ploys, or were you unwittingly taken in? Please let me know what you think either below, on Twitter, or Facebook.
For more information on these and other threats analyzed by AVG in the AVG Q2 Community Threat Report, check out the report at: [insert link]