Fake News is the New Spam. Think Before You Click.
Fake news has been in the headlines a lot lately, especially within the context of the recent presidential election. There have been reports on “news” stories that were produced with the intent to get social media likes and shares, thereby making money for the producers by way of clicks. As we’ve become accustomed to trusting the stories we read on our social media feeds, we click through and consume the story without much thought about the credibility of the source.
Traditionally, email spam has been a primary method of cybercrime. It is relatively easy, as they only need our email address. However, as spam filters have gotten better at keeping unsolicited messages away from your inbox, cyber criminals have had to find new ways of exploiting our trust in the name of making a buck. Here are a few examples that have been in the news lately:
Fake News - The objective of a fake news story is to create content that is relevant and/or outrageous enough that the reader clicks on the story or shares it on social media. Since a social media share is typically more trusted than traditional spam, we don’t often spend the time to verify the accuracy of a story. NPR recently reported a story of a man in the suburbs of Los Angeles that produces several of these fake news sites.
Whaling and Spear Phishing - These methods are targeted attempts at extracting information by way of email. Unlike traditional email spam, the email includes information from a familiar name or organization that builds an instant trust that keeps your guard down. This type of attack, typically, goes after high level executives that have access to large accounts that could provide a significant pay day.
Ransomware - According to Google, ransomware is a “type of malicious software designed to block access to a computer system until a sum of money is paid.” We have heard many stories of businesses and hospitals, as reported by Wired this year, that have fallen prey to such an attack. Don’t think it can’t happen to you. In 2015, Alina Simone, a contributor to the New York Times, reported that her own mother was a victim of ransomware and had to pay $500 to get the key to decrypt her files. One of my customers at my previous company, a small business in San Antonio, was hit by a ransomware attack. Fortunately for them, the majority of their files were secured in the cloud and they had backup for the rest. But even still, they felt violated and it was tough to get back to business as usual. Sadly, there are a lot more untold stories.
My intent in summarizing a few of the cyber threats currently making headlines is not to dramatize the the bad stuff happening on the Internet. It’s simply to make the point that we must be diligent in our day to day online activity. Yes, there are many tools out there to help protect us individually and our organizations: strong passwords, two-factor authentication, anti-virus software, network protection and of course computer and server backups to name a few. But if I could leave you with one thought on what we can all do to help protect ourselves, it would be to think before you click.