6. Abusing faith in social networking sites
Facebook, Myspace and Linked In are hugely popular social networking sites. And people have a lot of faith in them, according to Marcus. A recent spear-phishing incident targeted Linked In users, and the attack was surprising to many. Marcus said, increasingly, social networking devotees are being fooled by emails that claim to be from sites like Facebook, but are really from scammers.
"They will get an email that says: 'The site is doing maintenance, click here to update your information.' Of course, when you click on the link, you go to the bad guys' site." Marcus recommends advising employees to type Web addresses in manually to avoid malicious links. And also to keep in mind that it is very rare for a site to send out a request for a password change or an account update.
7. Typo Squatting
On the Web, bad guys also bank on the common mistakes people make when they type, according to Marcus. When you type in a URL that's just one letter off, suddenly you can end up with unintended consequences.
"Bad guys prepare for typing mistakes and the site they prepare is going to look a lot like the site you thought you were going to, like Google."
Instead of going where they wanted, unsuspecting users who make typing mistakes end up on a fake site that either intends to sell something, steal something, or push out malware.
8. Using FUD to affect the stock market
The security and vulnerabilities of products, and even entire companies, can make an impact on the equities market, according to new research from Avert. Researchers studied the impact of events such as Microsoft's Patch Tuesday on the company's stock and found a noticeable swing each month after vulnerability information was released.
"Publicly-released information has an effect on stock prices," said Marcus. "Another recent example is the fake information that was circulated a few weeks ago about Steve Jobs' health. Apple stock took a dive on that. That is a clear example of someone inserting FUD and a resulting effect on a stock." Presumably the culprits held a 'short' position which allowed them to profit from this trick.
The converse approach is to use email to execute the ancient 'pump-and-dump' tactic. A scammer can buy a large volume of a penny stock, the blast out emails under the guise of an investment advisor touting that stock's great potential (that's the 'pump'). If enough recipients of this spam email rush to buy the stock, the price will spike upward. The scammer then quickly 'dumps' his shares at a great profit.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.