Dancing Pigs and Other Dangers: 3 Popular Email Cons
Cyber crime is going low-tech. Turns out it’s easier to trick a human than hack through a network’s firewall. That’s why cyber thieves are changing their tactics. They’re using scams traditional criminals have relied on for years. Security experts call these psychological tricks “social engineering,” but don’t let that confuse you. These are cons, pure and simple, and they pose a serious threat.
Pretexting means the criminal pretends to have an existing relationship with the victim or someone the victim knows. The traditional version sounds something like this: “I saw Bob this morning and he wanted me to drop off these boxes. Could you let me into the warehouse?”
A cyber criminal may use pretexting to get their target to download a corrupted file. For instance, they may pretend to be continuing a conversation with the victim:
“Per our discussion last week, I’m sending our list of past due accounts. Let me know how you would like to proceed.”
Some versions will mimic a discussion between several people. The email you receive may look like the latest in a series of messages:
“I’m adding Bob to this conversation. Bob, could you please take a look at this quote, and let me know if you can do better on the price.”
Victims may be distracted by what appears to be a work-related issue(“when did I talk with someone about pricing”) that they’ll open an attached file, letting a virus into the network.
Phishing (pronounced “fishing”)
In phishing scams, the criminal tricks victims into divulging personal information by pretending to be from a trusted organization. Traditional con artists use the same tactic in fraud schemes: “This is Michael from the IRS. There is an error with your tax return, and we need to verify your ID. Please tell me your DOB and social security number.”
Phishing emails frequently target information such as user IDs and passwords. A message will claim there’s an error with a recent online purchase or suspicious activity on the victim’s credit card. The victim is told to sign in to their account and update their information by clicking on the provided link. The link sends them to what appears to be an official login screen for the company. Once the victim enters their user name and password, the thieves have the information.
Phishing scams may seem easy to spot, but criminals put a lot of thought and energy into creating convincing setups. The email “from” address and website url are almost identical to those of the real company (for instance, “amazons.com” or “MsterCard.com”). The landing page may look exactly like the real company’s website, down to the graphics and official logo. Everything looks legitimate, and most people won’t notice the “Wells Fargo” email is coming from “wellfargo.com.” The 2013 data breach at Target was traced to a subcontractor who fell for a phishing scam.
Yes, this is an actual phrase used by professionals.
The idea is based on a statement by digital security expert Edward Felten: “Given a choice between dancing pigs and security, users will pick dancing pigs every time.” In other words, if we want to see a funny video, most of us click “Ignore” on the security warning without a second thought.
Even though we know we shouldn’t open suspicious emails, from time to time, we do it anyway. If a hacker sends out a file called “Grumpy_Kitten_Makes_Baby_Laugh_Like_Tim_Tebow.gif”, somebody is going to download it. It’s simple, it’s obvious, and it works. Businesses are at risk because of our shared, human weakness for cat videos.
Why It Matters
It’s tempting to think of yourself as too smart to fall for any of these cons. But, when you’re running between meetings, behind on a project, or getting ready to leave on Friday afternoon, your brain is distracted and unfocused. That’s the moment when you open a strange attachment, click on the wrong link, or enter your password without thinking.
Pretexting, phishing, and dancing pigs are changing the discussion about cyber security. Hackers haven’t just found easier points of entry; they can inflict far greater damage than before.
Greg Mooney is the Director of Systems Engineering for DMSi Software. He has over 20 years of experience in system administration, engineering, and data center architecture.