Over $1 million dollars is believed to have been stolen from businesses in the last month alone, all thanks to a new variation of the Dyre malware program known as Dyre Wolf. This malware, which industry experts believe was first spread through social engineering and good old-fashioned phishing scams, stages a DDoS attack and redirects customers to a phony login screen in order to nab their credentials.
Customers who come across the fake login page are redirected to call a toll-free number as there appears to be a problem with their account credentials. They call the phone number and believe they’re speaking to a customer service rep, but they’re actually speaking to someone who works for the scammers. They turn over all of their personally identifiable information, which the thieves can then use any way they wish. This malware is also believed to be responsible for infecting the recipients’ computers and placing fraudulent wire transfers amounting to as much as $1.5 million dollars in the past few weeks alone.
So how do you protect yourself? To keep your accounts secure, you must learn to recognize what a phishing email is, what a spear phishing campaign is, and steps to take to avoid them.
A phishing campaign is an email that seeks to get you to participate in some kind of behavior, essentially doing the scammer’s job for him. Whether it’s clicking a link, filling out an online form, downloading a fake update, or some other similar action on your part, you’re basically tricked into turning over your information or access to your accounts. In some cases, the link will even give the thieves access to your computer.
NEVER click a link in an email or download an attachment that you weren’t expecting, even if the account seems to be from someone you know. Since malware can infiltrate the victim’s contacts list, it can then send out emails pretending to be you or someone in that contacts list. The email you just received from your parents, for example, may actually contain the malicious software. If you click the link—often included below some kind of message like, “You won’t believe this outrageous picture of you!”—you just installed it on your own computer and the cycle continues.
Spear phishing is only slightly different in that it’s a little more sophisticated. It uses actual companies you do business with or contacts you know in order to spread its reach. Individuals or business employees alike can fall victim to these attacks since they’re more targeted and therefore more believable. The end result is the same though… once you click on the link or download the file, you have just installed harmful viruses or malware that allows the thieves to sift through your important data and even take control over your technology.
In order to protect yourself, you must be wary of unexpected emails and learn to take proactive steps. If you receive an emailed link or attachment from someone you know, follow up with that person before clicking. If the email seems to come from a company such as your credit card provider, stating that there’s a problem with your account, for example, do NOT click! Contact your provider yourself using verified phone numbers or contact emails i.e the number on the back of your bank card.