Gone are the days when cybercriminals relied on those Nigerian Prince email scams to try to con victims into handing over their hard-earned cash. Cybercrime is now big business and the methods that attackers use to trick their victims are now more sophisticated than ever and even security conscious individuals could be ensnared. Yet, people are still made to feel embarrassed when they do fall for malware scams. This is making the problem worse, according to Symantec security expert Nick Savvides.
Ashamed businessman image from Shutterstock
Organised cybercrime is what the world has to deal with now and hackers are even selling their illegal services professionally, offering great a customer experience and quality assurance. Cybercriminals have evolved over the year and has been continuously gaining experience to make even more convincing scams to trap victims, such as malware or ransomware email campaigns.
These kind of scams used to be easy to spot, usually in the form of crudely constructed emails with bad grammar and strange language trying to convince recipients to transfer money somewhere or to download a file that contains malware. Nowadays, you'll find attackers using email templates that imitates legitimate companies so well that it's difficult to tell that it's a fake.
"The quality of attacks that are conducted have significantly improved," Savvides told Lifehacker Australia. "There are now high-quality phishing emails to trick users into running malware on their devices. Attack vectors have also changed and we're seeing legitimate websites being compromised to drop cryptomalware on people's devices.
"Even users who aren't silly and opening fishy emails - even those users can fall victim to this type of attack."
Yet, Savvides said there is still a culture of shame around people who do get hit by these computer scams. Australia is a popular target for cybercriminals and one of the biggest problems he sees locally is victims don't want to report that they fell for a phishing campaign or any other attack.
"The careless do fall victim to these things, but so do people who are normally cautious; it's to do with human nature, not how smart you are or what station in life you are in," Savvides said. "This is about the bad guys exploiting human nature. They are more sophisticated and some even have toolkits to profile users quickly to send in-context emails with malware.
"People who are victims shouldn't feel embarrassed."
I certainly can relate to what he said. A few weeks' back I had a ransomware scare on my work PC and I'm very careful about what emails I open and websites I visit. 'How could I be so stupid to let this happen? Where did I fuck up?' I thought to myself. Turned out it was a false alarm but I remember the feeling of wanting to bury my face in hands out of shame.
Companies are becoming more security conscious and doing the right thing in training their staff to be more savvy when it comes to getting caught in phishing and malware email campaigns. While Savvides praised their efforts, he noted that often these companies will train staff to be more careful by using fake phishing emails to see who takes the bait.
"Some of these campaigns work by shaming the users and that makes the problem worse," he said. "Victims should not be ashamed to own up to falling for these attacks, in their personal and work life.
"That a real problem we are facing today."