Scare-ware, Phishing, Email Hoaxes and Urban Legends

Decorative Logo

Information Security is Everyone’s Concern
You are the key to successful information security. An unprotected computer can be infected with a virus, worm, or Trojan in less than five minutes after being placed on a network. IT Security awareness means understanding the various threats that exist in one's environment and taking reasonable steps to guard against them.

Studies show that most breaches of computer security are the result of something a computer user did or failed to do. This training site will provide you with valuable information about best practices, policies, and procedures for ensuring secure information systems at Florida SouthWestern State College, so you can enjoy a safe computing environment.

Be sure to take the time to read all of the materials on this site carefully.

Table of Contents

  1. Reporting Incidents
  2. Scare-ware
  3. Phishing
  4. Email Hoaxes and Urban Legends

Reporting Incidents

If you receive something that is Phishing or possibly dangerous. Take the following steps to report it. 

  • Use the Phish Alert Report button within Outlook
  • Location of the Phish Alert Report button within Outlook application.
  • You can also forward or report the incident to abuse@fsw.edu

Scare-ware

Image example of Scare-ware prompt

While surfing the Internet, you may have seen a pop-up message telling you your computer is infected with a virus. The message goes on to explain that you should order the antivirus software advertised in the pop-up. Before you click on the link to the offer consider the following:

  • Most internet security companies will notuse ads to tell you your computer’s been infected with a virus.
  • Most of these pop-ups are scams.
  • According to the FBI Internet Crime Complaint Center it is one of the fastest growing types of Internet fraud.

The scam, known as “scare-ware”, attempts to convince you to purchase their “antivirus” software. This software actually installs malicious software (malware) into your system. Additionally, many of these criminals operate outside the U.S., making investigations difficult and complex for law enforcement.

How to spot a “scare-ware” scam:

  • These pop-ups typically use icons that do not work like a typical button or link.
  • To build authenticity into their software, “scare-ware” will show a list of reputable icons, like well known software companies or security publications. However, there are no links to the sites so that you can see the actual reviews or recommendations.
  • The pop-up is hard to close. “Scare-ware” pop-ups employ aggressive techniques. They will not close easily after clicking the “close” or “X” button.
  • Cyber criminals often use easy-to-remember names like Virus Shield, Antivirus, or VirusRemover.

How to protect yourself: Make sure your computer is fully protected by legitimate, up-to-date antivirus software.

To report a fraud or scam contact the Lee County Sheriff’s Office Fraud Line at 239-477-1242.

Back to the top

Phishing

Image example of phishing email

Phishing is an attempt to fool people into providing personal information such as credit card or banking numbers. Typically, the phishing scammers send an email disguised as a request for information from a well known company. They also create fake websites designed to closely resemble the company's official site. The fake website will appear almost identical to the official site.

Recipients of the phishing email are typically asked to click on a hyperlink to correct, confirm or provide information. Clicking the link triggers a phony website to open in the browser. Typically a web form is found that asks for private information such as credit card and banking numbers and other information such as a home address and phone number. Sometimes the user is asked to login with their username and password. Virtually all of the information entered into this phony website can later be collected and used at will by the criminals conducting the phishing scam.

Sometimes this form is embedded within the email with instructions to provide details such as a password and bank account number. Users are then instructed to return the email to the sender. An alternative method attempts to trick recipients into installing a Trojan virus on their computer by opening an email attachment or downloading the Trojan virus from a website. The Trojan is then used to collect information from the user’s computer. These emails are mass-mailed to many thousands of people with the hope that some of the recipients will be customers of the targeted institution. The scammers also hope that people will be unaware and believe the email to be a legitimate request.

Cyber thieves also use official-looking e-mails to lure you to fake websites and trick you into revealing your personal information.

It’s also an example of an even more mischievous type of phishing known as “spear phishing”—a rising cyber threat that you need to know about.
Instead of casting out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The e-mails are ostensibly sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive.

How spear phishing works. First, criminals need some inside information on their targets to convince them the e-mails are legitimate. They often obtain it by hacking into an organization’s computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.  Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data. Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.

Criminal gain, your loss. Once criminals have your personal data, they can access your bank account, use your credit cards, and create a whole new identity using your information. Spear phishing can also trick you into downloading malicious codes or malware after you click on a link embedded in the e-mail…an especially useful tool in crimes like economic espionage where sensitive internal communications can be accessed and trade secrets stolen. Malware can also hijack your computer, and hijacked computers can be organized into enormous networks called botnets that can be used for denial of service attacks. 

How to avoid becoming a spear phishing victim. Law enforcement takes this kind of crime seriously, and we in the FBI work cyber investigations with our partners, including the U.S. Secret Service and investigative agencies within the Department of Defense. But what can you do to make sure you don’t end up a victim in one of our cases?

  • Keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well). 
  • Use a phishing filter…many of the latest web browsers have them built in or offer them as plug-ins.
  • Never follow a link to a secure site from an e-mail—always enter the URL manually.
  • Don't be fooled (especially today) by the latest scams. Visit the Internet Crime Complaint Center (IC3) and "LooksTooGoodToBeTrue" websites for tips and information.

Back to the top

Email Hoaxes and Urban Legends

Typewriter typing out Read Between the Lies

Everyone has received email with an attached petition, warning or an opportunity to win millions. Unsolicited email is also known as SPAM. Clicking on links in these messages can expose the user to a computer virus. Before you forward the message or respond to the request, check the validity of it. There are many web sites available where you can check to see whether the email you received is a hoax, scam, virus or urban legend.

An urban legend is basically a story. It can be funny, terrible or horrifying. Sometimes they are even true. Typically these messages end by asking the user to forward the message to everyone they know or to a specific demographic group.

Scam email messages typically promise that the receiver will collect large sums of money in return for a small investment. Often this type of scam cites a foreign lottery, or an inheritance that the sender cannot collect without your help. Do not attempt to contact the sender of these messages! They are ruthless and violent criminals.

Back to the top

Print Article

Details

Article ID: 99487
Created
Fri 2/28/20 10:19 AM
Modified
Tue 5/9/23 5:42 PM

Related Articles (1)

Storing Sensitive Data
Information Security is Everyone’s Concern. IT Security awareness means understanding the various threats that exist in one's environment and taking reasonable steps to guard against them. Studies show that most breaches of computer security are the result of something a computer user did or failed to do. Be sure to take the time to read all of the materials on this site carefully.