New Online Threat: Recession Malware

By Matthew Harwood

Cybercriminals are exploiting the worst economic downturn since the Great Depression to find new ways to steal people's identities, writes Ray Dickenson of E-Commerce Times.

Everyone knows cyber-crime is a cat and mouse game, usually involving a bit of social engineering to trick unsuspecting computer users into clicking a link, installing some software or providing valuable information. The latest trick in crooks' bags: "recession malware." This is a new generation of malware that exploits consumers' financial woes and other recession-era problems. It's trapping consumers and businesses alike.

Dickenson goes on to lay out three schemes to make you part with your personal identity: "the bogus job," "M & A malfeasance," and "the phony windfall."

The bogus job is straight forward: a job seeker gets an e-mail from a cybercriminal posing as an international shipper that found his resume online. The pitch usually revolves around a job where the mark works from home and the faux employer asks for his bank account number, ostensibly to quote new business using the account.

"If the new hire provides the account information," writes Dickenson, "they may next find themselves involved in illegal money laundering from offshore criminals who just need an American citizen with a bank account."

The second scam takes advantage of the flurry of mergers and acquisitions that occurred as investment banks began to fail. Dickenson uses the example of a mark receiving an e-mail from Bank of America telling him that "Due to the recent acquisition of Merrill Lynch by Bank of America, your Merrill Lynch account must be reestablished. Please click this link to reestablish your Merrill Lynch account."

Upon clicking on the link, any number of identity-stealing malware could be downloaded onto the mark's machine. The link could also lead to form asking for personal information like bank account information or a Social Security number.

The final fraud is the phony windfall where the mark receives an e-mail telling her she stands to inherit a significant amount of money from a deceased relative or friend and instructs her to follow the link provided.

"The link might then open a form that requests a Social Security number, bank account number, birth date and more," Dickenson warns. "But it's actually a phishing e-mail fooling consumers into giving away their identity."

To avoid becoming a victim of such ploys, Dickenson recommends you never give out personal information when solicited over e-mail, educate oneself about the newest scams, and keep up-to-date security technologies like antivirus and antispyware.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.