These Common Web Security Vulnerabilities Are Avoidable: Don’t be a Victim!
You probably haven’t gotten a “Nigerian prince” email in a while, but scammers still reportedly pulling at least US$7 billion a year. How? Well, they’ve evolved. In April 2021, USA Today reported on a “tech support” scam targeting mostly older Americans. The newspaper described it as “the most successful online fraud against seniors in America today.” This scam often uses a pop-up. The message “from Apple” looks real and has the Safari logo in the top left corner. It reads:
“Systems security at risk! Critical Security Warning! Your Mac has detected a serious attack on this system as your IP address seems to be accessed from two different locations at one time. A Suspicious Connection was trying to access Your Logins, Banking Details & Tracking Your Internet Activity. Please contact the Mac Support team immediately at + 44-177-205-0314 (TOLL FREE) A and provide”
Now, there are some obvious red flags. The capitalization and grammar of the message don’t sound like they come from US-based Apple, and the fact that the message ends abruptly and inconclusively is odd. But if you can imagine yourself as an 80-year-old person who “trusts Apple,” you can likely see how they fell for it. And, if you’re honest, you might admit that had the pop-up been a bit more “professional,” you might have fallen for it as well. A multitude of not-so-new tactics are successfully being employed in 2021. Many are from scammers pretending they’re trusted companies like Apple, Microsoft, Norton, and McAfee – or your bank. Getting duped is maddening, but also tragically unnecessary. If any of the victims had been using a “site safety checker” add-on while browsing, they would have been altered instantly to danger – or never even have seen the pop-up in the first place!
Site safety checkers run in the background while you’re on any website, helping you answer: is Web of Trust safe? A site checker offers a defensive wall that catches or blocks scams, phishing, malware, as well as stopping you from accessing dangerous links. It doesn’t matter if you use Google, Bing, DuckDuckGo, Yandex, or you-name-it, the extension works across browsers and uses ML algorithms, reviews, and community ratings to automatically catch potential threats. There’s no reason to become a victim. People are still falling for – what should be – easy-to-spot frauds; but of course, the bad guys know who to target and what ammo to use.
And don’t think for a second that only older people are vulnerable. Reports indicate in 2020, the biggest victim demographic was 18- to 54-year-olds. Here were some of the big ones listed among over 2 million fraud reports sent to the FTC in 2020: Advance payments for loan applications… but “processing” fees are required. Fake money orders or fake checks. Cryptocurrency schemes that sell hard: “Don’t miss this chance to become the next Elon Musk!” Also on the list were romance frauds, online home improvement offers that take big deposits – and then never actually show up – old-school fake timeshares, and a raft of other bogus investment “opportunities.”
All too often, individuals and companies only take web security seriously after an “incident” has occurred. The passive attitude many have to their safety online is likely due to several factors. One: people underestimate their chances of becoming a victim and or overestimate their tech-savviness and the security measures they have in place. Secondly, some reason that: they aren’t some massive company such as Apple or Acer that could get held up with ransomware, or a bank with tons of credit card information. Why should they be worried? Finally, there’s the hassle issue. Humans are often if not generally lazy, and avoid doing extra work whenever possible. We don’t like “hassles.” You’d be surprised at how many don’t take advantage of something as simple as two-step verification for their email address, which is a very effective strategy for blocking hackers. Likewise, running a site safety checker requires seconds to download as a browser extension – a simple act that could save you a world of pain.
If you’re the IT person at your company, you’ll likely know about and should check up on things that can cause vulnerabilities such as OS command injection, missing data encryption, SQL injection or injection flaws, unrestricted upload of dangerous file types, buffer overflow, broken or missing authentication, cross-site scripting (XSS), insecure direct object references, unvalidated redirects and forwards and relying on untrusted inputs. For the average user, those terms are about as understandable as Egyptian hieroglyphs. “Are you safe online?” is a clear question that has a clear answer. A site safety checker tells you – in real-time – a simple “yes” or “no.”