Curiosity Killed the Cat and It Can Take Your Identity With It
By Steve Weisman
With the world’s attention still focused on the recent shooting down of Mayalsian Airlines Flight MH 17, it was inevitable that identity thieves would soon be exploiting this event toward their own criminal ends and that is just what is happening. Emails, text messages and communications on social media such as Facebook are turning up that promise startling video of the actual missile hit and subsequent crash. One such message reads, albeit ungrammatically, “Video Camera Caught the moment plane MH17 Crash over Ukraine. Watch here the video of Crash.” If your curiosity gets the better of you and you click on the link provided in order to view the video, you won’t see the promised video, but you will unwittingly download a keystroke logging malware program that will steal all of your personal information from your computer or mobile device which will then be used to make you a victim of identity theft.
Compounding this problem is that even if you have anti-malware and anti-virus software installed on your computer or portable device and keep it updated with the latest security patches, you are still not safe because security software is generally at least thirty days behind when it comes to protecting you from the latest viruses and malware threats.
Whatever interests the public also interests identity thieves as bait to lure people into having their identities stolen. Fascination with superheroes is not limited to just the people who attended the recently concluded Comic-Con convention in San Diego. Many others, as well, are interested in Superman, Spiderman, Iron Man, Batman and a legion of other superheroes. Taking advantage of this interest, identity thieves have set up phony superhero websites containing viruses and malware traps for the unwary. Computer security company McAfee released a list of the most dangerous superheroes on the Internet and surprisingly, at the top of the list with 18.60% of searches ending up in tainted websites is Aquaman. Close behind Aquaman is Marvel Comics’ Mr. Fantastic followed by the the Hulk, Wonder Woman, Daredevil, Iron Man, Superman, Thor, Green Lantern, Cyclops, Wolverine, Invisible Woman, Batman, Captain America and last, but not least, your friendly neighborhood Spiderman who although only having 11.15% of tainted websites still poses a significant risk to the unwary.
Internet searches for celebrities, particularly nude pictures of celebrities also serve as productive bait to lure unsuspecting people into downloading dangerous keystroke logging malware. Among the celebrities who pose the greatest risk when searching for pictures and gossip according to McAfee are Lily Collins, Avril Lavigne, Sandra Bullock, Kathy Griffin, Zoe Saldana, Katy Perry, Britney Spears, Adriana Lima and Emma Roberts.
Curiosity can get the best of anyone. The promise of nude photographs of Carla Bruni, the attractive wife of former French President Nicolas Sarkozy was used to hack into the computers of dozens of diplomats attending the 2011 Group of 20 Economic Summit. The Group of 20 Finance ministers and Central Bank Governors, generally referred to as the G 20, is an organization of the finance ministers and central bank governors from 20 major world economies. The ministers each received an email with the subject line being “French first lady nude photos and a link to connect to those photos. According to a French government source, almost all of the ministers and bank governors receiving the email took the bait and clicked on the link which indeed did take them to nude photos of Carla Bruni. However, by clicking on the link, the ministers and bank governors also downloaded keystroke logging malware that was used to steal information from the computers of those hacked. The hacking and the damage it caused were not discovered for more than two years. It is worth noting that before becoming the wife of Nicolas Sakozy, Carla Bruni was a model, actress and singer who often posed nude and her nude pictures are readily accessible on the Internet without clicking on tainted links coming in unsolicited emails.
So how do you protect yourself?
Trust me, you can’t trust anyone. Never click on a link or download an attachment in any email, text message, social media or other communication unless you are absolutely sure that it is legitimate. In regard to newsworthy events, stick to the websites of legitimate news sources that can be trusted. Even when looking for celebrity gossip and photos, you are better off staying with well-established websites. The risk of going to less known websites is just too great. Finally, make sure that your computer, smartphone, tablet and any other electronic device you use has the latest anti-malware software and anti-virus software installed and keep your security software up to date with the latest security patches as soon as they are issued.
Remember curiosity killed the cat. I know. I saw the video online.
Steve Weisman is a lawyer, professor at Bentley University and one of the country's leading experts in identity theft and scams. His latest book, which has just been released is "Identity Theft Alert." He also writes the blog www.scamicide.com where he provides daily updated information about the latest scams and identity theft schemes.