The rise of fake news is giving cyber criminals new bait to lure victims.
By clicking on a fake news story, you may be giving hackers a chance to infect your computer or mobile device with malicious software. Once malware is installed, cyber crooks can access passwords and personal information, steal money and even lock down your device.
These online intruders are using real and fake news to grab your attention through social engineering campaigns that employ psychological tricks to cause excitement or fear and spur action. The tactics, commonly executed via phishing and spear phishing emails, try to fool the user into downloading programs or attachments, or clicking on links to compromised websites or pop-up ads.
News stories that are tragic or alarming can garner more interest by tapping into human nature. James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a nonprofit cybersecurity research organization, wrote on the ICIT blog that people may interact with real or fake news for various reasons, including:
- Need to be current
- Sense of urgency
- Sociopolitical polarization
- Curiosity or fear
Cyber criminals strike while information is relevant and timely to a large pool of potential victims.
In 2014, the cyber crime group Naikon sent spear phishing emails titled with topics related to the crashes of Malaysian Airlines Flights 370 and 17. The emails included fake video attachments that installed malware onto user systems, according to Scott.
Cybersecurity specialists refer to organizations such as Naikon as Advanced Persistent Threat (APT) groups because of their continuous targeted cyber attacks.
Another APT group known as The Dukes allegedly blasted emails in a spear phishing campaign six hours after Donald Trump was declared president-elect, according to Volexity, a cybersecurity software vendor. Volexity reported five waves of attacks, with some appearing to come from Gmail accounts and potentially compromised email addresses from Harvard University’s Faculty of Arts and Sciences. Emails were sent to people focused on national security, defense, public policy, international affairs, and European and Asian studies. The last attack had a link to a PDF download titled “Why American Elections Are Flawed.”
Hackers also are turning to social media as a hunting ground for potential victims.
According to BBC News, cyber crime on social media is most commonly deployed in broad-sweep scams that try to get users to visit pages that push malware onto their devices. Users who click on fake news articles and then share them on social media may also expose their online connections to potential hacks.
Cyber criminals can use information shared on social media, such as where you work and live, to create hyper-tailored lures. According to Scott, details about a social media user’s preferences and interests can be used to create enticements that have a higher chance of being shared on social networks. Hackers can also use this information to create imitation accounts and target your social media connections.
With many businesses now allowing employees to access their personal Facebook, LinkedIn and Twitter accounts at work, an online attack can quickly spread from a single compromised device to a company’s networks.
As more cyber adversaries begin to capitalize on real and fake news, “the lures will continue to become more sophisticated and more convincing,” according to Scott.