Have you heard of the evil twin? In the second part of our series, we again present three inventive tricks of cybercriminals and give you suggestions on how to protect yourself from such maneuvers.
1. The evil twin or the seductive W-LAN
Mobile working is a blessing for the stressed employee, but also a risk for companies. This is true at least as long as there are no security policies for working on the go. Criminals like to use such security gaps for the so-called evil twin trick: Here, legitimate wireless Internet access points (W-LAN) are replaced by malicious clones that look exactly like their twin and often boast a stronger signal. If you are connected via this network, data can be read by cybercriminals.
Our tip: Evil twins are difficult for outsiders to recognize. Therefore, only use foreign networks if you have no alternatives. While using a foreign W-LAN, you should not enter any critical information such as access rights or payment details. Alternatively, you can install a VPN program (VPN – Virtual Private Network) or have it set up by your IT manager. With the private network, you can surf the Internet securely.
2. The desperate service provider
The phone rings. A new employee of your service provider is on the other end of the line. He is desperately asking for your help: Your company’s website has been hacked, all data will be visible online in a few minutes – unless you give him your password immediately so he can prevent worse. Since he is new, he needs your password and if you don’t help him, then unfortunately you have to take responsibility for the data leak. You want to talk to his supervisor. No problem, he will gladly forward you. The supposed boss confirms the process. A delicate matter. And then the person on the phone also sounds very trustworthy. Numerous scams in recent months have been structured in this or a similar way. A well-known software manufacturer recently warned again of fraudsters who pretend to be the company’s maintenance team so that you can be granted access to the computer.
Our tip: Don’t let yourself be pressured. Find the service provider’s phone number from your records, call them and confirm the story.
3. The contaminated ad
No clicking on suspicious links, no downloading dubious email attachments: There are cyberattacks that criminals use to infiltrate your systems without you noticing. These malicious programs are often found in infected ads that masquerade as advertisements. When you visit affected websites, these ads are executed automatically. They exploit security vulnerabilities in the browser, which causes the malicious programs to be downloaded automatically (drive-by attack). Even trustworthy sites can be affected if they integrate advertisements from unknown third parties into their own websites without quality control.
Our tip: Always use the latest version of your browser and download security updates automatically. You can also use an ad blocker: This blocks advertisements before they open in your browser. However, keep in mind that many free services, such as online media, are financed by advertising. With the ad blocker turned on, these are often not available at all or only to a limited extent.