This week in review: malspace, old phishing tricks, ransomware, identity theft and more

This week in review: malspace, old phishing tricks, ransomware, identity theft and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about malspace, the oldest phishing tricks in the book, hack attacks, the weakest link and identity crises.

Word of the week: malspace

A new-to-us word this week, “malspace” was introduced by Steve Durbin in Wired who describes it as an online environment inhabited by hacker groups, criminal organizations and espionage units. Cybercriminals working from malspace are a growth industry where the returns are great and the risks are low, costing the global economy more than $400 billion, according to McAfee. They will grab any target of opportunity, as illustrated in a growing number of attacks on children under 18, which can cause a lifetime of credit problems for the child, as it may not be discovered for years.

Oldies but baddies

Some of the oldest and simplest email phishing scams are still circulating and creating new waves of victims, even though it would be fair to assume that users would be wise to these scams. A blog post from claimed that around 156 million spam emails make it through spam filters globally everyday and phoney links are clicked by around 5% who get them. Around 10% of that group are tricked into surrendering info. But consider their report on a “mock scam” security exercise by Canada’s Department of Justice where half of the 5,000 email recipients were lawyers. That test resulted in 1,850 or around 37% clicking a bad link. It’s not easy to tell what is legit and what’s a scam, even when the law is your livelihood.

We are not alone

We learned of a brave volunteer Sophie Curtis who set out to answer just how vulnerable we are. Her article in the Guardian reveals the anatomy of a hacker attack. Curtis summarizes; It’s a salutary tale, mitigated only slightly by the fact that it’s apparently something that could happen to all of us, with precious little that can really be done to prevent it.

Scams range from simple to handsome 

Threats can come from many sources including the advertising we view online, but simple email phishing cybercriminals can certainly wreak some serious havoc. It could be as simple as preying on hopeful job seekers through a “mystery shopper” scam. Or it could be a more elaborate scam, such as detailed in this update on “ransomware” from Bernie Lambrecht via the Solutionary blog, who notes; Ransomware is like Clark Griswold’s crazy Cousin Eddie in the movie National Lampoon Vacation. It just won’t go away, no matter how hard you try to get rid of it.

It’s not you (the credit card companies); it’s me (the retailer) 

Many U.S. consumers might be surprised to hear the U.S. credit card system described as a global “weak link”. Home Depot is feeling the pain as its recent retail security breach has already produced at least 21 class action suits. Unfortunately, retailers can also shoot themselves in the foot: take well known chain Aaron’s Rent-To-Own, which reached a settlement with the State of California this week. Attorney General, Kamala Harris said “Aaron’s concealed its illegal privacy and business practices from customers in a deceptive attempt to avoid California’s robust consumer protection laws and increase its profits.” It’s harder all the time to know who to trust with your personal information when stories continue to emerge like LinkedIn being sued for alleged illegal marketing of member data to employers for their own secret snooping.

Can I see some ID?

Million are victims of identity theft every year. In a case that is a combination of striking back and turning lemons into lemonade, artist Jessamyn Lovell mounted a solo exhibition this past week, based on ID theft, which she titled, “Dear Erin Hart”, after the perpetrator. “I base all of my work on a fact that I experienced,” says Lovell.

Posted in: Blog, Phishing

Leave a Comment (0) ↓