If a get rich quick scheme somehow finds itself in your inbox, resist the urge to open that e-mail, delete it immediately, and block the sender, security experts said the GISEC 2021 exhibition.
Chances are that the email was the result of a cybercriminal hard at work trying to steal your personal data or money. If possible, take a screenshot or photo with your phone, and notify the company or authority that the hacker was trying to impersonate. Experts at the event warned that cybercriminals have become increasingly sophisticated in their approach, and that many attacks are disguised as information about the latest buzz and hot topics in the world or an easy way to make money.
"The term for this is social engineering," said Maher Jadallah, regional director for the Middle East at Tenable. "As a hacker, if I know what attracts your attention, I am going to use it to get into your personal data. For example, if you are very much attached to your dog, then I will send something related to your dog and you will end up clicking it because it caught your attention and it is relevant to you."
Most recently, he noted that the whole world had been looking for information about the Covid-19 pandemic. People were trying to stay updated about ways to safeguard themselves against the virus, possible vaccines, and information related to travel procedures and quarantine. For cybercriminals, this was an amazing opportunity to target individuals and companies when they were at their most vulnerable.
"Social engineering is an old technique that is deployed to target people and take advantage of what interests them at a given point in time," Jadallah said.
Besides Covid-19, another topic that has been in the news a lot lately are cryptocurrencies. There has been no shortage of people on social media raving about how they had made considerable sums of money in a matter of months or even weeks, and this has caught the attention of many investors who have been drawn to the concept.
Experts have warned that many users will end up receiving emails about ways in which they can invest in cryptocurrencies, and that they might be nothing more than an elaborate phishing campaign, as was the case most recently with DubaiCoin.
The Dubai Electronic Security Centre last week announced that the DubaiCoin digital currency has not been approved by any official entity and that the website promoting the coin is an unlicensed site, which aims to phish email information, passwords and phone numbers of people through an electronic form.
Officials sounded caution against the crypto asset, which has been making the rounds claiming to be the official digital currency of Dubai. An investigation is currently underway on the company and individuals behind the scam.
"All it takes is one wrong click," said Kalle Bjorn, senior director of Systems Engineering at Fortinet. "It is always a good idea to study what is going on in the current landscape, especially if it is about money that you are trying to invest. It is unfortunate, but similar scams are happening everywhere and they are all examples of social engineering. We are all humans and, at the end, we are all drawn to act, whether it be to help others or secure our own futures. This is a lesson that organisations have to educate their employees about because social engineering cyberattacks will continue; today it is about Covid-19 and cryptocurrencies, tomorrow it might be something about a completely different topic." – Khaleej Times/Tribune News Service