Tricks Hackers Use To Reel You In

The good news is that most Internet Security software packages, such as AVG Internet Security Suite 8.5, do an excellent job of detecting and removing most web born threats.  The bad news is that most security exploits in use today rely on YOU, the computer user, to assist in installing and deploying their handiwork.  Beware of the following:

  • Koobface – a popular Facebook exploit that encourages you to update your Flash player so you can watch a video.  Instead malicious files such as flash_update.exe or bloivar29.exe, which compromise you Facebook profile so it can be used as a further avenue of attack, and opens your PC up to other exploits and attacks.
  • Picture files with embedded malware are placed on social networking sites, and when downloaded to your PC secretly installs other malicious software to compromise your PC.
  • The UPS Delivery spoof or Zbot works when you get an email that  looks like its from UPS about a missed delivery.  When you click on the link you are taken to a fake UPS site for another dose of malware.  By the way, there was no package.

To protect yourself you need to be on guard and somewhat suspicious of emails, instant messages, and social networking messages, even from friends.  If you are not expecting a UPS delivery, for example, you should be very suspicious of the UPS exploit.  And how would UPS know your email address anyway??  Emails with active hyperlinks, games, e-cards, pictures or videos are the most likely delivery vehicle.

Again, running an up to date version of a tested and proven Internet Security software program is your best defense.  I am not doing anything more special that that myself, and I run in and out of coffee shops and other public networks, and on and off of client networks all day long, without a problem.  But you need to train yourself to me suspicious of unexpected messages of any kind. 

Any suspect email message can be forwarded to for analysis before you open it.  Virus Total will scan your message with 24 virus detection engines and give you a reply with in 24 hours.  So – be careful out there!


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.