As technology expands exponentially into every facet of life, so do the risks associated with its usage, particularly in the world of cyber crime. While anti-virus programs and computer security have beefed up in recent years, cyber criminals have become more creative to get around safeguards and remain anonymous.
One of the more common methods is phishing, which uses the device’s owner to work around safety measures for them.
This is usually done by tricking the user into opening a link on an email, which prompts them to enter their log information for anything from an email address to a bank account.
“That’s the issue,” said Chad Schonewill, the Help Desk Team Lead at ITS. “There’s no virus filter or anything that can catch it.”
Because the user himself is giving all the information voluntarily, the safeguards are irrelevant, hence the nickname for phishing malware: Trojan horse.
This is a reference to the end of the Trojan War when Greek soldiers were hidden inside the belly of a wooden horse statue thought to be a gift to Troy. That night, the soldiers escaped, unlocked the gates, and Troy was looted and burned to the ground.
“At some point in history, invaders figured out that it is much easier to trick someone into opening the gate, than it is to knock down the walls,” said Schonewill. “This is why scammers target people so frequently.”
This process of tricking users into sabotaging themselves is called human engineering, and is more psychological than technical.
Just as the Greeks had to convince the Trojans that the horse was a gift, successful phishing requires the victim to trust the source of the email, and feel the need to open the attachment in the first place. This requires making the situation seem very urgent, or masquerading as something people won’t think twice about clicking on.
This is why many phishing scams try to get your email information in order perpetuate itself. After seizing the email, it will send out hundreds of emails out of the hacked account in an effort to seem more like a person. With its new credibility, this “zombie account” will send out different types of scams or spam from what appears to be you.
“Scammers know…that the whole world understands at this point not to open attachments or click links from people you don’t know,” said Schonewill. “But what if you do know the person?”
Once you’ve been phished, sending out emails isn’t the only thing the scammer can do. Last year one of the more popular phishing scams was something the IT department called the Neil Trotter scam.
After obtaining the login information, the outside entity would set the inbox to forward all incoming emails to a different account under a pseudonym, and then delete the email in the inbox. While it has yet to make an appearance at the help desk this year, the IT department dealt with “dozens of cases” of the Neil Trotter scam last school year.
While the Neil Trotter scam is disappearing, a more insidious form of cyber scamming has emerged in the last few years: Crypto Locks.
Also called ransom ware, this virus disguises itself as an attachment that when opened, locks down the computer and displays a message with a countdown timer. Either you pay a certain sum of money to an anonymous third party by the time runs out, or all the files on your computer will be encrypted and locked forever.
“There really effective,” said Schonewill. “They make the ransom low enough that it’s just the path of least resistance for most people.”
While ITS has yet to see a student computer with crypto lock malware, earlier this year someone on the Colorado College staff had their computer locked down due to ransom ware. It spread from her computer to the network drives, which were fixed by restoring the unlocked data from back up. The computer’s files were locked up.
“Luckily there wasn’t anything so important [on her computer] that we even had to consider paying the ransom,” said Schonewill.
While the department may have gotten lucky, for many with valuable documents, it is much easier to pay the ransom. Most ransoms run between 100 to 300 dollars, so it’s easier to just pay the fee and be done.
ITS is trying to educate people about these many threats with limited success. They’ve sent out newsletters and PSAs, had short videos about potential threats to computers, but ultimately there’s only so much they can do.
“At the end of the day the important thing… is you cannot count on any system to protect you,” said Schonewill. “It’s the same thing as when you cross the street. You look both ways even though stoplights, stop signs, crosswalks, [and] all kinds of things are in place to protect you. But nevertheless you have to look both ways. You just have to trust your instinct and think before you act.”