Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd, Amazon #1 author on Cybercrime and founder of the SME Security Framework | Speaker | Consultant | Trainer discusses – Clever ways cybercriminals get you to let them in
[start of transcript]
Hello. My name is Roger.
And today, I’d like to talk to you about the clever ways cybercriminals get you to let them in.
So, there are a number of tactics and strategies that the cybercriminals use, both physical and electrical, that allows you to let them in so that they can do their nefarious deeds.
One of the ones that we’ve seen is they used fake access points. And there’s a thing called water-holing where all people congregate within a business. And usually where they’re congregating is actually where you are fixing and attaching to a Wi-Fi point. And if you make an access point the same username and you don’t give it a password, then, all of that information that you’re connecting to is being recorded.
But there are other things they do. One of the things that the bad guys do is they change file names so you might get an attachment that say “readthis.txt,” but you, and because Windows and Apple only read the .txt part, they don’t know that it says “.txt.exe.”
And most anti-viruses won’t allow that to happen. But there are some that regularly will bypass. There are other things that they do. Location of files, they use the actual operating system and the way it searches for information to serve out, so they might have a “notebook.xe” and “notebook.exe,” which is the real one. This one is found before this one, this actives malware and viruses.
Or, we use hosts and DNS redirects. And all those redirects take us to totally different sites. And there’s a number of sites, for instance, if you go to anz.com.au, you go to Australia National Bank. But, if you go to anz, then you go to a fake bank. And that’s how they catch you, just by substituting that one letter.
But one of the other things they do is they use a bait and switch. They get you to download legitimate software, especially if you’re downloading legitimate software from a pirate site. Because if you are doing that, then you are making yourself vulnerable. Because that information that you’re downloading is being stolen by the criminals and has been created to make look like a real information.
So, as you can see, the cybercriminals can be very, very clever. And we have to use a number of systems to make sure that we catch them before they get into our system.
If you need any more information, please contact us. Thank you.
[End of transcript]
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.