Quann Malaysia (formerly known as e-Cop Malaysia), a leading regional managed cyber security services provider, urged Malaysians to be prepared for a rise in Clickbait Phishing links that could potentially be a cybersecurity threat during the upcoming 14th Malaysian General Elections (GE14).
Ivan Wen, General Manager of Quann Malaysia says, “When a news sounds too good to be true, it is likely fake news.
However, the masses still fall for these and this is how Clickbait phishing sites or emails with attachments are often sent with sensational titles that bait users to click links for ‘Exclusive’ or ‘Shocking’ stories.
Once clicked, users are led to a phishing site that tricks victims into giving their personal data such as email addresses, identity card numbers, and even credit card information. These could compromise critical financial information. These phishing emails can also launch ransomware attacks that encrypt important information on the device. In a worst-case scenario, this can become a national threat.”
“Besides that, these phishing links could automatically be shared with your contacts once they have access to your device, potentially putting your contacts at harm,” Wen adds.
According to a report by Dynamic Business Technologies, 48 percent of IT providers reported that phishing emails were behind ransomware attacks.
Quann cites two country elections where clickbait links resulted in cyber security threats.
The 2016 US Elections, a phishing campaign by Russian Intelligence Agency was launched against a US company involved in developing election systems. Fake Google alert emails were send to employees which when clicked took them to a legitimate looking Google site where hackers were able to steal their data.
Using information obtained in the attack, the hackers sent 122 phishing emails containing Microsoft Word document attachments to local government agencies offering ‘election related products and services’. These documents had been ‘trojanised’ with a Visual Basic script that once connected to the internet, downloaded an unknown payload to the device, to steal and access the victim’s information.
In the UK last year, several parliament MPs were targeted in a targeted phishing campaign. While the report said parliament sites and addresses were not compromised, several individuals’ personal emails were being compromised with key information leaks.
To prevent being infected by malware via clickbait links, Wen advices users to take the following precautions:
- Key in the address of a legitimate news site instead of directly clicking links sent to you. This avoids being tricked and misdirected to a fake website.
- Before clicking, hover your mouse pointer over the link to view the link address. Do not click website links that are unfamiliar, even if they came from someone you know. Their accounts could have been compromised.
- Install an Anti-Phishing Toolbar and Antivirus that run quick checks on sites you visit to ensure they are safe to visit
- Only access secure sites that begin with “https” with a closed lock icon near the address bar.
- Regularly monitor your online accounts to ensure they have not been hacked. Use strong passwords and regularly change them.
- Regularly update your browsers with the necessary security patches
- Beware of pop-up windows masquadering as legitimate extensions of a website. Often they are used to target users visiting a website that has been compromised
“Juicy news is hard to resist, but the possibility of losing your critical data, or worse, your money is not worth succumbing to curiosity conjured by the unbelievable clickbait news or offer titles,” ends Wen.