Regional managed cybersecurity services provider Quann Malaysia (formerly e-Cop Malaysia) warned Malaysians against a rise in clickbait phishing links that can pose a cybersecurity threat during the upcoming 14th general election (GE14).
“When a news item sounds too good to be true, it is likely fake news,” said Ivan Wen, general manager, Quann Malaysia. “However, the masses still fall for these. Clickbait phishing sites or emails with attachments are often sent with sensational titles promising ‘Exclusive’ or ‘Shocking’ stories.”
Phishing sites attempt to trick victims into giving their personal data such as email addresses, identity card numbers and even credit card information, that may compromise critical financial information. Phishing emails can also launch ransomware attacks that encrypt important information on the device. “In a worst-case scenario, this can become a national threat,” Wen said.
Phishing links may also exploit the victim’s contact list and forward copies of the links to them, potentially putting the contacts at risk, Wen added.
The 2016 US elections saw a phishing campaign launched by the Russian Intelligence Agency against a US company involved in developing election systems. Fake Google alert emails were sent to employees who clicked on links that took them to legitimate-looking Google site where hackers stole their data.
Using the information obtained from the attack, hackers sent 122 phishing emails containing Microsoft Word documents to local government agencies offering “election-related products and services.” These attachments downloaded an unknown payload to the device to steal and access the victim’s information.
In the UK last year, several members of parliament were targeted in a phishing campaign and several individuals’ personal emails were compromised with key information leaks.
To avoid malware hidden in clickbait links, Wen advises users to take the following precautions:
- Key in the address of legitimate news sites instead of clicking on links sent to you.
- Before clicking on any link, hover the mouse pointer over it to view the link address. If the address is unfamiliar to you, do not click on it. The account of the person who sent the email may have been compromised.
- Install an anti-phishing toolbar and antivirus that quickly checks the sites you visit to determine their safety.
- Only access secure sites that begin with “https and come with a closed padlock icon near the address bar.
- Regularly monitor online accounts to ensure they have not been hacked. Use strong passwords and change them regularly.
- Regularly update your browsers with the necessary security patches.
Beware of pop-up windows masquerading as legitimate extensions of a website. These are often used to target users visiting a website that has been compromised.