Fake News is Not So New in Cyber Security

Biased reporting of the news is nothing new, but outright fabrication of stories by mainstream media seems to have taken on a life of it’s own recently. Ironically, so-called “fake news” is also nothing new, when dealing with the Internet and especially social media outlets. But what may be surprising to some, fabricated news stories in digital media are often designed as click bait with a specific purpose of delivering a malware punch!

On the Internet in general, and in social media especially, there is a need for discernment. Anyone with an internet connection and a few rudimentary skills can put up a web site, self-proclaim themselves as a news outlet, and proceed to load their site with enticing stories, internet links, banner ads and images. Click on the wrong item, and you may be pulling malware onto your computer. Other items may ask visitors to create a login to get more or better content, or download free software! With many warnings and years of safe computing advice being provided by corporations, how is it possible that this stuff still works? It’s based in human nature, unfortunately.

In an interesting article by Filippo Menczer at Indiana University, he points out that we are predisposed to believe and trust information that either appears to come from a friend or supports our preconceived opinion on a topic. The risks begin to emerge when cyber criminals initiate a malware attack from a spoofed email or social media contact, such that it rises up your trust ladder automatically. With this perceived approval, people don’t always apply the same level of scrutiny and suspicion they might based on an unsolicited contact from a total stranger. In an experiment conducted 10 years ago, Menczer found that whopping 72 percent of college students would trust a link that appeared to come from a friend, and go so far as entering logon credentials. These students are members of the tech-savvy generation who should really know better!

Cyber criminals use human nature against us. Using current events as a foundation, they might for example craft a phishing email around a group of {storm victims, refugees, etc.} that need immediate financial aid – click here to donate! Or offer to show the video proof of {pick a name} doing {fill in the blank} with (or to) {some celebrity} – click here to download this file! Through the use of social bots, not only are these types of attacks sophisticated and timely, they can even be “trending” in social media, further playing on our desire to be part of a popular movement. Certainly not all fake news is designed to deliver malware. Some is just trying to drive traffic to produce revenue from legitimate web ads. Some is simply trying to influence public opinion. But with the plethora of fake news on the Internet, it can seem an overwhelming challenge to diligently practice discernment.

This is why companies today need to invest in cyber security awareness training for their employees that goes beyond just warning them to be careful. Traditional training techniques, even when bolstered with an annual refresher, are simply insufficient for today’s needs. Modern training methods that produce quantifiable long-term behavior changes are needed. Equipping your employees to be discerning, and encouraging them to be constantly vigilant, will have positive results in reducing your level of risk from these types of attacks. Your people are important to the success of your company. Give them the skills necessary to be your front line of defense against malware attacks on your company in today’s online and connected world.