Spooky Stories: Horror Stories from the World of IT
It’s almost that time of year, pumpkins are being carved, costumes are being bought for (virtual) parties, and we’re stocking up on sweet treats. But be wary, you never know what horrors are lurking around the corner, or in your computer! We’ve rounded up some spooky stories from the world of IT.
Invisable Attacker
In a phishing scam, described by cyber security expert and bug bounty hunter, Craig Hays as the greatest password theft he’s ever seen, the culprit was somehow able to fly under the radar, undetected even by the experts. In a blog for Medium.com, Craig explained: “A typical phishing email comes from an email address you’ve never seen before. In this attack, however, all of the phishing links were sent as replies to emails in the compromised account’s mailbox. This gave every email an inherited sense of trust.”
The attacker used established email trails and trusted email addresses to trick victims into clicking. The original, legitimate email thread was maintained, also using the ‘reply all’ option to ensure everybody who was involved continued to receive the messages. This disguise within a legitimate conversation allowed the hacker to reply unnoticed and become part of an existing conversation.
So, how did Craig stop it? “We identified a pattern in the URL of the phishing pages being linked to which we could use to block them. Then we promptly rolled out Multi-Factor Authentication to anyone who didn’t have it.”
Multi-factor authentication (MFA) is a vital tool to help defend against cybercriminals, this can include factors such as pin codes, biometrics or card readers, in addition to a password.
Hollywood Horrors
In the world of IT, even famous figures are not untouchable. McAfee revealed that a group of celebrities were being used as bait for some dangerous cyberattacks. The security firm’s research found that searches for big names including Ricky Gervais, Ruth Jones, and Tom Hardy were to blame for leading people to suspicious sites. Graham Norton’s name was found to be the most likely term used by hackers to lure people into clicking on unsafe sites and potentially harmful pages.
McAfee fellow, Raj Samani said: “’We know that online criminals use consumers’ fascination with celebrity culture to drive unsuspecting fans to malicious websites that install malware on their devices. As cybercriminals continue to implement deceptive practices such as fake sites claiming to offer free content, it is crucial that fans stay vigilant about protecting their digital lives and think twice before clicking.”
Scary Speakers
Smart speakers and other devices are now commonplace in the home, but are they getting a little too comfortable? Back in 2018, Amazon received numerous reports that their Alexa smart speakers were laughing at random times, completely unprompted. The scary chuckle was freaking out users across the world. Amazon has since explained that the device was mishearing what it believed to be the command, ‘Alexa, laugh’ and acting on that. The company has since reprogrammed the speakers to respond to the phrase, ‘Alexa, can you laugh?’ a clearer command with less chance of being misinterpreted.
An Amazon spokesperson said: “We are also changing Alexa’s response from simply laughter to ‘sure, I can laugh’ followed by laughter.”
We hope these spooky stories from the world of IT have got you in the Halloween mood, but remember there is a moral to every story. Whether that be to enable Multi-Factor Authentication or to be wary of inviting robots into your home, our team is here to help with any scary IT issues that may arise, get in touch here.
