Cyber crooks use fake security step to trip you up

Title graphic for Cyber Tricks Revealed

BY KERRY TOMLINSON, AMPERE NEWS

SEPTEMBER 20, 2022

You might be accustomed to seeing an extra security step when you visit a website. For example, a CAPTCHA that requires you to choose all the pictures of fire hydrants or crosswalks.

Now attackers are hoping to trick you with their own 'security' step that may feel familiar, but instead brings only sorrow.

This is our series Cyber Tricks revealed, where we show you the sneaky tactics attackers are using to steal your sensitive data and money.

Watch here:

EXTRA SAFE?

You may have seen a screen like this one when you're trying to get to a site:

"Checking your browser before accessing,” and further down, “DDOS protection by Cloudflare."

It's a real message and a real company. CloudFlare helps protect sites from bots that attack en masse. When these bots, or fake users, gang up on a site and bombard it with traffic, it's called a DDOS, or a distributed denial of service. Why distributed? Because the bots come from different places, not just from one attacker in one spot.

So "DDOS protection by CloudFlare" is usually a sign that security is working to protect the site. Now attackers are using the same idea to try to trip you up.

They're hacking into some sites and putting up a fake message that says "Cloudflare DDOS protection click here," according to security company Sucuri.

Fake pop up that says "Cloudflare DDOS protection. Click here."

Fake security step designed to get you to click and download a malicious file, according to Sucuri. Image: Sucuri

If you click, you'll download a file onto your computer called Security Install. Then, it will ask you for a verification code you can find in that file. Enter the code to access the site.

But the file is really a form of malware called a RAT, or remote access trojan, said researcher Jerome Segura at security company Malwarebytes.

A RAT can steal your passwords and bank account numbers, spy on you, launch ransomware, and control your device --- all things that can make you miserable.

That 'Security Install' is really a way for attackers to take whatever they want from you.

What do we do?

Don't open strange files, even if they have nice names, recommended Sucuri.

Also, update your things as soon as you can, including your browser, software, phone and laptop, so attackers have a harder time getting in.

MORE FROM AMPERE NEWS:

 
Featured
Scammers are stealing people's faces for live video calls
Scammers are stealing people's faces for live video calls
Learn to detect a deepfake voice with an Elon Musk clone
Learn to detect a deepfake voice with an Elon Musk clone
Would you fall for this fake email written by AI?
Would you fall for this fake email written by AI?
Here's how easy it is for scammers to use PayPal to trick you
Here's how easy it is for scammers to use PayPal to trick you
Thieves are running illegal travel agencies with your stolen points
Thieves are running illegal travel agencies with your stolen points
Patrick Miller