June 9, 2015

Share Everywhere

Scareware and Wetware: New Threats You Need to Know

At this point, security threats are evolving so rapidly that experts are coming up with new terms just to classify them correctly. The latest additions to this list? Scareware and wetware.

Many types of software-based threats are grouped under the general classification of “malware.” What is malware? It is malicious software – viruses, worms, bugs and Trojan horses.

Some types of malware are already well-known, such as adware, which includes malicious code hidden inside pop-up ads. Others, like ransomware, are more obscure. (What is ransomware? It’s a program that holds a computer system hostage until you pay to have it “unlocked.”)

Like other forms of malware, scareware and wetware can capture sensitive information that could lead to identity theft. Here’s a look at what you need to know to stay safe.

What is Scareware

Imagine you’re happily surfing through social media or casually selecting your next YouTube diversion, when a warning box appears on your screen: “Online scanner has detected threats on your system! Immediate removal recommended.”

The box looks official, with the logo and name of a respected security company. The name of the spyware, adware or ransomware is identified, including its location in your computer files. You have the option to click a button to purchase a system scrubber that will remove the malware and scan for other threats.

This is scareware. The threat is aptly named, because it often scares people into handing over money and financial information in an attempt to “clean” a system that’s not actually infected. Security companies, especially reputable ones, don’t randomly scan non-customer computers in the hope of drumming up business.

Some scareware warnings note that you need to update software or browser plug-ins for better system performance. This type of malware doesn’t ask for payment, but can send you to a malicious website or sneak malware into a system if you click on a link for more information.

Wetware at Work

Like many social engineering tactics, wetware doesn’t depend on software. In fact, it doesn’t use technology at all to wreak havoc — it relies on simple human error, particularly in workplaces.

“Wetware” references a tactic in which a hacker gains the trust of a victim through persuasion and fraud. For example, a wetware attack might involve phone calls by hackers who pretend to be from a third-party security company. They ask unsuspecting employees for information like passwords or VPN codes, and then use those to get into a corporate system. Hackers are also fond of sending official-looking emails that seem to be from potential clients, but turn out to be spear phishing attempts.

Wetware may have played a part in a number of high-profile attacks, especially the huge medical data breaches within the past few months.

Stay Aware

Just as with any other type of security threat, the best protection against both scareware and wetware is to employ a different type of “ware”: awareness. Understanding how hackers prey on people’s fears and naiveté can go a long way toward preventing system intrusion and potential identity theft.

Image courtesy of Perspecsys.

Melanie Medina

Sr. Director of Digital Marketing at IdentityForce
Melanie is a native of Bolivia who has lived in Boston for over 10 years. She likes to make time to travel, jog, read, and play backgammon. Fueled by copious amounts of coffee, Melanie stays on top of her to-do list while also keeping abreast of identity theft issues. Serious data breaches are happening all the time in the U.S. and Melanie loves being part of a solution that brings peace of mind to families across the country.

Latest posts by Melanie Medina (see all)

Join The Discussion

Your email address will never be published.