At this point, security threats are evolving so rapidly that experts are coming up with new terms just to classify them correctly. The latest additions to this list? Scareware and wetware.
Many types of software-based threats are grouped under the general classification of “malware.” What is malware? It is malicious software – viruses, worms, bugs and Trojan horses.
Some types of malware are already well-known, such as adware, which includes malicious code hidden inside pop-up ads. Others, like ransomware, are more obscure. (What is ransomware? It’s a program that holds a computer system hostage until you pay to have it “unlocked.”)
Like other forms of malware, scareware and wetware can capture sensitive information that could lead to identity theft. Here’s a look at what you need to know to stay safe.
What is Scareware
Imagine your customers and employees are happily surfing through social media or casually selecting their next YouTube diversion, when a warning box appears on their screen: “Online scanner has detected threats on your system! Immediate removal recommended.”
The box looks official, with the logo and name of a respected security company. The name of the spyware, adware or ransomware is identified, including its location in your computer files. There’s then the option to click a button to purchase a system scrubber that will remove the malware and scan for other threats.
This is scareware. The threat is aptly named, because it often scares people into handing over money and financial information to “clean” a system that’s not actually infected. Security companies, especially reputable ones, don’t randomly scan non-customer computers in the hope of drumming up business.
Some scareware warnings note that you need to update software or browser plug-ins for better system performance. This type of malware doesn’t ask for payment, but can send you to a malicious website or sneak malware into a system if you click on a link for more information.
Wetware at Work
Like many social engineering tactics, wetware doesn’t depend on software. In fact, it doesn’t use technology at all to wreak havoc — it relies on simple human error, particularly in workplaces.
“Wetware” references a tactic in which a hacker gains the trust of a victim through persuasion and fraud. For example, a wetware attack might involve phone calls by hackers who pretend to be from a third-party security company. They ask unsuspecting employees (or customers) for information like passwords or VPN codes, and then use those to get into a corporate system. Hackers are also fond of sending official-looking emails that seem to be from potential clients, but turn out to be spear phishing attempts.
Wetware may have played a part in a number of high-profile attacks, especially the huge medical breaches within the past few months.
Just as with any other type of security threat, the best protection against both scareware and wetware is to employ a different type of “ware”: awareness. Understanding how hackers prey on people’s fears and naiveté can go a long way toward preventing system intrusion and potential identity theft. Share these tips with your customers and employees to keep them aware.
Image courtesy of Perspecsys.